0s autopkgtest [20:36:50]: starting date and time: 2024-11-29 20:36:50+0000 0s autopkgtest [20:36:50]: git checkout: be626eda Fix armhf LXD image generation for plucky 0s autopkgtest [20:36:50]: host juju-7f2275-prod-proposed-migration-environment-20; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.b8lte1zu/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:shadow --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=shadow/1:4.13+dfsg1-4ubuntu3.3 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest-s390x --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-20@bos03-s390x-5.secgroup --name adt-noble-s390x-sssd-20241129-203650-juju-7f2275-prod-proposed-migration-environment-20-9cee22d1-e1be-4f36-83ed-98480decf8a2 --image adt/ubuntu-noble-s390x-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-20 --net-id=net_prod-proposed-migration-s390x -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 99s autopkgtest [20:38:29]: testbed dpkg architecture: s390x 99s autopkgtest [20:38:29]: testbed apt version: 2.7.14build2 99s autopkgtest [20:38:29]: @@@@@@@@@@@@@@@@@@@@ test bed setup 99s autopkgtest [20:38:29]: testbed release detected to be: None 100s autopkgtest [20:38:30]: updating testbed package index (apt update) 100s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 101s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 101s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 101s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 101s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [8604 B] 101s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [92.1 kB] 101s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [103 kB] 101s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [17.3 kB] 101s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [165 kB] 101s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3744 B] 101s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1384 B] 101s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 101s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [463 kB] 101s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [5504 B] 101s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [972 B] 101s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 103s Fetched 1127 kB in 1s (1313 kB/s) 103s Reading package lists... 104s Reading package lists... 104s Building dependency tree... 104s Reading state information... 104s Calculating upgrade... 104s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 104s Reading package lists... 104s Building dependency tree... 104s Reading state information... 104s 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. 104s autopkgtest [20:38:34]: upgrading testbed (apt dist-upgrade and autopurge) 104s Reading package lists... 105s Building dependency tree... 105s Reading state information... 105s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 105s Starting 2 pkgProblemResolver with broken count: 0 105s Done 105s Entering ResolveByKeep 105s 105s The following packages will be upgraded: 105s login passwd 105s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 105s Need to get 1058 kB of archives. 105s After this operation, 20.5 kB disk space will be freed. 105s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x login s390x 1:4.13+dfsg1-4ubuntu3.3 [202 kB] 105s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x passwd s390x 1:4.13+dfsg1-4ubuntu3.3 [856 kB] 106s Fetched 1058 kB in 1s (1985 kB/s) 106s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54283 files and directories currently installed.) 106s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.3_s390x.deb ... 106s Unpacking login (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 106s Setting up login (1:4.13+dfsg1-4ubuntu3.3) ... 106s Installing new version of config file /etc/pam.d/login ... 106s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54283 files and directories currently installed.) 106s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.3_s390x.deb ... 106s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 106s Setting up passwd (1:4.13+dfsg1-4ubuntu3.3) ... 106s Processing triggers for man-db (2.12.0-4build2) ... 107s Reading package lists... 107s Building dependency tree... 107s Reading state information... 107s Starting pkgProblemResolver with broken count: 0 107s Starting 2 pkgProblemResolver with broken count: 0 107s Done 107s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 110s autopkgtest [20:38:40]: testbed running kernel: Linux 6.8.0-49-generic #49-Ubuntu SMP Sun Nov 3 19:26:08 UTC 2024 110s autopkgtest [20:38:40]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 122s Get:1 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (dsc) [5064 B] 122s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (tar) [7983 kB] 122s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (diff) [51.3 kB] 122s gpgv: Signature made Mon Jun 10 14:26:32 2024 UTC 122s gpgv: using RSA key 50C4A0DDCF31E452CEB19B516569D855A744BE93 122s gpgv: Can't check signature: No public key 122s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.1.dsc: no acceptable signature found 123s autopkgtest [20:38:53]: testing package sssd version 2.9.4-1.1ubuntu6.1 128s autopkgtest [20:38:58]: build not needed 135s autopkgtest [20:39:05]: test ldap-user-group-ldap-auth: preparing testbed 136s Reading package lists... 136s Building dependency tree... 136s Reading state information... 