0s autopkgtest [16:02:36]: starting date and time: 2024-06-14 16:02:36+0000 0s autopkgtest [16:02:36]: git checkout: 433ed4cb Merge branch 'skia/nova_flock' into 'ubuntu/5.34+prod' 0s autopkgtest [16:02:36]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.qk1jp027/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:shadow --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=shadow/1:4.13+dfsg1-4ubuntu3.2 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos01-s390x-22.secgroup --name adt-noble-s390x-sssd-20240614-160236-juju-7f2275-prod-proposed-migration-environment-2-0efccc12-0a1c-4d9c-b9fa-c13372614290 --image adt/ubuntu-noble-s390x-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://us.ports.ubuntu.com/ubuntu-ports/ 100s autopkgtest [16:04:16]: testbed dpkg architecture: s390x 100s autopkgtest [16:04:16]: testbed apt version: 2.7.14build2 100s autopkgtest [16:04:16]: @@@@@@@@@@@@@@@@@@@@ test bed setup 101s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 101s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [28.4 kB] 102s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [5468 B] 102s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [16.4 kB] 102s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [10.5 kB] 102s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [35.2 kB] 102s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 102s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [2776 B] 102s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 102s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [37.1 kB] 102s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 102s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [764 B] 102s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 103s Fetched 412 kB in 1s (509 kB/s) 103s Reading package lists... 106s Reading package lists... 106s Building dependency tree... 106s Reading state information... 106s Calculating upgrade... 107s The following packages will be upgraded: 107s login passwd 107s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 107s Need to get 1060 kB of archives. 107s After this operation, 0 B of additional disk space will be used. 107s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x login s390x 1:4.13+dfsg1-4ubuntu3.2 [203 kB] 107s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x passwd s390x 1:4.13+dfsg1-4ubuntu3.2 [858 kB] 107s Fetched 1060 kB in 1s (1720 kB/s) 108s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54184 files and directories currently installed.) 108s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.2_s390x.deb ... 108s Unpacking login (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 108s Setting up login (1:4.13+dfsg1-4ubuntu3.2) ... 108s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54184 files and directories currently installed.) 108s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.2_s390x.deb ... 108s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 108s Setting up passwd (1:4.13+dfsg1-4ubuntu3.2) ... 108s Processing triggers for man-db (2.12.0-4build2) ... 109s Reading package lists... 109s Building dependency tree... 109s Reading state information... 110s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 110s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 110s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 110s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 110s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 112s Reading package lists... 112s Reading package lists... 112s Building dependency tree... 112s Reading state information... 112s Calculating upgrade... 112s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 112s Reading package lists... 113s Building dependency tree... 113s Reading state information... 113s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 116s autopkgtest [16:04:32]: testbed running kernel: Linux 6.8.0-35-generic #35-Ubuntu SMP Mon May 20 15:36:54 UTC 2024 116s autopkgtest [16:04:32]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 131s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (dsc) [5056 B] 131s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (tar) [7983 kB] 131s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1.1ubuntu6 (diff) [49.2 kB] 131s gpgv: Signature made Tue Apr 16 09:55:57 2024 UTC 131s gpgv: using RSA key 568BF22A66337CBFC9A6B9B72C83DBC8E9BD0E37 131s gpgv: Can't check signature: No public key 131s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.dsc: no acceptable signature found 132s autopkgtest [16:04:48]: testing package sssd version 2.9.4-1.1ubuntu6 133s autopkgtest [16:04:49]: build not needed 159s autopkgtest [16:05:15]: test ldap-user-group-ldap-auth: preparing testbed 160s Reading package lists... 160s Building dependency tree... 160s Reading state information... 160s Starting pkgProblemResolver with broken count: 0 160s Starting 2 pkgProblemResolver with broken count: 0 160s Done 161s The following additional packages will be installed: 161s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 161s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 161s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 161s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 161s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 161s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 161s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 161s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 161s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 161s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 161s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 161s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 161s tcl8.6 161s Suggested packages: 161s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 161s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 161s Recommended packages: 161s cracklib-runtime libsasl2-modules-gssapi-mit 161s | libsasl2-modules-gssapi-heimdal 161s The following NEW packages will be installed: 161s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 161s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 161s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 161s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 161s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 161s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 161s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 161s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 161s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 161s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 161s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 161s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 161s tcl-expect tcl8.6 161s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 161s Need to get 13.1 MB/13.1 MB of archives. 161s After this operation, 50.2 MB of additional disk space will be used. 161s Get:1 /tmp/autopkgtest.joGni0/1-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [868 B] 161s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libltdl7 s390x 2.4.7-7build1 [41.8 kB] 161s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main s390x libodbc2 s390x 2.3.12-1ubuntu0.24.04.1 [164 kB] 161s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x slapd s390x 2.6.7+dfsg-1~exp1ubuntu8 [1617 kB] 162s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libtcl8.6 s390x 8.6.14+dfsg-1build1 [1038 kB] 162s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x tcl8.6 s390x 8.6.14+dfsg-1build1 [14.7 kB] 162s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x tcl-expect s390x 5.45.4-3 [115 kB] 162s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x expect s390x 5.45.4-3 [137 kB] 162s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x ldap-utils s390x 2.6.7+dfsg-1~exp1ubuntu8 [165 kB] 162s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu6 [29.7 kB] 162s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu6 [24.1 kB] 162s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu6 [27.2 kB] 162s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0t64 s390x 0.6.2-2.1build1 [5838 B] 162s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libcares2 s390x 1.27.0-1.0ubuntu1 [79.2 kB] 162s Get:15 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4t64 s390x 0.6.2-2.1build1 [23.9 kB] 162s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1build2 [30.0 kB] 162s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1t64 s390x 0.6.2-2.1build1 [9126 B] 162s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7t64 s390x 2.1.12-stable-9ubuntu2 [147 kB] 162s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1t64 s390x 0.6.2-2.1build1 [9394 B] 162s Get:20 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1t64 s390x 0.6.2-2.1build1 [7226 B] 162s Get:21 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5t64 s390x 0.6.2-2.1build1 [46.6 kB] 162s Get:22 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0t64 s390x 2.9.4-1.1ubuntu6 [17.3 kB] 162s Get:23 http://ftpmaster.internal/ubuntu noble/universe s390x libjose0 s390x 13-1 [45.7 kB] 162s Get:24 http://ftpmaster.internal/ubuntu noble/main s390x libverto-libevent1t64 s390x 0.3.1-1.2ubuntu3 [6384 B] 162s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libverto1t64 s390x 0.3.1-1.2ubuntu3 [11.0 kB] 162s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libkrad0 s390x 1.20.1-6ubuntu2 [22.4 kB] 162s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1build2 [28.4 kB] 162s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1build1 [50.0 kB] 162s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0t64 s390x 0.16.1-2build1 [43.4 kB] 162s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [192 kB] 162s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.4-3ubuntu5 [50.1 kB] 162s Get:32 http://ftpmaster.internal/ubuntu noble/universe s390x libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 162s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3build1 [7748 B] 162s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3build1 [14.8 kB] 162s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3build1 [11.5 kB] 162s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-4ubuntu9 [71.3 kB] 162s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-4ubuntu9 [6231 kB] 162s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient0 s390x 2:4.19.5+dfsg-4ubuntu9 [65.0 kB] 162s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1.1ubuntu6 [33.0 kB] 162s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1.1ubuntu6 [52.3 kB] 162s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1.1ubuntu6 [47.1 kB] 162s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1.1ubuntu6 [47.3 kB] 162s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1.1ubuntu6 [22.5 kB] 162s Get:44 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1.1ubuntu6 [31.7 kB] 162s Get:45 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1.1ubuntu6 [1125 kB] 162s Get:46 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-idp s390x 2.9.4-1.1ubuntu6 [27.3 kB] 162s Get:47 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-passkey s390x 2.9.4-1.1ubuntu6 [32.3 kB] 162s Get:48 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1.1ubuntu6 [74.8 kB] 163s Get:49 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1.1ubuntu6 [90.3 kB] 163s Get:50 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1.1ubuntu6 [133 kB] 163s Get:51 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1.1ubuntu6 [216 kB] 163s Get:52 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1.1ubuntu6 [14.4 kB] 163s Get:53 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1.1ubuntu6 [31.0 kB] 163s Get:54 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1.1ubuntu6 [43.9 kB] 163s Get:55 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1.1ubuntu6 [4116 B] 163s Get:56 http://ftpmaster.internal/ubuntu noble/main s390x sssd-dbus s390x 2.9.4-1.1ubuntu6 [101 kB] 163s Get:57 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-kcm s390x 2.9.4-1.1ubuntu6 [137 kB] 163s Get:58 http://ftpmaster.internal/ubuntu noble/main s390x sssd-tools s390x 2.9.4-1.1ubuntu6 [97.7 kB] 163s Get:59 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac-dev s390x 2.9.4-1.1ubuntu6 [6666 B] 163s Get:60 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap-dev s390x 2.9.4-1.1ubuntu6 [5730 B] 163s Get:61 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap-dev s390x 2.9.4-1.1ubuntu6 [8380 B] 163s Get:62 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap-dev s390x 2.9.4-1.1ubuntu6 [6702 B] 163s Get:63 http://ftpmaster.internal/ubuntu noble/universe s390x libsss-sudo s390x 2.9.4-1.1ubuntu6 [21.7 kB] 163s Get:64 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libipa-hbac s390x 2.9.4-1.1ubuntu6 [16.9 kB] 163s Get:65 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libsss-nss-idmap s390x 2.9.4-1.1ubuntu6 [9130 B] 164s Preconfiguring packages ... 164s Fetched 13.1 MB in 3s (5040 kB/s) 164s Selecting previously unselected package libltdl7:s390x. 164s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54184 files and directories currently installed.) 164s Preparing to unpack .../00-libltdl7_2.4.7-7build1_s390x.deb ... 164s Unpacking libltdl7:s390x (2.4.7-7build1) ... 164s Selecting previously unselected package libodbc2:s390x. 164s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu0.24.04.1_s390x.deb ... 164s Unpacking libodbc2:s390x (2.3.12-1ubuntu0.24.04.1) ... 164s Selecting previously unselected package slapd. 164s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8_s390x.deb ... 164s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 164s Selecting previously unselected package libtcl8.6:s390x. 164s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_s390x.deb ... 164s Unpacking libtcl8.6:s390x (8.6.14+dfsg-1build1) ... 164s Selecting previously unselected package tcl8.6. 164s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_s390x.deb ... 164s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 164s Selecting previously unselected package tcl-expect:s390x. 164s Preparing to unpack .../05-tcl-expect_5.45.4-3_s390x.deb ... 164s Unpacking tcl-expect:s390x (5.45.4-3) ... 164s Selecting previously unselected package expect. 164s Preparing to unpack .../06-expect_5.45.4-3_s390x.deb ... 164s Unpacking expect (5.45.4-3) ... 164s Selecting previously unselected package ldap-utils. 164s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8_s390x.deb ... 164s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 164s Selecting previously unselected package libavahi-common-data:s390x. 164s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_s390x.deb ... 164s Unpacking libavahi-common-data:s390x (0.8-13ubuntu6) ... 164s Selecting previously unselected package libavahi-common3:s390x. 164s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_s390x.deb ... 164s Unpacking libavahi-common3:s390x (0.8-13ubuntu6) ... 164s Selecting previously unselected package libavahi-client3:s390x. 164s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_s390x.deb ... 164s Unpacking libavahi-client3:s390x (0.8-13ubuntu6) ... 164s Selecting previously unselected package libbasicobjects0t64:s390x. 164s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_s390x.deb ... 164s Unpacking libbasicobjects0t64:s390x (0.6.2-2.1build1) ... 164s Selecting previously unselected package libcares2:s390x. 164s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_s390x.deb ... 164s Unpacking libcares2:s390x (1.27.0-1.0ubuntu1) ... 164s Selecting previously unselected package libcollection4t64:s390x. 164s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_s390x.deb ... 164s Unpacking libcollection4t64:s390x (0.6.2-2.1build1) ... 164s Selecting previously unselected package libcrack2:s390x. 164s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_s390x.deb ... 164s Unpacking libcrack2:s390x (2.9.6-5.1build2) ... 164s Selecting previously unselected package libdhash1t64:s390x. 164s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_s390x.deb ... 164s Unpacking libdhash1t64:s390x (0.6.2-2.1build1) ... 164s Selecting previously unselected package libevent-2.1-7t64:s390x. 164s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_s390x.deb ... 164s Unpacking libevent-2.1-7t64:s390x (2.1.12-stable-9ubuntu2) ... 164s Selecting previously unselected package libpath-utils1t64:s390x. 164s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_s390x.deb ... 164s Unpacking libpath-utils1t64:s390x (0.6.2-2.1build1) ... 165s Selecting previously unselected package libref-array1t64:s390x. 165s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_s390x.deb ... 165s Unpacking libref-array1t64:s390x (0.6.2-2.1build1) ... 165s Selecting previously unselected package libini-config5t64:s390x. 165s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_s390x.deb ... 165s Unpacking libini-config5t64:s390x (0.6.2-2.1build1) ... 165s Selecting previously unselected package libipa-hbac0t64. 165s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package libjose0:s390x. 165s Preparing to unpack .../21-libjose0_13-1_s390x.deb ... 165s Unpacking libjose0:s390x (13-1) ... 165s Selecting previously unselected package libverto-libevent1t64:s390x. 165s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_s390x.deb ... 165s Unpacking libverto-libevent1t64:s390x (0.3.1-1.2ubuntu3) ... 165s Selecting previously unselected package libverto1t64:s390x. 165s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_s390x.deb ... 165s Unpacking libverto1t64:s390x (0.3.1-1.2ubuntu3) ... 165s Selecting previously unselected package libkrad0:s390x. 165s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2_s390x.deb ... 165s Unpacking libkrad0:s390x (1.20.1-6ubuntu2) ... 165s Selecting previously unselected package libtalloc2:s390x. 165s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_s390x.deb ... 165s Unpacking libtalloc2:s390x (2.4.2-1build2) ... 165s Selecting previously unselected package libtdb1:s390x. 165s Preparing to unpack .../26-libtdb1_1.4.10-1build1_s390x.deb ... 165s Unpacking libtdb1:s390x (1.4.10-1build1) ... 165s Selecting previously unselected package libtevent0t64:s390x. 165s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_s390x.deb ... 165s Unpacking libtevent0t64:s390x (0.16.1-2build1) ... 165s Selecting previously unselected package libldb2:s390x. 165s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_s390x.deb ... 165s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 165s Selecting previously unselected package libnfsidmap1:s390x. 165s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-3ubuntu5_s390x.deb ... 165s Unpacking libnfsidmap1:s390x (1:2.6.4-3ubuntu5) ... 165s Selecting previously unselected package libnss-sudo. 165s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 165s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 165s Selecting previously unselected package libpwquality-common. 165s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 165s Unpacking libpwquality-common (1.4.5-3build1) ... 165s Selecting previously unselected package libpwquality1:s390x. 165s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_s390x.deb ... 165s Unpacking libpwquality1:s390x (1.4.5-3build1) ... 165s Selecting previously unselected package libpam-pwquality:s390x. 165s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_s390x.deb ... 165s Unpacking libpam-pwquality:s390x (1.4.5-3build1) ... 165s Selecting previously unselected package libwbclient0:s390x. 165s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 165s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 165s Selecting previously unselected package samba-libs:s390x. 165s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 165s Unpacking samba-libs:s390x (2:4.19.5+dfsg-4ubuntu9) ... 165s Selecting previously unselected package libsmbclient0:s390x. 165s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 165s Unpacking libsmbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 165s Selecting previously unselected package libnss-sss:s390x. 165s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking libnss-sss:s390x (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package libpam-sss:s390x. 165s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking libpam-sss:s390x (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package python3-sss. 165s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package libsss-certmap0. 165s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package libsss-idmap0. 165s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package libsss-nss-idmap0. 165s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd-common. 165s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd-idp. 165s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd-idp (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd-passkey. 165s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd-passkey (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd-ad-common. 165s Preparing to unpack .../46-sssd-ad-common_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd-krb5-common. 165s Preparing to unpack .../47-sssd-krb5-common_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd-ad. 165s Preparing to unpack .../48-sssd-ad_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd-ipa. 165s Preparing to unpack .../49-sssd-ipa_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd-krb5. 165s Preparing to unpack .../50-sssd-krb5_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd-ldap. 165s Preparing to unpack .../51-sssd-ldap_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd-proxy. 165s Preparing to unpack .../52-sssd-proxy_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd. 165s Preparing to unpack .../53-sssd_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd (2.9.4-1.1ubuntu6) ... 165s Selecting previously unselected package sssd-dbus. 165s Preparing to unpack .../54-sssd-dbus_2.9.4-1.1ubuntu6_s390x.deb ... 165s Unpacking sssd-dbus (2.9.4-1.1ubuntu6) ... 166s Selecting previously unselected package sssd-kcm. 166s Preparing to unpack .../55-sssd-kcm_2.9.4-1.1ubuntu6_s390x.deb ... 166s Unpacking sssd-kcm (2.9.4-1.1ubuntu6) ... 166s Selecting previously unselected package sssd-tools. 166s Preparing to unpack .../56-sssd-tools_2.9.4-1.1ubuntu6_s390x.deb ... 166s Unpacking sssd-tools (2.9.4-1.1ubuntu6) ... 166s Selecting previously unselected package libipa-hbac-dev. 166s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1.1ubuntu6_s390x.deb ... 166s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 166s Selecting previously unselected package libsss-certmap-dev. 166s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1.1ubuntu6_s390x.deb ... 166s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 166s Selecting previously unselected package libsss-idmap-dev. 166s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1.1ubuntu6_s390x.deb ... 166s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 166s Selecting previously unselected package libsss-nss-idmap-dev. 166s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6_s390x.deb ... 166s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 166s Selecting previously unselected package libsss-sudo. 166s Preparing to unpack .../61-libsss-sudo_2.9.4-1.1ubuntu6_s390x.deb ... 166s Unpacking libsss-sudo (2.9.4-1.1ubuntu6) ... 166s Selecting previously unselected package python3-libipa-hbac. 166s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1.1ubuntu6_s390x.deb ... 166s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 166s Selecting previously unselected package python3-libsss-nss-idmap. 166s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6_s390x.deb ... 166s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 166s Selecting previously unselected package autopkgtest-satdep. 166s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 166s Unpacking autopkgtest-satdep (0) ... 166s Setting up libpwquality-common (1.4.5-3build1) ... 166s Setting up libnfsidmap1:s390x (1:2.6.4-3ubuntu5) ... 166s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 166s Setting up libbasicobjects0t64:s390x (0.6.2-2.1build1) ... 166s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 166s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 166s Setting up libref-array1t64:s390x (0.6.2-2.1build1) ... 166s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 166s Setting up libtdb1:s390x (1.4.10-1build1) ... 166s Setting up libcollection4t64:s390x (0.6.2-2.1build1) ... 166s Setting up libevent-2.1-7t64:s390x (2.1.12-stable-9ubuntu2) ... 166s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 166s Setting up libjose0:s390x (13-1) ... 166s Setting up libwbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 166s Setting up libtalloc2:s390x (2.4.2-1build2) ... 166s Setting up libpath-utils1t64:s390x (0.6.2-2.1build1) ... 166s Setting up libavahi-common-data:s390x (0.8-13ubuntu6) ... 166s Setting up libcares2:s390x (1.27.0-1.0ubuntu1) ... 166s Setting up libdhash1t64:s390x (0.6.2-2.1build1) ... 166s Setting up libtcl8.6:s390x (8.6.14+dfsg-1build1) ... 166s Setting up libltdl7:s390x (2.4.7-7build1) ... 166s Setting up libcrack2:s390x (2.9.6-5.1build2) ... 166s Setting up libodbc2:s390x (2.3.12-1ubuntu0.24.04.1) ... 166s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 166s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 166s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 166s Setting up libini-config5t64:s390x (0.6.2-2.1build1) ... 166s Setting up libtevent0t64:s390x (0.16.1-2build1) ... 166s Setting up libnss-sss:s390x (2.9.4-1.1ubuntu6) ... 166s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 166s Creating new user openldap... done. 166s Creating initial configuration... done. 166s Creating LDAP directory... done. 167s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 167s Setting up libsss-sudo (2.9.4-1.1ubuntu6) ... 167s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 167s Setting up libavahi-common3:s390x (0.8-13ubuntu6) ... 167s Setting up tcl-expect:s390x (5.45.4-3) ... 167s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 167s Setting up libpwquality1:s390x (1.4.5-3build1) ... 167s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 167s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 167s Setting up libavahi-client3:s390x (0.8-13ubuntu6) ... 167s Setting up expect (5.45.4-3) ... 167s Setting up libpam-pwquality:s390x (1.4.5-3build1) ... 167s Setting up samba-libs:s390x (2:4.19.5+dfsg-4ubuntu9) ... 167s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 167s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 167s Setting up libsmbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 167s Setting up libpam-sss:s390x (2.9.4-1.1ubuntu6) ... 167s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 167s Creating SSSD system user & group... 168s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 168s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 168s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 168s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 168s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 168s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 169s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 169s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 169s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 169s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 170s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 170s sssd-autofs.service is a disabled or a static unit, not starting it. 170s sssd-nss.service is a disabled or a static unit, not starting it. 170s sssd-pam.service is a disabled or a static unit, not starting it. 170s sssd-ssh.service is a disabled or a static unit, not starting it. 170s sssd-sudo.service is a disabled or a static unit, not starting it. 170s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 170s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 170s Setting up sssd-kcm (2.9.4-1.1ubuntu6) ... 170s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 171s sssd-kcm.service is a disabled or a static unit, not starting it. 171s Setting up sssd-dbus (2.9.4-1.1ubuntu6) ... 171s sssd-ifp.service is a disabled or a static unit, not starting it. 171s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 171s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 172s sssd-pac.service is a disabled or a static unit, not starting it. 172s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 172s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 172s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 172s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 172s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 172s Setting up sssd-tools (2.9.4-1.1ubuntu6) ... 172s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 172s Setting up sssd (2.9.4-1.1ubuntu6) ... 172s Setting up libverto-libevent1t64:s390x (0.3.1-1.2ubuntu3) ... 172s Setting up libverto1t64:s390x (0.3.1-1.2ubuntu3) ... 172s Setting up libkrad0:s390x (1.20.1-6ubuntu2) ... 172s Setting up sssd-passkey (2.9.4-1.1ubuntu6) ... 172s Setting up sssd-idp (2.9.4-1.1ubuntu6) ... 172s Setting up autopkgtest-satdep (0) ... 172s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 172s Processing triggers for ufw (0.36.2-6) ... 172s Processing triggers for man-db (2.12.0-4build2) ... 173s Processing triggers for dbus (1.14.10-4ubuntu4) ... 182s (Reading database ... 55475 files and directories currently installed.) 182s Removing autopkgtest-satdep (0) ... 183s autopkgtest [16:05:39]: test ldap-user-group-ldap-auth: [----------------------- 183s + . debian/tests/util 183s + . debian/tests/common-tests 183s + mydomain=example.com 183s + myhostname=ldap.example.com 183s + mysuffix=dc=example,dc=com 183s + admin_dn=cn=admin,dc=example,dc=com 183s + admin_pw=secret 183s + ldap_user=testuser1 183s + ldap_user_pw=testuser1secret 183s + ldap_group=ldapusers 183s + adjust_hostname ldap.example.com 183s + local myhostname=ldap.example.com 183s + echo ldap.example.com 183s + hostname ldap.example.com 183s + grep -qE ldap.example.com /etc/hosts 183s + echo 127.0.1.10 ldap.example.com 183s + reconfigure_slapd 183s + debconf-set-selections 183s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 183s + dpkg-reconfigure -fnoninteractive -pcritical slapd 183s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 183s Moving old database directory to /var/backups: 183s - directory unknown... done. 183s Creating initial configuration... done. 183s Creating LDAP directory... done. 184s + generate_certs ldap.example.com 184s + local cn=ldap.example.com 184s + local cert=/etc/ldap/server.pem 184s + local key=/etc/ldap/server.key 184s + local cnf=/etc/ldap/openssl.cnf 184s + cat 184s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 184s .................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 184s ...........................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 184s ----- 184s + chmod 0640 /etc/ldap/server.key 184s + chgrp openldap /etc/ldap/server.key 184s + [ ! -f /etc/ldap/server.pem ] 184s + [ ! -f /etc/ldap/server.key ] 184s + enable_ldap_ssl 184s + cat 184s + cat 184s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 184s + populate_ldap_rfc2307 184s + cat 184s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 184s modifying entry "cn=config" 184s 184s adding new entry "ou=People,dc=example,dc=com" 184s 184s adding new entry "ou=Group,dc=example,dc=com" 184s 184s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 184s 184s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 184s 184s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 184s 184s + configure_sssd_ldap_rfc2307 184s + cat 184s + chmod 0600 /etc/sssd/sssd.conf 184s + systemctl restart sssd 184s + enable_pam_mkhomedir 184s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 184s + echo session optional pam_mkhomedir.so 184s + run_common_tests 184s + echo Assert local user databases do not have our LDAP test data 184s + check_local_user testuser1 184s + localAssert local user databases do not have our LDAP test data 184s local_user=testuser1 184s + grep -q ^testuser1 /etc/passwd 184s + check_local_group testuser1 184s + local local_group=testuser1 184s + grep -q ^testuser1 /etc/group 184s + check_local_groupThe LDAP user is known to the system via getent 184s ldapusers 184s + local local_group=ldapusers 184s + grep -q ^ldapusers /etc/group 184s + echo The LDAP user is known to the system via getent 184s + check_getent_user testuser1 184s + local getent_user=testuser1 184s + local output 184s + getent passwd testuser1 184s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 184s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 184s + echo The LDAP user's private group is known to the system via getent 184s + check_getent_group testuser1The LDAP user's private group is known to the system via getent 184s 184s + local getent_group=testuser1 184s + local output 184s + getent group testuser1 184s + output=testuser1:*:10001:testuser1 184s + The LDAP group ldapusers is known to the system via getent 184s [ -z testuser1:*:10001:testuser1 ] 184s + echo The LDAP group ldapusers is known to the system via getent 184s + check_getent_group ldapusers 184s + local getent_group=ldapusers 184s + local output 184s + getent group ldapusers 184s The id(1) command can resolve the group membership of the LDAP user 184s + output=ldapusers:*:10100:testuser1 184s + [ -z ldapusers:*:10100:testuser1 ] 184s + echo The id(1) command can resolve the group membership of the LDAP user 184s + id -Gn testuser1 184s + output=testuser1 ldapusers 184s + [ testuser1 ldapusers != testuser1 ldapusers ] 184s + echo The LDAP user can login on a terminal 184s The LDAP user can login on a terminal 184s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 184s spawn login 184s ldap.example.com login: testuser1 184s Password: 184s Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.8.0-35-generic s390x) 184s 184s * Documentation: https://help.ubuntu.com 184s * Management: https://landscape.canonical.com 184s * Support: https://ubuntu.com/pro 184s 184s 184s The programs included with the Ubuntu system are free software; 184s the exact distribution terms for each program are described in the 184s individual files in /usr/share/doc/*/copyright. 184s 184s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 184s applicable law. 184s 184s 184s The programs included with the Ubuntu system are free software; 184s the exact distribution terms for each program are described in the 184s individual files in /usr/share/doc/*/copyright. 184s 184s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 184s applicable law. 184s 184s Creating directory '/home/testuser1'. 189s [?2004htestuser1@ldap:~$ id -un 189s [?2004l testuser1 189s [?2004htestuser1@ldap:~$ /tmp/autopkgtest.joGni0/wrapper.sh: Killing leaked background processes: 4672 189s PID TTY STAT TIME COMMAND 189s 4672 ? D 0:00 -bash 189s autopkgtest [16:05:45]: test ldap-user-group-ldap-auth: -----------------------] 190s autopkgtest [16:05:46]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 190s ldap-user-group-ldap-auth PASS 190s autopkgtest [16:05:46]: test ldap-user-group-krb5-auth: preparing testbed 191s Reading package lists... 191s Building dependency tree... 191s Reading state information... 192s Starting pkgProblemResolver with broken count: 0 192s Starting 2 pkgProblemResolver with broken count: 0 192s Done 192s The following additional packages will be installed: 192s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 192s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 192s Suggested packages: 192s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 192s The following NEW packages will be installed: 192s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 192s libgssrpc4t64 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 192s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 192s Need to get 620 kB/621 kB of archives. 192s After this operation, 2106 kB of additional disk space will be used. 192s Get:1 /tmp/autopkgtest.joGni0/2-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [892 B] 192s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x krb5-config all 2.7 [22.0 kB] 192s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libgssrpc4t64 s390x 1.20.1-6ubuntu2 [60.5 kB] 192s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5clnt-mit12 s390x 1.20.1-6ubuntu2 [40.9 kB] 192s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libkdb5-10t64 s390x 1.20.1-6ubuntu2 [42.4 kB] 193s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5srv-mit12 s390x 1.20.1-6ubuntu2 [55.9 kB] 193s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-user s390x 1.20.1-6ubuntu2 [110 kB] 193s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-kdc s390x 1.20.1-6ubuntu2 [191 kB] 193s Get:9 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-admin-server s390x 1.20.1-6ubuntu2 [96.9 kB] 193s Preconfiguring packages ... 198s Fetched 620 kB in 1s (1074 kB/s) 198s Selecting previously unselected package krb5-config. 198s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 55475 files and directories currently installed.) 198s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 198s Unpacking krb5-config (2.7) ... 198s Selecting previously unselected package libgssrpc4t64:s390x. 198s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2_s390x.deb ... 198s Unpacking libgssrpc4t64:s390x (1.20.1-6ubuntu2) ... 198s Selecting previously unselected package libkadm5clnt-mit12:s390x. 198s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2_s390x.deb ... 198s Unpacking libkadm5clnt-mit12:s390x (1.20.1-6ubuntu2) ... 198s Selecting previously unselected package libkdb5-10t64:s390x. 198s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2_s390x.deb ... 198s Unpacking libkdb5-10t64:s390x (1.20.1-6ubuntu2) ... 198s Selecting previously unselected package libkadm5srv-mit12:s390x. 198s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2_s390x.deb ... 198s Unpacking libkadm5srv-mit12:s390x (1.20.1-6ubuntu2) ... 198s Selecting previously unselected package krb5-user. 198s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2_s390x.deb ... 198s Unpacking krb5-user (1.20.1-6ubuntu2) ... 198s Selecting previously unselected package krb5-kdc. 198s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2_s390x.deb ... 198s Unpacking krb5-kdc (1.20.1-6ubuntu2) ... 198s Selecting previously unselected package krb5-admin-server. 198s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2_s390x.deb ... 198s Unpacking krb5-admin-server (1.20.1-6ubuntu2) ... 198s Selecting previously unselected package autopkgtest-satdep. 198s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 198s Unpacking autopkgtest-satdep (0) ... 198s Setting up libgssrpc4t64:s390x (1.20.1-6ubuntu2) ... 198s Setting up krb5-config (2.7) ... 199s Setting up libkadm5clnt-mit12:s390x (1.20.1-6ubuntu2) ... 199s Setting up libkdb5-10t64:s390x (1.20.1-6ubuntu2) ... 199s Setting up libkadm5srv-mit12:s390x (1.20.1-6ubuntu2) ... 199s Setting up krb5-user (1.20.1-6ubuntu2) ... 199s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 199s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 199s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 199s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 199s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 199s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 199s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 199s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 199s Setting up krb5-kdc (1.20.1-6ubuntu2) ... 199s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 200s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 200s Setting up krb5-admin-server (1.20.1-6ubuntu2) ... 201s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 201s Setting up autopkgtest-satdep (0) ... 201s Processing triggers for man-db (2.12.0-4build2) ... 202s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 210s (Reading database ... 55570 files and directories currently installed.) 210s Removing autopkgtest-satdep (0) ... 210s autopkgtest [16:06:06]: test ldap-user-group-krb5-auth: [----------------------- 210s + . debian/tests/util 210s + . debian/tests/common-tests 210s + mydomain=example.com 210s + myhostname=ldap.example.com 210s + mysuffix=dc=example,dc=com 210s + myrealm=EXAMPLE.COM 210s + admin_dn=cn=admin,dc=example,dc=com 210s + admin_pw=secret 210s + ldap_user=testuser1 210s + ldap_user_pw=testuser1secret 210s + kerberos_principal_pw=testuser1kerberos 210s + ldap_group=ldapusers 210s + adjust_hostname ldap.example.com 210s + local myhostname=ldap.example.com 210s + echo ldap.example.com 210s + hostname ldap.example.com 210s + grep -qE ldap.example.com /etc/hosts 210s + reconfigure_slapd 210s + debconf-set-selections 210s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8-20240614-160539.ldapdb 210s + dpkg-reconfigure -fnoninteractive -pcritical slapd 211s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 211s Moving old database directory to /var/backups: 211s - directory unknown... done. 211s Creating initial configuration... done. 211s Creating LDAP directory... done. 211s + generate_certs ldap.example.com 211s + local cn=ldap.example.com 211s + local cert=/etc/ldap/server.pem 211s + local key=/etc/ldap/server.key 211s + local cnf=/etc/ldap/openssl.cnf 211s + cat 211s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 211s ................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 211s ...................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 211s ----- 211s + chmod 0640 /etc/ldap/server.key 211s + chgrp openldap /etc/ldap/server.key 211s + [ ! -f /etc/ldap/server.pem ] 211s + [ ! -f /etc/ldap/server.key ] 211s + enable_ldap_ssl 211s + cat 211s + cat+ 211s ldapmodify -H ldapi:/// -Y EXTERNAL -Q 211s + populate_ldap_rfc2307 211s + cat 211s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 211s modifying entry "cn=config" 211s 211s adding new entry "ou=People,dc=example,dc=com" 211s 211s adding new entry "ou=Group,dc=example,dc=com" 211s 211s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 211s 211s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 211s 211s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 211s 211s + create_realm EXAMPLE.COM ldap.example.com 211s + local realm_name=EXAMPLE.COM 211s + local kerberos_server=ldap.example.com 211s + rm -rf /var/lib/krb5kdc/* 211s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 211s master key name 'K/M@EXAMPLE.COM' 211s + rm -rf /etc/krb5kdc/kdc.conf 211s + rm -f /etc/krb5.keytab 211s + cat 211s + cat 211s + echo # */admin * 211s + kdb5_util create -s -P secretpassword 211s + systemctl restart krb5-kdc.service krb5-admin-server.service 211s + create_krb_principal testuser1 testuser1kerberos 211s + local principal=testuser1 211s + local password=testuser1kerberos 211s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 211s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 211s Authenticating as principal root/admin@EXAMPLE.COM with password. 211s Principal "testuser1@EXAMPLE.COM" created. 211s + configure_sssd_ldap_rfc2307_krb5_auth 211s + cat 211s + chmod 0600 /etc/sssd/sssd.conf 211s + systemctl restart sssd 212s + enable_pam_mkhomedir 212s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 212s + run_common_tests 212s + echo Assert local user databases do not have our LDAP test data 212s + check_local_user testuser1 212s + Assert local user databases do not have our LDAP test data 212s local local_user=testuser1 212s + grep -q ^testuser1 /etc/passwd 212s + check_local_group testuser1 212s + local local_group=testuser1 212s + grep -q ^testuser1 /etc/group 212s + check_local_group ldapusers 212s + local local_group=ldapusers 212s + grep -q ^ldapusers /etc/group 212s The LDAP user is known to the system via getent 212s + echo The LDAP user is known to the system via getent 212s + check_getent_user testuser1 212s + local getent_user=testuser1 212s + local output 212s + getent passwd testuser1 212s The LDAP user's private group is known to the system via getent 212s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 212s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 212s + echo The LDAP user's private group is known to the system via getent 212s + check_getent_group testuser1 212s + local getent_group=testuser1 212s + local output 212s + getent group testuser1 212s The LDAP group ldapusers is known to the system via getent 212s + output=testuser1:*:10001:testuser1 212s + [ -z testuser1:*:10001:testuser1 ] 212s + echo The LDAP group ldapusers is known to the system via getent 212s + check_getent_group ldapusers 212s + local getent_group=ldapusers 212s + local output 212s + getent group ldapusers 212s + output=ldapusers:*:10100:testuser1 212s + [ -z ldapusers:*:10100:testuser1 ] 212s + echo The id(1) command can resolve the group membership of the LDAP user 212s The id(1) command can resolve the group membership of the LDAP user 212s + id -Gn testuser1 212s The Kerberos principal can login on a terminal 212s + output=testuser1 ldapusers 212s + [ testuser1 ldapusers != testuser1 ldapusers ] 212s + echo The Kerberos principal can login on a terminal 212s + kdestroy 212s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 212s spawn login 212s ldap.example.com login: testuser1 212s Password: 212s Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.8.0-35-generic s390x) 212s 212s * Documentation: https://help.ubuntu.com 212s * Management: https://landscape.canonical.com 212s * Support: https://ubuntu.com/pro 212s 212s 212s The programs included with the Ubuntu system are free software; 212s the exact distribution terms for each program are described in the 212s individual files in /usr/share/doc/*/copyright. 212s 212s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 212s applicable law. 212s 212s [?2004htestuser1@ldap:~$ id -un 212s [?2004l testuser1 212s [?2004htestuser1@ldap:~$ klist 212s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_VhekFX 213s Default principal: testuser1@EXAMPLE.COMautopkgtest [16:06:09]: test ldap-user-group-krb5-auth: -----------------------] 213s autopkgtest [16:06:09]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 213s ldap-user-group-krb5-auth PASS 214s autopkgtest [16:06:10]: test sssd-softhism2-certificates-tests.sh: preparing testbed 741s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 758s autopkgtest [16:15:14]: testbed dpkg architecture: s390x 759s autopkgtest [16:15:15]: testbed apt version: 2.7.14build2 759s autopkgtest [16:15:15]: @@@@@@@@@@@@@@@@@@@@ test bed setup 760s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 761s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [16.4 kB] 761s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [28.4 kB] 761s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [10.5 kB] 761s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [5468 B] 761s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [35.2 kB] 761s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 761s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [2776 B] 761s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 761s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [37.1 kB] 761s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 761s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [764 B] 761s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 762s Fetched 412 kB in 1s (520 kB/s) 762s Reading package lists... 765s Reading package lists... 765s Building dependency tree... 765s Reading state information... 766s Calculating upgrade... 766s The following packages will be upgraded: 766s login passwd 766s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 766s Need to get 1060 kB of archives. 766s After this operation, 0 B of additional disk space will be used. 766s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x login s390x 1:4.13+dfsg1-4ubuntu3.2 [203 kB] 766s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x passwd s390x 1:4.13+dfsg1-4ubuntu3.2 [858 kB] 767s Fetched 1060 kB in 1s (1054 kB/s) 767s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54184 files and directories currently installed.) 767s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.2_s390x.deb ... 767s Unpacking login (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 767s Setting up login (1:4.13+dfsg1-4ubuntu3.2) ... 767s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54184 files and directories currently installed.) 767s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.2_s390x.deb ... 767s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.2) over (1:4.13+dfsg1-4ubuntu3) ... 767s Setting up passwd (1:4.13+dfsg1-4ubuntu3.2) ... 767s Processing triggers for man-db (2.12.0-4build2) ... 769s Reading package lists... 769s Building dependency tree... 769s Reading state information... 769s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 770s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 770s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 770s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 770s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 771s Reading package lists... 771s Reading package lists... 771s Building dependency tree... 771s Reading state information... 772s Calculating upgrade... 772s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 772s Reading package lists... 772s Building dependency tree... 772s Reading state information... 772s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 780s Reading package lists... 780s Building dependency tree... 780s Reading state information... 780s Starting pkgProblemResolver with broken count: 0 780s Starting 2 pkgProblemResolver with broken count: 0 780s Done 780s The following additional packages will be installed: 780s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 780s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 780s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 780s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 780s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 780s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 780s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 780s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 780s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 780s Suggested packages: 780s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 780s Recommended packages: 780s cracklib-runtime libsasl2-modules-gssapi-mit 780s | libsasl2-modules-gssapi-heimdal ldap-utils 780s The following NEW packages will be installed: 780s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 780s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 780s libdhash1t64 libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 780s libipa-hbac0t64 libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 780s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 780s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 780s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 780s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 780s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 780s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 780s Need to get 10.4 MB/10.4 MB of archives. 780s After this operation, 40.6 MB of additional disk space will be used. 780s Get:1 /tmp/autopkgtest.joGni0/3-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [744 B] 781s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7t64 s390x 2.1.12-stable-9ubuntu2 [147 kB] 781s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main s390x libunbound8 s390x 1.19.2-1ubuntu3.1 [456 kB] 781s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main s390x libgnutls-dane0t64 s390x 3.8.3-1.1ubuntu3.1 [23.8 kB] 781s Get:5 http://ftpmaster.internal/ubuntu noble-updates/universe s390x gnutls-bin s390x 3.8.3-1.1ubuntu3.1 [284 kB] 781s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu6 [29.7 kB] 781s Get:7 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu6 [24.1 kB] 781s Get:8 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu6 [27.2 kB] 781s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0t64 s390x 0.6.2-2.1build1 [5838 B] 781s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libcares2 s390x 1.27.0-1.0ubuntu1 [79.2 kB] 781s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4t64 s390x 0.6.2-2.1build1 [23.9 kB] 781s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1build2 [30.0 kB] 781s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1t64 s390x 0.6.2-2.1build1 [9126 B] 781s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1t64 s390x 0.6.2-2.1build1 [9394 B] 781s Get:15 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1t64 s390x 0.6.2-2.1build1 [7226 B] 781s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5t64 s390x 0.6.2-2.1build1 [46.6 kB] 782s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0t64 s390x 2.9.4-1.1ubuntu6 [17.3 kB] 782s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1build2 [28.4 kB] 782s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1build1 [50.0 kB] 782s Get:20 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0t64 s390x 0.16.1-2build1 [43.4 kB] 782s Get:21 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [192 kB] 782s Get:22 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.4-3ubuntu5 [50.1 kB] 782s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3build1 [7748 B] 782s Get:24 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3build1 [14.8 kB] 782s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3build1 [11.5 kB] 782s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-4ubuntu9 [71.3 kB] 782s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-4ubuntu9 [6231 kB] 783s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient0 s390x 2:4.19.5+dfsg-4ubuntu9 [65.0 kB] 783s Get:29 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2-common s390x 2.6.1-2.2ubuntu3 [6196 B] 783s Get:30 http://ftpmaster.internal/ubuntu noble/universe s390x libsofthsm2 s390x 2.6.1-2.2ubuntu3 [267 kB] 783s Get:31 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2 s390x 2.6.1-2.2ubuntu3 [176 kB] 783s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1.1ubuntu6 [47.1 kB] 783s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1.1ubuntu6 [22.5 kB] 783s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1.1ubuntu6 [33.0 kB] 783s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1.1ubuntu6 [52.3 kB] 783s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1.1ubuntu6 [47.3 kB] 783s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1.1ubuntu6 [31.7 kB] 784s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1.1ubuntu6 [1125 kB] 784s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1.1ubuntu6 [74.8 kB] 784s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1.1ubuntu6 [90.3 kB] 784s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1.1ubuntu6 [133 kB] 784s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1.1ubuntu6 [216 kB] 784s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1.1ubuntu6 [14.4 kB] 784s Get:44 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1.1ubuntu6 [31.0 kB] 784s Get:45 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1.1ubuntu6 [43.9 kB] 784s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1.1ubuntu6 [4116 B] 784s Fetched 10.4 MB in 3s (3200 kB/s) 784s Selecting previously unselected package libevent-2.1-7t64:s390x. 784s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54184 files and directories currently installed.) 784s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_s390x.deb ... 784s Unpacking libevent-2.1-7t64:s390x (2.1.12-stable-9ubuntu2) ... 784s Selecting previously unselected package libunbound8:s390x. 784s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3.1_s390x.deb ... 784s Unpacking libunbound8:s390x (1.19.2-1ubuntu3.1) ... 784s Selecting previously unselected package libgnutls-dane0t64:s390x. 784s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3.1_s390x.deb ... 784s Unpacking libgnutls-dane0t64:s390x (3.8.3-1.1ubuntu3.1) ... 784s Selecting previously unselected package gnutls-bin. 784s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3.1_s390x.deb ... 784s Unpacking gnutls-bin (3.8.3-1.1ubuntu3.1) ... 784s Selecting previously unselected package libavahi-common-data:s390x. 784s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_s390x.deb ... 784s Unpacking libavahi-common-data:s390x (0.8-13ubuntu6) ... 784s Selecting previously unselected package libavahi-common3:s390x. 784s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_s390x.deb ... 784s Unpacking libavahi-common3:s390x (0.8-13ubuntu6) ... 784s Selecting previously unselected package libavahi-client3:s390x. 784s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_s390x.deb ... 784s Unpacking libavahi-client3:s390x (0.8-13ubuntu6) ... 784s Selecting previously unselected package libbasicobjects0t64:s390x. 784s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_s390x.deb ... 784s Unpacking libbasicobjects0t64:s390x (0.6.2-2.1build1) ... 784s Selecting previously unselected package libcares2:s390x. 784s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_s390x.deb ... 784s Unpacking libcares2:s390x (1.27.0-1.0ubuntu1) ... 784s Selecting previously unselected package libcollection4t64:s390x. 784s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_s390x.deb ... 784s Unpacking libcollection4t64:s390x (0.6.2-2.1build1) ... 784s Selecting previously unselected package libcrack2:s390x. 784s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_s390x.deb ... 784s Unpacking libcrack2:s390x (2.9.6-5.1build2) ... 784s Selecting previously unselected package libdhash1t64:s390x. 784s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_s390x.deb ... 784s Unpacking libdhash1t64:s390x (0.6.2-2.1build1) ... 784s Selecting previously unselected package libpath-utils1t64:s390x. 784s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_s390x.deb ... 784s Unpacking libpath-utils1t64:s390x (0.6.2-2.1build1) ... 784s Selecting previously unselected package libref-array1t64:s390x. 784s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_s390x.deb ... 784s Unpacking libref-array1t64:s390x (0.6.2-2.1build1) ... 784s Selecting previously unselected package libini-config5t64:s390x. 784s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_s390x.deb ... 784s Unpacking libini-config5t64:s390x (0.6.2-2.1build1) ... 784s Selecting previously unselected package libipa-hbac0t64. 784s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6_s390x.deb ... 784s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 784s Selecting previously unselected package libtalloc2:s390x. 784s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_s390x.deb ... 784s Unpacking libtalloc2:s390x (2.4.2-1build2) ... 784s Selecting previously unselected package libtdb1:s390x. 784s Preparing to unpack .../17-libtdb1_1.4.10-1build1_s390x.deb ... 784s Unpacking libtdb1:s390x (1.4.10-1build1) ... 784s Selecting previously unselected package libtevent0t64:s390x. 784s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_s390x.deb ... 784s Unpacking libtevent0t64:s390x (0.16.1-2build1) ... 784s Selecting previously unselected package libldb2:s390x. 784s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_s390x.deb ... 784s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 784s Selecting previously unselected package libnfsidmap1:s390x. 784s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-3ubuntu5_s390x.deb ... 784s Unpacking libnfsidmap1:s390x (1:2.6.4-3ubuntu5) ... 784s Selecting previously unselected package libpwquality-common. 784s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 784s Unpacking libpwquality-common (1.4.5-3build1) ... 784s Selecting previously unselected package libpwquality1:s390x. 784s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_s390x.deb ... 784s Unpacking libpwquality1:s390x (1.4.5-3build1) ... 785s Selecting previously unselected package libpam-pwquality:s390x. 785s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_s390x.deb ... 785s Unpacking libpam-pwquality:s390x (1.4.5-3build1) ... 785s Selecting previously unselected package libwbclient0:s390x. 785s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 785s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 785s Selecting previously unselected package samba-libs:s390x. 785s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 785s Unpacking samba-libs:s390x (2:4.19.5+dfsg-4ubuntu9) ... 785s Selecting previously unselected package libsmbclient0:s390x. 785s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 785s Unpacking libsmbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 785s Selecting previously unselected package softhsm2-common. 785s Preparing to unpack .../27-softhsm2-common_2.6.1-2.2ubuntu3_s390x.deb ... 785s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 785s Selecting previously unselected package libsofthsm2. 785s Preparing to unpack .../28-libsofthsm2_2.6.1-2.2ubuntu3_s390x.deb ... 785s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 785s Selecting previously unselected package softhsm2. 785s Preparing to unpack .../29-softhsm2_2.6.1-2.2ubuntu3_s390x.deb ... 785s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 785s Selecting previously unselected package python3-sss. 785s Preparing to unpack .../30-python3-sss_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package libsss-idmap0. 785s Preparing to unpack .../31-libsss-idmap0_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package libnss-sss:s390x. 785s Preparing to unpack .../32-libnss-sss_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking libnss-sss:s390x (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package libpam-sss:s390x. 785s Preparing to unpack .../33-libpam-sss_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking libpam-sss:s390x (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package libsss-certmap0. 785s Preparing to unpack .../34-libsss-certmap0_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package libsss-nss-idmap0. 785s Preparing to unpack .../35-libsss-nss-idmap0_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package sssd-common. 785s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package sssd-ad-common. 785s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package sssd-krb5-common. 785s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package sssd-ad. 785s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package sssd-ipa. 785s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package sssd-krb5. 785s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package sssd-ldap. 785s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package sssd-proxy. 785s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package sssd. 785s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6_s390x.deb ... 785s Unpacking sssd (2.9.4-1.1ubuntu6) ... 785s Selecting previously unselected package autopkgtest-satdep. 785s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 785s Unpacking autopkgtest-satdep (0) ... 785s Setting up libpwquality-common (1.4.5-3build1) ... 785s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 785s 785s Creating config file /etc/softhsm/softhsm2.conf with new version 785s Setting up libnfsidmap1:s390x (1:2.6.4-3ubuntu5) ... 785s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 785s Setting up libbasicobjects0t64:s390x (0.6.2-2.1build1) ... 785s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 785s Setting up libref-array1t64:s390x (0.6.2-2.1build1) ... 785s Setting up libtdb1:s390x (1.4.10-1build1) ... 785s Setting up libcollection4t64:s390x (0.6.2-2.1build1) ... 785s Setting up libevent-2.1-7t64:s390x (2.1.12-stable-9ubuntu2) ... 785s Setting up libwbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 785s Setting up libtalloc2:s390x (2.4.2-1build2) ... 785s Setting up libpath-utils1t64:s390x (0.6.2-2.1build1) ... 785s Setting up libunbound8:s390x (1.19.2-1ubuntu3.1) ... 785s Setting up libgnutls-dane0t64:s390x (3.8.3-1.1ubuntu3.1) ... 785s Setting up libavahi-common-data:s390x (0.8-13ubuntu6) ... 785s Setting up libcares2:s390x (1.27.0-1.0ubuntu1) ... 785s Setting up libdhash1t64:s390x (0.6.2-2.1build1) ... 785s Setting up libcrack2:s390x (2.9.6-5.1build2) ... 785s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 785s Setting up libini-config5t64:s390x (0.6.2-2.1build1) ... 785s Setting up libtevent0t64:s390x (0.16.1-2build1) ... 785s Setting up libnss-sss:s390x (2.9.4-1.1ubuntu6) ... 785s Setting up gnutls-bin (3.8.3-1.1ubuntu3.1) ... 785s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 785s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 785s Setting up libavahi-common3:s390x (0.8-13ubuntu6) ... 785s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 785s Setting up libpwquality1:s390x (1.4.5-3build1) ... 785s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 785s Setting up libavahi-client3:s390x (0.8-13ubuntu6) ... 785s Setting up libpam-pwquality:s390x (1.4.5-3build1) ... 786s Setting up samba-libs:s390x (2:4.19.5+dfsg-4ubuntu9) ... 786s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 786s Setting up libsmbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 786s Setting up libpam-sss:s390x (2.9.4-1.1ubuntu6) ... 786s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 786s Creating SSSD system user & group... 786s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 786s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 786s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 786s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 787s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 787s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 787s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 787s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 787s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 788s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 788s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 788s sssd-autofs.service is a disabled or a static unit, not starting it. 788s sssd-nss.service is a disabled or a static unit, not starting it. 788s sssd-pam.service is a disabled or a static unit, not starting it. 788s sssd-ssh.service is a disabled or a static unit, not starting it. 788s sssd-sudo.service is a disabled or a static unit, not starting it. 788s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 788s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 788s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 789s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 789s sssd-pac.service is a disabled or a static unit, not starting it. 789s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 789s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 789s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 789s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 789s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 789s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 789s Setting up sssd (2.9.4-1.1ubuntu6) ... 789s Setting up autopkgtest-satdep (0) ... 789s Processing triggers for man-db (2.12.0-4build2) ... 790s Processing triggers for libc-bin (2.39-0ubuntu8.2) ... 794s (Reading database ... 54780 files and directories currently installed.) 794s Removing autopkgtest-satdep (0) ... 841s autopkgtest [16:16:37]: test sssd-softhism2-certificates-tests.sh: [----------------------- 848s + '[' -z ubuntu ']' 848s + required_tools=(p11tool openssl softhsm2-util) 848s + for cmd in "${required_tools[@]}" 848s + command -v p11tool 848s + for cmd in "${required_tools[@]}" 848s + command -v openssl 848s + for cmd in "${required_tools[@]}" 848s + command -v softhsm2-util 848s + PIN=053350 848s +++ find /usr/lib/softhsm/libsofthsm2.so 848s +++ head -n 1 848s ++ realpath /usr/lib/softhsm/libsofthsm2.so 848s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 848s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 848s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 848s + '[' '!' -v NO_SSSD_TESTS ']' 848s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 848s + ca_db_arg=ca_db 848s ++ /usr/libexec/sssd/p11_child --help 848s + p11_child_help='Usage: p11_child [OPTION...] 848s -d, --debug-level=INT Debug level 848s --debug-timestamps=INT Add debug timestamps 848s --debug-microseconds=INT Show timestamps with microseconds 848s --dumpable=INT Allow core dumps 848s --debug-fd=INT An open file descriptor for the debug 848s logs 848s --logger=stderr|files|journald Set logger 848s --auth Run in auth mode 848s --pre Run in pre-auth mode 848s --wait_for_card Wait until card is available 848s --verification Run in verification mode 848s --pin Expect PIN on stdin 848s --keypad Expect PIN on keypad 848s --verify=STRING Tune validation 848s --ca_db=STRING CA DB to use 848s --module_name=STRING Module name for authentication 848s --token_name=STRING Token name for authentication 848s --key_id=STRING Key ID for authentication 848s --label=STRING Label for authentication 848s --certificate=STRING certificate to verify, base64 encoded 848s --uri=STRING PKCS#11 URI to restrict selection 848s --chain-id=LONG Tevent chain ID used for logging 848s purposes 848s 848s Help options: 848s -?, --help Show this help message 848s --usage Display brief usage message' 848s + echo 'Usage: p11_child [OPTION...] 848s -d, --debug-level=INT Debug level 848s --debug-timestamps=INT Add debug timestamps 848s --debug-microseconds=INT Show timestamps with microseconds 848s --dumpable=INT Allow core dumps 848s --debug-fd=INT An open file descriptor for the debug 848s logs 848s --logger=stderr|files|journald Set logger 848s --auth Run in auth mode 848s --pre Run in pre-auth mode 848s --wait_for_card Wait until card is available 848s --verification Run in verification mode 848s --pin Expect PIN on stdin 848s --keypad Expect PIN on keypad 848s --verify=STRING Tune validation 848s --ca_db=STRING CA DB to use 848s --module_name=STRING Module name for authentication 848s --token_name=STRING Token name for authentication 848s --key_id=STRING Key ID for authentication 848s --label=STRING Label for authentication 848s --certificate=STRING certificate to verify, base64 encoded 848s --uri=STRING PKCS#11 URI to restrict selection 848s --chain-id=LONG Tevent chain ID used for logging 848s purposes 848s 848s Help options: 848s -?, --help Show this help message 848s --usage Display brief usage message' 848s + grep nssdb -qs 848s + echo 'Usage: p11_child [OPTION...] 848s -d, --debug-level=INT Debug level 848s --debug-timestamps=INT Add debug timestamps 848s --debug-microseconds=INT Show timestamps with microseconds 848s --dumpable=INT Allow core dumps 848s --debug-fd=INT An open file descriptor for the debug 848s logs 848s --logger=stderr|files|journald Set logger 848s --auth Run in auth mode 848s --pre Run in pre-auth mode 848s --wait_for_card Wait until card is available 848s --verification Run in verification mode 848s --pin Expect PIN on stdin 848s --keypad Expect PIN on keypad 848s --verify=STRING Tune validation 848s --ca_db=STRING CA DB to use 848s --module_name=STRING Module name for authentication 848s --token_name=STRING Token name for authentication 848s --key_id=STRING Key ID for authentication 848s --label=STRING Label for authentication 848s --certificate=STRING certificate to verify, base64 encoded 848s --uri=STRING PKCS#11 URI to restrict selection 848s --chain-id=LONG Tevent chain ID used for logging 848s purposes 848s 848s Help options: 848s -?, --help Show this help message 848s --usage Display brief usage message' 848s + grep -qs -- --ca_db 848s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 848s ++ mktemp -d -t sssd-softhsm2-XXXXXX 848s + tmpdir=/tmp/sssd-softhsm2-dYMyqF 848s + keys_size=1024 848s + [[ ! -v KEEP_TEMPORARY_FILES ]] 848s + trap 'rm -rf "$tmpdir"' EXIT 848s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 848s + echo -n 01 848s + touch /tmp/sssd-softhsm2-dYMyqF/index.txt 848s + mkdir -p /tmp/sssd-softhsm2-dYMyqF/new_certs 848s + cat 848s + root_ca_key_pass=pass:random-root-CA-password-13001 848s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-dYMyqF/test-root-CA-key.pem -passout pass:random-root-CA-password-13001 1024 848s + openssl req -passin pass:random-root-CA-password-13001 -batch -config /tmp/sssd-softhsm2-dYMyqF/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-dYMyqF/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 848s + openssl x509 -noout -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 848s + cat 848s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-21749 848s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-21749 1024 848s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-21749 -config /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.config -key /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-13001 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-certificate-request.pem 848s + openssl req -text -noout -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-certificate-request.pem 848s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-dYMyqF/test-root-CA.config -passin pass:random-root-CA-password-13001 -keyfile /tmp/sssd-softhsm2-dYMyqF/test-root-CA-key.pem -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 848s Certificate Request: 848s Data: 848s Version: 1 (0x0) 848s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 848s Subject Public Key Info: 848s Public Key Algorithm: rsaEncryption 848s Public-Key: (1024 bit) 848s Modulus: 848s 00:af:64:10:65:2f:cb:07:73:60:a2:84:c1:30:16: 848s 91:55:e6:de:3d:18:27:15:ae:e6:ad:1a:27:8f:67: 848s b5:e9:14:a1:15:fe:4e:42:b3:74:26:c1:9b:dc:be: 848s 96:f1:de:53:de:6a:d7:19:07:d4:c9:ac:c5:d8:79: 848s 3b:74:01:47:fe:4a:65:67:6d:91:8b:e3:0b:3d:ba: 848s d5:19:f7:a9:a6:09:b1:36:09:bc:c5:f3:c3:8d:0a: 848s eb:a2:cf:93:e0:39:2e:2b:7b:3e:80:98:18:a0:ef: 848s 58:6b:13:4c:81:f8:3e:70:2c:dc:6b:f0:43:20:a0: 848s 99:f1:a6:82:6d:05:5f:db:97 848s Exponent: 65537 (0x10001) 848s Attributes: 848s (none) 848s Requested Extensions: 848s Signature Algorithm: sha256WithRSAEncryption 848s Signature Value: 848s 38:70:0c:4c:fd:c5:a2:45:a8:07:e3:ef:ec:61:ab:b0:c2:9a: 848s fa:22:29:6c:9a:8d:c5:4b:83:76:19:ca:66:73:36:51:f0:e8: 848s 13:6f:a7:1c:0a:78:f1:95:7e:35:d3:0c:58:e9:ff:6a:68:f3: 848s 1a:13:97:2f:33:38:66:51:4b:b8:a7:cb:2e:4e:b4:7d:8c:f3: 848s e9:21:a7:ba:66:37:5f:0b:db:14:2c:59:15:97:d0:c1:7e:76: 848s de:db:2a:f6:56:77:ef:b8:ef:55:ae:99:a8:20:39:6f:7c:a2: 848s 51:87:b5:bd:dc:a9:03:4f:e8:75:9b:8a:2d:3a:05:c5:13:88: 848s ea:f4 848s Using configuration from /tmp/sssd-softhsm2-dYMyqF/test-root-CA.config 848s Check that the request matches the signature 848s Signature ok 848s Certificate Details: 848s Serial Number: 1 (0x1) 848s Validity 848s Not Before: Jun 14 16:16:44 2024 GMT 848s Not After : Jun 14 16:16:44 2025 GMT 848s Subject: 848s organizationName = Test Organization 848s organizationalUnitName = Test Organization Unit 848s commonName = Test Organization Intermediate CA 848s X509v3 extensions: 848s X509v3 Subject Key Identifier: 848s FC:20:02:B1:78:A5:A4:93:3E:D4:AA:8B:FC:CD:91:75:20:9E:46:15 848s X509v3 Authority Key Identifier: 848s keyid:91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 848s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 848s serial:00 848s X509v3 Basic Constraints: 848s CA:TRUE 848s X509v3 Key Usage: critical 848s Digital Signature, Certificate Sign, CRL Sign 848s Certificate is to be certified until Jun 14 16:16:44 2025 GMT (365 days) 848s 848s Write out database with 1 new entries 848s Database updated 848s + openssl x509 -noout -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 848s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 848s + cat 848s /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem: OK 848s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-13461 848s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-13461 1024 848s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-13461 -config /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-21749 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-certificate-request.pem 848s + openssl req -text -noout -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-certificate-request.pem 848s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-21749 -keyfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 848s Certificate Request: 848s Data: 848s Version: 1 (0x0) 848s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 848s Subject Public Key Info: 848s Public Key Algorithm: rsaEncryption 848s Public-Key: (1024 bit) 848s Modulus: 848s 00:d9:fc:1b:14:d3:fd:c4:4e:96:2a:d0:ea:ca:32: 848s 0d:fc:93:70:58:e7:f7:85:2a:b6:ee:e2:a5:5b:c5: 848s 27:e2:0f:80:2b:2b:5d:a1:71:f1:96:e1:7c:d1:b2: 848s 1c:1b:d0:08:3d:cf:ea:1a:1a:c4:83:75:f0:a1:64: 848s 17:ac:b4:d5:36:89:d8:28:7c:8b:4f:b8:95:8b:6f: 848s b5:c7:b4:93:cb:36:60:40:a5:58:92:9d:90:37:f7: 848s a2:b9:9b:c6:84:aa:31:cf:8f:a4:c8:4e:23:9f:9c: 848s 89:57:83:93:f8:e0:1c:73:36:ec:3e:dd:7d:62:84: 848s 5f:ae:57:d2:b6:26:f6:0b:d9 848s Exponent: 65537 (0x10001) 848s Attributes: 848s (none) 848s Requested Extensions: 848s Signature Algorithm: sha256WithRSAEncryption 848s Signature Value: 848s 67:f1:49:fb:40:48:7e:47:60:09:05:c6:2f:ff:fc:57:c0:c1: 848s 62:1c:dd:f1:3a:72:ce:70:8b:49:3b:ef:bf:92:b7:d8:48:4b: 848s 23:87:88:39:c4:60:60:c4:c9:69:e6:88:1d:9f:8d:59:21:eb: 848s ce:96:d4:96:0c:f7:6a:50:15:32:40:92:69:ad:34:ad:b1:de: 848s 8f:1c:38:16:21:e2:0f:4f:ac:aa:b3:25:21:6b:d2:e6:dd:9e: 848s 40:cf:35:35:90:32:fd:c3:1e:9d:9e:69:10:37:14:92:e2:fc: 848s 6c:d4:c6:7d:b5:ac:f7:4e:2f:1a:f2:3a:bf:7e:73:81:ae:e7: 848s 19:a2 848s Using configuration from /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.config 848s Check that the request matches the signature 848s Signature ok 848s Certificate Details: 848s Serial Number: 2 (0x2) 848s Validity 848s Not Before: Jun 14 16:16:44 2024 GMT 848s Not After : Jun 14 16:16:44 2025 GMT 848s Subject: 848s organizationName = Test Organization 848s organizationalUnitName = Test Organization Unit 848s commonName = Test Organization Sub Intermediate CA 848s X509v3 extensions: 848s X509v3 Subject Key Identifier: 848s F7:F9:57:16:8D:87:57:B2:80:99:DD:86:73:F4:76:A2:13:3E:33:96 848s X509v3 Authority Key Identifier: 848s keyid:FC:20:02:B1:78:A5:A4:93:3E:D4:AA:8B:FC:CD:91:75:20:9E:46:15 848s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 848s serial:01 848s X509v3 Basic Constraints: 848s CA:TRUE 848s X509v3 Key Usage: critical 848s Digital Signature, Certificate Sign, CRL Sign 848s Certificate is to be certified until Jun 14 16:16:44 2025 GMT (365 days) 848s 848s Write out database with 1 new entries 848s Database updated 848s + openssl x509 -noout -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 848s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 848s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 848s + local cmd=openssl 848s + shift 848s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 848s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 848s error 20 at 0 depth lookup: unable to get local issuer certificate 848s error /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem: verification failed 848s + cat 848s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-24129 848s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-24129 1024 848s /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem: OK 848s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-24129 -key /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001-request.pem 848s + openssl req -text -noout -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001-request.pem 848s Certificate Request: 848s Data: 848s Version: 1 (0x0) 848s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 848s Subject Public Key Info: 848s Public Key Algorithm: rsaEncryption 848s Public-Key: (1024 bit) 848s Modulus: 848s 00:cd:dd:b9:5f:6d:3b:a8:32:9c:3c:47:8a:42:66: 848s b1:57:2d:27:40:5b:4b:31:bc:2f:bf:94:33:36:47: 848s 79:3c:cb:5c:64:1b:d9:08:7e:cc:9b:89:56:1c:06: 848s 6f:5a:5c:0f:e9:55:9c:ae:b0:6d:23:4b:1b:cf:d0: 848s fb:76:37:78:3b:34:0d:8c:57:2e:26:34:b8:08:db: 848s 72:e5:8b:4d:34:56:93:a2:80:32:ab:91:7c:16:5d: 848s d7:e7:77:cb:98:9b:33:4b:4d:18:4c:83:97:25:d7: 848s 49:bb:4e:ba:66:32:64:22:fa:2b:86:1a:50:c8:07: 848s e7:e3:25:98:9b:42:9e:75:5b 848s Exponent: 65537 (0x10001) 848s Attributes: 848s Requested Extensions: 848s X509v3 Basic Constraints: 848s CA:FALSE 848s Netscape Cert Type: 848s SSL Client, S/MIME 848s Netscape Comment: 848s Test Organization Root CA trusted Certificate 848s X509v3 Subject Key Identifier: 848s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 848s X509v3 Key Usage: critical 848s Digital Signature, Non Repudiation, Key Encipherment 848s X509v3 Extended Key Usage: 848s TLS Web Client Authentication, E-mail Protection 848s X509v3 Subject Alternative Name: 848s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 848s Signature Algorithm: sha256WithRSAEncryption 848s Signature Value: 848s 31:c4:ef:72:2d:36:64:bc:06:2d:4d:0e:5c:ac:19:08:de:83: 848s 80:1f:e4:aa:12:44:5a:eb:26:59:e5:63:c3:99:13:39:c6:b3: 848s 