136s Starting pkgProblemResolver with broken count: 0 136s Starting 2 pkgProblemResolver with broken count: 0 136s Done 136s The following NEW packages will be installed: 136s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 136s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 136s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 136s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 136s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 136s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 136s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 136s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 136s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 136s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 136s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 136s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 136s tcl8.6 136s 0 upgraded, 64 newly installed, 0 to remove and 0 not upgraded. 136s Need to get 13.0 MB of archives. 136s After this operation, 50.2 MB of additional disk space will be used. 136s Get:1 http://ftpmaster.internal/ubuntu noble/main s390x libltdl7 s390x 2.4.7-7build1 [41.8 kB] 136s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main s390x libodbc2 s390x 2.3.12-1ubuntu0.24.04.1 [164 kB] 137s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main s390x slapd s390x 2.6.7+dfsg-1~exp1ubuntu8.1 [1604 kB] 137s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libtcl8.6 s390x 8.6.14+dfsg-1build1 [1038 kB] 137s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x tcl8.6 s390x 8.6.14+dfsg-1build1 [14.7 kB] 137s Get:6 http://ftpmaster.internal/ubuntu noble/universe s390x tcl-expect s390x 5.45.4-3 [115 kB] 137s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x expect s390x 5.45.4-3 [137 kB] 137s Get:8 http://ftpmaster.internal/ubuntu noble-updates/main s390x ldap-utils s390x 2.6.7+dfsg-1~exp1ubuntu8.1 [165 kB] 137s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu6 [29.7 kB] 137s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu6 [24.1 kB] 137s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu6 [27.2 kB] 137s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0t64 s390x 0.6.2-2.1build1 [5838 B] 137s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libcares2 s390x 1.27.0-1.0ubuntu1 [79.2 kB] 137s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4t64 s390x 0.6.2-2.1build1 [23.9 kB] 137s Get:15 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1build2 [30.0 kB] 137s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1t64 s390x 0.6.2-2.1build1 [9126 B] 137s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7t64 s390x 2.1.12-stable-9ubuntu2 [147 kB] 137s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1t64 s390x 0.6.2-2.1build1 [9394 B] 137s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1t64 s390x 0.6.2-2.1build1 [7226 B] 137s Get:20 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5t64 s390x 0.6.2-2.1build1 [46.6 kB] 137s Get:21 http://ftpmaster.internal/ubuntu noble-updates/main s390x libipa-hbac0t64 s390x 2.9.4-1.1ubuntu6.1 [17.5 kB] 137s Get:22 http://ftpmaster.internal/ubuntu noble/universe s390x libjose0 s390x 13-1 [45.7 kB] 137s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x libverto-libevent1t64 s390x 0.3.1-1.2ubuntu3 [6384 B] 137s Get:24 http://ftpmaster.internal/ubuntu noble/main s390x libverto1t64 s390x 0.3.1-1.2ubuntu3 [11.0 kB] 137s Get:25 http://ftpmaster.internal/ubuntu noble-updates/main s390x libkrad0 s390x 1.20.1-6ubuntu2.2 [22.1 kB] 137s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1build2 [28.4 kB] 137s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1build1 [50.0 kB] 137s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0t64 s390x 0.16.1-2build1 [43.4 kB] 137s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [192 kB] 137s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.4-3ubuntu5 [50.1 kB] 137s Get:31 http://ftpmaster.internal/ubuntu noble/universe s390x libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 137s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3build1 [7748 B] 137s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3build1 [14.8 kB] 137s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3build1 [11.5 kB] 137s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-4ubuntu9 [71.3 kB] 137s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-4ubuntu9 [6231 kB] 137s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient0 s390x 2:4.19.5+dfsg-4ubuntu9 [65.0 kB] 137s Get:38 http://ftpmaster.internal/ubuntu noble-updates/main s390x libnss-sss s390x 2.9.4-1.1ubuntu6.1 [33.1 kB] 137s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main s390x libpam-sss s390x 2.9.4-1.1ubuntu6.1 [52.4 kB] 137s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main s390x python3-sss s390x 2.9.4-1.1ubuntu6.1 [47.2 kB] 137s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main s390x libsss-certmap0 s390x 2.9.4-1.1ubuntu6.1 [47.4 kB] 137s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main s390x libsss-idmap0 s390x 2.9.4-1.1ubuntu6.1 [22.6 kB] 137s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main s390x libsss-nss-idmap0 s390x 2.9.4-1.1ubuntu6.1 [31.9 kB] 137s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-common s390x 2.9.4-1.1ubuntu6.1 [1125 kB] 137s Get:45 http://ftpmaster.internal/ubuntu noble-updates/universe s390x sssd-idp s390x 2.9.4-1.1ubuntu6.1 [27.3 kB] 137s Get:46 http://ftpmaster.internal/ubuntu noble-updates/universe s390x sssd-passkey s390x 2.9.4-1.1ubuntu6.1 [32.3 kB] 137s Get:47 http://ftpmaster.internal/ubuntu noble-updates/main s390x libipa-hbac-dev s390x 2.9.4-1.1ubuntu6.1 [6666 B] 137s Get:48 http://ftpmaster.internal/ubuntu noble-updates/main s390x libsss-certmap-dev s390x 2.9.4-1.1ubuntu6.1 [5734 B] 137s Get:49 http://ftpmaster.internal/ubuntu noble-updates/main s390x libsss-idmap-dev s390x 2.9.4-1.1ubuntu6.1 [8380 B] 137s Get:50 http://ftpmaster.internal/ubuntu noble-updates/main s390x libsss-nss-idmap-dev