8d:df:26:dd:88:a0:fe:dc:03:aa:51:cd:a0:3a:fb:e7:7c:a9: 848s 82:64:aa:31:eb:80:4b:d0:bb:20:38:b7:e1:d5:99:02:0f:64: 848s ce:2d:48:3c:4e:0c:18:95:11:73:df:64:a1:99:80:d6:09:53: 848s f2:e0:8b:3c:94:88:f9:66:90:c8:69:a6:bb:3f:0e:2b:a4:bf: 848s f1:f8:8f:b5:46:93:69:56:2f:fc:f8:16:86:a6:c8:24:85:8e: 848s f3:b9 848s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-dYMyqF/test-root-CA.config -passin pass:random-root-CA-password-13001 -keyfile /tmp/sssd-softhsm2-dYMyqF/test-root-CA-key.pem -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 848s Using configuration from /tmp/sssd-softhsm2-dYMyqF/test-root-CA.config 848s Check that the request matches the signature 848s Signature ok 848s Certificate Details: 848s Serial Number: 3 (0x3) 848s Validity 848s Not Before: Jun 14 16:16:44 2024 GMT 848s Not After : Jun 14 16:16:44 2025 GMT 848s Subject: 848s organizationName = Test Organization 848s organizationalUnitName = Test Organization Unit 848s commonName = Test Organization Root Trusted Certificate 0001 848s X509v3 extensions: 848s X509v3 Authority Key Identifier: 848s 91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 848s X509v3 Basic Constraints: 848s CA:FALSE 848s Netscape Cert Type: 848s SSL Client, S/MIME 848s Netscape Comment: 848s Test Organization Root CA trusted Certificate 848s X509v3 Subject Key Identifier: 848s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 848s X509v3 Key Usage: critical 848s Digital Signature, Non Repudiation, Key Encipherment 848s X509v3 Extended Key Usage: 848s TLS Web Client Authentication, E-mail Protection 848s X509v3 Subject Alternative Name: 848s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 848s Certificate is to be certified until Jun 14 16:16:44 2025 GMT (365 days) 848s 848s Write out database with 1 new entries 848s Database updated 848s + openssl x509 -noout -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 848s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 848s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 848s + local cmd=openssl 848s + shift 848s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 848s /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem: OK 848s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 848s error 20 at 0 depth lookup: unable to get local issuer certificate 848s error /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem: verification failed 848s + cat 848s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 848s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-6689 1024 848s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-6689 -key /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001-request.pem 848s + openssl req -text -noout -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001-request.pem 848s + openssl ca -passin pass:random-intermediate-CA-password-21749 -config /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 848s Certificate Request: 848s Data: 848s Version: 1 (0x0) 848s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 848s Subject Public Key Info: 848s Public Key Algorithm: rsaEncryption 848s Public-Key: (1024 bit) 848s Modulus: 848s 00:cd:fc:1f:38:f9:fb:8b:56:4a:8c:cc:7e:fa:44: 848s 67:28:06:ba:88:62:c0:41:e2:40:7a:81:31:c6:bd: 848s 4c:e4:d2:c6:6c:e4:85:81:56:5f:18:ca:73:a2:bd: 848s 45:c4:07:bb:4a:a9:6c:ec:f7:ab:03:6e:c1:d6:ef: 848s 9f:3c:2c:c4:61:75:57:bf:b9:2e:1c:4b:d4:a3:23: 848s 74:45:3c:ec:62:6e:11:6f:31:58:f0:a4:e1:27:e9: 848s 9d:a3:23:3f:e5:ae:d7:b2:8b:9e:f3:df:e9:b5:84: 848s 99:9d:7e:80:81:5a:f3:e8:58:f5:2f:1c:3e:dd:67: 848s b2:82:d0:65:dc:f3:0d:d0:8f 848s Exponent: 65537 (0x10001) 848s Attributes: 848s Requested Extensions: 848s X509v3 Basic Constraints: 848s CA:FALSE 848s Netscape Cert Type: 848s SSL Client, S/MIME 848s Netscape Comment: 848s Test Organization Intermediate CA trusted Certificate 848s X509v3 Subject Key Identifier: 848s 4B:20:47:C4:70:38:76:3C:DC:9E:C0:FB:07:E5:D7:F2:6F:6B:D8:BA 848s X509v3 Key Usage: critical 848s Digital Signature, Non Repudiation, Key Encipherment 848s X509v3 Extended Key Usage: 848s TLS Web Client Authentication, E-mail Protection 848s X509v3 Subject Alternative Name: 848s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 848s Signature Algorithm: sha256WithRSAEncryption 848s Signature Value: 848s 1b:64:40:51:25:57:01:0e:3c:19:5d:28:8e:40:99:12:95:a7: 848s c5:d3:53:ef:09:69:62:46:71:93:c5:95:f7:4d:9f:9a:68:f5: 848s 49:76:90:ee:87:61:d3:c7:80:b9:79:1f:c5:4d:b4:b3:51:8a: 848s 2a:4c:38:d3:4b:f5:25:3a:1f:c1:2b:4f:1c:98:dd:e2:e4:61: 848s b3:ba:b7:e4:30:ac:d5:a0:0c:7b:93:0b:81:d1:60:96:21:dd: 848s 35:67:a9:5f:c0:9c:53:3b:81:04:02:61:8c:3d:ef:7d:32:26: 848s 47:bb:58:eb:e3:45:df:f1:8b:73:1b:6f:34:f1:43:96:a5:ec: 848s a7:5e 848s Using configuration from /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.config 848s Check that the request matches the signature 848s Signature ok 848s Certificate Details: 848s Serial Number: 4 (0x4) 848s Validity 848s Not Before: Jun 14 16:16:44 2024 GMT 848s Not After : Jun 14 16:16:44 2025 GMT 848s Subject: 848s organizationName = Test Organization 848s organizationalUnitName = Test Organization Unit 848s commonName = Test Organization Intermediate Trusted Certificate 0001 848s X509v3 extensions: 848s X509v3 Authority Key Identifier: 848s FC:20:02:B1:78:A5:A4:93:3E:D4:AA:8B:FC:CD:91:75:20:9E:46:15 848s X509v3 Basic Constraints: 848s CA:FALSE 848s Netscape Cert Type: 848s SSL Client, S/MIME 848s Netscape Comment: 848s Test Organization Intermediate CA trusted Certificate 848s X509v3 Subject Key Identifier: 848s 4B:20:47:C4:70:38:76:3C:DC:9E:C0:FB:07:E5:D7:F2:6F:6B:D8:BA 848s X509v3 Key Usage: critical 848s Digital Signature, Non Repudiation, Key Encipherment 848s X509v3 Extended Key Usage: 848s TLS Web Client Authentication, E-mail Protection 848s X509v3 Subject Alternative Name: 848s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 848s Certificate is to be certified until Jun 14 16:16:44 2025 GMT (365 days) 848s 848s Write out database with 1 new entries 848s Database updated 848s + openssl x509 -noout -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 848s + echo 'This certificate should not be trusted fully' 848s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 848s This certificate should not be trusted fully 848s + local cmd=openssl 848s + shift 848s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 849s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 849s error 2 at 1 depth lookup: unable to get issuer certificate 849s error /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 849s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 849s /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem: OK 849s + cat 849s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 849s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-22597 1024 849s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-22597 -key /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 849s + openssl req -text -noout -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 849s + openssl ca -passin pass:random-sub-intermediate-CA-password-13461 -config /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 849s Certificate Request: 849s Data: 849s Version: 1 (0x0) 849s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 849s Subject Public Key Info: 849s Public Key Algorithm: rsaEncryption 849s Public-Key: (1024 bit) 849s Modulus: 849s 00:f3:68:f0:59:09:31:41:4f:3c:7d:ac:7b:67:a2: 849s 4e:0c:4b:f4:25:4d:f5:08:30:18:74:3d:e1:55:7b: 849s a5:c8:39:6d:5b:4b:29:da:24:18:0e:ef:37:a2:d4: 849s d1:29:f1:f4:68:41:f8:55:b1:0a:ca:9f:1b:34:e3: 849s 52:90:44:83:5c:d3:a9:68:cc:2e:a7:5a:d2:4f:ec: 849s 9d:6f:d6:13:a5:c6:00:07:14:9e:bb:c6:d2:67:c3: 849s 31:18:5c:cc:7c:f4:a5:56:6e:71:a6:69:ab:53:3d: 849s fd:73:16:55:c0:1f:0f:17:50:b7:26:68:45:b7:fe: 849s 02:34:36:02:27:c9:67:e1:d1 849s Exponent: 65537 (0x10001) 849s Attributes: 849s Requested Extensions: 849s X509v3 Basic Constraints: 849s CA:FALSE 849s Netscape Cert Type: 849s SSL Client, S/MIME 849s Netscape Comment: 849s Test Organization Sub Intermediate CA trusted Certificate 849s X509v3 Subject Key Identifier: 849s 9B:F5:F6:58:0C:98:08:26:95:2B:AF:38:DE:5B:EB:6E:C0:2E:17:4E 849s X509v3 Key Usage: critical 849s Digital Signature, Non Repudiation, Key Encipherment 849s X509v3 Extended Key Usage: 849s TLS Web Client Authentication, E-mail Protection 849s X509v3 Subject Alternative Name: 849s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 849s Signature Algorithm: sha256WithRSAEncryption 849s Signature Value: 849s 64:d1:af:63:2f:f1:24:15:d7:60:dc:b3:ee:b7:5b:99:38:40: 849s d7:84:c1:40:71:a1:13:7d:e5:ad:77:e8:d3:f7:81:b5:7e:d3: 849s 13:1e:60:18:27:c5:be:9e:ae:29:e6:6a:4c:8d:ed:41:65:b0: 849s 48:5c:c9:2c:69:a8:4d:22:34:29:b9:36:d6:da:0e:45:8a:43: 849s 88:44:34:fd:e7:6a:34:13:85:1c:79:d6:1f:4e:ac:06:61:f3: 849s a8:67:ff:90:e9:78:84:56:b1:b3:67:af:2e:bd:0e:d2:d7:74: 849s 2f:8c:6c:7a:91:93:59:f4:b8:8b:60:8c:f6:f5:ce:92:39:e5: 849s 17:6f 849s Using configuration from /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.config 849s Check that the request matches the signature 849s Signature ok 849s Certificate Details: 849s Serial Number: 5 (0x5) 849s Validity 849s Not Before: Jun 14 16:16:45 2024 GMT 849s Not After : Jun 14 16:16:45 2025 GMT 849s Subject: 849s organizationName = Test Organization 849s organizationalUnitName = Test Organization Unit 849s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 849s X509v3 extensions: 849s X509v3 Authority Key Identifier: 849s F7:F9:57:16:8D:87:57:B2:80:99:DD:86:73:F4:76:A2:13:3E:33:96 849s X509v3 Basic Constraints: 849s CA:FALSE 849s Netscape Cert Type: 849s SSL Client, S/MIME 849s Netscape Comment: 849s Test Organization Sub Intermediate CA trusted Certificate 849s X509v3 Subject Key Identifier: 849s 9B:F5:F6:58:0C:98:08:26:95:2B:AF:38:DE:5B:EB:6E:C0:2E:17:4E 849s X509v3 Key Usage: critical 849s Digital Signature, Non Repudiation, Key Encipherment 849s X509v3 Extended Key Usage: 849s TLS Web Client Authentication, E-mail Protection 849s X509v3 Subject Alternative Name: 849s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 849s Certificate is to be certified until Jun 14 16:16:45 2025 GMT (365 days) 849s 849s Write out database with 1 new entries 849s Database updated 849s + openssl x509 -noout -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 849s This certificate should not be trusted fully 849s + echo 'This certificate should not be trusted fully' 849s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 849s + local cmd=openssl 849s + shift 849s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 849s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 849s error 2 at 1 depth lookup: unable to get issuer certificate 849s error /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 849s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 849s + local cmd=openssl 849s + shift 849s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 849s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 849s error 20 at 0 depth lookup: unable to get local issuer certificate 849s error /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 849s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 849s /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 849s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 849s + local cmd=openssl 849s + shift 849s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 849s Building a the full-chain CA file... 849s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 849s error 20 at 0 depth lookup: unable to get local issuer certificate 849s error /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 849s + echo 'Building a the full-chain CA file...' 849s + cat /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 849s + cat /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 849s + cat /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 849s + openssl pkcs7 -print_certs -noout 849s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 849s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 849s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 849s 849s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 849s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 849s 849s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 849s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 849s 849s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 849s /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem: OK 849s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem: OK 849s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 849s /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem: OK 849s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-root-intermediate-chain-CA.pem 849s /tmp/sssd-softhsm2-dYMyqF/test-root-intermediate-chain-CA.pem: OK 849s + openssl verify -CAfile /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 849s /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 849s Certificates generation completed! 849s + echo 'Certificates generation completed!' 849s + [[ -v NO_SSSD_TESTS ]] 849s + invalid_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /dev/null 849s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /dev/null 849s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 849s + local key_ring=/dev/null 849s + local verify_option= 849s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 849s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 849s + local key_cn 849s + local key_name 849s + local tokens_dir 849s + local output_cert_file 849s + token_name= 849s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem .pem 849s + key_name=test-root-CA-trusted-certificate-0001 849s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s ++ sed -n 's/ *commonName *= //p' 849s + key_cn='Test Organization Root Trusted Certificate 0001' 849s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 849s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 849s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 849s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 849s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 849s + token_name='Test Organization Root Tr Token' 849s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 849s + local key_file 849s + local decrypted_key 849s + mkdir -p /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 849s + key_file=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001-key.pem 849s + decrypted_key=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001-key-decrypted.pem 849s + cat 849s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 849s Slot 0 has a free/uninitialized token. 849s The token has been initialized and is reassigned to slot 574212497 849s + softhsm2-util --show-slots 849s Available slots: 849s Slot 574212497 849s Slot info: 849s Description: SoftHSM slot ID 0x2239c991 849s Manufacturer ID: SoftHSM project 849s Hardware version: 2.6 849s Firmware version: 2.6 849s Token present: yes 849s Token info: 849s Manufacturer ID: SoftHSM project 849s Model: SoftHSM v2 849s Hardware version: 2.6 849s Firmware version: 2.6 849s Serial number: 9f67f7e9a239c991 849s Initialized: yes 849s User PIN init.: yes 849s Label: Test Organization Root Tr Token 849s Slot 1 849s Slot info: 849s Description: SoftHSM slot ID 0x1 849s Manufacturer ID: SoftHSM project 849s Hardware version: 2.6 849s Firmware version: 2.6 849s Token present: yes 849s Token info: 849s Manufacturer ID: SoftHSM project 849s Model: SoftHSM v2 849s Hardware version: 2.6 849s Firmware version: 2.6 849s Serial number: 849s Initialized: no 849s User PIN init.: no 849s Label: 849s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 849s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-24129 -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001-key-decrypted.pem 849s writing RSA key 849s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 849s + rm /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001-key-decrypted.pem 849s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 849s + echo 'Test Organization Root Tr Token' 849s + '[' -n '' ']' 849s + local output_base_name=SSSD-child-12436 849s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-12436.output 849s Object 0: 849s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9f67f7e9a239c991;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 849s Type: X.509 Certificate (RSA-1024) 849s Expires: Sat Jun 14 16:16:44 2025 849s Label: Test Organization Root Trusted Certificate 0001 849s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 849s 849s Test Organization Root Tr Token 849s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-12436.pem 849s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 849s [p11_child[3177]] [main] (0x0400): p11_child started. 849s [p11_child[3177]] [main] (0x2000): Running in [pre-auth] mode. 849s [p11_child[3177]] [main] (0x2000): Running with effective IDs: [0][0]. 849s [p11_child[3177]] [main] (0x2000): Running with real IDs [0][0]. 849s [p11_child[3177]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 849s [p11_child[3177]] [do_work] (0x0040): init_verification failed. 849s [p11_child[3177]] [main] (0x0020): p11_child failed (5) 849s + return 2 849s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /dev/null no_verification 849s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /dev/null no_verification 849s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 849s + local key_ring=/dev/null 849s + local verify_option=no_verification 849s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 849s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 849s + local key_cn 849s + local key_name 849s + local tokens_dir 849s + local output_cert_file 849s + token_name= 849s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem .pem 849s + key_name=test-root-CA-trusted-certificate-0001 849s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s ++ sed -n 's/ *commonName *= //p' 849s + key_cn='Test Organization Root Trusted Certificate 0001' 849s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 849s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 849s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 849s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 849s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 849s + token_name='Test Organization Root Tr Token' 849s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 849s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 849s + echo 'Test Organization Root Tr Token' 849s + '[' -n no_verification ']' 849s + local verify_arg=--verify=no_verification 849s Test Organization Root Tr Token 849s + local output_base_name=SSSD-child-10732 849s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732.output 849s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732.pem 849s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 849s [p11_child[3183]] [main] (0x0400): p11_child started. 849s [p11_child[3183]] [main] (0x2000): Running in [pre-auth] mode. 849s [p11_child[3183]] [main] (0x2000): Running with effective IDs: [0][0]. 849s [p11_child[3183]] [main] (0x2000): Running with real IDs [0][0]. 849s [p11_child[3183]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 849s [p11_child[3183]] [do_card] (0x4000): Module List: 849s [p11_child[3183]] [do_card] (0x4000): common name: [softhsm2]. 849s [p11_child[3183]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3183]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 849s [p11_child[3183]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 849s [p11_child[3183]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3183]] [do_card] (0x4000): Login NOT required. 849s [p11_child[3183]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 849s [p11_child[3183]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 849s [p11_child[3183]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2239c991;slot-manufacturer=SoftHSM%20project;slot-id=574212497;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9f67f7e9a239c991;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 849s [p11_child[3183]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 849s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732.output 849s + echo '-----BEGIN CERTIFICATE-----' 849s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732.output 849s + echo '-----END CERTIFICATE-----' 849s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732.pem 849s + local found_md5 expected_md5 849s Certificate: 849s Data: 849s Version: 3 (0x2) 849s Serial Number: 3 (0x3) 849s Signature Algorithm: sha256WithRSAEncryption 849s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 849s Validity 849s Not Before: Jun 14 16:16:44 2024 GMT 849s Not After : Jun 14 16:16:44 2025 GMT 849s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 849s Subject Public Key Info: 849s Public Key Algorithm: rsaEncryption 849s Public-Key: (1024 bit) 849s Modulus: 849s 00:cd:dd:b9:5f:6d:3b:a8:32:9c:3c:47:8a:42:66: 849s b1:57:2d:27:40:5b:4b:31:bc:2f:bf:94:33:36:47: 849s 79:3c:cb:5c:64:1b:d9:08:7e:cc:9b:89:56:1c:06: 849s 6f:5a:5c:0f:e9:55:9c:ae:b0:6d:23:4b:1b:cf:d0: 849s fb:76:37:78:3b:34:0d:8c:57:2e:26:34:b8:08:db: 849s 72:e5:8b:4d:34:56:93:a2:80:32:ab:91:7c:16:5d: 849s d7:e7:77:cb:98:9b:33:4b:4d:18:4c:83:97:25:d7: 849s 49:bb:4e:ba:66:32:64:22:fa:2b:86:1a:50:c8:07: 849s e7:e3:25:98:9b:42:9e:75:5b 849s Exponent: 65537 (0x10001) 849s X509v3 extensions: 849s X509v3 Authority Key Identifier: 849s 91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 849s X509v3 Basic Constraints: 849s CA:FALSE 849s Netscape Cert Type: 849s SSL Client, S/MIME 849s Netscape Comment: 849s Test Organization Root CA trusted Certificate 849s X509v3 Subject Key Identifier: 849s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 849s X509v3 Key Usage: critical 849s Digital Signature, Non Repudiation, Key Encipherment 849s X509v3 Extended Key Usage: 849s TLS Web Client Authentication, E-mail Protection 849s X509v3 Subject Alternative Name: 849s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 849s Signature Algorithm: sha256WithRSAEncryption 849s Signature Value: 849s 6b:7c:3e:68:5e:72:70:48:22:0e:fa:05:63:0a:59:9f:0c:95: 849s ae:16:e2:4c:d8:43:e0:85:f9:49:d8:97:dc:dd:1c:34:58:1e: 849s 5e:41:b7:c2:01:8f:32:33:d3:44:d4:0a:8c:f5:ca:28:cc:74: 849s 4f:96:43:e5:eb:2c:e0:81:80:df:09:16:94:62:e5:bb:e0:a2: 849s 99:3a:bd:fd:ad:57:50:61:db:10:8c:d8:a0:13:49:21:cb:4c: 849s 87:cd:0e:4b:30:3f:21:9b:7d:17:2a:bf:a2:7e:73:68:93:fd: 849s ad:73:f4:43:a8:db:19:0e:c6:04:17:90:63:41:dd:c0:6f:aa: 849s 1e:b2 849s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s + expected_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 849s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732.pem 849s + found_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 849s + '[' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B '!=' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B ']' 849s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732-auth.output 849s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732-auth.output .output 849s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732-auth.pem 849s + echo -n 053350 849s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 849s [p11_child[3191]] [main] (0x0400): p11_child started. 849s [p11_child[3191]] [main] (0x2000): Running in [auth] mode. 849s [p11_child[3191]] [main] (0x2000): Running with effective IDs: [0][0]. 849s [p11_child[3191]] [main] (0x2000): Running with real IDs [0][0]. 849s [p11_child[3191]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 849s [p11_child[3191]] [do_card] (0x4000): Module List: 849s [p11_child[3191]] [do_card] (0x4000): common name: [softhsm2]. 849s [p11_child[3191]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3191]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 849s [p11_child[3191]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 849s [p11_child[3191]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3191]] [do_card] (0x4000): Login required. 849s [p11_child[3191]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 849s [p11_child[3191]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 849s [p11_child[3191]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2239c991;slot-manufacturer=SoftHSM%20project;slot-id=574212497;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9f67f7e9a239c991;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 849s [p11_child[3191]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 849s [p11_child[3191]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 849s [p11_child[3191]] [do_card] (0x4000): Certificate verified and validated. 849s [p11_child[3191]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 849s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732-auth.output 849s + echo '-----BEGIN CERTIFICATE-----' 849s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732-auth.output 849s + echo '-----END CERTIFICATE-----' 849s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732-auth.pem 849s Certificate: 849s Data: 849s Version: 3 (0x2) 849s Serial Number: 3 (0x3) 849s Signature Algorithm: sha256WithRSAEncryption 849s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 849s Validity 849s Not Before: Jun 14 16:16:44 2024 GMT 849s Not After : Jun 14 16:16:44 2025 GMT 849s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 849s Subject Public Key Info: 849s Public Key Algorithm: rsaEncryption 849s Public-Key: (1024 bit) 849s Modulus: 849s 00:cd:dd:b9:5f:6d:3b:a8:32:9c:3c:47:8a:42:66: 849s b1:57:2d:27:40:5b:4b:31:bc:2f:bf:94:33:36:47: 849s 79:3c:cb:5c:64:1b:d9:08:7e:cc:9b:89:56:1c:06: 849s 6f:5a:5c:0f:e9:55:9c:ae:b0:6d:23:4b:1b:cf:d0: 849s fb:76:37:78:3b:34:0d:8c:57:2e:26:34:b8:08:db: 849s 72:e5:8b:4d:34:56:93:a2:80:32:ab:91:7c:16:5d: 849s d7:e7:77:cb:98:9b:33:4b:4d:18:4c:83:97:25:d7: 849s 49:bb:4e:ba:66:32:64:22:fa:2b:86:1a:50:c8:07: 849s e7:e3:25:98:9b:42:9e:75:5b 849s Exponent: 65537 (0x10001) 849s X509v3 extensions: 849s X509v3 Authority Key Identifier: 849s 91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 849s X509v3 Basic Constraints: 849s CA:FALSE 849s Netscape Cert Type: 849s SSL Client, S/MIME 849s Netscape Comment: 849s Test Organization Root CA trusted Certificate 849s X509v3 Subject Key Identifier: 849s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 849s X509v3 Key Usage: critical 849s Digital Signature, Non Repudiation, Key Encipherment 849s X509v3 Extended Key Usage: 849s TLS Web Client Authentication, E-mail Protection 849s X509v3 Subject Alternative Name: 849s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 849s Signature Algorithm: sha256WithRSAEncryption 849s Signature Value: 849s 6b:7c:3e:68:5e:72:70:48:22:0e:fa:05:63:0a:59:9f:0c:95: 849s ae:16:e2:4c:d8:43:e0:85:f9:49:d8:97:dc:dd:1c:34:58:1e: 849s 5e:41:b7:c2:01:8f:32:33:d3:44:d4:0a:8c:f5:ca:28:cc:74: 849s 4f:96:43:e5:eb:2c:e0:81:80:df:09:16:94:62:e5:bb:e0:a2: 849s 99:3a:bd:fd:ad:57:50:61:db:10:8c:d8:a0:13:49:21:cb:4c: 849s 87:cd:0e:4b:30:3f:21:9b:7d:17:2a:bf:a2:7e:73:68:93:fd: 849s ad:73:f4:43:a8:db:19:0e:c6:04:17:90:63:41:dd:c0:6f:aa: 849s 1e:b2 849s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-10732-auth.pem 849s + found_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 849s + '[' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B '!=' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B ']' 849s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 849s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 849s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 849s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 849s + local verify_option= 849s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 849s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 849s + local key_cn 849s + local key_name 849s + local tokens_dir 849s + local output_cert_file 849s + token_name= 849s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem .pem 849s + key_name=test-root-CA-trusted-certificate-0001 849s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s ++ sed -n 's/ *commonName *= //p' 849s + key_cn='Test Organization Root Trusted Certificate 0001' 849s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 849s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 849s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 849s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 849s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 849s + token_name='Test Organization Root Tr Token' 849s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 849s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 849s + echo 'Test Organization Root Tr Token' 849s + '[' -n '' ']' 849s + local output_base_name=SSSD-child-18845 849s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845.output 849s Test Organization Root Tr Token 849s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845.pem 849s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 849s [p11_child[3201]] [main] (0x0400): p11_child started. 849s [p11_child[3201]] [main] (0x2000): Running in [pre-auth] mode. 849s [p11_child[3201]] [main] (0x2000): Running with effective IDs: [0][0]. 849s [p11_child[3201]] [main] (0x2000): Running with real IDs [0][0]. 849s [p11_child[3201]] [do_card] (0x4000): Module List: 849s [p11_child[3201]] [do_card] (0x4000): common name: [softhsm2]. 849s [p11_child[3201]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3201]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 849s [p11_child[3201]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 849s [p11_child[3201]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3201]] [do_card] (0x4000): Login NOT required. 849s [p11_child[3201]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 849s [p11_child[3201]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 849s [p11_child[3201]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 849s [p11_child[3201]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2239c991;slot-manufacturer=SoftHSM%20project;slot-id=574212497;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9f67f7e9a239c991;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 849s [p11_child[3201]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 849s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845.output 849s + echo '-----BEGIN CERTIFICATE-----' 849s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845.output 849s + echo '-----END CERTIFICATE-----' 849s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845.pem 849s Certificate: 849s Data: 849s Version: 3 (0x2) 849s Serial Number: 3 (0x3) 849s Signature Algorithm: sha256WithRSAEncryption 849s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 849s Validity 849s Not Before: Jun 14 16:16:44 2024 GMT 849s Not After : Jun 14 16:16:44 2025 GMT 849s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 849s Subject Public Key Info: 849s Public Key Algorithm: rsaEncryption 849s Public-Key: (1024 bit) 849s Modulus: 849s 00:cd:dd:b9:5f:6d:3b:a8:32:9c:3c:47:8a:42:66: 849s b1:57:2d:27:40:5b:4b:31:bc:2f:bf:94:33:36:47: 849s 79:3c:cb:5c:64:1b:d9:08:7e:cc:9b:89:56:1c:06: 849s 6f:5a:5c:0f:e9:55:9c:ae:b0:6d:23:4b:1b:cf:d0: 849s fb:76:37:78:3b:34:0d:8c:57:2e:26:34:b8:08:db: 849s 72:e5:8b:4d:34:56:93:a2:80:32:ab:91:7c:16:5d: 849s d7:e7:77:cb:98:9b:33:4b:4d:18:4c:83:97:25:d7: 849s 49:bb:4e:ba:66:32:64:22:fa:2b:86:1a:50:c8:07: 849s e7:e3:25:98:9b:42:9e:75:5b 849s Exponent: 65537 (0x10001) 849s X509v3 extensions: 849s X509v3 Authority Key Identifier: 849s 91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 849s X509v3 Basic Constraints: 849s CA:FALSE 849s Netscape Cert Type: 849s SSL Client, S/MIME 849s Netscape Comment: 849s Test Organization Root CA trusted Certificate 849s X509v3 Subject Key Identifier: 849s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 849s X509v3 Key Usage: critical 849s Digital Signature, Non Repudiation, Key Encipherment 849s X509v3 Extended Key Usage: 849s TLS Web Client Authentication, E-mail Protection 849s X509v3 Subject Alternative Name: 849s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 849s Signature Algorithm: sha256WithRSAEncryption 849s Signature Value: 849s 6b:7c:3e:68:5e:72:70:48:22:0e:fa:05:63:0a:59:9f:0c:95: 849s ae:16:e2:4c:d8:43:e0:85:f9:49:d8:97:dc:dd:1c:34:58:1e: 849s 5e:41:b7:c2:01:8f:32:33:d3:44:d4:0a:8c:f5:ca:28:cc:74: 849s 4f:96:43:e5:eb:2c:e0:81:80:df:09:16:94:62:e5:bb:e0:a2: 849s 99:3a:bd:fd:ad:57:50:61:db:10:8c:d8:a0:13:49:21:cb:4c: 849s 87:cd:0e:4b:30:3f:21:9b:7d:17:2a:bf:a2:7e:73:68:93:fd: 849s ad:73:f4:43:a8:db:19:0e:c6:04:17:90:63:41:dd:c0:6f:aa: 849s 1e:b2 849s + local found_md5 expected_md5 849s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s + expected_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 849s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845.pem 849s + found_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 849s + '[' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B '!=' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B ']' 849s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845-auth.output 849s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845-auth.output .output 849s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845-auth.pem 849s + echo -n 053350 849s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 849s [p11_child[3209]] [main] (0x0400): p11_child started. 849s [p11_child[3209]] [main] (0x2000): Running in [auth] mode. 849s [p11_child[3209]] [main] (0x2000): Running with effective IDs: [0][0]. 849s [p11_child[3209]] [main] (0x2000): Running with real IDs [0][0]. 849s [p11_child[3209]] [do_card] (0x4000): Module List: 849s [p11_child[3209]] [do_card] (0x4000): common name: [softhsm2]. 849s [p11_child[3209]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3209]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 849s [p11_child[3209]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 849s [p11_child[3209]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3209]] [do_card] (0x4000): Login required. 849s [p11_child[3209]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 849s [p11_child[3209]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 849s [p11_child[3209]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 849s [p11_child[3209]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2239c991;slot-manufacturer=SoftHSM%20project;slot-id=574212497;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9f67f7e9a239c991;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 849s [p11_child[3209]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 849s [p11_child[3209]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 849s [p11_child[3209]] [do_card] (0x4000): Certificate verified and validated. 849s [p11_child[3209]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 849s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845-auth.output 849s + echo '-----BEGIN CERTIFICATE-----' 849s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845-auth.output 849s + echo '-----END CERTIFICATE-----' 849s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845-auth.pem 849s Certificate: 849s Data: 849s Version: 3 (0x2) 849s Serial Number: 3 (0x3) 849s Signature Algorithm: sha256WithRSAEncryption 849s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 849s Validity 849s Not Before: Jun 14 16:16:44 2024 GMT 849s Not After : Jun 14 16:16:44 2025 GMT 849s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 849s Subject Public Key Info: 849s Public Key Algorithm: rsaEncryption 849s Public-Key: (1024 bit) 849s Modulus: 849s 00:cd:dd:b9:5f:6d:3b:a8:32:9c:3c:47:8a:42:66: 849s b1:57:2d:27:40:5b:4b:31:bc:2f:bf:94:33:36:47: 849s 79:3c:cb:5c:64:1b:d9:08:7e:cc:9b:89:56:1c:06: 849s 6f:5a:5c:0f:e9:55:9c:ae:b0:6d:23:4b:1b:cf:d0: 849s fb:76:37:78:3b:34:0d:8c:57:2e:26:34:b8:08:db: 849s 72:e5:8b:4d:34:56:93:a2:80:32:ab:91:7c:16:5d: 849s d7:e7:77:cb:98:9b:33:4b:4d:18:4c:83:97:25:d7: 849s 49:bb:4e:ba:66:32:64:22:fa:2b:86:1a:50:c8:07: 849s e7:e3:25:98:9b:42:9e:75:5b 849s Exponent: 65537 (0x10001) 849s X509v3 extensions: 849s X509v3 Authority Key Identifier: 849s 91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 849s X509v3 Basic Constraints: 849s CA:FALSE 849s Netscape Cert Type: 849s SSL Client, S/MIME 849s Netscape Comment: 849s Test Organization Root CA trusted Certificate 849s X509v3 Subject Key Identifier: 849s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 849s X509v3 Key Usage: critical 849s Digital Signature, Non Repudiation, Key Encipherment 849s X509v3 Extended Key Usage: 849s TLS Web Client Authentication, E-mail Protection 849s X509v3 Subject Alternative Name: 849s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 849s Signature Algorithm: sha256WithRSAEncryption 849s Signature Value: 849s 6b:7c:3e:68:5e:72:70:48:22:0e:fa:05:63:0a:59:9f:0c:95: 849s ae:16:e2:4c:d8:43:e0:85:f9:49:d8:97:dc:dd:1c:34:58:1e: 849s 5e:41:b7:c2:01:8f:32:33:d3:44:d4:0a:8c:f5:ca:28:cc:74: 849s 4f:96:43:e5:eb:2c:e0:81:80:df:09:16:94:62:e5:bb:e0:a2: 849s 99:3a:bd:fd:ad:57:50:61:db:10:8c:d8:a0:13:49:21:cb:4c: 849s 87:cd:0e:4b:30:3f:21:9b:7d:17:2a:bf:a2:7e:73:68:93:fd: 849s ad:73:f4:43:a8:db:19:0e:c6:04:17:90:63:41:dd:c0:6f:aa: 849s 1e:b2 849s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-18845-auth.pem 849s + found_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 849s + '[' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B '!=' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B ']' 849s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem partial_chain 849s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem partial_chain 849s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 849s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 849s + local verify_option=partial_chain 849s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 849s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 849s + local key_cn 849s + local key_name 849s + local tokens_dir 849s + local output_cert_file 849s + token_name= 849s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem .pem 849s + key_name=test-root-CA-trusted-certificate-0001 849s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s ++ sed -n 's/ *commonName *= //p' 849s + key_cn='Test Organization Root Trusted Certificate 0001' 849s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 849s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 849s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 849s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 849s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 849s + token_name='Test Organization Root Tr Token' 849s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 849s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 849s + echo 'Test Organization Root Tr Token' 849s Test Organization Root Tr Token 849s + '[' -n partial_chain ']' 849s + local verify_arg=--verify=partial_chain 849s + local output_base_name=SSSD-child-21486 849s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486.output 849s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486.pem 849s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 849s [p11_child[3219]] [main] (0x0400): p11_child started. 849s [p11_child[3219]] [main] (0x2000): Running in [pre-auth] mode. 849s [p11_child[3219]] [main] (0x2000): Running with effective IDs: [0][0]. 849s [p11_child[3219]] [main] (0x2000): Running with real IDs [0][0]. 849s [p11_child[3219]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 849s [p11_child[3219]] [do_card] (0x4000): Module List: 849s [p11_child[3219]] [do_card] (0x4000): common name: [softhsm2]. 849s [p11_child[3219]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3219]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 849s [p11_child[3219]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 849s [p11_child[3219]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3219]] [do_card] (0x4000): Login NOT required. 