s390x 2.9.4-1.1ubuntu6.1 [6706 B] 137s Get:51 http://ftpmaster.internal/ubuntu noble-updates/universe s390x libsss-sudo s390x 2.9.4-1.1ubuntu6.1 [21.8 kB] 137s Get:52 http://ftpmaster.internal/ubuntu noble-updates/universe s390x python3-libipa-hbac s390x 2.9.4-1.1ubuntu6.1 [16.9 kB] 137s Get:53 http://ftpmaster.internal/ubuntu noble-updates/universe s390x python3-libsss-nss-idmap s390x 2.9.4-1.1ubuntu6.1 [9140 B] 137s Get:54 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-ad-common s390x 2.9.4-1.1ubuntu6.1 [74.8 kB] 137s Get:55 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-krb5-common s390x 2.9.4-1.1ubuntu6.1 [90.3 kB] 137s Get:56 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-ad s390x 2.9.4-1.1ubuntu6.1 [134 kB] 137s Get:57 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-ipa s390x 2.9.4-1.1ubuntu6.1 [215 kB] 137s Get:58 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-krb5 s390x 2.9.4-1.1ubuntu6.1 [14.4 kB] 137s Get:59 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-ldap s390x 2.9.4-1.1ubuntu6.1 [31.0 kB] 137s Get:60 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-proxy s390x 2.9.4-1.1ubuntu6.1 [43.9 kB] 138s Get:61 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd s390x 2.9.4-1.1ubuntu6.1 [4122 B] 138s Get:62 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-dbus s390x 2.9.4-1.1ubuntu6.1 [101 kB] 138s Get:63 http://ftpmaster.internal/ubuntu noble-updates/universe s390x sssd-kcm s390x 2.9.4-1.1ubuntu6.1 [137 kB] 138s Get:64 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-tools s390x 2.9.4-1.1ubuntu6.1 [97.7 kB] 138s Preconfiguring packages ... 138s Fetched 13.0 MB in 1s (9461 kB/s) 138s Selecting previously unselected package libltdl7:s390x. 138s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54283 files and directories currently installed.) 138s Preparing to unpack .../00-libltdl7_2.4.7-7build1_s390x.deb ... 138s Unpacking libltdl7:s390x (2.4.7-7build1) ... 138s Selecting previously unselected package libodbc2:s390x. 138s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu0.24.04.1_s390x.deb ... 138s Unpacking libodbc2:s390x (2.3.12-1ubuntu0.24.04.1) ... 138s Selecting previously unselected package slapd. 138s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8.1_s390x.deb ... 138s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 138s Selecting previously unselected package libtcl8.6:s390x. 138s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_s390x.deb ... 138s Unpacking libtcl8.6:s390x (8.6.14+dfsg-1build1) ... 138s Selecting previously unselected package tcl8.6. 138s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_s390x.deb ... 138s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 138s Selecting previously unselected package tcl-expect:s390x. 138s Preparing to unpack .../05-tcl-expect_5.45.4-3_s390x.deb ... 138s Unpacking tcl-expect:s390x (5.45.4-3) ... 138s Selecting previously unselected package expect. 138s Preparing to unpack .../06-expect_5.45.4-3_s390x.deb ... 138s Unpacking expect (5.45.4-3) ... 138s Selecting previously unselected package ldap-utils. 138s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8.1_s390x.deb ... 138s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 138s Selecting previously unselected package libavahi-common-data:s390x. 138s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_s390x.deb ... 138s Unpacking libavahi-common-data:s390x (0.8-13ubuntu6) ... 138s Selecting previously unselected package libavahi-common3:s390x. 138s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_s390x.deb ... 138s Unpacking libavahi-common3:s390x (0.8-13ubuntu6) ... 138s Selecting previously unselected package libavahi-client3:s390x. 138s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_s390x.deb ... 138s Unpacking libavahi-client3:s390x (0.8-13ubuntu6) ... 138s Selecting previously unselected package libbasicobjects0t64:s390x. 138s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_s390x.deb ... 138s Unpacking libbasicobjects0t64:s390x (0.6.2-2.1build1) ... 138s Selecting previously unselected package libcares2:s390x. 138s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_s390x.deb ... 138s Unpacking libcares2:s390x (1.27.0-1.0ubuntu1) ... 138s Selecting previously unselected package libcollection4t64:s390x. 138s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_s390x.deb ... 138s Unpacking libcollection4t64:s390x (0.6.2-2.1build1) ... 138s Selecting previously unselected package libcrack2:s390x. 138s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_s390x.deb ... 138s Unpacking libcrack2:s390x (2.9.6-5.1build2) ... 138s Selecting previously unselected package libdhash1t64:s390x. 138s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_s390x.deb ... 138s Unpacking libdhash1t64:s390x (0.6.2-2.1build1) ... 138s Selecting previously unselected package libevent-2.1-7t64:s390x. 138s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_s390x.deb ... 138s Unpacking libevent-2.1-7t64:s390x (2.1.12-stable-9ubuntu2) ... 138s Selecting previously unselected package libpath-utils1t64:s390x. 138s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_s390x.deb ... 138s Unpacking libpath-utils1t64:s390x (0.6.2-2.1build1) ... 138s Selecting previously unselected package libref-array1t64:s390x. 138s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_s390x.deb ... 138s Unpacking libref-array1t64:s390x (0.6.2-2.1build1) ... 138s Selecting previously unselected package libini-config5t64:s390x. 138s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_s390x.deb ... 138s Unpacking libini-config5t64:s390x (0.6.2-2.1build1) ... 138s Selecting previously unselected package libipa-hbac0t64. 