849s [p11_child[3219]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 849s [p11_child[3219]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 849s [p11_child[3219]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 849s [p11_child[3219]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2239c991;slot-manufacturer=SoftHSM%20project;slot-id=574212497;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9f67f7e9a239c991;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 849s [p11_child[3219]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 849s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486.output 849s + echo '-----BEGIN CERTIFICATE-----' 849s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486.output 849s + echo '-----END CERTIFICATE-----' 849s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486.pem 849s Certificate: 849s Data: 849s Version: 3 (0x2) 849s Serial Number: 3 (0x3) 849s Signature Algorithm: sha256WithRSAEncryption 849s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 849s Validity 849s Not Before: Jun 14 16:16:44 2024 GMT 849s Not After : Jun 14 16:16:44 2025 GMT 849s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 849s Subject Public Key Info: 849s Public Key Algorithm: rsaEncryption 849s Public-Key: (1024 bit) 849s Modulus: 849s 00:cd:dd:b9:5f:6d:3b:a8:32:9c:3c:47:8a:42:66: 849s b1:57:2d:27:40:5b:4b:31:bc:2f:bf:94:33:36:47: 849s 79:3c:cb:5c:64:1b:d9:08:7e:cc:9b:89:56:1c:06: 849s 6f:5a:5c:0f:e9:55:9c:ae:b0:6d:23:4b:1b:cf:d0: 849s fb:76:37:78:3b:34:0d:8c:57:2e:26:34:b8:08:db: 849s 72:e5:8b:4d:34:56:93:a2:80:32:ab:91:7c:16:5d: 849s d7:e7:77:cb:98:9b:33:4b:4d:18:4c:83:97:25:d7: 849s 49:bb:4e:ba:66:32:64:22:fa:2b:86:1a:50:c8:07: 849s e7:e3:25:98:9b:42:9e:75:5b 849s Exponent: 65537 (0x10001) 849s X509v3 extensions: 849s X509v3 Authority Key Identifier: 849s 91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 849s X509v3 Basic Constraints: 849s CA:FALSE 849s Netscape Cert Type: 849s SSL Client, S/MIME 849s Netscape Comment: 849s Test Organization Root CA trusted Certificate 849s X509v3 Subject Key Identifier: 849s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 849s X509v3 Key Usage: critical 849s Digital Signature, Non Repudiation, Key Encipherment 849s X509v3 Extended Key Usage: 849s TLS Web Client Authentication, E-mail Protection 849s X509v3 Subject Alternative Name: 849s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 849s Signature Algorithm: sha256WithRSAEncryption 849s Signature Value: 849s 6b:7c:3e:68:5e:72:70:48:22:0e:fa:05:63:0a:59:9f:0c:95: 849s ae:16:e2:4c:d8:43:e0:85:f9:49:d8:97:dc:dd:1c:34:58:1e: 849s 5e:41:b7:c2:01:8f:32:33:d3:44:d4:0a:8c:f5:ca:28:cc:74: 849s 4f:96:43:e5:eb:2c:e0:81:80:df:09:16:94:62:e5:bb:e0:a2: 849s 99:3a:bd:fd:ad:57:50:61:db:10:8c:d8:a0:13:49:21:cb:4c: 849s 87:cd:0e:4b:30:3f:21:9b:7d:17:2a:bf:a2:7e:73:68:93:fd: 849s ad:73:f4:43:a8:db:19:0e:c6:04:17:90:63:41:dd:c0:6f:aa: 849s 1e:b2 849s + local found_md5 expected_md5 849s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 849s + expected_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 849s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486.pem 849s + found_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 849s + '[' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B '!=' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B ']' 849s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486-auth.output 849s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486-auth.output .output 849s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486-auth.pem 849s + echo -n 053350 849s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 849s [p11_child[3227]] [main] (0x0400): p11_child started. 849s [p11_child[3227]] [main] (0x2000): Running in [auth] mode. 849s [p11_child[3227]] [main] (0x2000): Running with effective IDs: [0][0]. 849s [p11_child[3227]] [main] (0x2000): Running with real IDs [0][0]. 849s [p11_child[3227]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 849s [p11_child[3227]] [do_card] (0x4000): Module List: 849s [p11_child[3227]] [do_card] (0x4000): common name: [softhsm2]. 849s [p11_child[3227]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3227]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 849s [p11_child[3227]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 849s [p11_child[3227]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 849s [p11_child[3227]] [do_card] (0x4000): Login required. 849s [p11_child[3227]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 849s [p11_child[3227]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 849s [p11_child[3227]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 849s [p11_child[3227]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2239c991;slot-manufacturer=SoftHSM%20project;slot-id=574212497;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9f67f7e9a239c991;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 849s [p11_child[3227]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 849s [p11_child[3227]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 849s [p11_child[3227]] [do_card] (0x4000): Certificate verified and validated. 849s [p11_child[3227]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 849s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486-auth.output 849s + echo '-----BEGIN CERTIFICATE-----' 849s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486-auth.output 849s + echo '-----END CERTIFICATE-----' 849s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486-auth.pem 850s Certificate: 850s Data: 850s Version: 3 (0x2) 850s Serial Number: 3 (0x3) 850s Signature Algorithm: sha256WithRSAEncryption 850s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 850s Validity 850s Not Before: Jun 14 16:16:44 2024 GMT 850s Not After : Jun 14 16:16:44 2025 GMT 850s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 850s Subject Public Key Info: 850s Public Key Algorithm: rsaEncryption 850s Public-Key: (1024 bit) 850s Modulus: 850s 00:cd:dd:b9:5f:6d:3b:a8:32:9c:3c:47:8a:42:66: 850s b1:57:2d:27:40:5b:4b:31:bc:2f:bf:94:33:36:47: 850s 79:3c:cb:5c:64:1b:d9:08:7e:cc:9b:89:56:1c:06: 850s 6f:5a:5c:0f:e9:55:9c:ae:b0:6d:23:4b:1b:cf:d0: 850s fb:76:37:78:3b:34:0d:8c:57:2e:26:34:b8:08:db: 850s 72:e5:8b:4d:34:56:93:a2:80:32:ab:91:7c:16:5d: 850s d7:e7:77:cb:98:9b:33:4b:4d:18:4c:83:97:25:d7: 850s 49:bb:4e:ba:66:32:64:22:fa:2b:86:1a:50:c8:07: 850s e7:e3:25:98:9b:42:9e:75:5b 850s Exponent: 65537 (0x10001) 850s X509v3 extensions: 850s X509v3 Authority Key Identifier: 850s 91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 850s X509v3 Basic Constraints: 850s CA:FALSE 850s Netscape Cert Type: 850s SSL Client, S/MIME 850s Netscape Comment: 850s Test Organization Root CA trusted Certificate 850s X509v3 Subject Key Identifier: 850s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 850s X509v3 Key Usage: critical 850s Digital Signature, Non Repudiation, Key Encipherment 850s X509v3 Extended Key Usage: 850s TLS Web Client Authentication, E-mail Protection 850s X509v3 Subject Alternative Name: 850s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 850s Signature Algorithm: sha256WithRSAEncryption 850s Signature Value: 850s 6b:7c:3e:68:5e:72:70:48:22:0e:fa:05:63:0a:59:9f:0c:95: 850s ae:16:e2:4c:d8:43:e0:85:f9:49:d8:97:dc:dd:1c:34:58:1e: 850s 5e:41:b7:c2:01:8f:32:33:d3:44:d4:0a:8c:f5:ca:28:cc:74: 850s 4f:96:43:e5:eb:2c:e0:81:80:df:09:16:94:62:e5:bb:e0:a2: 850s 99:3a:bd:fd:ad:57:50:61:db:10:8c:d8:a0:13:49:21:cb:4c: 850s 87:cd:0e:4b:30:3f:21:9b:7d:17:2a:bf:a2:7e:73:68:93:fd: 850s ad:73:f4:43:a8:db:19:0e:c6:04:17:90:63:41:dd:c0:6f:aa: 850s 1e:b2 850s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-21486-auth.pem 850s + found_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 850s + '[' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B '!=' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B ']' 850s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 850s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 850s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 850s + local verify_option= 850s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 850s + local key_cn 850s + local key_name 850s + local tokens_dir 850s + local output_cert_file 850s + token_name= 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem .pem 850s + key_name=test-root-CA-trusted-certificate-0001 850s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s ++ sed -n 's/ *commonName *= //p' 850s + key_cn='Test Organization Root Trusted Certificate 0001' 850s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 850s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 850s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 850s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 850s + token_name='Test Organization Root Tr Token' 850s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 850s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 850s + echo 'Test Organization Root Tr Token' 850s + '[' -n '' ']' 850s + local output_base_name=SSSD-child-29005 850s Test Organization Root Tr Token 850s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005.output 850s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005.pem 850s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 850s [p11_child[3237]] [main] (0x0400): p11_child started. 850s [p11_child[3237]] [main] (0x2000): Running in [pre-auth] mode. 850s [p11_child[3237]] [main] (0x2000): Running with effective IDs: [0][0]. 850s [p11_child[3237]] [main] (0x2000): Running with real IDs [0][0]. 850s [p11_child[3237]] [do_card] (0x4000): Module List: 850s [p11_child[3237]] [do_card] (0x4000): common name: [softhsm2]. 850s [p11_child[3237]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3237]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 850s [p11_child[3237]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 850s [p11_child[3237]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3237]] [do_card] (0x4000): Login NOT required. 850s [p11_child[3237]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 850s [p11_child[3237]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 850s [p11_child[3237]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 850s [p11_child[3237]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2239c991;slot-manufacturer=SoftHSM%20project;slot-id=574212497;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9f67f7e9a239c991;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 850s [p11_child[3237]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 850s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005.output 850s + echo '-----BEGIN CERTIFICATE-----' 850s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005.output 850s + echo '-----END CERTIFICATE-----' 850s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005.pem 850s Certificate: 850s Data: 850s Version: 3 (0x2) 850s Serial Number: 3 (0x3) 850s Signature Algorithm: sha256WithRSAEncryption 850s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 850s Validity 850s Not Before: Jun 14 16:16:44 2024 GMT 850s Not After : Jun 14 16:16:44 2025 GMT 850s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 850s Subject Public Key Info: 850s Public Key Algorithm: rsaEncryption 850s Public-Key: (1024 bit) 850s Modulus: 850s 00:cd:dd:b9:5f:6d:3b:a8:32:9c:3c:47:8a:42:66: 850s b1:57:2d:27:40:5b:4b:31:bc:2f:bf:94:33:36:47: 850s 79:3c:cb:5c:64:1b:d9:08:7e:cc:9b:89:56:1c:06: 850s 6f:5a:5c:0f:e9:55:9c:ae:b0:6d:23:4b:1b:cf:d0: 850s fb:76:37:78:3b:34:0d:8c:57:2e:26:34:b8:08:db: 850s 72:e5:8b:4d:34:56:93:a2:80:32:ab:91:7c:16:5d: 850s d7:e7:77:cb:98:9b:33:4b:4d:18:4c:83:97:25:d7: 850s 49:bb:4e:ba:66:32:64:22:fa:2b:86:1a:50:c8:07: 850s e7:e3:25:98:9b:42:9e:75:5b 850s Exponent: 65537 (0x10001) 850s X509v3 extensions: 850s X509v3 Authority Key Identifier: 850s 91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 850s X509v3 Basic Constraints: 850s CA:FALSE 850s Netscape Cert Type: 850s SSL Client, S/MIME 850s Netscape Comment: 850s Test Organization Root CA trusted Certificate 850s X509v3 Subject Key Identifier: 850s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 850s X509v3 Key Usage: critical 850s Digital Signature, Non Repudiation, Key Encipherment 850s X509v3 Extended Key Usage: 850s TLS Web Client Authentication, E-mail Protection 850s X509v3 Subject Alternative Name: 850s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 850s Signature Algorithm: sha256WithRSAEncryption 850s Signature Value: 850s 6b:7c:3e:68:5e:72:70:48:22:0e:fa:05:63:0a:59:9f:0c:95: 850s ae:16:e2:4c:d8:43:e0:85:f9:49:d8:97:dc:dd:1c:34:58:1e: 850s 5e:41:b7:c2:01:8f:32:33:d3:44:d4:0a:8c:f5:ca:28:cc:74: 850s 4f:96:43:e5:eb:2c:e0:81:80:df:09:16:94:62:e5:bb:e0:a2: 850s 99:3a:bd:fd:ad:57:50:61:db:10:8c:d8:a0:13:49:21:cb:4c: 850s 87:cd:0e:4b:30:3f:21:9b:7d:17:2a:bf:a2:7e:73:68:93:fd: 850s ad:73:f4:43:a8:db:19:0e:c6:04:17:90:63:41:dd:c0:6f:aa: 850s 1e:b2 850s + local found_md5 expected_md5 850s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s + expected_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 850s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005.pem 850s + found_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 850s + '[' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B '!=' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B ']' 850s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005-auth.output 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005-auth.output .output 850s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005-auth.pem 850s + echo -n 053350 850s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 850s [p11_child[3245]] [main] (0x0400): p11_child started. 850s [p11_child[3245]] [main] (0x2000): Running in [auth] mode. 850s [p11_child[3245]] [main] (0x2000): Running with effective IDs: [0][0]. 850s [p11_child[3245]] [main] (0x2000): Running with real IDs [0][0]. 850s [p11_child[3245]] [do_card] (0x4000): Module List: 850s [p11_child[3245]] [do_card] (0x4000): common name: [softhsm2]. 850s [p11_child[3245]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3245]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 850s [p11_child[3245]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 850s [p11_child[3245]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3245]] [do_card] (0x4000): Login required. 850s [p11_child[3245]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 850s [p11_child[3245]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 850s [p11_child[3245]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 850s [p11_child[3245]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2239c991;slot-manufacturer=SoftHSM%20project;slot-id=574212497;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9f67f7e9a239c991;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 850s [p11_child[3245]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 850s [p11_child[3245]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 850s [p11_child[3245]] [do_card] (0x4000): Certificate verified and validated. 850s [p11_child[3245]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 850s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005-auth.output 850s + echo '-----BEGIN CERTIFICATE-----' 850s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005-auth.output 850s + echo '-----END CERTIFICATE-----' 850s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005-auth.pem 850s Certificate: 850s Data: 850s Version: 3 (0x2) 850s Serial Number: 3 (0x3) 850s Signature Algorithm: sha256WithRSAEncryption 850s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 850s Validity 850s Not Before: Jun 14 16:16:44 2024 GMT 850s Not After : Jun 14 16:16:44 2025 GMT 850s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 850s Subject Public Key Info: 850s Public Key Algorithm: rsaEncryption 850s Public-Key: (1024 bit) 850s Modulus: 850s 00:cd:dd:b9:5f:6d:3b:a8:32:9c:3c:47:8a:42:66: 850s b1:57:2d:27:40:5b:4b:31:bc:2f:bf:94:33:36:47: 850s 79:3c:cb:5c:64:1b:d9:08:7e:cc:9b:89:56:1c:06: 850s 6f:5a:5c:0f:e9:55:9c:ae:b0:6d:23:4b:1b:cf:d0: 850s fb:76:37:78:3b:34:0d:8c:57:2e:26:34:b8:08:db: 850s 72:e5:8b:4d:34:56:93:a2:80:32:ab:91:7c:16:5d: 850s d7:e7:77:cb:98:9b:33:4b:4d:18:4c:83:97:25:d7: 850s 49:bb:4e:ba:66:32:64:22:fa:2b:86:1a:50:c8:07: 850s e7:e3:25:98:9b:42:9e:75:5b 850s Exponent: 65537 (0x10001) 850s X509v3 extensions: 850s X509v3 Authority Key Identifier: 850s 91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 850s X509v3 Basic Constraints: 850s CA:FALSE 850s Netscape Cert Type: 850s SSL Client, S/MIME 850s Netscape Comment: 850s Test Organization Root CA trusted Certificate 850s X509v3 Subject Key Identifier: 850s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 850s X509v3 Key Usage: critical 850s Digital Signature, Non Repudiation, Key Encipherment 850s X509v3 Extended Key Usage: 850s TLS Web Client Authentication, E-mail Protection 850s X509v3 Subject Alternative Name: 850s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 850s Signature Algorithm: sha256WithRSAEncryption 850s Signature Value: 850s 6b:7c:3e:68:5e:72:70:48:22:0e:fa:05:63:0a:59:9f:0c:95: 850s ae:16:e2:4c:d8:43:e0:85:f9:49:d8:97:dc:dd:1c:34:58:1e: 850s 5e:41:b7:c2:01:8f:32:33:d3:44:d4:0a:8c:f5:ca:28:cc:74: 850s 4f:96:43:e5:eb:2c:e0:81:80:df:09:16:94:62:e5:bb:e0:a2: 850s 99:3a:bd:fd:ad:57:50:61:db:10:8c:d8:a0:13:49:21:cb:4c: 850s 87:cd:0e:4b:30:3f:21:9b:7d:17:2a:bf:a2:7e:73:68:93:fd: 850s ad:73:f4:43:a8:db:19:0e:c6:04:17:90:63:41:dd:c0:6f:aa: 850s 1e:b2 850s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-29005-auth.pem 850s + found_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 850s + '[' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B '!=' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B ']' 850s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem partial_chain 850s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem partial_chain 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 850s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 850s + local verify_option=partial_chain 850s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 850s + local key_cn 850s + local key_name 850s + local tokens_dir 850s + local output_cert_file 850s + token_name= 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem .pem 850s + key_name=test-root-CA-trusted-certificate-0001 850s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s ++ sed -n 's/ *commonName *= //p' 850s + key_cn='Test Organization Root Trusted Certificate 0001' 850s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 850s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 850s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 850s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 850s + token_name='Test Organization Root Tr Token' 850s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 850s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 850s + echo 'Test Organization Root Tr Token' 850s + '[' -n partial_chain ']' 850s + local verify_arg=--verify=partial_chain 850s + local output_base_name=SSSD-child-8880 850s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880.output 850s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880.pem 850s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 850s Test Organization Root Tr Token 850s [p11_child[3255]] [main] (0x0400): p11_child started. 850s [p11_child[3255]] [main] (0x2000): Running in [pre-auth] mode. 850s [p11_child[3255]] [main] (0x2000): Running with effective IDs: [0][0]. 850s [p11_child[3255]] [main] (0x2000): Running with real IDs [0][0]. 850s [p11_child[3255]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 850s [p11_child[3255]] [do_card] (0x4000): Module List: 850s [p11_child[3255]] [do_card] (0x4000): common name: [softhsm2]. 850s [p11_child[3255]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3255]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 850s [p11_child[3255]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 850s [p11_child[3255]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3255]] [do_card] (0x4000): Login NOT required. 850s [p11_child[3255]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 850s [p11_child[3255]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 850s [p11_child[3255]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 850s [p11_child[3255]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2239c991;slot-manufacturer=SoftHSM%20project;slot-id=574212497;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9f67f7e9a239c991;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 850s [p11_child[3255]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 850s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880.output 850s + echo '-----BEGIN CERTIFICATE-----' 850s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880.output 850s + echo '-----END CERTIFICATE-----' 850s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880.pem 850s + local found_md5 expected_md5 850s Certificate: 850s Data: 850s Version: 3 (0x2) 850s Serial Number: 3 (0x3) 850s Signature Algorithm: sha256WithRSAEncryption 850s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 850s Validity 850s Not Before: Jun 14 16:16:44 2024 GMT 850s Not After : Jun 14 16:16:44 2025 GMT 850s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 850s Subject Public Key Info: 850s Public Key Algorithm: rsaEncryption 850s Public-Key: (1024 bit) 850s Modulus: 850s 00:cd:dd:b9:5f:6d:3b:a8:32:9c:3c:47:8a:42:66: 850s b1:57:2d:27:40:5b:4b:31:bc:2f:bf:94:33:36:47: 850s 79:3c:cb:5c:64:1b:d9:08:7e:cc:9b:89:56:1c:06: 850s 6f:5a:5c:0f:e9:55:9c:ae:b0:6d:23:4b:1b:cf:d0: 850s fb:76:37:78:3b:34:0d:8c:57:2e:26:34:b8:08:db: 850s 72:e5:8b:4d:34:56:93:a2:80:32:ab:91:7c:16:5d: 850s d7:e7:77:cb:98:9b:33:4b:4d:18:4c:83:97:25:d7: 850s 49:bb:4e:ba:66:32:64:22:fa:2b:86:1a:50:c8:07: 850s e7:e3:25:98:9b:42:9e:75:5b 850s Exponent: 65537 (0x10001) 850s X509v3 extensions: 850s X509v3 Authority Key Identifier: 850s 91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 850s X509v3 Basic Constraints: 850s CA:FALSE 850s Netscape Cert Type: 850s SSL Client, S/MIME 850s Netscape Comment: 850s Test Organization Root CA trusted Certificate 850s X509v3 Subject Key Identifier: 850s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 850s X509v3 Key Usage: critical 850s Digital Signature, Non Repudiation, Key Encipherment 850s X509v3 Extended Key Usage: 850s TLS Web Client Authentication, E-mail Protection 850s X509v3 Subject Alternative Name: 850s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 850s Signature Algorithm: sha256WithRSAEncryption 850s Signature Value: 850s 6b:7c:3e:68:5e:72:70:48:22:0e:fa:05:63:0a:59:9f:0c:95: 850s ae:16:e2:4c:d8:43:e0:85:f9:49:d8:97:dc:dd:1c:34:58:1e: 850s 5e:41:b7:c2:01:8f:32:33:d3:44:d4:0a:8c:f5:ca:28:cc:74: 850s 4f:96:43:e5:eb:2c:e0:81:80:df:09:16:94:62:e5:bb:e0:a2: 850s 99:3a:bd:fd:ad:57:50:61:db:10:8c:d8:a0:13:49:21:cb:4c: 850s 87:cd:0e:4b:30:3f:21:9b:7d:17:2a:bf:a2:7e:73:68:93:fd: 850s ad:73:f4:43:a8:db:19:0e:c6:04:17:90:63:41:dd:c0:6f:aa: 850s 1e:b2 850s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s + expected_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 850s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880.pem 850s + found_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 850s + '[' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B '!=' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B ']' 850s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880-auth.output 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880-auth.output .output 850s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880-auth.pem 850s + echo -n 053350 850s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 850s [p11_child[3263]] [main] (0x0400): p11_child started. 850s [p11_child[3263]] [main] (0x2000): Running in [auth] mode. 850s [p11_child[3263]] [main] (0x2000): Running with effective IDs: [0][0]. 850s [p11_child[3263]] [main] (0x2000): Running with real IDs [0][0]. 850s [p11_child[3263]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 850s [p11_child[3263]] [do_card] (0x4000): Module List: 850s [p11_child[3263]] [do_card] (0x4000): common name: [softhsm2]. 850s [p11_child[3263]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3263]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 850s [p11_child[3263]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 850s [p11_child[3263]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3263]] [do_card] (0x4000): Login required. 850s [p11_child[3263]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 850s [p11_child[3263]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 850s [p11_child[3263]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 850s [p11_child[3263]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2239c991;slot-manufacturer=SoftHSM%20project;slot-id=574212497;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9f67f7e9a239c991;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 850s [p11_child[3263]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 850s [p11_child[3263]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 850s [p11_child[3263]] [do_card] (0x4000): Certificate verified and validated. 850s [p11_child[3263]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 850s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880-auth.output 850s + echo '-----BEGIN CERTIFICATE-----' 850s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880-auth.output 850s + echo '-----END CERTIFICATE-----' 850s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880-auth.pem 850s Certificate: 850s Data: 850s Version: 3 (0x2) 850s Serial Number: 3 (0x3) 850s Signature Algorithm: sha256WithRSAEncryption 850s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 850s Validity 850s Not Before: Jun 14 16:16:44 2024 GMT 850s Not After : Jun 14 16:16:44 2025 GMT 850s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 850s Subject Public Key Info: 850s Public Key Algorithm: rsaEncryption 850s Public-Key: (1024 bit) 850s Modulus: 850s 00:cd:dd:b9:5f:6d:3b:a8:32:9c:3c:47:8a:42:66: 850s b1:57:2d:27:40:5b:4b:31:bc:2f:bf:94:33:36:47: 850s 79:3c:cb:5c:64:1b:d9:08:7e:cc:9b:89:56:1c:06: 850s 6f:5a:5c:0f:e9:55:9c:ae:b0:6d:23:4b:1b:cf:d0: 850s fb:76:37:78:3b:34:0d:8c:57:2e:26:34:b8:08:db: 850s 72:e5:8b:4d:34:56:93:a2:80:32:ab:91:7c:16:5d: 850s d7:e7:77:cb:98:9b:33:4b:4d:18:4c:83:97:25:d7: 850s 49:bb:4e:ba:66:32:64:22:fa:2b:86:1a:50:c8:07: 850s e7:e3:25:98:9b:42:9e:75:5b 850s Exponent: 65537 (0x10001) 850s X509v3 extensions: 850s X509v3 Authority Key Identifier: 850s 91:AA:07:A6:0A:05:30:F5:26:B3:95:07:F6:3B:02:0E:E4:14:3C:C1 850s X509v3 Basic Constraints: 850s CA:FALSE 850s Netscape Cert Type: 850s SSL Client, S/MIME 850s Netscape Comment: 850s Test Organization Root CA trusted Certificate 850s X509v3 Subject Key Identifier: 850s 85:17:32:0C:C6:0D:94:0A:90:41:7C:07:2F:B8:C5:5C:1F:4D:1E:84 850s X509v3 Key Usage: critical 850s Digital Signature, Non Repudiation, Key Encipherment 850s X509v3 Extended Key Usage: 850s TLS Web Client Authentication, E-mail Protection 850s X509v3 Subject Alternative Name: 850s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 850s Signature Algorithm: sha256WithRSAEncryption 850s Signature Value: 850s 6b:7c:3e:68:5e:72:70:48:22:0e:fa:05:63:0a:59:9f:0c:95: 850s ae:16:e2:4c:d8:43:e0:85:f9:49:d8:97:dc:dd:1c:34:58:1e: 850s 5e:41:b7:c2:01:8f:32:33:d3:44:d4:0a:8c:f5:ca:28:cc:74: 850s 4f:96:43:e5:eb:2c:e0:81:80:df:09:16:94:62:e5:bb:e0:a2: 850s 99:3a:bd:fd:ad:57:50:61:db:10:8c:d8:a0:13:49:21:cb:4c: 850s 87:cd:0e:4b:30:3f:21:9b:7d:17:2a:bf:a2:7e:73:68:93:fd: 850s ad:73:f4:43:a8:db:19:0e:c6:04:17:90:63:41:dd:c0:6f:aa: 850s 1e:b2 850s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-8880-auth.pem 850s + found_md5=Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B 850s + '[' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B '!=' Modulus=CDDDB95F6D3BA8329C3C478A4266B1572D27405B4B31BC2FBF94333647793CCB5C641BD9087ECC9B89561C066F5A5C0FE9559CAEB06D234B1BCFD0FB7637783B340D8C572E2634B808DB72E58B4D345693A28032AB917C165DD7E777CB989B334B4D184C839725D749BB4EBA66326422FA2B861A50C807E7E325989B429E755B ']' 850s + invalid_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 850s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 850s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 850s + local verify_option= 850s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 850s + local key_cn 850s + local key_name 850s + local tokens_dir 850s + local output_cert_file 850s + token_name= 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem .pem 850s + key_name=test-root-CA-trusted-certificate-0001 850s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s ++ sed -n 's/ *commonName *= //p' 850s + key_cn='Test Organization Root Trusted Certificate 0001' 850s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 850s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 850s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 850s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 850s + token_name='Test Organization Root Tr Token' 850s Test Organization Root Tr Token 850s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 850s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 850s + echo 'Test Organization Root Tr Token' 850s + '[' -n '' ']' 850s + local output_base_name=SSSD-child-31366 850s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-31366.output 850s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-31366.pem 850s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 850s [p11_child[3273]] [main] (0x0400): p11_child started. 850s [p11_child[3273]] [main] (0x2000): Running in [pre-auth] mode. 850s [p11_child[3273]] [main] (0x2000): Running with effective IDs: [0][0]. 850s [p11_child[3273]] [main] (0x2000): Running with real IDs [0][0]. 850s [p11_child[3273]] [do_card] (0x4000): Module List: 850s [p11_child[3273]] [do_card] (0x4000): common name: [softhsm2]. 850s [p11_child[3273]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3273]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 850s [p11_child[3273]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 850s [p11_child[3273]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3273]] [do_card] (0x4000): Login NOT required. 850s [p11_child[3273]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 850s [p11_child[3273]] [do_verification] (0x0040): X509_verify_cert failed [0]. 850s [p11_child[3273]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 850s [p11_child[3273]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 850s [p11_child[3273]] [do_card] (0x4000): No certificate found. 850s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-31366.output 850s + return 2 850s + invalid_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem partial_chain 850s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem partial_chain 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 850s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 850s + local verify_option=partial_chain 850s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24129 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-root-ca-trusted-cert-0001-24129 850s + local key_cn 850s + local key_name 850s + local tokens_dir 850s + local output_cert_file 850s + token_name= 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem .pem 850s + key_name=test-root-CA-trusted-certificate-0001 850s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-root-CA-trusted-certificate-0001.pem 850s ++ sed -n 's/ *commonName *= //p' 850s + key_cn='Test Organization Root Trusted Certificate 0001' 850s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 850s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 850s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 850s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 850s + token_name='Test Organization Root Tr Token' 850s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 850s Test Organization Root Tr Token 850s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-root-CA-trusted-certificate-0001 ']' 850s + echo 'Test Organization Root Tr Token' 850s + '[' -n partial_chain ']' 850s + local verify_arg=--verify=partial_chain 850s + local output_base_name=SSSD-child-10075 850s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-10075.output 850s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-10075.pem 850s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 850s [p11_child[3280]] [main] (0x0400): p11_child started. 850s [p11_child[3280]] [main] (0x2000): Running in [pre-auth] mode. 850s [p11_child[3280]] [main] (0x2000): Running with effective IDs: [0][0]. 850s [p11_child[3280]] [main] (0x2000): Running with real IDs [0][0]. 850s [p11_child[3280]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 850s [p11_child[3280]] [do_card] (0x4000): Module List: 850s [p11_child[3280]] [do_card] (0x4000): common name: [softhsm2]. 850s [p11_child[3280]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3280]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2239c991] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 850s [p11_child[3280]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 850s [p11_child[3280]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2239c991][574212497] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3280]] [do_card] (0x4000): Login NOT required. 850s [p11_child[3280]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 850s [p11_child[3280]] [do_verification] (0x0040): X509_verify_cert failed [0]. 850s [p11_child[3280]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 850s [p11_child[3280]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 850s [p11_child[3280]] [do_card] (0x4000): No certificate found. 850s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-10075.output 850s + return 2 850s + invalid_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /dev/null 850s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /dev/null 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 850s + local key_ring=/dev/null 850s + local verify_option= 850s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 850s + local key_cn 850s + local key_name 850s + local tokens_dir 850s + local output_cert_file 850s + token_name= 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem .pem 850s + key_name=test-intermediate-CA-trusted-certificate-0001 850s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 850s ++ sed -n 's/ *commonName *= //p' 850s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 850s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 850s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 850s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 850s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 850s + token_name='Test Organization Interme Token' 850s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 850s + local key_file 850s + local decrypted_key 850s + mkdir -p /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 850s + key_file=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001-key.pem 850s + decrypted_key=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 850s + cat 850s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 850s Slot 0 has a free/uninitialized token. 850s The token has been initialized and is reassigned to slot 734409824 850s + softhsm2-util --show-slots 850s Available slots: 850s Slot 734409824 850s Slot info: 850s Description: SoftHSM slot ID 0x2bc63460 850s Manufacturer ID: SoftHSM project 850s Hardware version: 2.6 850s Firmware version: 2.6 850s Token present: yes 850s Token info: 850s Manufacturer ID: SoftHSM project 850s Model: SoftHSM v2 850s Hardware version: 2.6 850s Firmware version: 2.6 850s Serial number: 0b2af91c2bc63460 850s Initialized: yes 850s User PIN init.: yes 850s Label: Test Organization Interme Token 850s Slot 1 850s Slot info: 850s Description: SoftHSM slot ID 0x1 850s Manufacturer ID: SoftHSM project 850s Hardware version: 2.6 850s Firmware version: 2.6 850s Token present: yes 850s Token info: 850s Manufacturer ID: SoftHSM project 850s Model: SoftHSM v2 850s Hardware version: 2.6 850s Firmware version: 2.6 850s Serial number: 850s Initialized: no 850s User PIN init.: no 850s Label: 850s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 850s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-6689 -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 850s writing RSA key 850s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 850s + rm /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 850s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 850s Object 0: 850s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b2af91c2bc63460;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 850s Type: X.509 Certificate (RSA-1024) 850s Expires: Sat Jun 14 16:16:44 2025 850s Label: Test Organization Intermediate Trusted Certificate 0001 850s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 850s 850s Test Organization Interme Token 850s + echo 'Test Organization Interme Token' 850s + '[' -n '' ']' 850s + local output_base_name=SSSD-child-14060 850s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-14060.output 850s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-14060.pem 850s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 850s [p11_child[3296]] [main] (0x0400): p11_child started. 850s [p11_child[3296]] [main] (0x2000): Running in [pre-auth] mode. 850s [p11_child[3296]] [main] (0x2000): Running with effective IDs: [0][0]. 850s [p11_child[3296]] [main] (0x2000): Running with real IDs [0][0]. 850s [p11_child[3296]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 850s [p11_child[3296]] [do_work] (0x0040): init_verification failed. 850s [p11_child[3296]] [main] (0x0020): p11_child failed (5) 850s + return 2 850s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /dev/null no_verification 850s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /dev/null no_verification 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 850s + local key_ring=/dev/null 850s + local verify_option=no_verification 850s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 850s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 850s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 850s + local key_cn 850s + local key_name 850s + local tokens_dir 850s + local output_cert_file 850s + token_name= 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem .pem 850s + key_name=test-intermediate-CA-trusted-certificate-0001 850s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 850s ++ sed -n 's/ *commonName *= //p' 850s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 850s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 850s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 850s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 850s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 850s + token_name='Test Organization Interme Token' 850s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 850s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 850s + echo 'Test Organization Interme Token' 850s + '[' -n no_verification ']' 850s + local verify_arg=--verify=no_verification 850s + local output_base_name=SSSD-child-15198 850s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198.output 850s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198.pem 850s Test Organization Interme Token 850s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 850s [p11_child[3302]] [main] (0x0400): p11_child started. 850s [p11_child[3302]] [main] (0x2000): Running in [pre-auth] mode. 850s [p11_child[3302]] [main] (0x2000): Running with effective IDs: [0][0]. 850s [p11_child[3302]] [main] (0x2000): Running with real IDs [0][0]. 850s [p11_child[3302]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 850s [p11_child[3302]] [do_card] (0x4000): Module List: 850s [p11_child[3302]] [do_card] (0x4000): common name: [softhsm2]. 850s [p11_child[3302]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3302]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2bc63460] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 850s [p11_child[3302]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 850s [p11_child[3302]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2bc63460][734409824] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3302]] [do_card] (0x4000): Login NOT required. 