138s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6.1_s390x.deb ... 138s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 138s Selecting previously unselected package libjose0:s390x. 138s Preparing to unpack .../21-libjose0_13-1_s390x.deb ... 138s Unpacking libjose0:s390x (13-1) ... 138s Selecting previously unselected package libverto-libevent1t64:s390x. 138s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_s390x.deb ... 138s Unpacking libverto-libevent1t64:s390x (0.3.1-1.2ubuntu3) ... 138s Selecting previously unselected package libverto1t64:s390x. 138s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_s390x.deb ... 138s Unpacking libverto1t64:s390x (0.3.1-1.2ubuntu3) ... 138s Selecting previously unselected package libkrad0:s390x. 138s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2.2_s390x.deb ... 138s Unpacking libkrad0:s390x (1.20.1-6ubuntu2.2) ... 138s Selecting previously unselected package libtalloc2:s390x. 138s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_s390x.deb ... 138s Unpacking libtalloc2:s390x (2.4.2-1build2) ... 138s Selecting previously unselected package libtdb1:s390x. 138s Preparing to unpack .../26-libtdb1_1.4.10-1build1_s390x.deb ... 138s Unpacking libtdb1:s390x (1.4.10-1build1) ... 138s Selecting previously unselected package libtevent0t64:s390x. 138s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_s390x.deb ... 138s Unpacking libtevent0t64:s390x (0.16.1-2build1) ... 138s Selecting previously unselected package libldb2:s390x. 138s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_s390x.deb ... 138s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 138s Selecting previously unselected package libnfsidmap1:s390x. 138s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-3ubuntu5_s390x.deb ... 138s Unpacking libnfsidmap1:s390x (1:2.6.4-3ubuntu5) ... 138s Selecting previously unselected package libnss-sudo. 138s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 138s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 138s Selecting previously unselected package libpwquality-common. 138s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 138s Unpacking libpwquality-common (1.4.5-3build1) ... 138s Selecting previously unselected package libpwquality1:s390x. 138s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_s390x.deb ... 138s Unpacking libpwquality1:s390x (1.4.5-3build1) ... 138s Selecting previously unselected package libpam-pwquality:s390x. 138s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_s390x.deb ... 138s Unpacking libpam-pwquality:s390x (1.4.5-3build1) ... 138s Selecting previously unselected package libwbclient0:s390x. 138s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 138s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 138s Selecting previously unselected package samba-libs:s390x. 138s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 138s Unpacking samba-libs:s390x (2:4.19.5+dfsg-4ubuntu9) ... 138s Selecting previously unselected package libsmbclient0:s390x. 138s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 138s Unpacking libsmbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 138s Selecting previously unselected package libnss-sss:s390x. 138s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6.1_s390x.deb ... 138s Unpacking libnss-sss:s390x (2.9.4-1.1ubuntu6.1) ... 138s Selecting previously unselected package libpam-sss:s390x. 138s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6.1_s390x.deb ... 138s Unpacking libpam-sss:s390x (2.9.4-1.1ubuntu6.1) ... 138s Selecting previously unselected package python3-sss. 138s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6.1_s390x.deb ... 138s Unpacking python3-sss (2.9.4-1.1ubuntu6.1) ... 138s Selecting previously unselected package libsss-certmap0. 138s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6.1_s390x.deb ... 138s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 138s Selecting previously unselected package libsss-idmap0. 138s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6.1_s390x.deb ... 138s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package libsss-nss-idmap0. 139s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-common. 139s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-common (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-idp. 139s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-idp (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-passkey. 139s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-passkey (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package libipa-hbac-dev. 139s Preparing to unpack .../46-libipa-hbac-dev_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package libsss-certmap-dev. 139s Preparing to unpack .../47-libsss-certmap-dev_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package libsss-idmap-dev. 139s Preparing to unpack .../48-libsss-idmap-dev_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package libsss-nss-idmap-dev. 139s Preparing to unpack .../49-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package libsss-sudo. 139s Preparing to unpack .../50-libsss-sudo_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking libsss-sudo (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package python3-libipa-hbac. 139s Preparing to unpack .../51-python3-libipa-hbac_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package python3-libsss-nss-idmap. 139s Preparing to unpack .../52-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-ad-common. 139s Preparing to unpack .../53-sssd-ad-common_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-krb5-common. 