850s [p11_child[3302]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 850s [p11_child[3302]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 850s [p11_child[3302]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2bc63460;slot-manufacturer=SoftHSM%20project;slot-id=734409824;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b2af91c2bc63460;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 850s [p11_child[3302]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 850s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198.output 850s + echo '-----BEGIN CERTIFICATE-----' 850s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198.output 850s + echo '-----END CERTIFICATE-----' 850s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198.pem 850s Certificate: 850s Data: 850s Version: 3 (0x2) 850s Serial Number: 4 (0x4) 850s Signature Algorithm: sha256WithRSAEncryption 850s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 850s Validity 850s Not Before: Jun 14 16:16:44 2024 GMT 850s Not After : Jun 14 16:16:44 2025 GMT 850s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 850s Subject Public Key Info: 850s Public Key Algorithm: rsaEncryption 850s Public-Key: (1024 bit) 850s Modulus: 850s 00:cd:fc:1f:38:f9:fb:8b:56:4a:8c:cc:7e:fa:44: 850s 67:28:06:ba:88:62:c0:41:e2:40:7a:81:31:c6:bd: 850s 4c:e4:d2:c6:6c:e4:85:81:56:5f:18:ca:73:a2:bd: 850s 45:c4:07:bb:4a:a9:6c:ec:f7:ab:03:6e:c1:d6:ef: 850s 9f:3c:2c:c4:61:75:57:bf:b9:2e:1c:4b:d4:a3:23: 850s 74:45:3c:ec:62:6e:11:6f:31:58:f0:a4:e1:27:e9: 850s 9d:a3:23:3f:e5:ae:d7:b2:8b:9e:f3:df:e9:b5:84: 850s 99:9d:7e:80:81:5a:f3:e8:58:f5:2f:1c:3e:dd:67: 850s b2:82:d0:65:dc:f3:0d:d0:8f 850s Exponent: 65537 (0x10001) 850s X509v3 extensions: 850s X509v3 Authority Key Identifier: 850s FC:20:02:B1:78:A5:A4:93:3E:D4:AA:8B:FC:CD:91:75:20:9E:46:15 850s X509v3 Basic Constraints: 850s CA:FALSE 850s Netscape Cert Type: 850s SSL Client, S/MIME 850s Netscape Comment: 850s Test Organization Intermediate CA trusted Certificate 850s X509v3 Subject Key Identifier: 850s 4B:20:47:C4:70:38:76:3C:DC:9E:C0:FB:07:E5:D7:F2:6F:6B:D8:BA 850s X509v3 Key Usage: critical 850s Digital Signature, Non Repudiation, Key Encipherment 850s X509v3 Extended Key Usage: 850s TLS Web Client Authentication, E-mail Protection 850s X509v3 Subject Alternative Name: 850s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 850s Signature Algorithm: sha256WithRSAEncryption 850s Signature Value: 850s 64:cf:fd:55:82:33:02:23:6d:47:59:94:2a:17:20:32:16:0b: 850s e2:b5:ba:fb:64:e2:d4:eb:e0:ee:52:77:ab:32:2e:f5:18:2d: 850s c3:fd:fe:6f:36:34:e4:4a:ae:f2:55:e6:26:0f:d9:85:a9:2f: 850s 54:0e:e7:09:dc:d3:8b:aa:76:8b:0b:c0:6b:44:c4:e4:a3:10: 850s ae:14:cb:d4:96:61:60:27:0d:e9:79:fa:93:45:b1:98:31:b9: 850s c4:5a:a7:34:35:4a:bc:2f:52:4d:e0:06:16:61:04:ce:40:3a: 850s 09:b8:08:20:72:f2:b8:0a:54:8f:55:4a:8b:96:74:2d:aa:38: 850s 61:32 850s + local found_md5 expected_md5 850s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 850s + expected_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 850s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198.pem 850s + found_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 850s + '[' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F '!=' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F ']' 850s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198-auth.output 850s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198-auth.output .output 850s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198-auth.pem 850s + echo -n 053350 850s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 850s [p11_child[3310]] [main] (0x0400): p11_child started. 850s [p11_child[3310]] [main] (0x2000): Running in [auth] mode. 850s [p11_child[3310]] [main] (0x2000): Running with effective IDs: [0][0]. 850s [p11_child[3310]] [main] (0x2000): Running with real IDs [0][0]. 850s [p11_child[3310]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 850s [p11_child[3310]] [do_card] (0x4000): Module List: 850s [p11_child[3310]] [do_card] (0x4000): common name: [softhsm2]. 850s [p11_child[3310]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3310]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2bc63460] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 850s [p11_child[3310]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 850s [p11_child[3310]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2bc63460][734409824] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 850s [p11_child[3310]] [do_card] (0x4000): Login required. 850s [p11_child[3310]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 850s [p11_child[3310]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 850s [p11_child[3310]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2bc63460;slot-manufacturer=SoftHSM%20project;slot-id=734409824;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b2af91c2bc63460;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 850s [p11_child[3310]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 850s [p11_child[3310]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 850s [p11_child[3310]] [do_card] (0x4000): Certificate verified and validated. 850s [p11_child[3310]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 850s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198-auth.output 850s + echo '-----BEGIN CERTIFICATE-----' 850s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198-auth.output 850s + echo '-----END CERTIFICATE-----' 850s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198-auth.pem 850s Certificate: 850s Data: 850s Version: 3 (0x2) 850s Serial Number: 4 (0x4) 850s Signature Algorithm: sha256WithRSAEncryption 850s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 850s Validity 850s Not Before: Jun 14 16:16:44 2024 GMT 850s Not After : Jun 14 16:16:44 2025 GMT 850s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 850s Subject Public Key Info: 850s Public Key Algorithm: rsaEncryption 850s Public-Key: (1024 bit) 850s Modulus: 850s 00:cd:fc:1f:38:f9:fb:8b:56:4a:8c:cc:7e:fa:44: 850s 67:28:06:ba:88:62:c0:41:e2:40:7a:81:31:c6:bd: 850s 4c:e4:d2:c6:6c:e4:85:81:56:5f:18:ca:73:a2:bd: 850s 45:c4:07:bb:4a:a9:6c:ec:f7:ab:03:6e:c1:d6:ef: 850s 9f:3c:2c:c4:61:75:57:bf:b9:2e:1c:4b:d4:a3:23: 850s 74:45:3c:ec:62:6e:11:6f:31:58:f0:a4:e1:27:e9: 850s 9d:a3:23:3f:e5:ae:d7:b2:8b:9e:f3:df:e9:b5:84: 850s 99:9d:7e:80:81:5a:f3:e8:58:f5:2f:1c:3e:dd:67: 850s b2:82:d0:65:dc:f3:0d:d0:8f 850s Exponent: 65537 (0x10001) 850s X509v3 extensions: 850s X509v3 Authority Key Identifier: 850s FC:20:02:B1:78:A5:A4:93:3E:D4:AA:8B:FC:CD:91:75:20:9E:46:15 850s X509v3 Basic Constraints: 850s CA:FALSE 850s Netscape Cert Type: 850s SSL Client, S/MIME 850s Netscape Comment: 850s Test Organization Intermediate CA trusted Certificate 850s X509v3 Subject Key Identifier: 850s 4B:20:47:C4:70:38:76:3C:DC:9E:C0:FB:07:E5:D7:F2:6F:6B:D8:BA 850s X509v3 Key Usage: critical 850s Digital Signature, Non Repudiation, Key Encipherment 850s X509v3 Extended Key Usage: 850s TLS Web Client Authentication, E-mail Protection 850s X509v3 Subject Alternative Name: 850s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 850s Signature Algorithm: sha256WithRSAEncryption 850s Signature Value: 850s 64:cf:fd:55:82:33:02:23:6d:47:59:94:2a:17:20:32:16:0b: 850s e2:b5:ba:fb:64:e2:d4:eb:e0:ee:52:77:ab:32:2e:f5:18:2d: 850s c3:fd:fe:6f:36:34:e4:4a:ae:f2:55:e6:26:0f:d9:85:a9:2f: 850s 54:0e:e7:09:dc:d3:8b:aa:76:8b:0b:c0:6b:44:c4:e4:a3:10: 850s ae:14:cb:d4:96:61:60:27:0d:e9:79:fa:93:45:b1:98:31:b9: 850s c4:5a:a7:34:35:4a:bc:2f:52:4d:e0:06:16:61:04:ce:40:3a: 850s 09:b8:08:20:72:f2:b8:0a:54:8f:55:4a:8b:96:74:2d:aa:38: 850s 61:32 850s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15198-auth.pem 851s + found_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 851s + '[' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F '!=' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F ']' 851s + invalid_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 851s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 851s + local verify_option= 851s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_cn 851s + local key_name 851s + local tokens_dir 851s + local output_cert_file 851s + token_name= 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem .pem 851s + key_name=test-intermediate-CA-trusted-certificate-0001 851s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s ++ sed -n 's/ *commonName *= //p' 851s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 851s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 851s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 851s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 851s + token_name='Test Organization Interme Token' 851s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 851s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 851s + echo 'Test Organization Interme Token' 851s Test Organization Interme Token 851s + '[' -n '' ']' 851s + local output_base_name=SSSD-child-12974 851s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-12974.output 851s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-12974.pem 851s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 851s [p11_child[3320]] [main] (0x0400): p11_child started. 851s [p11_child[3320]] [main] (0x2000): Running in [pre-auth] mode. 851s [p11_child[3320]] [main] (0x2000): Running with effective IDs: [0][0]. 851s [p11_child[3320]] [main] (0x2000): Running with real IDs [0][0]. 851s [p11_child[3320]] [do_card] (0x4000): Module List: 851s [p11_child[3320]] [do_card] (0x4000): common name: [softhsm2]. 851s [p11_child[3320]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3320]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2bc63460] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 851s [p11_child[3320]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 851s [p11_child[3320]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2bc63460][734409824] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3320]] [do_card] (0x4000): Login NOT required. 851s [p11_child[3320]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 851s [p11_child[3320]] [do_verification] (0x0040): X509_verify_cert failed [0]. 851s [p11_child[3320]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 851s [p11_child[3320]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 851s [p11_child[3320]] [do_card] (0x4000): No certificate found. 851s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-12974.output 851s + return 2 851s + invalid_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem partial_chain 851s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem partial_chain 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 851s + local verify_option=partial_chain 851s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_cn 851s + local key_name 851s + local tokens_dir 851s + local output_cert_file 851s + token_name= 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem .pem 851s + key_name=test-intermediate-CA-trusted-certificate-0001 851s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s ++ sed -n 's/ *commonName *= //p' 851s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 851s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 851s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 851s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 851s + token_name='Test Organization Interme Token' 851s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 851s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 851s + echo 'Test Organization Interme Token' 851s + '[' -n partial_chain ']' 851s + local verify_arg=--verify=partial_chain 851s + local output_base_name=SSSD-child-635 851s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-635.output 851s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-635.pem 851s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 851s Test Organization Interme Token 851s [p11_child[3327]] [main] (0x0400): p11_child started. 851s [p11_child[3327]] [main] (0x2000): Running in [pre-auth] mode. 851s [p11_child[3327]] [main] (0x2000): Running with effective IDs: [0][0]. 851s [p11_child[3327]] [main] (0x2000): Running with real IDs [0][0]. 851s [p11_child[3327]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 851s [p11_child[3327]] [do_card] (0x4000): Module List: 851s [p11_child[3327]] [do_card] (0x4000): common name: [softhsm2]. 851s [p11_child[3327]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3327]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2bc63460] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 851s [p11_child[3327]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 851s [p11_child[3327]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2bc63460][734409824] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3327]] [do_card] (0x4000): Login NOT required. 851s [p11_child[3327]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 851s [p11_child[3327]] [do_verification] (0x0040): X509_verify_cert failed [0]. 851s [p11_child[3327]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 851s [p11_child[3327]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 851s [p11_child[3327]] [do_card] (0x4000): No certificate found. 851s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-635.output 851s + return 2 851s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 851s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 851s + local verify_option= 851s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_cn 851s + local key_name 851s + local tokens_dir 851s + local output_cert_file 851s + token_name= 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem .pem 851s + key_name=test-intermediate-CA-trusted-certificate-0001 851s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s ++ sed -n 's/ *commonName *= //p' 851s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 851s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 851s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 851s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 851s + token_name='Test Organization Interme Token' 851s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 851s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 851s + echo 'Test Organization Interme Token' 851s + '[' -n '' ']' 851s + local output_base_name=SSSD-child-22216 851s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216.output 851s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216.pem 851s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 851s Test Organization Interme Token 851s [p11_child[3334]] [main] (0x0400): p11_child started. 851s [p11_child[3334]] [main] (0x2000): Running in [pre-auth] mode. 851s [p11_child[3334]] [main] (0x2000): Running with effective IDs: [0][0]. 851s [p11_child[3334]] [main] (0x2000): Running with real IDs [0][0]. 851s [p11_child[3334]] [do_card] (0x4000): Module List: 851s [p11_child[3334]] [do_card] (0x4000): common name: [softhsm2]. 851s [p11_child[3334]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3334]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2bc63460] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 851s [p11_child[3334]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 851s [p11_child[3334]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2bc63460][734409824] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3334]] [do_card] (0x4000): Login NOT required. 851s [p11_child[3334]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 851s [p11_child[3334]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 851s [p11_child[3334]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 851s [p11_child[3334]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2bc63460;slot-manufacturer=SoftHSM%20project;slot-id=734409824;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b2af91c2bc63460;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 851s [p11_child[3334]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 851s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216.output 851s + echo '-----BEGIN CERTIFICATE-----' 851s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216.output 851s + echo '-----END CERTIFICATE-----' 851s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216.pem 851s Certificate: 851s Data: 851s Version: 3 (0x2) 851s Serial Number: 4 (0x4) 851s Signature Algorithm: sha256WithRSAEncryption 851s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 851s Validity 851s Not Before: Jun 14 16:16:44 2024 GMT 851s Not After : Jun 14 16:16:44 2025 GMT 851s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 851s Subject Public Key Info: 851s Public Key Algorithm: rsaEncryption 851s Public-Key: (1024 bit) 851s Modulus: 851s 00:cd:fc:1f:38:f9:fb:8b:56:4a:8c:cc:7e:fa:44: 851s 67:28:06:ba:88:62:c0:41:e2:40:7a:81:31:c6:bd: 851s 4c:e4:d2:c6:6c:e4:85:81:56:5f:18:ca:73:a2:bd: 851s 45:c4:07:bb:4a:a9:6c:ec:f7:ab:03:6e:c1:d6:ef: 851s 9f:3c:2c:c4:61:75:57:bf:b9:2e:1c:4b:d4:a3:23: 851s 74:45:3c:ec:62:6e:11:6f:31:58:f0:a4:e1:27:e9: 851s 9d:a3:23:3f:e5:ae:d7:b2:8b:9e:f3:df:e9:b5:84: 851s 99:9d:7e:80:81:5a:f3:e8:58:f5:2f:1c:3e:dd:67: 851s b2:82:d0:65:dc:f3:0d:d0:8f 851s Exponent: 65537 (0x10001) 851s X509v3 extensions: 851s X509v3 Authority Key Identifier: 851s FC:20:02:B1:78:A5:A4:93:3E:D4:AA:8B:FC:CD:91:75:20:9E:46:15 851s X509v3 Basic Constraints: 851s CA:FALSE 851s Netscape Cert Type: 851s SSL Client, S/MIME 851s Netscape Comment: 851s Test Organization Intermediate CA trusted Certificate 851s X509v3 Subject Key Identifier: 851s 4B:20:47:C4:70:38:76:3C:DC:9E:C0:FB:07:E5:D7:F2:6F:6B:D8:BA 851s X509v3 Key Usage: critical 851s Digital Signature, Non Repudiation, Key Encipherment 851s X509v3 Extended Key Usage: 851s TLS Web Client Authentication, E-mail Protection 851s X509v3 Subject Alternative Name: 851s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 851s Signature Algorithm: sha256WithRSAEncryption 851s Signature Value: 851s 64:cf:fd:55:82:33:02:23:6d:47:59:94:2a:17:20:32:16:0b: 851s e2:b5:ba:fb:64:e2:d4:eb:e0:ee:52:77:ab:32:2e:f5:18:2d: 851s c3:fd:fe:6f:36:34:e4:4a:ae:f2:55:e6:26:0f:d9:85:a9:2f: 851s 54:0e:e7:09:dc:d3:8b:aa:76:8b:0b:c0:6b:44:c4:e4:a3:10: 851s ae:14:cb:d4:96:61:60:27:0d:e9:79:fa:93:45:b1:98:31:b9: 851s c4:5a:a7:34:35:4a:bc:2f:52:4d:e0:06:16:61:04:ce:40:3a: 851s 09:b8:08:20:72:f2:b8:0a:54:8f:55:4a:8b:96:74:2d:aa:38: 851s 61:32 851s + local found_md5 expected_md5 851s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + expected_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 851s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216.pem 851s + found_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 851s + '[' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F '!=' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F ']' 851s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216-auth.output 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216-auth.output .output 851s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216-auth.pem 851s + echo -n 053350 851s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 851s [p11_child[3342]] [main] (0x0400): p11_child started. 851s [p11_child[3342]] [main] (0x2000): Running in [auth] mode. 851s [p11_child[3342]] [main] (0x2000): Running with effective IDs: [0][0]. 851s [p11_child[3342]] [main] (0x2000): Running with real IDs [0][0]. 851s [p11_child[3342]] [do_card] (0x4000): Module List: 851s [p11_child[3342]] [do_card] (0x4000): common name: [softhsm2]. 851s [p11_child[3342]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3342]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2bc63460] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 851s [p11_child[3342]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 851s [p11_child[3342]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2bc63460][734409824] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3342]] [do_card] (0x4000): Login required. 851s [p11_child[3342]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 851s [p11_child[3342]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 851s [p11_child[3342]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 851s [p11_child[3342]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2bc63460;slot-manufacturer=SoftHSM%20project;slot-id=734409824;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b2af91c2bc63460;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 851s [p11_child[3342]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 851s [p11_child[3342]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 851s [p11_child[3342]] [do_card] (0x4000): Certificate verified and validated. 851s [p11_child[3342]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 851s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216-auth.output 851s + echo '-----BEGIN CERTIFICATE-----' 851s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216-auth.output 851s + echo '-----END CERTIFICATE-----' 851s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216-auth.pem 851s Certificate: 851s Data: 851s Version: 3 (0x2) 851s Serial Number: 4 (0x4) 851s Signature Algorithm: sha256WithRSAEncryption 851s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 851s Validity 851s Not Before: Jun 14 16:16:44 2024 GMT 851s Not After : Jun 14 16:16:44 2025 GMT 851s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 851s Subject Public Key Info: 851s Public Key Algorithm: rsaEncryption 851s Public-Key: (1024 bit) 851s Modulus: 851s 00:cd:fc:1f:38:f9:fb:8b:56:4a:8c:cc:7e:fa:44: 851s 67:28:06:ba:88:62:c0:41:e2:40:7a:81:31:c6:bd: 851s 4c:e4:d2:c6:6c:e4:85:81:56:5f:18:ca:73:a2:bd: 851s 45:c4:07:bb:4a:a9:6c:ec:f7:ab:03:6e:c1:d6:ef: 851s 9f:3c:2c:c4:61:75:57:bf:b9:2e:1c:4b:d4:a3:23: 851s 74:45:3c:ec:62:6e:11:6f:31:58:f0:a4:e1:27:e9: 851s 9d:a3:23:3f:e5:ae:d7:b2:8b:9e:f3:df:e9:b5:84: 851s 99:9d:7e:80:81:5a:f3:e8:58:f5:2f:1c:3e:dd:67: 851s b2:82:d0:65:dc:f3:0d:d0:8f 851s Exponent: 65537 (0x10001) 851s X509v3 extensions: 851s X509v3 Authority Key Identifier: 851s FC:20:02:B1:78:A5:A4:93:3E:D4:AA:8B:FC:CD:91:75:20:9E:46:15 851s X509v3 Basic Constraints: 851s CA:FALSE 851s Netscape Cert Type: 851s SSL Client, S/MIME 851s Netscape Comment: 851s Test Organization Intermediate CA trusted Certificate 851s X509v3 Subject Key Identifier: 851s 4B:20:47:C4:70:38:76:3C:DC:9E:C0:FB:07:E5:D7:F2:6F:6B:D8:BA 851s X509v3 Key Usage: critical 851s Digital Signature, Non Repudiation, Key Encipherment 851s X509v3 Extended Key Usage: 851s TLS Web Client Authentication, E-mail Protection 851s X509v3 Subject Alternative Name: 851s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 851s Signature Algorithm: sha256WithRSAEncryption 851s Signature Value: 851s 64:cf:fd:55:82:33:02:23:6d:47:59:94:2a:17:20:32:16:0b: 851s e2:b5:ba:fb:64:e2:d4:eb:e0:ee:52:77:ab:32:2e:f5:18:2d: 851s c3:fd:fe:6f:36:34:e4:4a:ae:f2:55:e6:26:0f:d9:85:a9:2f: 851s 54:0e:e7:09:dc:d3:8b:aa:76:8b:0b:c0:6b:44:c4:e4:a3:10: 851s ae:14:cb:d4:96:61:60:27:0d:e9:79:fa:93:45:b1:98:31:b9: 851s c4:5a:a7:34:35:4a:bc:2f:52:4d:e0:06:16:61:04:ce:40:3a: 851s 09:b8:08:20:72:f2:b8:0a:54:8f:55:4a:8b:96:74:2d:aa:38: 851s 61:32 851s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-22216-auth.pem 851s + found_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 851s + '[' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F '!=' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F ']' 851s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem partial_chain 851s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem partial_chain 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 851s + local verify_option=partial_chain 851s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_cn 851s + local key_name 851s + local tokens_dir 851s + local output_cert_file 851s + token_name= 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem .pem 851s + key_name=test-intermediate-CA-trusted-certificate-0001 851s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s ++ sed -n 's/ *commonName *= //p' 851s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 851s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 851s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 851s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 851s + token_name='Test Organization Interme Token' 851s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 851s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 851s + echo 'Test Organization Interme Token' 851s + '[' -n partial_chain ']' 851s + local verify_arg=--verify=partial_chain 851s + local output_base_name=SSSD-child-15143 851s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143.output 851s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143.pem 851s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 851s Test Organization Interme Token 851s [p11_child[3352]] [main] (0x0400): p11_child started. 851s [p11_child[3352]] [main] (0x2000): Running in [pre-auth] mode. 851s [p11_child[3352]] [main] (0x2000): Running with effective IDs: [0][0]. 851s [p11_child[3352]] [main] (0x2000): Running with real IDs [0][0]. 851s [p11_child[3352]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 851s [p11_child[3352]] [do_card] (0x4000): Module List: 851s [p11_child[3352]] [do_card] (0x4000): common name: [softhsm2]. 851s [p11_child[3352]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3352]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2bc63460] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 851s [p11_child[3352]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 851s [p11_child[3352]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2bc63460][734409824] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3352]] [do_card] (0x4000): Login NOT required. 851s [p11_child[3352]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 851s [p11_child[3352]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 851s [p11_child[3352]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 851s [p11_child[3352]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2bc63460;slot-manufacturer=SoftHSM%20project;slot-id=734409824;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b2af91c2bc63460;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 851s [p11_child[3352]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 851s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143.output 851s + echo '-----BEGIN CERTIFICATE-----' 851s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143.output 851s + echo '-----END CERTIFICATE-----' 851s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143.pem 851s Certificate: 851s Data: 851s Version: 3 (0x2) 851s Serial Number: 4 (0x4) 851s Signature Algorithm: sha256WithRSAEncryption 851s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 851s Validity 851s Not Before: Jun 14 16:16:44 2024 GMT 851s Not After : Jun 14 16:16:44 2025 GMT 851s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 851s Subject Public Key Info: 851s Public Key Algorithm: rsaEncryption 851s Public-Key: (1024 bit) 851s Modulus: 851s 00:cd:fc:1f:38:f9:fb:8b:56:4a:8c:cc:7e:fa:44: 851s 67:28:06:ba:88:62:c0:41:e2:40:7a:81:31:c6:bd: 851s 4c:e4:d2:c6:6c:e4:85:81:56:5f:18:ca:73:a2:bd: 851s 45:c4:07:bb:4a:a9:6c:ec:f7:ab:03:6e:c1:d6:ef: 851s 9f:3c:2c:c4:61:75:57:bf:b9:2e:1c:4b:d4:a3:23: 851s 74:45:3c:ec:62:6e:11:6f:31:58:f0:a4:e1:27:e9: 851s 9d:a3:23:3f:e5:ae:d7:b2:8b:9e:f3:df:e9:b5:84: 851s 99:9d:7e:80:81:5a:f3:e8:58:f5:2f:1c:3e:dd:67: 851s b2:82:d0:65:dc:f3:0d:d0:8f 851s Exponent: 65537 (0x10001) 851s X509v3 extensions: 851s X509v3 Authority Key Identifier: 851s FC:20:02:B1:78:A5:A4:93:3E:D4:AA:8B:FC:CD:91:75:20:9E:46:15 851s X509v3 Basic Constraints: 851s CA:FALSE 851s Netscape Cert Type: 851s SSL Client, S/MIME 851s Netscape Comment: 851s Test Organization Intermediate CA trusted Certificate 851s X509v3 Subject Key Identifier: 851s 4B:20:47:C4:70:38:76:3C:DC:9E:C0:FB:07:E5:D7:F2:6F:6B:D8:BA 851s X509v3 Key Usage: critical 851s Digital Signature, Non Repudiation, Key Encipherment 851s X509v3 Extended Key Usage: 851s TLS Web Client Authentication, E-mail Protection 851s X509v3 Subject Alternative Name: 851s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 851s Signature Algorithm: sha256WithRSAEncryption 851s Signature Value: 851s 64:cf:fd:55:82:33:02:23:6d:47:59:94:2a:17:20:32:16:0b: 851s e2:b5:ba:fb:64:e2:d4:eb:e0:ee:52:77:ab:32:2e:f5:18:2d: 851s c3:fd:fe:6f:36:34:e4:4a:ae:f2:55:e6:26:0f:d9:85:a9:2f: 851s 54:0e:e7:09:dc:d3:8b:aa:76:8b:0b:c0:6b:44:c4:e4:a3:10: 851s ae:14:cb:d4:96:61:60:27:0d:e9:79:fa:93:45:b1:98:31:b9: 851s c4:5a:a7:34:35:4a:bc:2f:52:4d:e0:06:16:61:04:ce:40:3a: 851s 09:b8:08:20:72:f2:b8:0a:54:8f:55:4a:8b:96:74:2d:aa:38: 851s 61:32 851s + local found_md5 expected_md5 851s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + expected_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 851s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143.pem 851s + found_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 851s + '[' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F '!=' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F ']' 851s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143-auth.output 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143-auth.output .output 851s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143-auth.pem 851s + echo -n 053350 851s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 851s [p11_child[3360]] [main] (0x0400): p11_child started. 851s [p11_child[3360]] [main] (0x2000): Running in [auth] mode. 851s [p11_child[3360]] [main] (0x2000): Running with effective IDs: [0][0]. 851s [p11_child[3360]] [main] (0x2000): Running with real IDs [0][0]. 851s [p11_child[3360]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 851s [p11_child[3360]] [do_card] (0x4000): Module List: 851s [p11_child[3360]] [do_card] (0x4000): common name: [softhsm2]. 851s [p11_child[3360]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3360]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2bc63460] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 851s [p11_child[3360]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 851s [p11_child[3360]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2bc63460][734409824] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3360]] [do_card] (0x4000): Login required. 851s [p11_child[3360]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 851s [p11_child[3360]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 851s [p11_child[3360]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 851s [p11_child[3360]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2bc63460;slot-manufacturer=SoftHSM%20project;slot-id=734409824;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b2af91c2bc63460;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 851s [p11_child[3360]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 851s [p11_child[3360]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 851s [p11_child[3360]] [do_card] (0x4000): Certificate verified and validated. 851s [p11_child[3360]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 851s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143-auth.output 851s + echo '-----BEGIN CERTIFICATE-----' 851s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143-auth.output 851s + echo '-----END CERTIFICATE-----' 851s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143-auth.pem 851s Certificate: 851s Data: 851s Version: 3 (0x2) 851s Serial Number: 4 (0x4) 851s Signature Algorithm: sha256WithRSAEncryption 851s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 851s Validity 851s Not Before: Jun 14 16:16:44 2024 GMT 851s Not After : Jun 14 16:16:44 2025 GMT 851s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 851s Subject Public Key Info: 851s Public Key Algorithm: rsaEncryption 851s Public-Key: (1024 bit) 851s Modulus: 851s 00:cd:fc:1f:38:f9:fb:8b:56:4a:8c:cc:7e:fa:44: 851s 67:28:06:ba:88:62:c0:41:e2:40:7a:81:31:c6:bd: 851s 4c:e4:d2:c6:6c:e4:85:81:56:5f:18:ca:73:a2:bd: 851s 45:c4:07:bb:4a:a9:6c:ec:f7:ab:03:6e:c1:d6:ef: 851s 9f:3c:2c:c4:61:75:57:bf:b9:2e:1c:4b:d4:a3:23: 851s 74:45:3c:ec:62:6e:11:6f:31:58:f0:a4:e1:27:e9: 851s 9d:a3:23:3f:e5:ae:d7:b2:8b:9e:f3:df:e9:b5:84: 851s 99:9d:7e:80:81:5a:f3:e8:58:f5:2f:1c:3e:dd:67: 851s b2:82:d0:65:dc:f3:0d:d0:8f 851s Exponent: 65537 (0x10001) 851s X509v3 extensions: 851s X509v3 Authority Key Identifier: 851s FC:20:02:B1:78:A5:A4:93:3E:D4:AA:8B:FC:CD:91:75:20:9E:46:15 851s X509v3 Basic Constraints: 851s CA:FALSE 851s Netscape Cert Type: 851s SSL Client, S/MIME 851s Netscape Comment: 851s Test Organization Intermediate CA trusted Certificate 851s X509v3 Subject Key Identifier: 851s 4B:20:47:C4:70:38:76:3C:DC:9E:C0:FB:07:E5:D7:F2:6F:6B:D8:BA 851s X509v3 Key Usage: critical 851s Digital Signature, Non Repudiation, Key Encipherment 851s X509v3 Extended Key Usage: 851s TLS Web Client Authentication, E-mail Protection 851s X509v3 Subject Alternative Name: 851s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 851s Signature Algorithm: sha256WithRSAEncryption 851s Signature Value: 851s 64:cf:fd:55:82:33:02:23:6d:47:59:94:2a:17:20:32:16:0b: 851s e2:b5:ba:fb:64:e2:d4:eb:e0:ee:52:77:ab:32:2e:f5:18:2d: 851s c3:fd:fe:6f:36:34:e4:4a:ae:f2:55:e6:26:0f:d9:85:a9:2f: 851s 54:0e:e7:09:dc:d3:8b:aa:76:8b:0b:c0:6b:44:c4:e4:a3:10: 851s ae:14:cb:d4:96:61:60:27:0d:e9:79:fa:93:45:b1:98:31:b9: 851s c4:5a:a7:34:35:4a:bc:2f:52:4d:e0:06:16:61:04:ce:40:3a: 851s 09:b8:08:20:72:f2:b8:0a:54:8f:55:4a:8b:96:74:2d:aa:38: 851s 61:32 851s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-15143-auth.pem 851s + found_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 851s + '[' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F '!=' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F ']' 851s + invalid_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 851s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 851s + local verify_option= 851s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_cn 851s + local key_name 851s + local tokens_dir 851s + local output_cert_file 851s + token_name= 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem .pem 851s + key_name=test-intermediate-CA-trusted-certificate-0001 851s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s ++ sed -n 's/ *commonName *= //p' 851s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 851s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 851s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 851s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 851s + token_name='Test Organization Interme Token' 851s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 851s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 851s + echo 'Test Organization Interme Token' 851s + '[' -n '' ']' 851s + local output_base_name=SSSD-child-6879 851s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-6879.output 851s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-6879.pem 851s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 851s Test Organization Interme Token 851s [p11_child[3370]] [main] (0x0400): p11_child started. 851s [p11_child[3370]] [main] (0x2000): Running in [pre-auth] mode. 851s [p11_child[3370]] [main] (0x2000): Running with effective IDs: [0][0]. 851s [p11_child[3370]] [main] (0x2000): Running with real IDs [0][0]. 851s [p11_child[3370]] [do_card] (0x4000): Module List: 851s [p11_child[3370]] [do_card] (0x4000): common name: [softhsm2]. 851s [p11_child[3370]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3370]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2bc63460] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 851s [p11_child[3370]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 851s [p11_child[3370]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2bc63460][734409824] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3370]] [do_card] (0x4000): Login NOT required. 851s [p11_child[3370]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 851s [p11_child[3370]] [do_verification] (0x0040): X509_verify_cert failed [0]. 851s [p11_child[3370]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 851s [p11_child[3370]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 851s [p11_child[3370]] [do_card] (0x4000): No certificate found. 851s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-6879.output 851s + return 2 851s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem partial_chain 851s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem partial_chain 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 851s + local verify_option=partial_chain 851s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6689 851s + local key_cn 851s + local key_name 851s + local tokens_dir 851s + local output_cert_file 851s + token_name= 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem .pem 851s + key_name=test-intermediate-CA-trusted-certificate-0001 851s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s ++ sed -n 's/ *commonName *= //p' 851s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 851s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 851s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 851s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 851s + token_name='Test Organization Interme Token' 851s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 851s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 851s + echo 'Test Organization Interme Token' 851s + '[' -n partial_chain ']' 851s + local verify_arg=--verify=partial_chain 851s + local output_base_name=SSSD-child-24997 851s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997.output 851s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997.pem 851s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem 851s Test Organization Interme Token 851s [p11_child[3377]] [main] (0x0400): p11_child started. 851s [p11_child[3377]] [main] (0x2000): Running in [pre-auth] mode. 851s [p11_child[3377]] [main] (0x2000): Running with effective IDs: [0][0]. 851s [p11_child[3377]] [main] (0x2000): Running with real IDs [0][0]. 851s [p11_child[3377]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 851s [p11_child[3377]] [do_card] (0x4000): Module List: 851s [p11_child[3377]] [do_card] (0x4000): common name: [softhsm2]. 851s [p11_child[3377]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3377]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2bc63460] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 851s [p11_child[3377]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 851s [p11_child[3377]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2bc63460][734409824] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3377]] [do_card] (0x4000): Login NOT required. 851s [p11_child[3377]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 851s [p11_child[3377]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 851s [p11_child[3377]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 851s [p11_child[3377]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2bc63460;slot-manufacturer=SoftHSM%20project;slot-id=734409824;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b2af91c2bc63460;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 851s [p11_child[3377]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 851s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997.output 851s + echo '-----BEGIN CERTIFICATE-----' 851s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997.output 851s + echo '-----END CERTIFICATE-----' 851s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997.pem 851s Certificate: 851s Data: 851s Version: 3 (0x2) 851s Serial Number: 4 (0x4) 851s Signature Algorithm: sha256WithRSAEncryption 851s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 851s Validity 851s Not Before: Jun 14 16:16:44 2024 GMT 851s Not After : Jun 14 16:16:44 2025 GMT 851s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 851s Subject Public Key Info: 851s Public Key Algorithm: rsaEncryption 851s Public-Key: (1024 bit) 851s Modulus: 851s 00:cd:fc:1f:38:f9:fb:8b:56:4a:8c:cc:7e:fa:44: 851s 67:28:06:ba:88:62:c0:41:e2:40:7a:81:31:c6:bd: 851s 4c:e4:d2:c6:6c:e4:85:81:56:5f:18:ca:73:a2:bd: 851s 45:c4:07:bb:4a:a9:6c:ec:f7:ab:03:6e:c1:d6:ef: 851s 9f:3c:2c:c4:61:75:57:bf:b9:2e:1c:4b:d4:a3:23: 851s 74:45:3c:ec:62:6e:11:6f:31:58:f0:a4:e1:27:e9: 851s 9d:a3:23:3f:e5:ae:d7:b2:8b:9e:f3:df:e9:b5:84: 851s 99:9d:7e:80:81:5a:f3:e8:58:f5:2f:1c:3e:dd:67: 851s b2:82:d0:65:dc:f3:0d:d0:8f 851s Exponent: 65537 (0x10001) 851s X509v3 extensions: 851s X509v3 Authority Key Identifier: 851s FC:20:02:B1:78:A5:A4:93:3E:D4:AA:8B:FC:CD:91:75:20:9E:46:15 851s X509v3 Basic Constraints: 851s CA:FALSE 851s Netscape Cert Type: 851s SSL Client, S/MIME 851s Netscape Comment: 851s Test Organization Intermediate CA trusted Certificate 851s X509v3 Subject Key Identifier: 851s 4B:20:47:C4:70:38:76:3C:DC:9E:C0:FB:07:E5:D7:F2:6F:6B:D8:BA 851s X509v3 Key Usage: critical 851s Digital Signature, Non Repudiation, Key Encipherment 851s X509v3 Extended Key Usage: 851s TLS Web Client Authentication, E-mail Protection 851s X509v3 Subject Alternative Name: 851s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 851s Signature Algorithm: sha256WithRSAEncryption 851s Signature Value: 851s 64:cf:fd:55:82:33:02:23:6d:47:59:94:2a:17:20:32:16:0b: 851s e2:b5:ba:fb:64:e2:d4:eb:e0:ee:52:77:ab:32:2e:f5:18:2d: 851s c3:fd:fe:6f:36:34:e4:4a:ae:f2:55:e6:26:0f:d9:85:a9:2f: 851s 54:0e:e7:09:dc:d3:8b:aa:76:8b:0b:c0:6b:44:c4:e4:a3:10: 851s ae:14:cb:d4:96:61:60:27:0d:e9:79:fa:93:45:b1:98:31:b9: 851s c4:5a:a7:34:35:4a:bc:2f:52:4d:e0:06:16:61:04:ce:40:3a: 851s 09:b8:08:20:72:f2:b8:0a:54:8f:55:4a:8b:96:74:2d:aa:38: 851s 61:32 851s + local found_md5 expected_md5 851s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA-trusted-certificate-0001.pem 851s + expected_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 851s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997.pem 851s + found_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 851s + '[' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F '!=' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F ']' 851s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997-auth.output 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997-auth.output .output 851s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997-auth.pem 851s + echo -n 053350 851s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 851s [p11_child[3385]] [main] (0x0400): p11_child started. 851s [p11_child[3385]] [main] (0x2000): Running in [auth] mode. 851s [p11_child[3385]] [main] (0x2000): Running with effective IDs: [0][0]. 851s [p11_child[3385]] [main] (0x2000): Running with real IDs [0][0]. 851s [p11_child[3385]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 851s [p11_child[3385]] [do_card] (0x4000): Module List: 851s [p11_child[3385]] [do_card] (0x4000): common name: [softhsm2]. 851s [p11_child[3385]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3385]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2bc63460] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 851s [p11_child[3385]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 851s [p11_child[3385]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2bc63460][734409824] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 851s [p11_child[3385]] [do_card] (0x4000): Login required. 851s [p11_child[3385]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 851s [p11_child[3385]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 851s [p11_child[3385]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 851s [p11_child[3385]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2bc63460;slot-manufacturer=SoftHSM%20project;slot-id=734409824;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0b2af91c2bc63460;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 851s [p11_child[3385]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 851s [p11_child[3385]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 851s [p11_child[3385]] [do_card] (0x4000): Certificate verified and validated. 851s [p11_child[3385]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 851s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997-auth.output 851s + echo '-----BEGIN CERTIFICATE-----' 851s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997-auth.output 851s + echo '-----END CERTIFICATE-----' 851s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997-auth.pem 851s Certificate: 851s Data: 851s Version: 3 (0x2) 851s Serial Number: 4 (0x4) 851s Signature Algorithm: sha256WithRSAEncryption 851s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 851s Validity 851s Not Before: Jun 14 16:16:44 2024 GMT 851s Not After : Jun 14 16:16:44 2025 GMT 851s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 851s Subject Public Key Info: 851s Public Key Algorithm: rsaEncryption 851s Public-Key: (1024 bit) 851s Modulus: 851s 00:cd:fc:1f:38:f9:fb:8b:56:4a:8c:cc:7e:fa:44: 851s 67:28:06:ba:88:62:c0:41:e2:40:7a:81:31:c6:bd: 851s 4c:e4:d2:c6:6c:e4:85:81:56:5f:18:ca:73:a2:bd: 851s 45:c4:07:bb:4a:a9:6c:ec:f7:ab:03:6e:c1:d6:ef: 851s 9f:3c:2c:c4:61:75:57:bf:b9:2e:1c:4b:d4:a3:23: 851s 74:45:3c:ec:62:6e:11:6f:31:58:f0:a4:e1:27:e9: 851s 9d:a3:23:3f:e5:ae:d7:b2:8b:9e:f3:df:e9:b5:84: 851s 99:9d:7e:80:81:5a:f3:e8:58:f5:2f:1c:3e:dd:67: 851s b2:82:d0:65:dc:f3:0d:d0:8f 851s Exponent: 65537 (0x10001) 851s X509v3 extensions: 851s X509v3 Authority Key Identifier: 851s FC:20:02:B1:78:A5:A4:93:3E:D4:AA:8B:FC:CD:91:75:20:9E:46:15 851s X509v3 Basic Constraints: 851s CA:FALSE 851s Netscape Cert Type: 851s SSL Client, S/MIME 851s Netscape Comment: 851s Test Organization Intermediate CA trusted Certificate 851s X509v3 Subject Key Identifier: 851s 4B:20:47:C4:70:38:76:3C:DC:9E:C0:FB:07:E5:D7:F2:6F:6B:D8:BA 851s X509v3 Key Usage: critical 851s Digital Signature, Non Repudiation, Key Encipherment 851s X509v3 Extended Key Usage: 851s TLS Web Client Authentication, E-mail Protection 851s X509v3 Subject Alternative Name: 851s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 851s Signature Algorithm: sha256WithRSAEncryption 851s Signature Value: 851s 64:cf:fd:55:82:33:02:23:6d:47:59:94:2a:17:20:32:16:0b: 851s e2:b5:ba:fb:64:e2:d4:eb:e0:ee:52:77:ab:32:2e:f5:18:2d: 851s c3:fd:fe:6f:36:34:e4:4a:ae:f2:55:e6:26:0f:d9:85:a9:2f: 851s 54:0e:e7:09:dc:d3:8b:aa:76:8b:0b:c0:6b:44:c4:e4:a3:10: 851s ae:14:cb:d4:96:61:60:27:0d:e9:79:fa:93:45:b1:98:31:b9: 851s c4:5a:a7:34:35:4a:bc:2f:52:4d:e0:06:16:61:04:ce:40:3a: 851s 09:b8:08:20:72:f2:b8:0a:54:8f:55:4a:8b:96:74:2d:aa:38: 851s 61:32 851s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-24997-auth.pem 851s + found_md5=Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F 851s + '[' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F '!=' Modulus=CDFC1F38F9FB8B564A8CCC7EFA44672806BA8862C041E2407A8131C6BD4CE4D2C66CE48581565F18CA73A2BD45C407BB4AA96CECF7AB036EC1D6EF9F3C2CC4617557BFB92E1C4BD4A32374453CEC626E116F3158F0A4E127E99DA3233FE5AED7B28B9EF3DFE9B584999D7E80815AF3E858F52F1C3EDD67B282D065DCF30DD08F ']' 851s + invalid_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 851s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 851s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 851s + local verify_option= 851s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 851s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 851s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 851s + local key_cn 851s + local key_name 851s + local tokens_dir 851s + local output_cert_file 851s + token_name= 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 851s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 851s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 851s ++ sed -n 's/ *commonName *= //p' 851s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 851s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 851s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 851s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 851s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 851s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 851s + token_name='Test Organization Sub Int Token' 851s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 851s + local key_file 851s + local decrypted_key 851s + mkdir -p /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 851s + key_file=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 851s + decrypted_key=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 851s + cat 851s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 851s + softhsm2-util --show-slots 851s Slot 0 has a free/uninitialized token. 851s The token has been initialized and is reassigned to slot 1311855279 851s Available slots: 851s Slot 1311855279 851s Slot info: 851s Description: SoftHSM slot ID 0x4e3152af 851s Manufacturer ID: SoftHSM project 851s Hardware version: 2.6 851s Firmware version: 2.6 851s Token present: yes 851s Token info: 851s Manufacturer ID: SoftHSM project 851s Model: SoftHSM v2 851s Hardware version: 2.6 851s Firmware version: 2.6 851s Serial number: 7d80f8a3ce3152af 851s Initialized: yes 851s User PIN init.: yes 851s Label: Test Organization Sub Int Token 851s Slot 1 851s Slot info: 851s Description: SoftHSM slot ID 0x1 851s Manufacturer ID: SoftHSM project 851s Hardware version: 2.6 851s Firmware version: 2.6 851s Token present: yes 851s Token info: 851s Manufacturer ID: SoftHSM project 851s Model: SoftHSM v2 851s Hardware version: 2.6 851s Firmware version: 2.6 851s Serial number: 851s Initialized: no 851s User PIN init.: no 851s Label: 851s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 852s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-22597 -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 852s writing RSA key 852s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 852s + rm /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 852s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 852s Object 0: 852s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d80f8a3ce3152af;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 852s Type: X.509 Certificate (RSA-1024) 852s Expires: Sat Jun 14 16:16:45 2025 852s Label: Test Organization Sub Intermediate Trusted Certificate 0001 852s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 852s 852s Test Organization Sub Int Token 852s + echo 'Test Organization Sub Int Token' 852s + '[' -n '' ']' 852s + local output_base_name=SSSD-child-24311 852s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-24311.output 852s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-24311.pem 852s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 852s [p11_child[3404]] [main] (0x0400): p11_child started. 852s [p11_child[3404]] [main] (0x2000): Running in [pre-auth] mode. 852s [p11_child[3404]] [main] (0x2000): Running with effective IDs: [0][0]. 852s [p11_child[3404]] [main] (0x2000): Running with real IDs [0][0]. 852s [p11_child[3404]] [do_card] (0x4000): Module List: 852s [p11_child[3404]] [do_card] (0x4000): common name: [softhsm2]. 852s [p11_child[3404]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3404]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 852s [p11_child[3404]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 852s [p11_child[3404]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3404]] [do_card] (0x4000): Login NOT required. 852s [p11_child[3404]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 852s [p11_child[3404]] [do_verification] (0x0040): X509_verify_cert failed [0]. 852s [p11_child[3404]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 852s [p11_child[3404]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 852s [p11_child[3404]] [do_card] (0x4000): No certificate found. 852s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-24311.output 852s + return 2 852s + invalid_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem partial_chain 852s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem partial_chain 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 852s + local verify_option=partial_chain 852s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_cn 852s + local key_name 852s + local tokens_dir 852s + local output_cert_file 852s + token_name= 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 852s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 852s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s ++ sed -n 's/ *commonName *= //p' 852s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 852s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 852s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 852s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 852s Test Organization Sub Int Token 852s + token_name='Test Organization Sub Int Token' 852s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 852s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 852s + echo 'Test Organization Sub Int Token' 852s + '[' -n partial_chain ']' 852s + local verify_arg=--verify=partial_chain 852s + local output_base_name=SSSD-child-18788 852s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-18788.output 852s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-18788.pem 852s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-root-CA.pem 852s [p11_child[3411]] [main] (0x0400): p11_child started. 852s [p11_child[3411]] [main] (0x2000): Running in [pre-auth] mode. 852s [p11_child[3411]] [main] (0x2000): Running with effective IDs: [0][0]. 852s [p11_child[3411]] [main] (0x2000): Running with real IDs [0][0]. 852s [p11_child[3411]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 852s [p11_child[3411]] [do_card] (0x4000): Module List: 852s [p11_child[3411]] [do_card] (0x4000): common name: [softhsm2]. 852s [p11_child[3411]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3411]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 852s [p11_child[3411]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 852s [p11_child[3411]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3411]] [do_card] (0x4000): Login NOT required. 852s [p11_child[3411]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 852s [p11_child[3411]] [do_verification] (0x0040): X509_verify_cert failed [0]. 852s [p11_child[3411]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 852s [p11_child[3411]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 852s [p11_child[3411]] [do_card] (0x4000): No certificate found. 852s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-18788.output 852s + return 2 852s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 852s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 852s + local verify_option= 852s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_cn 852s + local key_name 852s + local tokens_dir 852s + local output_cert_file 852s + token_name= 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 852s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 852s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s ++ sed -n 's/ *commonName *= //p' 852s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 852s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 852s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 852s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 852s + token_name='Test Organization Sub Int Token' 852s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 852s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 852s + echo 'Test Organization Sub Int Token' 852s + '[' -n '' ']' 852s Test Organization Sub Int Token 852s + local output_base_name=SSSD-child-32474 852s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474.output 852s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474.pem 852s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 852s [p11_child[3418]] [main] (0x0400): p11_child started. 852s [p11_child[3418]] [main] (0x2000): Running in [pre-auth] mode. 852s [p11_child[3418]] [main] (0x2000): Running with effective IDs: [0][0]. 852s [p11_child[3418]] [main] (0x2000): Running with real IDs [0][0]. 852s [p11_child[3418]] [do_card] (0x4000): Module List: 852s [p11_child[3418]] [do_card] (0x4000): common name: [softhsm2]. 852s [p11_child[3418]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3418]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 852s [p11_child[3418]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 852s [p11_child[3418]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3418]] [do_card] (0x4000): Login NOT required. 852s [p11_child[3418]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 852s [p11_child[3418]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 852s [p11_child[3418]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 852s [p11_child[3418]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4e3152af;slot-manufacturer=SoftHSM%20project;slot-id=1311855279;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d80f8a3ce3152af;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 852s [p11_child[3418]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 852s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474.output 852s + echo '-----BEGIN CERTIFICATE-----' 852s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474.output 852s + echo '-----END CERTIFICATE-----' 852s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474.pem 852s Certificate: 852s Data: 852s Version: 3 (0x2) 852s Serial Number: 5 (0x5) 852s Signature Algorithm: sha256WithRSAEncryption 852s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 852s Validity 852s Not Before: Jun 14 16:16:45 2024 GMT 852s Not After : Jun 14 16:16:45 2025 GMT 852s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 852s Subject Public Key Info: 852s Public Key Algorithm: rsaEncryption 852s Public-Key: (1024 bit) 852s Modulus: 852s 00:f3:68:f0:59:09:31:41:4f:3c:7d:ac:7b:67:a2: 852s 4e:0c:4b:f4:25:4d:f5:08:30:18:74:3d:e1:55:7b: 852s a5:c8:39:6d:5b:4b:29:da:24:18:0e:ef:37:a2:d4: 852s d1:29:f1:f4:68:41:f8:55:b1:0a:ca:9f:1b:34:e3: 852s 52:90:44:83:5c:d3:a9:68:cc:2e:a7:5a:d2:4f:ec: 852s 9d:6f:d6:13:a5:c6:00:07:14:9e:bb:c6:d2:67:c3: 852s 31:18:5c:cc:7c:f4:a5:56:6e:71:a6:69:ab:53:3d: 852s fd:73:16:55:c0:1f:0f:17:50:b7:26:68:45:b7:fe: 852s 02:34:36:02:27:c9:67:e1:d1 852s Exponent: 65537 (0x10001) 852s X509v3 extensions: 852s X509v3 Authority Key Identifier: 852s F7:F9:57:16:8D:87:57:B2:80:99:DD:86:73:F4:76:A2:13:3E:33:96 852s X509v3 Basic Constraints: 852s CA:FALSE 852s Netscape Cert Type: 852s SSL Client, S/MIME 852s Netscape Comment: 852s Test Organization Sub Intermediate CA trusted Certificate 852s X509v3 Subject Key Identifier: 852s 9B:F5:F6:58:0C:98:08:26:95:2B:AF:38:DE:5B:EB:6E:C0:2E:17:4E 852s X509v3 Key Usage: critical 852s Digital Signature, Non Repudiation, Key Encipherment 852s X509v3 Extended Key Usage: 852s TLS Web Client Authentication, E-mail Protection 852s X509v3 Subject Alternative Name: 852s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 852s Signature Algorithm: sha256WithRSAEncryption 852s Signature Value: 852s 47:05:51:5f:b5:db:29:12:93:20:3b:0c:c7:9e:7b:1d:66:8a: 852s 9c:01:69:ae:c9:33:f3:ec:d6:c4:70:79:3d:1e:98:8e:31:93: 852s c5:77:b1:47:98:fc:bb:ca:31:60:cd:da:cc:5b:ca:3e:75:c9: 852s 41:d3:dd:19:d0:95:cb:c7:95:fd:17:d1:db:9d:40:7a:7b:d0: 852s c7:75:94:e9:1d:fa:18:c1:63:08:7b:cb:0e:95:6d:48:7a:7a: 852s a2:04:b3:7e:1d:d8:c9:00:38:be:b2:d2:78:9d:c3:45:50:73: 852s 52:6b:21:86:03:27:e0:89:f2:9a:e0:08:0d:03:ab:c7:c4:ce: 852s 98:18 852s + local found_md5 expected_md5 852s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + expected_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 852s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474.pem 852s + found_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 852s + '[' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 '!=' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 ']' 852s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474-auth.output 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474-auth.output .output 852s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474-auth.pem 852s + echo -n 053350 852s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 852s [p11_child[3426]] [main] (0x0400): p11_child started. 852s [p11_child[3426]] [main] (0x2000): Running in [auth] mode. 852s [p11_child[3426]] [main] (0x2000): Running with effective IDs: [0][0]. 852s [p11_child[3426]] [main] (0x2000): Running with real IDs [0][0]. 852s [p11_child[3426]] [do_card] (0x4000): Module List: 852s [p11_child[3426]] [do_card] (0x4000): common name: [softhsm2]. 852s [p11_child[3426]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3426]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 852s [p11_child[3426]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 852s [p11_child[3426]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3426]] [do_card] (0x4000): Login required. 852s [p11_child[3426]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 852s [p11_child[3426]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 852s [p11_child[3426]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 852s [p11_child[3426]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4e3152af;slot-manufacturer=SoftHSM%20project;slot-id=1311855279;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d80f8a3ce3152af;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 852s [p11_child[3426]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 852s [p11_child[3426]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 852s [p11_child[3426]] [do_card] (0x4000): Certificate verified and validated. 852s [p11_child[3426]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 852s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474-auth.output 852s + echo '-----BEGIN CERTIFICATE-----' 852s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474-auth.output 852s + echo '-----END CERTIFICATE-----' 852s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474-auth.pem 852s Certificate: 852s Data: 852s Version: 3 (0x2) 852s Serial Number: 5 (0x5) 852s Signature Algorithm: sha256WithRSAEncryption 852s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 852s Validity 852s Not Before: Jun 14 16:16:45 2024 GMT 852s Not After : Jun 14 16:16:45 2025 GMT 852s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 852s Subject Public Key Info: 852s Public Key Algorithm: rsaEncryption 852s Public-Key: (1024 bit) 852s Modulus: 852s 00:f3:68:f0:59:09:31:41:4f:3c:7d:ac:7b:67:a2: 852s 4e:0c:4b:f4:25:4d:f5:08:30:18:74:3d:e1:55:7b: 852s a5:c8:39:6d:5b:4b:29:da:24:18:0e:ef:37:a2:d4: 852s d1:29:f1:f4:68:41:f8:55:b1:0a:ca:9f:1b:34:e3: 852s 52:90:44:83:5c:d3:a9:68:cc:2e:a7:5a:d2:4f:ec: 852s 9d:6f:d6:13:a5:c6:00:07:14:9e:bb:c6:d2:67:c3: 852s 31:18:5c:cc:7c:f4:a5:56:6e:71:a6:69:ab:53:3d: 852s fd:73:16:55:c0:1f:0f:17:50:b7:26:68:45:b7:fe: 852s 02:34:36:02:27:c9:67:e1:d1 852s Exponent: 65537 (0x10001) 852s X509v3 extensions: 852s X509v3 Authority Key Identifier: 852s F7:F9:57:16:8D:87:57:B2:80:99:DD:86:73:F4:76:A2:13:3E:33:96 852s X509v3 Basic Constraints: 852s CA:FALSE 852s Netscape Cert Type: 852s SSL Client, S/MIME 852s Netscape Comment: 852s Test Organization Sub Intermediate CA trusted Certificate 852s X509v3 Subject Key Identifier: 852s 9B:F5:F6:58:0C:98:08:26:95:2B:AF:38:DE:5B:EB:6E:C0:2E:17:4E 852s X509v3 Key Usage: critical 852s Digital Signature, Non Repudiation, Key Encipherment 852s X509v3 Extended Key Usage: 852s TLS Web Client Authentication, E-mail Protection 852s X509v3 Subject Alternative Name: 852s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 852s Signature Algorithm: sha256WithRSAEncryption 852s Signature Value: 852s 47:05:51:5f:b5:db:29:12:93:20:3b:0c:c7:9e:7b:1d:66:8a: 852s 9c:01:69:ae:c9:33:f3:ec:d6:c4:70:79:3d:1e:98:8e:31:93: 852s c5:77:b1:47:98:fc:bb:ca:31:60:cd:da:cc:5b:ca:3e:75:c9: 852s 41:d3:dd:19:d0:95:cb:c7:95:fd:17:d1:db:9d:40:7a:7b:d0: 852s c7:75:94:e9:1d:fa:18:c1:63:08:7b:cb:0e:95:6d:48:7a:7a: 852s a2:04:b3:7e:1d:d8:c9:00:38:be:b2:d2:78:9d:c3:45:50:73: 852s 52:6b:21:86:03:27:e0:89:f2:9a:e0:08:0d:03:ab:c7:c4:ce: 852s 98:18 852s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-32474-auth.pem 852s + found_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 852s + '[' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 '!=' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 ']' 852s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem partial_chain 852s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem partial_chain 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 852s + local verify_option=partial_chain 852s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_cn 852s + local key_name 852s + local tokens_dir 852s + local output_cert_file 852s + token_name= 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 852s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 852s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s ++ sed -n 's/ *commonName *= //p' 852s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 852s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 852s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 852s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 852s + token_name='Test Organization Sub Int Token' 852s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 852s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 852s + echo 'Test Organization Sub Int Token' 852s + '[' -n partial_chain ']' 852s + local verify_arg=--verify=partial_chain 852s + local output_base_name=SSSD-child-16960 852s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960.output 852s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960.pem 852s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem 852s Test Organization Sub Int Token 852s [p11_child[3436]] [main] (0x0400): p11_child started. 852s [p11_child[3436]] [main] (0x2000): Running in [pre-auth] mode. 852s [p11_child[3436]] [main] (0x2000): Running with effective IDs: [0][0]. 852s [p11_child[3436]] [main] (0x2000): Running with real IDs [0][0]. 852s [p11_child[3436]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 852s [p11_child[3436]] [do_card] (0x4000): Module List: 852s [p11_child[3436]] [do_card] (0x4000): common name: [softhsm2]. 852s [p11_child[3436]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3436]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 852s [p11_child[3436]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 852s [p11_child[3436]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3436]] [do_card] (0x4000): Login NOT required. 852s [p11_child[3436]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 852s [p11_child[3436]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 852s [p11_child[3436]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 852s [p11_child[3436]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4e3152af;slot-manufacturer=SoftHSM%20project;slot-id=1311855279;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d80f8a3ce3152af;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 852s [p11_child[3436]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 852s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960.output 852s + echo '-----BEGIN CERTIFICATE-----' 852s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960.output 852s + echo '-----END CERTIFICATE-----' 852s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960.pem 852s Certificate: 852s Data: 852s Version: 3 (0x2) 852s Serial Number: 5 (0x5) 852s Signature Algorithm: sha256WithRSAEncryption 852s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 852s Validity 852s Not Before: Jun 14 16:16:45 2024 GMT 852s Not After : Jun 14 16:16:45 2025 GMT 852s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 852s Subject Public Key Info: 852s Public Key Algorithm: rsaEncryption 852s Public-Key: (1024 bit) 852s Modulus: 852s 00:f3:68:f0:59:09:31:41:4f:3c:7d:ac:7b:67:a2: 852s 4e:0c:4b:f4:25:4d:f5:08:30:18:74:3d:e1:55:7b: 852s a5:c8:39:6d:5b:4b:29:da:24:18:0e:ef:37:a2:d4: 852s d1:29:f1:f4:68:41:f8:55:b1:0a:ca:9f:1b:34:e3: 852s 52:90:44:83:5c:d3:a9:68:cc:2e:a7:5a:d2:4f:ec: 852s 9d:6f:d6:13:a5:c6:00:07:14:9e:bb:c6:d2:67:c3: 852s 31:18:5c:cc:7c:f4:a5:56:6e:71:a6:69:ab:53:3d: 852s fd:73:16:55:c0:1f:0f:17:50:b7:26:68:45:b7:fe: 852s 02:34:36:02:27:c9:67:e1:d1 852s Exponent: 65537 (0x10001) 852s X509v3 extensions: 852s X509v3 Authority Key Identifier: 852s F7:F9:57:16:8D:87:57:B2:80:99:DD:86:73:F4:76:A2:13:3E:33:96 852s X509v3 Basic Constraints: 852s CA:FALSE 852s Netscape Cert Type: 852s SSL Client, S/MIME 852s Netscape Comment: 852s Test Organization Sub Intermediate CA trusted Certificate 852s X509v3 Subject Key Identifier: 852s 9B:F5:F6:58:0C:98:08:26:95:2B:AF:38:DE:5B:EB:6E:C0:2E:17:4E 852s X509v3 Key Usage: critical 852s Digital Signature, Non Repudiation, Key Encipherment 852s X509v3 Extended Key Usage: 852s TLS Web Client Authentication, E-mail Protection 852s X509v3 Subject Alternative Name: 852s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 852s Signature Algorithm: sha256WithRSAEncryption 852s Signature Value: 852s 47:05:51:5f:b5:db:29:12:93:20:3b:0c:c7:9e:7b:1d:66:8a: 852s 9c:01:69:ae:c9:33:f3:ec:d6:c4:70:79:3d:1e:98:8e:31:93: 852s c5:77:b1:47:98:fc:bb:ca:31:60:cd:da:cc:5b:ca:3e:75:c9: 852s 41:d3:dd:19:d0:95:cb:c7:95:fd:17:d1:db:9d:40:7a:7b:d0: 852s c7:75:94:e9:1d:fa:18:c1:63:08:7b:cb:0e:95:6d:48:7a:7a: 852s a2:04:b3:7e:1d:d8:c9:00:38:be:b2:d2:78:9d:c3:45:50:73: 852s 52:6b:21:86:03:27:e0:89:f2:9a:e0:08:0d:03:ab:c7:c4:ce: 852s 98:18 852s + local found_md5 expected_md5 852s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + expected_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 852s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960.pem 852s + found_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 852s + '[' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 '!=' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 ']' 852s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960-auth.output 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960-auth.output .output 852s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960-auth.pem 852s + echo -n 053350 852s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 852s [p11_child[3444]] [main] (0x0400): p11_child started. 852s [p11_child[3444]] [main] (0x2000): Running in [auth] mode. 852s [p11_child[3444]] [main] (0x2000): Running with effective IDs: [0][0]. 852s [p11_child[3444]] [main] (0x2000): Running with real IDs [0][0]. 852s [p11_child[3444]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 852s [p11_child[3444]] [do_card] (0x4000): Module List: 852s [p11_child[3444]] [do_card] (0x4000): common name: [softhsm2]. 852s [p11_child[3444]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3444]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 852s [p11_child[3444]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 852s [p11_child[3444]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3444]] [do_card] (0x4000): Login required. 852s [p11_child[3444]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 852s [p11_child[3444]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 852s [p11_child[3444]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 852s [p11_child[3444]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4e3152af;slot-manufacturer=SoftHSM%20project;slot-id=1311855279;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d80f8a3ce3152af;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 852s [p11_child[3444]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 852s [p11_child[3444]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 852s [p11_child[3444]] [do_card] (0x4000): Certificate verified and validated. 852s [p11_child[3444]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 852s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960-auth.output 852s + echo '-----BEGIN CERTIFICATE-----' 852s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960-auth.output 852s + echo '-----END CERTIFICATE-----' 852s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960-auth.pem 852s Certificate: 852s Data: 852s Version: 3 (0x2) 852s Serial Number: 5 (0x5) 852s Signature Algorithm: sha256WithRSAEncryption 852s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 852s Validity 852s Not Before: Jun 14 16:16:45 2024 GMT 852s Not After : Jun 14 16:16:45 2025 GMT 852s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 852s Subject Public Key Info: 852s Public Key Algorithm: rsaEncryption 852s Public-Key: (1024 bit) 852s Modulus: 852s 00:f3:68:f0:59:09:31:41:4f:3c:7d:ac:7b:67:a2: 852s 4e:0c:4b:f4:25:4d:f5:08:30:18:74:3d:e1:55:7b: 852s a5:c8:39:6d:5b:4b:29:da:24:18:0e:ef:37:a2:d4: 852s d1:29:f1:f4:68:41:f8:55:b1:0a:ca:9f:1b:34:e3: 852s 52:90:44:83:5c:d3:a9:68:cc:2e:a7:5a:d2:4f:ec: 852s 9d:6f:d6:13:a5:c6:00:07:14:9e:bb:c6:d2:67:c3: 852s 31:18:5c:cc:7c:f4:a5:56:6e:71:a6:69:ab:53:3d: 852s fd:73:16:55:c0:1f:0f:17:50:b7:26:68:45:b7:fe: 852s 02:34:36:02:27:c9:67:e1:d1 852s Exponent: 65537 (0x10001) 852s X509v3 extensions: 852s X509v3 Authority Key Identifier: 852s F7:F9:57:16:8D:87:57:B2:80:99:DD:86:73:F4:76:A2:13:3E:33:96 852s X509v3 Basic Constraints: 852s CA:FALSE 852s Netscape Cert Type: 852s SSL Client, S/MIME 852s Netscape Comment: 852s Test Organization Sub Intermediate CA trusted Certificate 852s X509v3 Subject Key Identifier: 852s 9B:F5:F6:58:0C:98:08:26:95:2B:AF:38:DE:5B:EB:6E:C0:2E:17:4E 852s X509v3 Key Usage: critical 852s Digital Signature, Non Repudiation, Key Encipherment 852s X509v3 Extended Key Usage: 852s TLS Web Client Authentication, E-mail Protection 852s X509v3 Subject Alternative Name: 852s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 852s Signature Algorithm: sha256WithRSAEncryption 852s Signature Value: 852s 47:05:51:5f:b5:db:29:12:93:20:3b:0c:c7:9e:7b:1d:66:8a: 852s 9c:01:69:ae:c9:33:f3:ec:d6:c4:70:79:3d:1e:98:8e:31:93: 852s c5:77:b1:47:98:fc:bb:ca:31:60:cd:da:cc:5b:ca:3e:75:c9: 852s 41:d3:dd:19:d0:95:cb:c7:95:fd:17:d1:db:9d:40:7a:7b:d0: 852s c7:75:94:e9:1d:fa:18:c1:63:08:7b:cb:0e:95:6d:48:7a:7a: 852s a2:04:b3:7e:1d:d8:c9:00:38:be:b2:d2:78:9d:c3:45:50:73: 852s 52:6b:21:86:03:27:e0:89:f2:9a:e0:08:0d:03:ab:c7:c4:ce: 852s 98:18 852s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-16960-auth.pem 852s + found_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 852s + '[' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 '!=' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 ']' 852s + invalid_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 852s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 852s + local verify_option= 852s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_cn 852s + local key_name 852s + local tokens_dir 852s + local output_cert_file 852s + token_name= 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 852s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 852s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s ++ sed -n 's/ *commonName *= //p' 852s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 852s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 852s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 852s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 852s + token_name='Test Organization Sub Int Token' 852s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 852s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 852s + echo 'Test Organization Sub Int Token' 852s Test Organization Sub Int Token 852s + '[' -n '' ']' 852s + local output_base_name=SSSD-child-10032 852s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-10032.output 852s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-10032.pem 852s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 852s [p11_child[3454]] [main] (0x0400): p11_child started. 852s [p11_child[3454]] [main] (0x2000): Running in [pre-auth] mode. 852s [p11_child[3454]] [main] (0x2000): Running with effective IDs: [0][0]. 852s [p11_child[3454]] [main] (0x2000): Running with real IDs [0][0]. 852s [p11_child[3454]] [do_card] (0x4000): Module List: 852s [p11_child[3454]] [do_card] (0x4000): common name: [softhsm2]. 852s [p11_child[3454]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3454]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 852s [p11_child[3454]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 852s [p11_child[3454]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3454]] [do_card] (0x4000): Login NOT required. 852s [p11_child[3454]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 852s [p11_child[3454]] [do_verification] (0x0040): X509_verify_cert failed [0]. 852s [p11_child[3454]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 852s [p11_child[3454]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 852s [p11_child[3454]] [do_card] (0x4000): No certificate found. 852s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-10032.output 852s + return 2 852s + invalid_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-root-intermediate-chain-CA.pem partial_chain 852s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-root-intermediate-chain-CA.pem partial_chain 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-root-intermediate-chain-CA.pem 852s + local verify_option=partial_chain 852s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_cn 852s + local key_name 852s + local tokens_dir 852s + local output_cert_file 852s + token_name= 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 852s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 852s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s ++ sed -n 's/ *commonName *= //p' 852s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 852s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 852s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 852s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 852s + token_name='Test Organization Sub Int Token' 852s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 852s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 852s + echo 'Test Organization Sub Int Token' 852s + '[' -n partial_chain ']' 852s + local verify_arg=--verify=partial_chain 852s + local output_base_name=SSSD-child-22432 852s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-22432.output 852s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-22432.pem 852s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-root-intermediate-chain-CA.pem 852s Test Organization Sub Int Token 852s [p11_child[3461]] [main] (0x0400): p11_child started. 852s [p11_child[3461]] [main] (0x2000): Running in [pre-auth] mode. 852s [p11_child[3461]] [main] (0x2000): Running with effective IDs: [0][0]. 852s [p11_child[3461]] [main] (0x2000): Running with real IDs [0][0]. 852s [p11_child[3461]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 852s [p11_child[3461]] [do_card] (0x4000): Module List: 852s [p11_child[3461]] [do_card] (0x4000): common name: [softhsm2]. 852s [p11_child[3461]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3461]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 852s [p11_child[3461]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 852s [p11_child[3461]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3461]] [do_card] (0x4000): Login NOT required. 852s [p11_child[3461]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 852s [p11_child[3461]] [do_verification] (0x0040): X509_verify_cert failed [0]. 852s [p11_child[3461]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 852s [p11_child[3461]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 852s [p11_child[3461]] [do_card] (0x4000): No certificate found. 852s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-22432.output 852s + return 2 852s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem partial_chain 852s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem partial_chain 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 852s + local verify_option=partial_chain 852s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 852s + local key_cn 852s + local key_name 852s + local tokens_dir 852s + local output_cert_file 852s + token_name= 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 852s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 852s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 852s ++ sed -n 's/ *commonName *= //p' 852s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 852s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 852s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 852s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 852s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 852s + token_name='Test Organization Sub Int Token' 852s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 852s Test Organization Sub Int Token 852s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 852s + echo 'Test Organization Sub Int Token' 852s + '[' -n partial_chain ']' 852s + local verify_arg=--verify=partial_chain 852s + local output_base_name=SSSD-child-20763 852s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763.output 852s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763.pem 852s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem 852s [p11_child[3468]] [main] (0x0400): p11_child started. 852s [p11_child[3468]] [main] (0x2000): Running in [pre-auth] mode. 852s [p11_child[3468]] [main] (0x2000): Running with effective IDs: [0][0]. 852s [p11_child[3468]] [main] (0x2000): Running with real IDs [0][0]. 852s [p11_child[3468]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 852s [p11_child[3468]] [do_card] (0x4000): Module List: 852s [p11_child[3468]] [do_card] (0x4000): common name: [softhsm2]. 852s [p11_child[3468]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3468]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 852s [p11_child[3468]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 852s [p11_child[3468]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 852s [p11_child[3468]] [do_card] (0x4000): Login NOT required. 