139s Preparing to unpack .../54-sssd-krb5-common_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-ad. 139s Preparing to unpack .../55-sssd-ad_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-ad (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-ipa. 139s Preparing to unpack .../56-sssd-ipa_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-krb5. 139s Preparing to unpack .../57-sssd-krb5_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-ldap. 139s Preparing to unpack .../58-sssd-ldap_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-proxy. 139s Preparing to unpack .../59-sssd-proxy_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd. 139s Preparing to unpack .../60-sssd_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-dbus. 139s Preparing to unpack .../61-sssd-dbus_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-dbus (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-kcm. 139s Preparing to unpack .../62-sssd-kcm_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-kcm (2.9.4-1.1ubuntu6.1) ... 139s Selecting previously unselected package sssd-tools. 139s Preparing to unpack .../63-sssd-tools_2.9.4-1.1ubuntu6.1_s390x.deb ... 139s Unpacking sssd-tools (2.9.4-1.1ubuntu6.1) ... 139s Setting up libpwquality-common (1.4.5-3build1) ... 139s Setting up libnfsidmap1:s390x (1:2.6.4-3ubuntu5) ... 139s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 139s Setting up libbasicobjects0t64:s390x (0.6.2-2.1build1) ... 139s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 139s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 139s Setting up libref-array1t64:s390x (0.6.2-2.1build1) ... 139s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6.1) ... 139s Setting up libtdb1:s390x (1.4.10-1build1) ... 139s Setting up libcollection4t64:s390x (0.6.2-2.1build1) ... 139s Setting up libevent-2.1-7t64:s390x (2.1.12-stable-9ubuntu2) ... 139s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 139s Setting up libjose0:s390x (13-1) ... 139s Setting up libwbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 139s Setting up libtalloc2:s390x (2.4.2-1build2) ... 139s Setting up libpath-utils1t64:s390x (0.6.2-2.1build1) ... 139s Setting up libavahi-common-data:s390x (0.8-13ubuntu6) ... 139s Setting up libcares2:s390x (1.27.0-1.0ubuntu1) ... 139s Setting up libdhash1t64:s390x (0.6.2-2.1build1) ... 139s Setting up libtcl8.6:s390x (8.6.14+dfsg-1build1) ... 139s Setting up libltdl7:s390x (2.4.7-7build1) ... 139s Setting up libcrack2:s390x (2.9.6-5.1build2) ... 139s Setting up libodbc2:s390x (2.3.12-1ubuntu0.24.04.1) ... 139s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6.1) ... 139s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 139s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 139s Setting up libini-config5t64:s390x (0.6.2-2.1build1) ... 139s Setting up libtevent0t64:s390x (0.16.1-2build1) ... 139s Setting up libnss-sss:s390x (2.9.4-1.1ubuntu6.1) ... 139s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 139s Creating new user openldap... done. 139s Creating initial configuration... done. 139s Creating LDAP directory... done. 139s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 139s Setting up libsss-sudo (2.9.4-1.1ubuntu6.1) ... 139s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 139s Setting up libavahi-common3:s390x (0.8-13ubuntu6) ... 139s Setting up tcl-expect:s390x (5.45.4-3) ... 139s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 139s Setting up libpwquality1:s390x (1.4.5-3build1) ... 139s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.1) ... 139s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 139s Setting up libavahi-client3:s390x (0.8-13ubuntu6) ... 139s Setting up expect (5.45.4-3) ... 139s Setting up libpam-pwquality:s390x (1.4.5-3build1) ... 139s Setting up samba-libs:s390x (2:4.19.5+dfsg-4ubuntu9) ... 139s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6.1) ... 139s Setting up python3-sss (2.9.4-1.1ubuntu6.1) ... 139s Setting up libsmbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 139s Setting up libpam-sss:s390x (2.9.4-1.1ubuntu6.1) ... 140s Setting up sssd-common (2.9.4-1.1ubuntu6.1) ... 140s Creating SSSD system user & group... 140s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 140s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 140s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 140s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 140s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 140s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 140s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 140s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 141s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 141s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 141s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 141s sssd-autofs.service is a disabled or a static unit, not starting it. 141s sssd-nss.service is a disabled or a static unit, not starting it. 141s sssd-pam.service is a disabled or a static unit, not starting it. 141s sssd-ssh.service is a disabled or a static unit, not starting it. 141s sssd-sudo.service is a disabled or a static unit, not starting it. 141s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 141s Setting up sssd-proxy (2.9.4-1.1ubuntu6.1) ... 141s Setting up sssd-kcm (2.9.4-1.1ubuntu6.1) ... 141s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 142s sssd-kcm.service is a disabled or a static unit, not starting it. 142s Setting up sssd-dbus (2.9.4-1.1ubuntu6.1) ... 142s sssd-ifp.service is a disabled or a static unit, not starting it. 142s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 142s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 142s sssd-pac.service is a disabled or a static unit, not starting it. 142s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 142s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 142s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 142s Setting up sssd-ldap (2.9.4-1.1ubuntu6.1) ... 142s Setting up sssd-ad (2.9.4-1.1ubuntu6.1) ... 142s Setting up sssd-tools (2.9.4-1.1ubuntu6.1) ... 142s Setting up sssd-ipa (2.9.4-1.1ubuntu6.1) ... 142s Setting up sssd (2.9.4-1.1ubuntu6.1) ... 142s Setting up libverto-libevent1t64:s390x (0.3.1-1.2ubuntu3) ... 142s Setting up libverto1t64:s390x (0.3.1-1.2ubuntu3) ... 142s Setting up libkrad0:s390x (1.20.1-6ubuntu2.2) ... 142s Setting up sssd-passkey (2.9.4-1.1ubuntu6.1) ... 142s Setting up sssd-idp (2.9.4-1.1ubuntu6.1) ... 142s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 142s Processing triggers for ufw (0.36.2-6) ... 142s Processing triggers for man-db (2.12.0-4build2) ... 142s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 147s autopkgtest [20:39:17]: test ldap-user-group-ldap-auth: [----------------------- 148s + . debian/tests/util 148s + . debian/tests/common-tests 148s + mydomain=example.com 148s + myhostname=ldap.example.com 148s + mysuffix=dc=example,dc=com 148s + admin_dn=cn=admin,dc=example,dc=com 148s + admin_pw=secret 148s + ldap_user=testuser1 148s + ldap_user_pw=testuser1secret 148s + ldap_group=ldapusers 148s + adjust_hostname ldap.example.com 148s + local myhostname=ldap.example.com 148s + echo ldap.example.com 148s + hostname ldap.example.com 148s + grep -qE ldap.example.com /etc/hosts 148s + echo 127.0.1.10 ldap.example.com 148s + reconfigure_slapd 148s + debconf-set-selections 148s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 148s + dpkg-reconfigure -fnoninteractive -pcritical slapd 148s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 148s Moving old database directory to /var/backups: 148s - directory unknown... done. 148s Creating initial configuration... done. 148s Creating LDAP directory... done. 148s + generate_certs ldap.example.com 148s + local cn=ldap.example.com 148s + local cert=/etc/ldap/server.pem 148s + local key=/etc/ldap/server.key 148s + local cnf=/etc/ldap/openssl.cnf 148s + cat 148s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 148s ...........++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 148s .................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 148s ----- 148s + chmod 0640 /etc/ldap/server.key 148s + chgrp openldap /etc/ldap/server.key 148s + [ ! -f /etc/ldap/server.pem ] 148s + [ ! -f /etc/ldap/server.key ] 148s + enable_ldap_ssl 148s + cat 148s + cat 148s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 148s + populate_ldap_rfc2307 148s + cat 148s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 148s + configure_sssd_ldap_rfc2307 148s + cat 148s + chmod 0600 /etc/sssd/sssd.conf 148s + systemctl restart sssd 148s modifying entry "cn=config" 148s 148s adding new entry "ou=People,dc=example,dc=com" 148s 148s adding new entry "ou=Group,dc=example,dc=com" 148s 148s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 148s 148s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 148s 148s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 148s 148s + enable_pam_mkhomedir 148s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 148s + echo session optional pam_mkhomedir.so 148s Assert local user databases do not have our LDAP test data 148s + run_common_tests 148s + echo Assert local user databases do not have our LDAP test data 148s + check_local_user testuser1 148s + local local_user=testuser1 148s + grep -q ^testuser1 /etc/passwd 148s + check_local_group testuser1 148s + local local_group=testuser1 148s + grep -q ^testuser1 /etc/group 148s + check_local_group ldapusers 148s + local local_group=ldapusers 148s + grep -q ^ldapusers /etc/group 148s + echo The LDAP user is known to the system via getent 148s The LDAP user is known to the system via getent 148s + check_getent_user testuser1 148s + local getent_user=testuser1 148s + local output 148s + getent passwd testuser1 148s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 148s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 148s + echo The LDAP user's private group is known to the system via getent 148s + check_getent_group testuser1 148s + local getent_group=testuser1 148s + local output 148s + getent group testuser1The LDAP user's private group is known to the system via getent 148s 148s The LDAP group ldapusers is known to the system via getent 148s + output=testuser1:*:10001:testuser1 148s + [ -z testuser1:*:10001:testuser1 ] 148s + echo The LDAP group ldapusers is known to the system via getent 148s + check_getent_group ldapusers 148s + local getent_group=ldapusers 148s + local output 148s + getent group ldapusers 148s The id(1) command can resolve the group membership of the LDAP user 148s + output=ldapusers:*:10100:testuser1 148s + [ -z ldapusers:*:10100:testuser1 ] 148s + echo The id(1) command can resolve the group membership of the LDAP user 148s + id -Gn testuser1 148s The LDAP user can login on a terminal 148s + output=testuser1 ldapusers 148s + [ testuser1 ldapusers != testuser1 ldapusers ] 148s + echo The LDAP user can login on a terminal 148s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 148s spawn login 148s ldap.example.com login: testuser1 148s Password: 148s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-49-generic s390x) 148s 148s * Documentation: https://help.ubuntu.com 148s * Management: https://landscape.canonical.com 148s * Support: https://ubuntu.com/pro 148s 148s 148s The programs included with the Ubuntu system are free software; 148s the exact distribution terms for each program are described in the 148s individual files in /usr/share/doc/*/copyright. 