852s [p11_child[3468]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 852s [p11_child[3468]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 852s [p11_child[3468]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 852s [p11_child[3468]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4e3152af;slot-manufacturer=SoftHSM%20project;slot-id=1311855279;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d80f8a3ce3152af;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 852s [p11_child[3468]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 852s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763.output 852s + echo '-----BEGIN CERTIFICATE-----' 852s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763.output 852s + echo '-----END CERTIFICATE-----' 852s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763.pem 852s Certificate: 852s Data: 852s Version: 3 (0x2) 852s Serial Number: 5 (0x5) 852s Signature Algorithm: sha256WithRSAEncryption 852s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 852s Validity 852s Not Before: Jun 14 16:16:45 2024 GMT 852s Not After : Jun 14 16:16:45 2025 GMT 852s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 852s Subject Public Key Info: 852s Public Key Algorithm: rsaEncryption 852s Public-Key: (1024 bit) 852s Modulus: 852s 00:f3:68:f0:59:09:31:41:4f:3c:7d:ac:7b:67:a2: 852s 4e:0c:4b:f4:25:4d:f5:08:30:18:74:3d:e1:55:7b: 852s a5:c8:39:6d:5b:4b:29:da:24:18:0e:ef:37:a2:d4: 852s d1:29:f1:f4:68:41:f8:55:b1:0a:ca:9f:1b:34:e3: 852s 52:90:44:83:5c:d3:a9:68:cc:2e:a7:5a:d2:4f:ec: 852s 9d:6f:d6:13:a5:c6:00:07:14:9e:bb:c6:d2:67:c3: 852s 31:18:5c:cc:7c:f4:a5:56:6e:71:a6:69:ab:53:3d: 852s fd:73:16:55:c0:1f:0f:17:50:b7:26:68:45:b7:fe: 852s 02:34:36:02:27:c9:67:e1:d1 852s Exponent: 65537 (0x10001) 852s X509v3 extensions: 852s X509v3 Authority Key Identifier: 852s F7:F9:57:16:8D:87:57:B2:80:99:DD:86:73:F4:76:A2:13:3E:33:96 852s X509v3 Basic Constraints: 852s CA:FALSE 852s Netscape Cert Type: 852s SSL Client, S/MIME 852s Netscape Comment: 852s Test Organization Sub Intermediate CA trusted Certificate 852s X509v3 Subject Key Identifier: 852s 9B:F5:F6:58:0C:98:08:26:95:2B:AF:38:DE:5B:EB:6E:C0:2E:17:4E 852s X509v3 Key Usage: critical 852s Digital Signature, Non Repudiation, Key Encipherment 852s X509v3 Extended Key Usage: 852s TLS Web Client Authentication, E-mail Protection 852s X509v3 Subject Alternative Name: 852s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 852s Signature Algorithm: sha256WithRSAEncryption 852s Signature Value: 852s 47:05:51:5f:b5:db:29:12:93:20:3b:0c:c7:9e:7b:1d:66:8a: 852s 9c:01:69:ae:c9:33:f3:ec:d6:c4:70:79:3d:1e:98:8e:31:93: 852s c5:77:b1:47:98:fc:bb:ca:31:60:cd:da:cc:5b:ca:3e:75:c9: 852s 41:d3:dd:19:d0:95:cb:c7:95:fd:17:d1:db:9d:40:7a:7b:d0: 852s c7:75:94:e9:1d:fa:18:c1:63:08:7b:cb:0e:95:6d:48:7a:7a: 852s a2:04:b3:7e:1d:d8:c9:00:38:be:b2:d2:78:9d:c3:45:50:73: 852s 52:6b:21:86:03:27:e0:89:f2:9a:e0:08:0d:03:ab:c7:c4:ce: 852s 98:18 852s + local found_md5 expected_md5 852s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 853s + expected_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 853s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763.pem 853s + found_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 853s + '[' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 '!=' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 ']' 853s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763-auth.output 853s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763-auth.output .output 853s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763-auth.pem 853s + echo -n 053350 853s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 853s [p11_child[3476]] [main] (0x0400): p11_child started. 853s [p11_child[3476]] [main] (0x2000): Running in [auth] mode. 853s [p11_child[3476]] [main] (0x2000): Running with effective IDs: [0][0]. 853s [p11_child[3476]] [main] (0x2000): Running with real IDs [0][0]. 853s [p11_child[3476]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 853s [p11_child[3476]] [do_card] (0x4000): Module List: 853s [p11_child[3476]] [do_card] (0x4000): common name: [softhsm2]. 853s [p11_child[3476]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 853s [p11_child[3476]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 853s [p11_child[3476]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 853s [p11_child[3476]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 853s [p11_child[3476]] [do_card] (0x4000): Login required. 853s [p11_child[3476]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 853s [p11_child[3476]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 853s [p11_child[3476]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 853s [p11_child[3476]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4e3152af;slot-manufacturer=SoftHSM%20project;slot-id=1311855279;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d80f8a3ce3152af;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 853s [p11_child[3476]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 853s [p11_child[3476]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 853s [p11_child[3476]] [do_card] (0x4000): Certificate verified and validated. 853s [p11_child[3476]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 853s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763-auth.output 853s + echo '-----BEGIN CERTIFICATE-----' 853s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763-auth.output 853s + echo '-----END CERTIFICATE-----' 853s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763-auth.pem 853s Certificate: 853s Data: 853s Version: 3 (0x2) 853s Serial Number: 5 (0x5) 853s Signature Algorithm: sha256WithRSAEncryption 853s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 853s Validity 853s Not Before: Jun 14 16:16:45 2024 GMT 853s Not After : Jun 14 16:16:45 2025 GMT 853s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 853s Subject Public Key Info: 853s Public Key Algorithm: rsaEncryption 853s Public-Key: (1024 bit) 853s Modulus: 853s 00:f3:68:f0:59:09:31:41:4f:3c:7d:ac:7b:67:a2: 853s 4e:0c:4b:f4:25:4d:f5:08:30:18:74:3d:e1:55:7b: 853s a5:c8:39:6d:5b:4b:29:da:24:18:0e:ef:37:a2:d4: 853s d1:29:f1:f4:68:41:f8:55:b1:0a:ca:9f:1b:34:e3: 853s 52:90:44:83:5c:d3:a9:68:cc:2e:a7:5a:d2:4f:ec: 853s 9d:6f:d6:13:a5:c6:00:07:14:9e:bb:c6:d2:67:c3: 853s 31:18:5c:cc:7c:f4:a5:56:6e:71:a6:69:ab:53:3d: 853s fd:73:16:55:c0:1f:0f:17:50:b7:26:68:45:b7:fe: 853s 02:34:36:02:27:c9:67:e1:d1 853s Exponent: 65537 (0x10001) 853s X509v3 extensions: 853s X509v3 Authority Key Identifier: 853s F7:F9:57:16:8D:87:57:B2:80:99:DD:86:73:F4:76:A2:13:3E:33:96 853s X509v3 Basic Constraints: 853s CA:FALSE 853s Netscape Cert Type: 853s SSL Client, S/MIME 853s Netscape Comment: 853s Test Organization Sub Intermediate CA trusted Certificate 853s X509v3 Subject Key Identifier: 853s 9B:F5:F6:58:0C:98:08:26:95:2B:AF:38:DE:5B:EB:6E:C0:2E:17:4E 853s X509v3 Key Usage: critical 853s Digital Signature, Non Repudiation, Key Encipherment 853s X509v3 Extended Key Usage: 853s TLS Web Client Authentication, E-mail Protection 853s X509v3 Subject Alternative Name: 853s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 853s Signature Algorithm: sha256WithRSAEncryption 853s Signature Value: 853s 47:05:51:5f:b5:db:29:12:93:20:3b:0c:c7:9e:7b:1d:66:8a: 853s 9c:01:69:ae:c9:33:f3:ec:d6:c4:70:79:3d:1e:98:8e:31:93: 853s c5:77:b1:47:98:fc:bb:ca:31:60:cd:da:cc:5b:ca:3e:75:c9: 853s 41:d3:dd:19:d0:95:cb:c7:95:fd:17:d1:db:9d:40:7a:7b:d0: 853s c7:75:94:e9:1d:fa:18:c1:63:08:7b:cb:0e:95:6d:48:7a:7a: 853s a2:04:b3:7e:1d:d8:c9:00:38:be:b2:d2:78:9d:c3:45:50:73: 853s 52:6b:21:86:03:27:e0:89:f2:9a:e0:08:0d:03:ab:c7:c4:ce: 853s 98:18 853s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-20763-auth.pem 853s + found_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 853s + '[' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 '!=' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 ']' 853s + valid_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-intermediate-sub-chain-CA.pem partial_chain 853s + check_certificate /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 /tmp/sssd-softhsm2-dYMyqF/test-intermediate-sub-chain-CA.pem partial_chain 853s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 853s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 853s + local key_ring=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-sub-chain-CA.pem 853s + local verify_option=partial_chain 853s + prepare_softhsm2_card /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-22597 853s + local certificate=/tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 853s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-22597 853s + local key_cn 853s + local key_name 853s + local tokens_dir 853s + local output_cert_file 853s + token_name= 853s ++ basename /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 853s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 853s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 853s ++ sed -n 's/ *commonName *= //p' 853s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 853s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 853s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 853s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 853s ++ basename /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 853s + tokens_dir=/tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 853s Test Organization Sub Int Token 853s + token_name='Test Organization Sub Int Token' 853s + '[' '!' -e /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 853s + '[' '!' -d /tmp/sssd-softhsm2-dYMyqF/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 853s + echo 'Test Organization Sub Int Token' 853s + '[' -n partial_chain ']' 853s + local verify_arg=--verify=partial_chain 853s + local output_base_name=SSSD-child-23685 853s + local output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685.output 853s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685.pem 853s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-sub-chain-CA.pem 853s [p11_child[3486]] [main] (0x0400): p11_child started. 853s [p11_child[3486]] [main] (0x2000): Running in [pre-auth] mode. 853s [p11_child[3486]] [main] (0x2000): Running with effective IDs: [0][0]. 853s [p11_child[3486]] [main] (0x2000): Running with real IDs [0][0]. 853s [p11_child[3486]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 853s [p11_child[3486]] [do_card] (0x4000): Module List: 853s [p11_child[3486]] [do_card] (0x4000): common name: [softhsm2]. 853s [p11_child[3486]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 853s [p11_child[3486]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 853s [p11_child[3486]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 853s [p11_child[3486]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 853s [p11_child[3486]] [do_card] (0x4000): Login NOT required. 853s [p11_child[3486]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 853s [p11_child[3486]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 853s [p11_child[3486]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 853s [p11_child[3486]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4e3152af;slot-manufacturer=SoftHSM%20project;slot-id=1311855279;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d80f8a3ce3152af;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 853s [p11_child[3486]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 853s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685.output 853s + echo '-----BEGIN CERTIFICATE-----' 853s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685.output 853s + echo '-----END CERTIFICATE-----' 853s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685.pem 853s Certificate: 853s Data: 853s Version: 3 (0x2) 853s Serial Number: 5 (0x5) 853s Signature Algorithm: sha256WithRSAEncryption 853s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 853s Validity 853s Not Before: Jun 14 16:16:45 2024 GMT 853s Not After : Jun 14 16:16:45 2025 GMT 853s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 853s Subject Public Key Info: 853s Public Key Algorithm: rsaEncryption 853s Public-Key: (1024 bit) 853s Modulus: 853s 00:f3:68:f0:59:09:31:41:4f:3c:7d:ac:7b:67:a2: 853s 4e:0c:4b:f4:25:4d:f5:08:30:18:74:3d:e1:55:7b: 853s a5:c8:39:6d:5b:4b:29:da:24:18:0e:ef:37:a2:d4: 853s d1:29:f1:f4:68:41:f8:55:b1:0a:ca:9f:1b:34:e3: 853s 52:90:44:83:5c:d3:a9:68:cc:2e:a7:5a:d2:4f:ec: 853s 9d:6f:d6:13:a5:c6:00:07:14:9e:bb:c6:d2:67:c3: 853s 31:18:5c:cc:7c:f4:a5:56:6e:71:a6:69:ab:53:3d: 853s fd:73:16:55:c0:1f:0f:17:50:b7:26:68:45:b7:fe: 853s 02:34:36:02:27:c9:67:e1:d1 853s Exponent: 65537 (0x10001) 853s X509v3 extensions: 853s X509v3 Authority Key Identifier: 853s F7:F9:57:16:8D:87:57:B2:80:99:DD:86:73:F4:76:A2:13:3E:33:96 853s X509v3 Basic Constraints: 853s CA:FALSE 853s Netscape Cert Type: 853s SSL Client, S/MIME 853s Netscape Comment: 853s Test Organization Sub Intermediate CA trusted Certificate 853s X509v3 Subject Key Identifier: 853s 9B:F5:F6:58:0C:98:08:26:95:2B:AF:38:DE:5B:EB:6E:C0:2E:17:4E 853s X509v3 Key Usage: critical 853s Digital Signature, Non Repudiation, Key Encipherment 853s X509v3 Extended Key Usage: 853s TLS Web Client Authentication, E-mail Protection 853s X509v3 Subject Alternative Name: 853s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 853s Signature Algorithm: sha256WithRSAEncryption 853s Signature Value: 853s 47:05:51:5f:b5:db:29:12:93:20:3b:0c:c7:9e:7b:1d:66:8a: 853s 9c:01:69:ae:c9:33:f3:ec:d6:c4:70:79:3d:1e:98:8e:31:93: 853s c5:77:b1:47:98:fc:bb:ca:31:60:cd:da:cc:5b:ca:3e:75:c9: 853s 41:d3:dd:19:d0:95:cb:c7:95:fd:17:d1:db:9d:40:7a:7b:d0: 853s c7:75:94:e9:1d:fa:18:c1:63:08:7b:cb:0e:95:6d:48:7a:7a: 853s a2:04:b3:7e:1d:d8:c9:00:38:be:b2:d2:78:9d:c3:45:50:73: 853s 52:6b:21:86:03:27:e0:89:f2:9a:e0:08:0d:03:ab:c7:c4:ce: 853s 98:18 853s + local found_md5 expected_md5 853s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/test-sub-intermediate-CA-trusted-certificate-0001.pem 853s + expected_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 853s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685.pem 853s + found_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 853s + '[' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 '!=' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 ']' 853s + output_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685-auth.output 853s ++ basename /tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685-auth.output .output 853s + output_cert_file=/tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685-auth.pem 853s + echo -n 053350 853s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-dYMyqF/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 853s [p11_child[3494]] [main] (0x0400): p11_child started. 853s [p11_child[3494]] [main] (0x2000): Running in [auth] mode. 853s [p11_child[3494]] [main] (0x2000): Running with effective IDs: [0][0]. 853s [p11_child[3494]] [main] (0x2000): Running with real IDs [0][0]. 853s [p11_child[3494]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 853s [p11_child[3494]] [do_card] (0x4000): Module List: 853s [p11_child[3494]] [do_card] (0x4000): common name: [softhsm2]. 853s [p11_child[3494]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 853s [p11_child[3494]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4e3152af] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 853s [p11_child[3494]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 853s [p11_child[3494]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4e3152af][1311855279] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 853s [p11_child[3494]] [do_card] (0x4000): Login required. 853s [p11_child[3494]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 853s [p11_child[3494]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 853s [p11_child[3494]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 853s [p11_child[3494]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4e3152af;slot-manufacturer=SoftHSM%20project;slot-id=1311855279;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d80f8a3ce3152af;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 853s [p11_child[3494]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 853s [p11_child[3494]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 853s [p11_child[3494]] [do_card] (0x4000): Certificate verified and validated. 853s [p11_child[3494]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 853s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685-auth.output 853s + echo '-----BEGIN CERTIFICATE-----' 853s + tail -n1 /tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685-auth.output 853s + echo '-----END CERTIFICATE-----' 853s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685-auth.pem 853s Certificate: 853s Data: 853s Version: 3 (0x2) 853s Serial Number: 5 (0x5) 853s Signature Algorithm: sha256WithRSAEncryption 853s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 853s Validity 853s Not Before: Jun 14 16:16:45 2024 GMT 853s Not After : Jun 14 16:16:45 2025 GMT 853s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 853s Subject Public Key Info: 853s Public Key Algorithm: rsaEncryption 853s Public-Key: (1024 bit) 853s Modulus: 853s 00:f3:68:f0:59:09:31:41:4f:3c:7d:ac:7b:67:a2: 853s 4e:0c:4b:f4:25:4d:f5:08:30:18:74:3d:e1:55:7b: 853s a5:c8:39:6d:5b:4b:29:da:24:18:0e:ef:37:a2:d4: 853s d1:29:f1:f4:68:41:f8:55:b1:0a:ca:9f:1b:34:e3: 853s 52:90:44:83:5c:d3:a9:68:cc:2e:a7:5a:d2:4f:ec: 853s 9d:6f:d6:13:a5:c6:00:07:14:9e:bb:c6:d2:67:c3: 853s 31:18:5c:cc:7c:f4:a5:56:6e:71:a6:69:ab:53:3d: 853s fd:73:16:55:c0:1f:0f:17:50:b7:26:68:45:b7:fe: 853s 02:34:36:02:27:c9:67:e1:d1 853s Exponent: 65537 (0x10001) 853s X509v3 extensions: 853s X509v3 Authority Key Identifier: 853s F7:F9:57:16:8D:87:57:B2:80:99:DD:86:73:F4:76:A2:13:3E:33:96 853s X509v3 Basic Constraints: 853s CA:FALSE 853s Netscape Cert Type: 853s SSL Client, S/MIME 853s Netscape Comment: 853s Test Organization Sub Intermediate CA trusted Certificate 853s X509v3 Subject Key Identifier: 853s 9B:F5:F6:58:0C:98:08:26:95:2B:AF:38:DE:5B:EB:6E:C0:2E:17:4E 853s X509v3 Key Usage: critical 853s Digital Signature, Non Repudiation, Key Encipherment 853s X509v3 Extended Key Usage: 853s TLS Web Client Authentication, E-mail Protection 853s X509v3 Subject Alternative Name: 853s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 853s Signature Algorithm: sha256WithRSAEncryption 853s Signature Value: 853s 47:05:51:5f:b5:db:29:12:93:20:3b:0c:c7:9e:7b:1d:66:8a: 853s 9c:01:69:ae:c9:33:f3:ec:d6:c4:70:79:3d:1e:98:8e:31:93: 853s c5:77:b1:47:98:fc:bb:ca:31:60:cd:da:cc:5b:ca:3e:75:c9: 853s 41:d3:dd:19:d0:95:cb:c7:95:fd:17:d1:db:9d:40:7a:7b:d0: 853s c7:75:94:e9:1d:fa:18:c1:63:08:7b:cb:0e:95:6d:48:7a:7a: 853s a2:04:b3:7e:1d:d8:c9:00:38:be:b2:d2:78:9d:c3:45:50:73: 853s 52:6b:21:86:03:27:e0:89:f2:9a:e0:08:0d:03:ab:c7:c4:ce: 853s 98:18 853s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-dYMyqF/SSSD-child-23685-auth.pem 853s 853s Test completed, Root CA and intermediate issued certificates verified! 853s + found_md5=Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 853s + '[' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 '!=' Modulus=F368F0590931414F3C7DAC7B67A24E0C4BF4254DF5083018743DE1557BA5C8396D5B4B29DA24180EEF37A2D4D129F1F46841F855B10ACA9F1B34E3529044835CD3A968CC2EA75AD24FEC9D6FD613A5C60007149EBBC6D267C331185CCC7CF4A5566E71A669AB533DFD731655C01F0F1750B7266845B7FE0234360227C967E1D1 ']' 853s + set +x 853s autopkgtest [16:16:49]: test sssd-softhism2-certificates-tests.sh: -----------------------] 854s autopkgtest [16:16:50]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 854s sssd-softhism2-certificates-tests.sh PASS 872s autopkgtest [16:17:08]: test sssd-smart-card-pam-auth-configs: preparing testbed 877s Reading package lists... 877s Building dependency tree... 877s Reading state information... 877s Starting pkgProblemResolver with broken count: 0 877s Starting 2 pkgProblemResolver with broken count: 0 877s Done 878s The following additional packages will be installed: 878s pamtester 878s The following NEW packages will be installed: 878s autopkgtest-satdep pamtester 878s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 878s Need to get 12.2 kB/13.0 kB of archives. 878s After this operation, 36.9 kB of additional disk space will be used. 878s Get:1 /tmp/autopkgtest.joGni0/4-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [760 B] 878s Get:2 http://ftpmaster.internal/ubuntu noble/universe s390x pamtester s390x 0.1.2-4 [12.2 kB] 878s Fetched 12.2 kB in 0s (78.2 kB/s) 878s Selecting previously unselected package pamtester. 878s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54781 files and directories currently installed.) 878s Preparing to unpack .../pamtester_0.1.2-4_s390x.deb ... 878s Unpacking pamtester (0.1.2-4) ... 878s Selecting previously unselected package autopkgtest-satdep. 878s Preparing to unpack .../4-autopkgtest-satdep.deb ... 878s Unpacking autopkgtest-satdep (0) ... 878s Setting up pamtester (0.1.2-4) ... 878s Setting up autopkgtest-satdep (0) ... 878s Processing triggers for man-db (2.12.0-4build2) ... 882s (Reading database ... 54787 files and directories currently installed.) 882s Removing autopkgtest-satdep (0) ... 883s autopkgtest [16:17:19]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 883s autopkgtest [16:17:19]: test sssd-smart-card-pam-auth-configs: [----------------------- 883s + '[' -z ubuntu ']' 883s + export DEBIAN_FRONTEND=noninteractive 883s + DEBIAN_FRONTEND=noninteractive 883s + required_tools=(pamtester softhsm2-util sssd) 883s + [[ ! -v OFFLINE_MODE ]] 883s + for cmd in "${required_tools[@]}" 883s + command -v pamtester 883s + for cmd in "${required_tools[@]}" 883s + command -v softhsm2-util 883s + for cmd in "${required_tools[@]}" 883s + command -v sssd 883s + PIN=123456 883s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 883s + tmpdir=/tmp/sssd-softhsm2-certs-DDAp1p 883s + backupsdir= 883s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 883s + declare -a restore_paths 883s + declare -a delete_paths 883s + trap handle_exit EXIT 883s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 883s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 883s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 883s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 883s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-DDAp1p GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 883s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-DDAp1p 883s + GENERATE_SMART_CARDS=1 883s + KEEP_TEMPORARY_FILES=1 883s + NO_SSSD_TESTS=1 883s + bash debian/tests/sssd-softhism2-certificates-tests.sh 883s + '[' -z ubuntu ']' 883s + required_tools=(p11tool openssl softhsm2-util) 883s + for cmd in "${required_tools[@]}" 883s + command -v p11tool 883s + for cmd in "${required_tools[@]}" 883s + command -v openssl 883s + for cmd in "${required_tools[@]}" 883s + command -v softhsm2-util 883s + PIN=123456 883s +++ find /usr/lib/softhsm/libsofthsm2.so 883s +++ head -n 1 883s ++ realpath /usr/lib/softhsm/libsofthsm2.so 883s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 883s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 883s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 883s + '[' '!' -v NO_SSSD_TESTS ']' 883s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 883s + tmpdir=/tmp/sssd-softhsm2-certs-DDAp1p 883s + keys_size=1024 883s + [[ ! -v KEEP_TEMPORARY_FILES ]] 883s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 883s + echo -n 01 883s + touch /tmp/sssd-softhsm2-certs-DDAp1p/index.txt 883s + mkdir -p /tmp/sssd-softhsm2-certs-DDAp1p/new_certs 883s + cat 883s + root_ca_key_pass=pass:random-root-CA-password-5071 883s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-key.pem -passout pass:random-root-CA-password-5071 1024 883s + openssl req -passin pass:random-root-CA-password-5071 -batch -config /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.pem 883s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.pem 883s + cat 883s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-32343 883s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-32343 1024 883s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-32343 -config /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-5071 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-certificate-request.pem 883s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-certificate-request.pem 883s Certificate Request: 883s Data: 883s Version: 1 (0x0) 883s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 883s Subject Public Key Info: 883s Public Key Algorithm: rsaEncryption 883s Public-Key: (1024 bit) 883s Modulus: 883s 00:c2:e4:d0:0d:27:cb:cc:6b:cb:bb:53:ff:27:ad: 883s d5:05:74:b5:de:88:46:1f:0a:76:46:57:65:94:5a: 883s 5c:10:72:7d:af:76:d6:df:04:db:c6:0b:40:4b:73: 883s 99:5c:0e:34:55:5b:6b:ae:f5:15:b1:00:d1:c8:c1: 883s 73:d4:a1:b5:0d:00:53:66:82:58:d3:a6:0e:38:96: 883s 56:bc:4e:85:6f:3e:f2:52:9c:88:64:71:08:58:01: 883s 45:71:10:bd:ce:16:db:35:d3:08:78:9e:88:3e:e3: 883s d2:8f:a9:17:b5:74:6a:43:40:5a:d0:c8:f8:a4:97: 883s 51:86:06:d9:92:08:5b:b8:63 883s Exponent: 65537 (0x10001) 883s Attributes: 883s (none) 883s Requested Extensions: 883s Signature Algorithm: sha256WithRSAEncryption 883s Signature Value: 883s 6e:f3:ce:a6:73:49:2c:05:0a:3d:40:81:01:2a:2e:ce:60:6b: 883s 05:af:af:48:a7:cc:da:41:23:40:ae:fc:f6:67:8f:3b:d1:52: 883s 4f:cf:f9:03:49:19:c4:62:13:97:27:92:91:cc:ef:a9:f5:a6: 883s ce:c1:28:3e:a5:c6:21:4e:36:c2:be:dc:da:9a:71:0c:17:18: 883s 13:b6:d9:c4:a2:66:0e:11:68:23:18:a2:0d:61:55:7e:3f:fe: 883s 9c:9d:9e:b7:27:35:d0:7d:46:c9:c4:09:a7:57:f4:ac:6e:12: 883s 6d:b2:be:c1:88:be:bd:a6:68:da:6c:a9:c2:ed:58:03:ab:b1: 883s f5:7a 883s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.config -passin pass:random-root-CA-password-5071 -keyfile /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem 883s Using configuration from /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.config 883s Check that the request matches the signature 883s Signature ok 883s Certificate Details: 883s Serial Number: 1 (0x1) 883s Validity 883s Not Before: Jun 14 16:17:19 2024 GMT 883s Not After : Jun 14 16:17:19 2025 GMT 883s Subject: 883s organizationName = Test Organization 883s organizationalUnitName = Test Organization Unit 883s commonName = Test Organization Intermediate CA 883s X509v3 extensions: 883s X509v3 Subject Key Identifier: 883s FE:F2:0E:90:48:32:04:F9:FF:04:62:A8:AE:D1:4A:AD:E3:04:50:6E 883s X509v3 Authority Key Identifier: 883s keyid:D6:44:B7:0F:7E:D6:0D:58:2D:70:E2:DC:3D:28:49:0E:87:90:C2:A6 883s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 883s serial:00 883s X509v3 Basic Constraints: 883s CA:TRUE 883s X509v3 Key Usage: critical 883s Digital Signature, Certificate Sign, CRL Sign 883s Certificate is to be certified until Jun 14 16:17:19 2025 GMT (365 days) 883s 883s Write out database with 1 new entries 883s Database updated 883s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem 883s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem 883s /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem: OK 883s + cat 883s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-18791 883s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-18791 1024 883s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-18791 -config /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-32343 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-certificate-request.pem 883s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-certificate-request.pem 883s Certificate Request: 883s Data: 883s Version: 1 (0x0) 883s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 883s Subject Public Key Info: 883s Public Key Algorithm: rsaEncryption 883s Public-Key: (1024 bit) 883s Modulus: 883s 00:a4:94:54:18:50:38:1e:38:72:11:53:fa:b4:9d: 883s ba:12:8e:74:e6:8b:2a:5a:a3:d0:87:5e:50:35:e0: 883s f7:f0:a8:cb:c8:17:6f:07:97:cc:0b:25:6e:83:8a: 883s 5a:49:74:1b:4c:8a:ee:c8:93:4a:a3:a5:be:87:16: 883s 6c:c2:c9:c6:12:fa:a8:66:c9:a0:0b:ca:f0:03:c0: 883s 6f:8f:8e:8e:c8:1b:a8:65:f8:20:ad:83:eb:f3:e2: 883s 8d:e6:86:0c:5b:72:b5:a3:a2:fc:8d:f1:a3:49:ec: 883s c5:bf:6e:d2:6d:70:ee:7f:2c:f3:7c:6d:7f:93:c5: 883s ab:c7:a0:eb:dd:67:d0:67:a1 883s Exponent: 65537 (0x10001) 883s Attributes: 883s (none) 883s Requested Extensions: 883s Signature Algorithm: sha256WithRSAEncryption 883s Signature Value: 883s 1f:b2:3b:86:f1:c9:85:61:14:d9:fe:5f:fa:c2:ba:5a:37:03: 883s 4f:76:c1:3d:d2:d2:a9:b0:53:4c:da:11:d5:64:f0:88:e0:c2: 883s e2:d2:48:dc:4a:0c:ac:13:57:ea:2c:0a:3a:19:42:d0:ed:8e: 883s aa:b7:f0:f7:a5:9d:18:e8:8d:ce:3d:af:61:4c:c5:cb:34:53: 883s dd:6a:4c:1a:26:15:ee:24:fd:c0:d5:5d:2e:1f:49:88:8f:61: 883s 21:19:f9:30:25:6e:03:84:15:2e:5d:81:58:90:6d:a2:ee:89: 883s 04:60:fe:55:da:ea:2f:85:f0:2b:cf:59:48:56:39:00:48:ae: 883s 17:df 883s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-32343 -keyfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem 883s Using configuration from /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.config 883s Check that the request matches the signature 883s Signature ok 883s Certificate Details: 883s Serial Number: 2 (0x2) 883s Validity 883s Not Before: Jun 14 16:17:19 2024 GMT 883s Not After : Jun 14 16:17:19 2025 GMT 883s Subject: 883s organizationName = Test Organization 883s organizationalUnitName = Test Organization Unit 883s commonName = Test Organization Sub Intermediate CA 883s X509v3 extensions: 883s X509v3 Subject Key Identifier: 883s 2B:C9:21:2C:76:6E:C4:E8:67:20:C9:A8:A0:EF:A9:BB:21:DE:D8:D5 883s X509v3 Authority Key Identifier: 883s keyid:FE:F2:0E:90:48:32:04:F9:FF:04:62:A8:AE:D1:4A:AD:E3:04:50:6E 883s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 883s serial:01 883s X509v3 Basic Constraints: 883s CA:TRUE 883s X509v3 Key Usage: critical 883s Digital Signature, Certificate Sign, CRL Sign 883s Certificate is to be certified until Jun 14 16:17:19 2025 GMT (365 days) 883s 883s Write out database with 1 new entries 883s Database updated 883s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem 883s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem 883s /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem: OK 883s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem 883s + local cmd=openssl 883s + shift 883s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem 883s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 883s error 20 at 0 depth lookup: unable to get local issuer certificate 883s error /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem: verification failed 883s + cat 883s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-26312 883s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-26312 1024 884s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-26312 -key /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001-request.pem 884s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001-request.pem 884s Certificate Request: 884s Data: 884s Version: 1 (0x0) 884s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 884s Subject Public Key Info: 884s Public Key Algorithm: rsaEncryption 884s Public-Key: (1024 bit) 884s Modulus: 884s 00:b7:22:51:0a:06:69:de:4b:f8:8e:9c:25:98:1d: 884s 72:13:de:f5:d4:f5:f0:3d:5e:2c:7e:45:ea:f9:00: 884s f1:20:89:b3:7e:8f:b1:ac:3d:52:14:f8:72:14:9f: 884s ef:d8:a2:18:60:9f:c9:34:46:d6:4a:8b:1c:74:fe: 884s b7:5d:43:e7:1d:d3:4f:c8:94:e9:35:b4:5f:e8:27: 884s 6d:df:ee:4a:60:97:60:dc:94:d7:f0:93:fd:b1:44: 884s 2b:2f:9a:8c:8c:8d:cd:dc:c6:ee:8c:8c:90:22:93: 884s 01:a9:c0:8b:27:43:6e:08:37:db:6b:dd:6a:22:76: 884s cb:82:e5:5d:32:74:ad:ca:a9 884s Exponent: 65537 (0x10001) 884s Attributes: 884s Requested Extensions: 884s X509v3 Basic Constraints: 884s CA:FALSE 884s Netscape Cert Type: 884s SSL Client, S/MIME 884s Netscape Comment: 884s Test Organization Root CA trusted Certificate 884s X509v3 Subject Key Identifier: 884s 84:D6:EB:DB:AD:32:3B:65:CD:87:A5:28:C3:17:25:84:D4:E3:0B:F5 884s X509v3 Key Usage: critical 884s Digital Signature, Non Repudiation, Key Encipherment 884s X509v3 Extended Key Usage: 884s TLS Web Client Authentication, E-mail Protection 884s X509v3 Subject Alternative Name: 884s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 884s Signature Algorithm: sha256WithRSAEncryption 884s Signature Value: 884s 1a:8e:ed:18:5e:7e:b7:f0:d9:cb:3c:12:ad:52:a1:36:48:ab: 884s ad:ad:b3:64:49:f8:21:47:2a:ba:f2:a2:44:0e:97:8c:39:5d: 884s 12:00:91:1b:0d:2c:55:16:b6:32:0e:98:7b:c2:9d:58:55:ee: 884s 31:77:22:41:e6:2e:11:14:b4:a0:ea:ad:2d:f1:8d:0b:5f:69: 884s e2:6f:13:a7:b6:2f:3a:8b:1d:be:2f:65:c6:0d:57:fa:2f:40: 884s ab:83:66:b2:05:67:2f:5e:f1:b2:f5:1b:51:61:9a:e2:e5:1b: 884s 77:67:ac:7d:e5:b5:b1:c9:11:1b:d0:ad:fb:65:08:fd:56:26: 884s f4:51 884s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.config -passin pass:random-root-CA-password-5071 -keyfile /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem 884s Using configuration from /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.config 884s Check that the request matches the signature 884s Signature ok 884s Certificate Details: 884s Serial Number: 3 (0x3) 884s Validity 884s Not Before: Jun 14 16:17:20 2024 GMT 884s Not After : Jun 14 16:17:20 2025 GMT 884s Subject: 884s organizationName = Test Organization 884s organizationalUnitName = Test Organization Unit 884s commonName = Test Organization Root Trusted Certificate 0001 884s X509v3 extensions: 884s X509v3 Authority Key Identifier: 884s D6:44:B7:0F:7E:D6:0D:58:2D:70:E2:DC:3D:28:49:0E:87:90:C2:A6 884s X509v3 Basic Constraints: 884s CA:FALSE 884s Netscape Cert Type: 884s SSL Client, S/MIME 884s Netscape Comment: 884s Test Organization Root CA trusted Certificate 884s X509v3 Subject Key Identifier: 884s 84:D6:EB:DB:AD:32:3B:65:CD:87:A5:28:C3:17:25:84:D4:E3:0B:F5 884s X509v3 Key Usage: critical 884s Digital Signature, Non Repudiation, Key Encipherment 884s X509v3 Extended Key Usage: 884s TLS Web Client Authentication, E-mail Protection 884s X509v3 Subject Alternative Name: 884s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 884s Certificate is to be certified until Jun 14 16:17:20 2025 GMT (365 days) 884s 884s Write out database with 1 new entries 884s Database updated 884s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem 884s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem 884s /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem: OK 884s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem 884s + local cmd=openssl 884s + shift 884s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem 884s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 884s error 20 at 0 depth lookup: unable to get local issuer certificate 884s error /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem: verification failed 884s + cat 884s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-9394 884s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-9394 1024 884s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-9394 -key /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001-request.pem 884s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001-request.pem 884s Certificate Request: 884s Data: 884s Version: 1 (0x0) 884s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 884s Subject Public Key Info: 884s Public Key Algorithm: rsaEncryption 884s Public-Key: (1024 bit) 884s Modulus: 884s 00:ae:7b:ff:01:b3:d3:7d:77:9a:87:12:e7:73:61: 884s a5:02:04:d3:a1:c8:27:4a:7d:48:15:ba:1e:9c:33: 884s c3:3e:e9:a0:00:57:a4:36:65:ca:1a:72:08:af:e9: 884s 61:c9:10:08:60:a7:3d:4e:6f:ba:51:fd:ad:7c:22: 884s 21:d1:ef:6b:33:7f:5f:31:4b:f2:d3:09:27:99:1e: 884s e6:85:7f:d9:e6:0e:6e:71:c6:67:b7:8e:78:6b:20: 884s e8:1e:11:c3:fd:9a:c0:f8:11:88:89:ff:a1:e7:b5: 884s fe:4c:c3:8c:67:95:76:8a:29:61:c8:30:dd:25:94: 884s 0e:fd:98:db:78:8a:29:26:2b 884s Exponent: 65537 (0x10001) 884s Attributes: 884s Requested Extensions: 884s X509v3 Basic Constraints: 884s CA:FALSE 884s Netscape Cert Type: 884s SSL Client, S/MIME 884s Netscape Comment: 884s Test Organization Intermediate CA trusted Certificate 884s X509v3 Subject Key Identifier: 884s 65:20:98:9C:A9:76:99:A2:D3:DB:20:8F:BC:F2:EE:58:78:6E:C8:4F 884s X509v3 Key Usage: critical 884s Digital Signature, Non Repudiation, Key Encipherment 884s X509v3 Extended Key Usage: 884s TLS Web Client Authentication, E-mail Protection 884s X509v3 Subject Alternative Name: 884s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 884s Signature Algorithm: sha256WithRSAEncryption 884s Signature Value: 884s 52:94:0c:d8:82:80:db:87:51:4e:d1:98:1f:36:5c:e4:d5:7e: 884s 9c:9c:89:5e:e3:4f:23:8b:b0:e6:cb:c6:81:81:e5:13:35:34: 884s 00:21:47:f5:39:12:ad:98:c4:76:13:b6:52:ea:9b:cc:eb:52: 884s 27:ec:ea:e0:86:be:95:3a:ec:d3:b5:ec:ca:a2:79:c0:2d:da: 884s 68:18:a9:e9:0a:84:e7:d8:ff:03:9d:18:e7:c2:71:fe:dd:45: 884s 55:6a:a4:69:0f:02:2f:a0:b2:00:ac:67:ff:76:8a:bd:c9:9e: 884s 22:e2:00:a9:40:e6:5d:b2:c4:16:e7:35:a6:08:a2:ac:ac:08: 884s 5f:c3 884s + openssl ca -passin pass:random-intermediate-CA-password-32343 -config /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem 884s Using configuration from /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.config 884s Check that the request matches the signature 884s Signature ok 884s Certificate Details: 884s Serial Number: 4 (0x4) 884s Validity 884s Not Before: Jun 14 16:17:20 2024 GMT 884s Not After : Jun 14 16:17:20 2025 GMT 884s Subject: 884s organizationName = Test Organization 884s organizationalUnitName = Test Organization Unit 884s commonName = Test Organization Intermediate Trusted Certificate 0001 884s X509v3 extensions: 884s X509v3 Authority Key Identifier: 884s FE:F2:0E:90:48:32:04:F9:FF:04:62:A8:AE:D1:4A:AD:E3:04:50:6E 884s X509v3 Basic Constraints: 884s CA:FALSE 884s Netscape Cert Type: 884s SSL Client, S/MIME 884s Netscape Comment: 884s Test Organization Intermediate CA trusted Certificate 884s X509v3 Subject Key Identifier: 884s 65:20:98:9C:A9:76:99:A2:D3:DB:20:8F:BC:F2:EE:58:78:6E:C8:4F 884s X509v3 Key Usage: critical 884s Digital Signature, Non Repudiation, Key Encipherment 884s X509v3 Extended Key Usage: 884s TLS Web Client Authentication, E-mail Protection 884s X509v3 Subject Alternative Name: 884s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 884s Certificate is to be certified until Jun 14 16:17:20 2025 GMT (365 days) 884s 884s Write out database with 1 new entries 884s Database updated 884s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem 884s This certificate should not be trusted fully 884s + echo 'This certificate should not be trusted fully' 884s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem 884s + local cmd=openssl 884s + shift 884s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem 884s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 884s error 2 at 1 depth lookup: unable to get issuer certificate 884s error /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 884s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem 884s + cat 884s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5583 884s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-5583 1024 884s /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem: OK 884s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-5583 -key /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 884s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 884s + openssl ca -passin pass:random-sub-intermediate-CA-password-18791 -config /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s Certificate Request: 884s Data: 884s Version: 1 (0x0) 884s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 884s Subject Public Key Info: 884s Public Key Algorithm: rsaEncryption 884s Public-Key: (1024 bit) 884s Modulus: 884s 00:ca:b4:e8:d6:90:a4:c9:66:8e:1f:c1:90:f6:2b: 884s 16:d0:15:20:c8:2b:ad:3f:ed:24:68:4d:98:73:b4: 884s 90:93:be:a6:a8:be:02:88:33:78:b6:cc:2a:37:68: 884s b3:c2:d1:53:e8:9b:30:2f:68:91:3f:c8:8a:2c:1a: 884s 1e:96:62:b7:d8:31:1d:71:22:6c:b5:06:39:9d:c3: 884s 70:40:95:41:f6:7a:97:1e:c3:9a:81:eb:c6:9d:83: 884s e7:fd:a2:11:2c:a4:8b:b8:2a:46:31:5d:7e:95:86: 884s 2b:e2:ae:9e:f5:ca:6c:da:12:43:a0:ee:81:62:60: 884s 49:71:c9:30:43:f2:78:9f:7d 884s Exponent: 65537 (0x10001) 884s Attributes: 884s Requested Extensions: 884s X509v3 Basic Constraints: 884s CA:FALSE 884s Netscape Cert Type: 884s SSL Client, S/MIME 884s Netscape Comment: 884s Test Organization Sub Intermediate CA trusted Certificate 884s X509v3 Subject Key Identifier: 884s DB:3D:59:CF:1C:7A:59:DE:5D:C1:E1:35:20:F9:CF:34:99:E3:5E:5C 884s X509v3 Key Usage: critical 884s Digital Signature, Non Repudiation, Key Encipherment 884s X509v3 Extended Key Usage: 884s TLS Web Client Authentication, E-mail Protection 884s X509v3 Subject Alternative Name: 884s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 884s Signature Algorithm: sha256WithRSAEncryption 884s Signature Value: 884s af:57:1b:c3:9c:2f:d4:60:fd:6d:10:83:ea:dc:cd:4c:fd:8d: 884s 46:3a:37:9d:06:0a:6f:a8:93:35:74:cb:4c:44:5e:d0:c2:63: 884s 51:90:18:0d:68:62:2b:dd:9f:5d:4a:b5:4d:c1:25:72:16:00: 884s 19:6b:e9:1b:60:af:eb:d9:db:08:2d:3a:7b:b9:e3:cb:d3:8c: 884s 88:43:f5:e5:59:95:a1:bc:a1:be:f2:f0:e5:27:45:13:bb:74: 884s 53:2a:01:31:61:8c:e5:df:5f:b9:99:a4:f1:47:f0:99:96:41: 884s 16:f4:c2:f1:ac:0c:db:0b:0b:50:cf:00:a7:94:5b:64:c0:e2: 884s 22:9b 884s Using configuration from /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.config 884s Check that the request matches the signature 884s Signature ok 884s Certificate Details: 884s Serial Number: 5 (0x5) 884s Validity 884s Not Before: Jun 14 16:17:20 2024 GMT 884s Not After : Jun 14 16:17:20 2025 GMT 884s Subject: 884s organizationName = Test Organization 884s organizationalUnitName = Test Organization Unit 884s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 884s X509v3 extensions: 884s X509v3 Authority Key Identifier: 884s 2B:C9:21:2C:76:6E:C4:E8:67:20:C9:A8:A0:EF:A9:BB:21:DE:D8:D5 884s X509v3 Basic Constraints: 884s CA:FALSE 884s Netscape Cert Type: 884s SSL Client, S/MIME 884s Netscape Comment: 884s Test Organization Sub Intermediate CA trusted Certificate 884s X509v3 Subject Key Identifier: 884s DB:3D:59:CF:1C:7A:59:DE:5D:C1:E1:35:20:F9:CF:34:99:E3:5E:5C 884s X509v3 Key Usage: critical 884s Digital Signature, Non Repudiation, Key Encipherment 884s X509v3 Extended Key Usage: 884s TLS Web Client Authentication, E-mail Protection 884s X509v3 Subject Alternative Name: 884s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 884s Certificate is to be certified until Jun 14 16:17:20 2025 GMT (365 days) 884s 884s Write out database with 1 new entries 884s Database updated 884s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s This certificate should not be trusted fully 884s + echo 'This certificate should not be trusted fully' 884s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s + local cmd=openssl 884s + shift 884s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 884s error 2 at 1 depth lookup: unable to get issuer certificate 884s error /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 884s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s + local cmd=openssl 884s + shift 884s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 884s error 20 at 0 depth lookup: unable to get local issuer certificate 884s error /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 884s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 884s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s + local cmd=openssl 884s + shift 884s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 884s error 20 at 0 depth lookup: unable to get local issuer certificate 884s error /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 884s + echo 'Building a the full-chain CA file...' 884s + cat /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem 884s Building a the full-chain CA file... 884s + cat /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem 884s + cat /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem 884s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem 884s + openssl pkcs7 -print_certs -noout 884s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 884s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 884s 884s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 884s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 884s 884s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 884s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 884s 884s /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem: OK 884s /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem: OK 884s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA.pem 884s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem 884s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem 884s /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem: OK 884s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-root-intermediate-chain-CA.pem 884s /tmp/sssd-softhsm2-certs-DDAp1p/test-root-intermediate-chain-CA.pem: OK 884s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 884s + echo 'Certificates generation completed!' 