148s 148s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 148s applicable law. 148s 148s 148s The programs included with the Ubuntu system are free software; 148s the exact distribution terms for each program are described in the 148s individual files in /usr/share/doc/*/copyright. 148s 148s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 148s applicable law. 148s 148s Creating directory '/home/testuser1'. 148s [?2004htestuser1@ldap:~$ id -un 148s [?2004l testuser1 149s [?2004htestuser1@ldap:~$ autopkgtest [20:39:19]: test ldap-user-group-ldap-auth: -----------------------] 149s ldap-user-group-ldap-auth PASS 149s autopkgtest [20:39:19]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 150s autopkgtest [20:39:20]: test ldap-user-group-krb5-auth: preparing testbed 150s Reading package lists... 150s Building dependency tree... 150s Reading state information... 150s Starting pkgProblemResolver with broken count: 0 150s Starting 2 pkgProblemResolver with broken count: 0 150s Done 150s The following NEW packages will be installed: 150s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 150s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 150s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 150s Need to get 613 kB of archives. 150s After this operation, 2082 kB of additional disk space will be used. 150s Get:1 http://ftpmaster.internal/ubuntu noble/main s390x krb5-config all 2.7 [22.0 kB] 150s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main s390x libgssrpc4t64 s390x 1.20.1-6ubuntu2.2 [59.2 kB] 151s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main s390x libkadm5clnt-mit12 s390x 1.20.1-6ubuntu2.2 [40.5 kB] 151s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main s390x libkdb5-10t64 s390x 1.20.1-6ubuntu2.2 [41.7 kB] 151s Get:5 http://ftpmaster.internal/ubuntu noble-updates/main s390x libkadm5srv-mit12 s390x 1.20.1-6ubuntu2.2 [55.4 kB] 151s Get:6 http://ftpmaster.internal/ubuntu noble-updates/universe s390x krb5-user s390x 1.20.1-6ubuntu2.2 [110 kB] 151s Get:7 http://ftpmaster.internal/ubuntu noble-updates/universe s390x krb5-kdc s390x 1.20.1-6ubuntu2.2 [189 kB] 151s Get:8 http://ftpmaster.internal/ubuntu noble-updates/universe s390x krb5-admin-server s390x 1.20.1-6ubuntu2.2 [95.8 kB] 151s Preconfiguring packages ... 151s Fetched 613 kB in 1s (1116 kB/s) 151s Selecting previously unselected package krb5-config. 151s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 55574 files and directories currently installed.) 151s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 151s Unpacking krb5-config (2.7) ... 151s Selecting previously unselected package libgssrpc4t64:s390x. 151s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2.2_s390x.deb ... 151s Unpacking libgssrpc4t64:s390x (1.20.1-6ubuntu2.2) ... 151s Selecting previously unselected package libkadm5clnt-mit12:s390x. 151s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2.2_s390x.deb ... 151s Unpacking libkadm5clnt-mit12:s390x (1.20.1-6ubuntu2.2) ... 151s Selecting previously unselected package libkdb5-10t64:s390x. 151s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2.2_s390x.deb ... 151s Unpacking libkdb5-10t64:s390x (1.20.1-6ubuntu2.2) ... 151s Selecting previously unselected package libkadm5srv-mit12:s390x. 151s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2.2_s390x.deb ... 151s Unpacking libkadm5srv-mit12:s390x (1.20.1-6ubuntu2.2) ... 151s Selecting previously unselected package krb5-user. 151s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2.2_s390x.deb ... 151s Unpacking krb5-user (1.20.1-6ubuntu2.2) ... 151s Selecting previously unselected package krb5-kdc. 151s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2.2_s390x.deb ... 151s Unpacking krb5-kdc (1.20.1-6ubuntu2.2) ... 151s Selecting previously unselected package krb5-admin-server. 151s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2.2_s390x.deb ... 151s Unpacking krb5-admin-server (1.20.1-6ubuntu2.2) ... 151s Setting up libgssrpc4t64:s390x (1.20.1-6ubuntu2.2) ... 151s Setting up krb5-config (2.7) ... 151s Setting up libkadm5clnt-mit12:s390x (1.20.1-6ubuntu2.2) ... 151s Setting up libkdb5-10t64:s390x (1.20.1-6ubuntu2.2) ... 151s Setting up libkadm5srv-mit12:s390x (1.20.1-6ubuntu2.2) ... 151s Setting up krb5-user (1.20.1-6ubuntu2.2) ... 151s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 151s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 151s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 151s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 151s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 151s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 151s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 151s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 151s Setting up krb5-kdc (1.20.1-6ubuntu2.2) ... 152s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 152s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 152s Setting up krb5-admin-server (1.20.1-6ubuntu2.2) ... 152s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 153s Processing triggers for man-db (2.12.0-4build2) ... 