884s + [[ -v NO_SSSD_TESTS ]] 884s + [[ -v GENERATE_SMART_CARDS ]] 884s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-26312 884s Certificates generation completed! 884s + local certificate=/tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem 884s + local key_pass=pass:random-root-ca-trusted-cert-0001-26312 884s + local key_cn 884s + local key_name 884s + local tokens_dir 884s + local output_cert_file 884s + token_name= 884s ++ basename /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem .pem 884s + key_name=test-root-CA-trusted-certificate-0001 884s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem 884s ++ sed -n 's/ *commonName *= //p' 884s + key_cn='Test Organization Root Trusted Certificate 0001' 884s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 884s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-root-CA-trusted-certificate-0001.conf 884s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-root-CA-trusted-certificate-0001.conf 884s ++ basename /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 884s + tokens_dir=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-root-CA-trusted-certificate-0001 884s + token_name='Test Organization Root Tr Token' 884s + '[' '!' -e /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 884s + local key_file 884s + local decrypted_key 884s + mkdir -p /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-root-CA-trusted-certificate-0001 884s + key_file=/tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001-key.pem 884s + decrypted_key=/tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001-key-decrypted.pem 884s + cat 884s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 884s + softhsm2-util --show-slots 884s Slot 0 has a free/uninitialized token. 884s The token has been initialized and is reassigned to slot 501909400 884s Available slots: 884s Slot 501909400 884s Slot info: 884s Description: SoftHSM slot ID 0x1dea8798 884s Manufacturer ID: SoftHSM project 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Token present: yes 884s Token info: 884s Manufacturer ID: SoftHSM project 884s Model: SoftHSM v2 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Serial number: 83d9b4239dea8798 884s Initialized: yes 884s User PIN init.: yes 884s Label: Test Organization Root Tr Token 884s Slot 1 884s Slot info: 884s Description: SoftHSM slot ID 0x1 884s Manufacturer ID: SoftHSM project 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Token present: yes 884s Token info: 884s Manufacturer ID: SoftHSM project 884s Model: SoftHSM v2 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Serial number: 884s Initialized: no 884s User PIN init.: no 884s Label: 884s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 884s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-26312 -in /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001-key-decrypted.pem 884s writing RSA key 884s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 884s + rm /tmp/sssd-softhsm2-certs-DDAp1p/test-root-CA-trusted-certificate-0001-key-decrypted.pem 884s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 884s Object 0: 884s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=83d9b4239dea8798;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 884s Type: X.509 Certificate (RSA-1024) 884s Expires: Sat Jun 14 16:17:20 2025 884s Label: Test Organization Root Trusted Certificate 0001 884s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 884s 884s Test Organization Root Tr Token 884s + echo 'Test Organization Root Tr Token' 884s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-9394 884s + local certificate=/tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem 884s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-9394 884s + local key_cn 884s + local key_name 884s + local tokens_dir 884s + local output_cert_file 884s + token_name= 884s ++ basename /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem .pem 884s + key_name=test-intermediate-CA-trusted-certificate-0001 884s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem 884s ++ sed -n 's/ *commonName *= //p' 884s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 884s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 884s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 884s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 884s ++ basename /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 884s + tokens_dir=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-intermediate-CA-trusted-certificate-0001 884s + token_name='Test Organization Interme Token' 884s + '[' '!' -e /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 884s + local key_file 884s + local decrypted_key 884s + mkdir -p /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-intermediate-CA-trusted-certificate-0001 884s + key_file=/tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001-key.pem 884s + decrypted_key=/tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 884s + cat 884s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 884s Slot 0 has a free/uninitialized token. 884s The token has been initialized and is reassigned to slot 816849026 884s + softhsm2-util --show-slots 884s Available slots: 884s Slot 816849026 884s Slot info: 884s Description: SoftHSM slot ID 0x30b02082 884s Manufacturer ID: SoftHSM project 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Token present: yes 884s Token info: 884s Manufacturer ID: SoftHSM project 884s Model: SoftHSM v2 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Serial number: 9edb978130b02082 884s Initialized: yes 884s User PIN init.: yes 884s Label: Test Organization Interme Token 884s Slot 1 884s Slot info: 884s Description: SoftHSM slot ID 0x1 884s Manufacturer ID: SoftHSM project 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Token present: yes 884s Token info: 884s Manufacturer ID: SoftHSM project 884s Model: SoftHSM v2 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Serial number: 884s Initialized: no 884s User PIN init.: no 884s Label: 884s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 884s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-9394 -in /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 884s writing RSA key 884s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 884s + rm /tmp/sssd-softhsm2-certs-DDAp1p/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 884s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 884s Object 0: 884s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9edb978130b02082;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 884s Type: X.509 Certificate (RSA-1024) 884s Expires: Sat Jun 14 16:17:20 2025 884s Label: Test Organization Intermediate Trusted Certificate 0001 884s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 884s 884s + echo 'Test Organization Interme Token' 884s Test Organization Interme Token 884s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5583 884s + local certificate=/tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5583 884s + local key_cn 884s + local key_name 884s + local tokens_dir 884s + local output_cert_file 884s + token_name= 884s ++ basename /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 884s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 884s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem 884s ++ sed -n 's/ *commonName *= //p' 884s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 884s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 884s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 884s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 884s ++ basename /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 884s + tokens_dir=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 884s + token_name='Test Organization Sub Int Token' 884s + '[' '!' -e /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 884s + local key_file 884s + local decrypted_key 884s + mkdir -p /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 884s + key_file=/tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 884s + decrypted_key=/tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 884s + cat 884s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 884s Slot 0 has a free/uninitialized token. 884s The token has been initialized and is reassigned to slot 1843881879 884s + softhsm2-util --show-slots 884s Available slots: 884s Slot 1843881879 884s Slot info: 884s Description: SoftHSM slot ID 0x6de76797 884s Manufacturer ID: SoftHSM project 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Token present: yes 884s Token info: 884s Manufacturer ID: SoftHSM project 884s Model: SoftHSM v2 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Serial number: 044293396de76797 884s Initialized: yes 884s User PIN init.: yes 884s Label: Test Organization Sub Int Token 884s Slot 1 884s Slot info: 884s Description: SoftHSM slot ID 0x1 884s Manufacturer ID: SoftHSM project 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Token present: yes 884s Token info: 884s Manufacturer ID: SoftHSM project 884s Model: SoftHSM v2 884s Hardware version: 2.6 884s Firmware version: 2.6 884s Serial number: 884s Initialized: no 884s User PIN init.: no 884s Label: 884s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 884s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-5583 -in /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 884s writing RSA key 884s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 884s + rm /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 884s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 884s Object 0: 884s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=044293396de76797;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 884s Type: X.509 Certificate (RSA-1024) 884s Expires: Sat Jun 14 16:17:20 2025 884s Label: Test Organization Sub Intermediate Trusted Certificate 0001 884s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 884s 884s Test Organization Sub Int Token 884s Certificates generation completed! 884s + echo 'Test Organization Sub Int Token' 884s + echo 'Certificates generation completed!' 884s + exit 0 884s + find /tmp/sssd-softhsm2-certs-DDAp1p -type d -exec chmod 777 '{}' ';' 884s + find /tmp/sssd-softhsm2-certs-DDAp1p -type f -exec chmod 666 '{}' ';' 884s + backup_file /etc/sssd/sssd.conf 884s + '[' -z '' ']' 884s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 884s + backupsdir=/tmp/sssd-softhsm2-backups-BDrOp0 884s + '[' -e /etc/sssd/sssd.conf ']' 884s + delete_paths+=("$1") 884s + rm -f /etc/sssd/sssd.conf 884s ++ runuser -u ubuntu -- sh -c 'echo ~' 884s + user_home=/home/ubuntu 884s + mkdir -p /home/ubuntu 884s + chown ubuntu:ubuntu /home/ubuntu 884s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 884s + user_config=/home/ubuntu/.config 884s + system_config=/etc 884s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 884s + for path_pair in "${softhsm2_conf_paths[@]}" 884s + IFS=: 884s + read -r -a path 884s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 884s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 884s + '[' -z /tmp/sssd-softhsm2-backups-BDrOp0 ']' 884s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 884s + delete_paths+=("$1") 884s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 884s + for path_pair in "${softhsm2_conf_paths[@]}" 884s + IFS=: 884s + read -r -a path 884s + path=/etc/softhsm/softhsm2.conf 884s + backup_file /etc/softhsm/softhsm2.conf 884s + '[' -z /tmp/sssd-softhsm2-backups-BDrOp0 ']' 884s + '[' -e /etc/softhsm/softhsm2.conf ']' 884s ++ dirname /etc/softhsm/softhsm2.conf 884s + local back_dir=/tmp/sssd-softhsm2-backups-BDrOp0//etc/softhsm 884s ++ basename /etc/softhsm/softhsm2.conf 884s + local back_path=/tmp/sssd-softhsm2-backups-BDrOp0//etc/softhsm/softhsm2.conf 884s + '[' '!' -e /tmp/sssd-softhsm2-backups-BDrOp0//etc/softhsm/softhsm2.conf ']' 884s + mkdir -p /tmp/sssd-softhsm2-backups-BDrOp0//etc/softhsm 884s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-BDrOp0//etc/softhsm/softhsm2.conf 884s + restore_paths+=("$back_path") 884s + rm -f /etc/softhsm/softhsm2.conf 884s + test_authentication login /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem 884s + pam_service=login 884s + certificate_config=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-root-CA-trusted-certificate-0001.conf 884s + ca_db=/tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem 884s + verification_options= 884s + mkdir -p -m 700 /etc/sssd 884s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 884s Using CA DB '/tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem' with verification options: '' 884s + cat 884s + chmod 600 /etc/sssd/sssd.conf 884s + for path_pair in "${softhsm2_conf_paths[@]}" 884s + IFS=: 884s + read -r -a path 884s + user=ubuntu 884s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 884s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 884s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 884s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 884s + runuser -u ubuntu -- softhsm2-util --show-slots 884s + grep 'Test Organization' 884s Label: Test Organization Root Tr Token 884s + for path_pair in "${softhsm2_conf_paths[@]}" 884s + IFS=: 884s + read -r -a path 884s + user=root 884s + path=/etc/softhsm/softhsm2.conf 884s ++ dirname /etc/softhsm/softhsm2.conf 884s + runuser -u root -- mkdir -p /etc/softhsm 884s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 884s + runuser -u root -- softhsm2-util --show-slots 884s + grep 'Test Organization' 884s Label: Test Organization Root Tr Token 884s + systemctl restart sssd 885s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 885s + for alternative in "${alternative_pam_configs[@]}" 885s + pam-auth-update --enable sss-smart-card-optional 885s + cat /etc/pam.d/common-auth 885s # 885s # /etc/pam.d/common-auth - authentication settings common to all services 885s # 885s # This file is included from other service-specific PAM config files, 885s # and should contain a list of the authentication modules that define 885s # the central authentication scheme for use on the system 885s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 885s # traditional Unix authentication mechanisms. 885s # 885s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 885s # To take advantage of this, it is recommended that you configure any 885s # local modules either before or after the default block, and use 885s # pam-auth-update to manage selection of other modules. See 885s # pam-auth-update(8) for details. 885s 885s # here are the per-package modules (the "Primary" block) 885s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 885s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 885s auth [success=1 default=ignore] pam_sss.so use_first_pass 885s # here's the fallback if no module succeeds 885s auth requisite pam_deny.so 885s # prime the stack with a positive return value if there isn't one already; 885s # this avoids us returning an error just because nothing sets a success code 885s # since the modules above will each just jump around 885s auth required pam_permit.so 885s # and here are more per-package modules (the "Additional" block) 885s auth optional pam_cap.so 885s # end of pam-auth-update config 885s + echo -n -e 123456 885s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 885s pamtester: invoking pam_start(login, ubuntu, ...) 885s pamtester: performing operation - authenticate 885s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 885s + echo -n -e 123456 885s + runuser -u ubuntu -- pamtester -v login '' authenticate 885s pamtester: invoking pam_start(login, , ...) 885s pamtester: performing operation - authenticate 885s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 885s + echo -n -e wrong123456 885s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 885s pamtester: invoking pam_start(login, ubuntu, ...) 885s pamtester: performing operation - authenticate 888s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 888s + echo -n -e wrong123456 888s + runuser -u ubuntu -- pamtester -v login '' authenticate 888s pamtester: invoking pam_start(login, , ...) 888s pamtester: performing operation - authenticate 891s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 891s + echo -n -e 123456 891s + pamtester -v login root authenticate 891s pamtester: invoking pam_start(login, root, ...) 891s pamtester: performing operation - authenticate 893s Password: pamtester: Authentication failure 893s + for alternative in "${alternative_pam_configs[@]}" 893s + pam-auth-update --enable sss-smart-card-required 893s PAM configuration 893s ----------------- 893s 893s Incompatible PAM profiles selected. 893s 893s The following PAM profiles cannot be used together: 893s 893s SSS required smart card authentication, SSS optional smart card 893s authentication 893s 893s Please select a different set of modules to enable. 893s 893s + cat /etc/pam.d/common-auth 893s + echo -n -e 123456 893s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 893s # 893s # /etc/pam.d/common-auth - authentication settings common to all services 893s # 893s # This file is included from other service-specific PAM config files, 893s # and should contain a list of the authentication modules that define 893s # the central authentication scheme for use on the system 893s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 893s # traditional Unix authentication mechanisms. 893s # 893s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 893s # To take advantage of this, it is recommended that you configure any 893s # local modules either before or after the default block, and use 893s # pam-auth-update to manage selection of other modules. See 893s # pam-auth-update(8) for details. 893s 893s # here are the per-package modules (the "Primary" block) 893s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 893s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 893s auth [success=1 default=ignore] pam_sss.so use_first_pass 893s # here's the fallback if no module succeeds 893s auth requisite pam_deny.so 893s # prime the stack with a positive return value if there isn't one already; 893s # this avoids us returning an error just because nothing sets a success code 893s # since the modules above will each just jump around 893s auth required pam_permit.so 893s # and here are more per-package modules (the "Additional" block) 893s auth optional pam_cap.so 893s # end of pam-auth-update config 893s pamtester: invoking pam_start(login, ubuntu, ...) 893s pamtester: performing operation - authenticate 893s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 893s + echo -n -e 123456 893s + runuser -u ubuntu -- pamtester -v login '' authenticate 893s pamtester: invoking pam_start(login, , ...) 893s pamtester: performing operation - authenticate 893s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 893s + echo -n -e wrong123456 893s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 893s pamtester: invoking pam_start(login, ubuntu, ...) 893s pamtester: performing operation - authenticate 896s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 896s + echo -n -e wrong123456 896s + runuser -u ubuntu -- pamtester -v login '' authenticate 896s pamtester: invoking pam_start(login, , ...) 896s pamtester: performing operation - authenticate 898s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 898s + echo -n -e 123456 898s + pamtester -v login root authenticate 898s pamtester: invoking pam_start(login, root, ...) 898s pamtester: performing operation - authenticate 901s pamtester: Authentication service cannot retrieve authentication info 901s + test_authentication login /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem 901s + pam_service=login 901s + certificate_config=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 901s + ca_db=/tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem 901s + verification_options= 901s + mkdir -p -m 700 /etc/sssd 901s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 901s + cat 901s Using CA DB '/tmp/sssd-softhsm2-certs-DDAp1p/test-full-chain-CA.pem' with verification options: '' 901s + chmod 600 /etc/sssd/sssd.conf 901s + for path_pair in "${softhsm2_conf_paths[@]}" 901s + IFS=: 901s + read -r -a path 901s + user=ubuntu 901s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 901s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 901s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 901s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 901s + runuser -u ubuntu -- softhsm2-util --show-slots 901s + grep 'Test Organization' 901s + for path_pair in "${softhsm2_conf_paths[@]}" 901s + IFS=: 901s + read -r -a path 901s + user=root 901s + path=/etc/softhsm/softhsm2.conf 901s ++ dirname /etc/softhsm/softhsm2.conf 901s + runuser -u root -- mkdir -p /etc/softhsm 901s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 901s + runuser -u root -- softhsm2-util --show-slots 901s + grep 'Test Organization' 901s + systemctl restart sssd 901s Label: Test Organization Sub Int Token 901s Label: Test Organization Sub Int Token 901s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 901s + for alternative in "${alternative_pam_configs[@]}" 901s + pam-auth-update --enable sss-smart-card-optional 902s + cat /etc/pam.d/common-auth 902s # 902s # /etc/pam.d/common-auth - authentication settings common to all services 902s # 902s # This file is included from other service-specific PAM config files, 902s # and should contain a list of the authentication modules that define 902s # the central authentication scheme for use on the system 902s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 902s # traditional Unix authentication mechanisms. 902s # 902s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 902s # To take advantage of this, it is recommended that you configure any 902s # local modules either before or after the default block, and use 902s # pam-auth-update to manage selection of other modules. See 902s # pam-auth-update(8) for details. 902s 902s # here are the per-package modules (the "Primary" block) 902s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 902s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 902s auth [success=1 default=ignore] pam_sss.so use_first_pass 902s # here's the fallback if no module succeeds 902s auth requisite pam_deny.so 902s # prime the stack with a positive return value if there isn't one already; 902s # this avoids us returning an error just because nothing sets a success code 902s # since the modules above will each just jump around 902s auth required pam_permit.so 902s # and here are more per-package modules (the "Additional" block) 902s auth optional pam_cap.so 902s # end of pam-auth-update config 902s + echo -n -e 123456 902s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 902s pamtester: invoking pam_start(login, ubuntu, ...) 902s pamtester: performing operation - authenticate 902s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 902s + echo -n -e 123456 902s + runuser -u ubuntu -- pamtester -v login '' authenticate 902s pamtester: invoking pam_start(login, , ...) 902s pamtester: performing operation - authenticate 902s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 902s + echo -n -e wrong123456 902s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 902s pamtester: invoking pam_start(login, ubuntu, ...) 902s pamtester: performing operation - authenticate 904s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 904s + echo -n -e wrong123456 904s + runuser -u ubuntu -- pamtester -v login '' authenticate 904s pamtester: invoking pam_start(login, , ...) 904s pamtester: performing operation - authenticate 907s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 907s + echo -n -e 123456 907s + pamtester -v login root authenticate 907s pamtester: invoking pam_start(login, root, ...) 907s pamtester: performing operation - authenticate 910s Password: pamtester: Authentication failure 910s + for alternative in "${alternative_pam_configs[@]}" 910s + pam-auth-update --enable sss-smart-card-required 910s PAM configuration 910s ----------------- 910s 910s Incompatible PAM profiles selected. 910s 910s The following PAM profiles cannot be used together: 910s 910s SSS required smart card authentication, SSS optional smart card 910s authentication 910s 910s Please select a different set of modules to enable. 910s 910s + cat /etc/pam.d/common-auth 910s # 910s # /etc/pam.d/common-auth - authentication settings common to all services 910s # 910s # This file is included from other service-specific PAM config files, 910s # and should contain a list of the authentication modules that define 910s # the central authentication scheme for use on the system 910s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 910s # traditional Unix authentication mechanisms. 910s # 910s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 910s # To take advantage of this, it is recommended that you configure any 910s # local modules either before or after the default block, and use 910s # pam-auth-update to manage selection of other modules. See 910s # pam-auth-update(8) for details. 910s 910s # here are the per-package modules (the "Primary" block) 910s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 910s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 910s auth [success=1 default=ignore] pam_sss.so use_first_pass 910s # here's the fallback if no module succeeds 910s auth requisite pam_deny.so 910s # prime the stack with a positive return value if there isn't one already; 910s # this avoids us returning an error just because nothing sets a success code 910s # since the modules above will each just jump around 910s auth required pam_permit.so 910s # and here are more per-package modules (the "Additional" block) 910s auth optional pam_cap.so 910s # end of pam-auth-update config 910s + echo -n -e 123456 910s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 910s pamtester: invoking pam_start(login, ubuntu, ...) 910s pamtester: performing operation - authenticate 910s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 910s + echo -n -e 123456 910s + runuser -u ubuntu -- pamtester -v login '' authenticate 910s pamtester: invoking pam_start(login, , ...) 910s pamtester: performing operation - authenticate 910s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 910s + echo -n -e wrong123456 910s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 910s pamtester: invoking pam_start(login, ubuntu, ...) 910s pamtester: performing operation - authenticate 912s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 912s + echo -n -e wrong123456 912s + runuser -u ubuntu -- pamtester -v login '' authenticate 912s pamtester: invoking pam_start(login, , ...) 912s pamtester: performing operation - authenticate 915s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 915s + echo -n -e 123456 915s + pamtester -v login root authenticate 915s pamtester: invoking pam_start(login, root, ...) 915s pamtester: performing operation - authenticate 917s pamtester: Authentication service cannot retrieve authentication info 917s + test_authentication login /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem partial_chain 917s + pam_service=login 917s + certificate_config=/tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 917s + ca_db=/tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem 917s + verification_options=partial_chain 917s + mkdir -p -m 700 /etc/sssd 917s Using CA DB '/tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 917s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-DDAp1p/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 917s + cat 917s Label: Test Organization Sub Int Token 917s Label: Test Organization Sub Int Token 917s + chmod 600 /etc/sssd/sssd.conf 917s + for path_pair in "${softhsm2_conf_paths[@]}" 917s + IFS=: 917s + read -r -a path 917s + user=ubuntu 917s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 917s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 917s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 917s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 917s + runuser -u ubuntu -- softhsm2-util --show-slots 917s + grep 'Test Organization' 917s + for path_pair in "${softhsm2_conf_paths[@]}" 917s + IFS=: 917s + read -r -a path 917s + user=root 917s + path=/etc/softhsm/softhsm2.conf 917s ++ dirname /etc/softhsm/softhsm2.conf 917s + runuser -u root -- mkdir -p /etc/softhsm 917s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-DDAp1p/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 917s + runuser -u root -- softhsm2-util --show-slots 917s + grep 'Test Organization' 917s + systemctl restart sssd 917s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 918s + for alternative in "${alternative_pam_configs[@]}" 918s + pam-auth-update --enable sss-smart-card-optional 918s + cat /etc/pam.d/common-auth 918s # 918s # /etc/pam.d/common-auth - authentication settings common to all services 918s # 918s # This file is included from other service-specific PAM config files, 918s # and should contain a list of the authentication modules that define 918s # the central authentication scheme for use on the system 918s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 918s # traditional Unix authentication mechanisms. 918s # 918s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 918s # To take advantage of this, it is recommended that you configure any 918s # local modules either before or after the default block, and use 918s # pam-auth-update to manage selection of other modules. See 918s # pam-auth-update(8) for details. 918s 918s # here are the per-package modules (the "Primary" block) 918s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 918s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 918s auth [success=1 default=ignore] pam_sss.so use_first_pass 918s # here's the fallback if no module succeeds 918s auth requisite pam_deny.so 918s # prime the stack with a positive return value if there isn't one already; 918s # this avoids us returning an error just because nothing sets a success code 918s # since the modules above will each just jump around 918s auth required pam_permit.so 918s # and here are more per-package modules (the "Additional" block) 918s auth optional pam_cap.so 918s # end of pam-auth-update config 918s + echo -n -e 123456 918s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 918s pamtester: invoking pam_start(login, ubuntu, ...) 918s pamtester: performing operation - authenticate 918s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 918s + echo -n -e 123456 918s + runuser -u ubuntu -- pamtester -v login '' authenticate 918s pamtester: invoking pam_start(login, , ...) 918s pamtester: performing operation - authenticate 918s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 918s + echo -n -e wrong123456 918s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 918s pamtester: invoking pam_start(login, ubuntu, ...) 918s pamtester: performing operation - authenticate 921s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 921s + echo -n -e wrong123456 921s + runuser -u ubuntu -- pamtester -v login '' authenticate 921s pamtester: invoking pam_start(login, , ...) 921s pamtester: performing operation - authenticate 923s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 923s + echo -n -e 123456 923s + pamtester -v login root authenticate 923s pamtester: invoking pam_start(login, root, ...) 923s pamtester: performing operation - authenticate 927s Password: pamtester: Authentication failure 927s + for alternative in "${alternative_pam_configs[@]}" 927s + pam-auth-update --enable sss-smart-card-required 927s PAM configuration 927s ----------------- 927s 927s Incompatible PAM profiles selected. 927s 927s The following PAM profiles cannot be used together: 927s 927s SSS required smart card authentication, SSS optional smart card 927s authentication 927s 927s Please select a different set of modules to enable. 927s 927s + cat /etc/pam.d/common-auth 927s # 927s # /etc/pam.d/common-auth - authentication settings common to all services 927s # 927s # This file is included from other service-specific PAM config files, 927s # and should contain a list of the authentication modules that define 927s # the central authentication scheme for use on the system 927s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 927s # traditional Unix authentication mechanisms. 927s # 927s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 927s # To take advantage of this, it is recommended that you configure any 927s # local modules either before or after the default block, and use 927s # pam-auth-update to manage selection of other modules. See 927s # pam-auth-update(8) for details. 927s 927s # here are the per-package modules (the "Primary" block) 927s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 927s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 927s auth [success=1 default=ignore] pam_sss.so use_first_pass 927s # here's the fallback if no module succeeds 927s auth requisite pam_deny.so 927s # prime the stack with a positive return value if there isn't one already; 927s # this avoids us returning an error just because nothing sets a success code 927s # since the modules above will each just jump around 927s auth required pam_permit.so 927s # and here are more per-package modules (the "Additional" block) 927s auth optional pam_cap.so 927s # end of pam-auth-update config 927s + echo -n -e 123456 927s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 927s pamtester: invoking pam_start(login, ubuntu, ...) 927s pamtester: performing operation - authenticate 927s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 927s + echo -n -e 123456 927s + runuser -u ubuntu -- pamtester -v login '' authenticate 927s pamtester: invoking pam_start(login, , ...) 927s pamtester: performing operation - authenticate 927s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 927s + echo -n -e wrong123456 927s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 927s pamtester: invoking pam_start(login, ubuntu, ...) 927s pamtester: performing operation - authenticate 930s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 930s + echo -n -e wrong123456 930s + runuser -u ubuntu -- pamtester -v login '' authenticate 930s pamtester: invoking pam_start(login, , ...) 930s pamtester: performing operation - authenticate 934s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 934s + echo -n -e 123456 934s + pamtester -v login root authenticate 934s pamtester: invoking pam_start(login, root, ...) 934s pamtester: performing operation - authenticate 936s pamtester: Authentication service cannot retrieve authentication info 936s + handle_exit 936s + exit_code=0 936s + restore_changes 936s + for path in "${restore_paths[@]}" 936s + local original_path 936s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-BDrOp0 /tmp/sssd-softhsm2-backups-BDrOp0//etc/softhsm/softhsm2.conf 936s + original_path=/etc/softhsm/softhsm2.conf 936s + rm /etc/softhsm/softhsm2.conf 936s + mv /tmp/sssd-softhsm2-backups-BDrOp0//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 936s + for path in "${delete_paths[@]}" 936s + rm -f /etc/sssd/sssd.conf 936s + for path in "${delete_paths[@]}" 936s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 936s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 937s + '[' -e /etc/sssd/sssd.conf ']' 937s + systemctl stop sssd 937s + '[' -e /etc/softhsm/softhsm2.conf ']' 937s + chmod 600 /etc/softhsm/softhsm2.conf 937s + rm -rf /tmp/sssd-softhsm2-certs-DDAp1p 937s + '[' 0 = 0 ']' 937s + rm -rf /tmp/sssd-softhsm2-backups-BDrOp0 937s Script completed successfully! 937s + set +x 937s autopkgtest [16:18:13]: test sssd-smart-card-pam-auth-configs: -----------------------] 938s autopkgtest [16:18:14]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 938s sssd-smart-card-pam-auth-configs PASS 938s autopkgtest [16:18:14]: @@@@@@@@@@@@@@@@@@@@ summary 938s ldap-user-group-ldap-auth PASS 938s ldap-user-group-krb5-auth PASS 938s sssd-softhism2-certificates-tests.sh PASS 938s sssd-smart-card-pam-auth-configs PASS 987s nova [W] Using flock in scalingstack-bos01-s390x 987s Creating nova instance adt-noble-s390x-sssd-20240614-160236-juju-7f2275-prod-proposed-migration-environment-2-0efccc12-0a1c-4d9c-b9fa-c13372614290 from image adt/ubuntu-noble-s390x-server-20240614.img (UUID 6ffd6fe7-cd2e-468e-a36c-dd03bb25314a)... 987s nova [W] Using flock in scalingstack-bos01-s390x 987s Creating nova instance adt-noble-s390x-sssd-20240614-160236-juju-7f2275-prod-proposed-migration-environment-2-0efccc12-0a1c-4d9c-b9fa-c13372614290 from image adt/ubuntu-noble-s390x-server-20240614.img (UUID 6ffd6fe7-cd2e-468e-a36c-dd03bb25314a)...