153s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 158s autopkgtest [20:39:28]: test ldap-user-group-krb5-auth: [----------------------- 158s + . debian/tests/util 158s + . debian/tests/common-tests 158s + mydomain=example.com 158s + myhostname=ldap.example.com 158s + mysuffix=dc=example,dc=com 158s + myrealm=EXAMPLE.COM 158s + admin_dn=cn=admin,dc=example,dc=com 158s + admin_pw=secret 158s + ldap_user=testuser1 158s + ldap_user_pw=testuser1secret 158s + kerberos_principal_pw=testuser1kerberos 158s + ldap_group=ldapusers 158s + adjust_hostname ldap.example.com 158s + local myhostname=ldap.example.com 158s + echo ldap.example.com 158s + hostname ldap.example.com 158s + grep -qE ldap.example.com /etc/hosts 158s + reconfigure_slapd 158s + debconf-set-selections 158s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8.1-20241129-203918.ldapdb 158s + dpkg-reconfigure -fnoninteractive -pcritical slapd 158s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 158s Moving old database directory to /var/backups: 158s - directory unknown... done. 158s Creating initial configuration... done. 158s Creating LDAP directory... done. 159s + generate_certs ldap.example.com 159s + local cn=ldap.example.com 159s + local cert=/etc/ldap/server.pem 159s + local key=/etc/ldap/server.key 159s + local cnf=/etc/ldap/openssl.cnf 159s + cat 159s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 159s .......................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 159s .......................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 159s ----- 159s + chmod 0640 /etc/ldap/server.key 159s + chgrp openldap /etc/ldap/server.key 159s + [ ! -f /etc/ldap/server.pem ] 159s + [ ! -f /etc/ldap/server.key ] 159s + enable_ldap_ssl 159s + cat 159s + cat 159s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 159s + populate_ldap_rfc2307 159s + ldapadd -x -D+ cn=admin,dc=example,dc=com -w secret 159s cat 159s + create_realm EXAMPLE.COM ldap.example.com 159s + local realm_name=EXAMPLE.COM 159s + local kerberos_server=ldap.example.com 159s + rm -rf /var/lib/krb5kdc/* 159s + rm -rf /etc/krb5kdc/kdc.conf 159s + rm -f /etc/krb5.keytab 159s + cat 159s + cat 159s + echo # */admin * 159s + kdb5_util create -s -P secretpassword 159s + systemctl restart krb5-kdc.service krb5-admin-server.service 159s modifying entry "cn=config" 159s 159s adding new entry "ou=People,dc=example,dc=com" 159s 159s adding new entry "ou=Group,dc=example,dc=com" 159s 159s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 159s 159s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 159s 159s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 159s 159s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 159s master key name 'K/M@EXAMPLE.COM' 159s + create_krb_principal testuser1 testuser1kerberos 159s + local principal=testuser1 159s + local password=testuser1kerberos 159s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 159s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 159s Authenticating as principal root/admin@EXAMPLE.COM with password. 159s Principal "testuser1@EXAMPLE.COM" created. 159s + configure_sssd_ldap_rfc2307_krb5_auth 159s + cat 159s + chmod 0600 /etc/sssd/sssd.conf 159s + systemctl restart sssd 159s + enable_pam_mkhomedir 159s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 159s Assert local user databases do not have our LDAP test data 159s + run_common_tests 159s + echo Assert local user databases do not have our LDAP test data 159s + check_local_user testuser1 159s + local local_user=testuser1 159s + grep -q ^testuser1 /etc/passwd 159s + check_local_group testuser1 159s + local local_group=testuser1 159s + grep -q ^testuser1 /etc/group 159s + check_local_group ldapusers 159s + local local_group=ldapusers 159s + grep -q ^ldapusers /etc/group 159s + The LDAP user is known to the system via getent 159s echo The LDAP user is known to the system via getent 159s + check_getent_user testuser1 159s + local getent_user=testuser1 159s + local output 159s + getent passwd testuser1 159s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 159s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 159s + The LDAP user's private group is known to the system via getent 159s echo The LDAP user's private group is known to the system via getent 159s + check_getent_group testuser1 159s + local getent_group=testuser1 159s + local output 159s + getent group testuser1 159s + output=testuser1:*:10001:testuser1 159s + [The LDAP group ldapusers is known to the system via getent 159s The id(1) command can resolve the group membership of the LDAP user 159s The Kerberos principal can login on a terminal 159s spawn login 159s ldap.example.com login: testuser1 159s Password: 159s -z testuser1:*:10001:testuser1 ] 159s + echo The LDAP group ldapusers is known to the system via getent 159s + check_getent_group ldapusers 159s + local getent_group=ldapusers 159s + local output 159s + getent group ldapusers 159s + output=ldapusers:*:10100:testuser1 159s + [ -z ldapusers:*:10100:testuser1 ] 159s + echo The id(1) command can resolve the group membership of the LDAP user 159s + id -Gn testuser1 159s + output=testuser1 ldapusers 159s + [ testuser1 ldapusers != testuser1 ldapusers ] 159s + echo The Kerberos principal can login on a terminal 159s + kdestroy 159s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 159s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-49-generic s390x) 159s 159s * Documentation: https://help.ubuntu.com 159s * Management: https://landscape.canonical.com 159s * Support: https://ubuntu.com/pro 159s 159s 159s The programs included with the Ubuntu system are free software; 159s the exact distribution terms for each program are described in the 159s individual files in /usr/share/doc/*/copyright. 159s 159s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 159s applicable law. 159s 159s [?2004htestuser1@ldap:~$ id -un 159s [?2004l testuser1 159s [?2004htestuser1@ldap:~$ klist 159s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_9aGblm 159s Default principal: testuser1@EXAMPLE.COM 159s 159s Valid starting Expires Service principal 159s autopkgtest [20:39:29]: test ldap-user-group-krb5-auth: -----------------------] 160s ldap-user-group-krb5-auth PASS 160s autopkgtest [20:39:30]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 160s autopkgtest [20:39:30]: test sssd-softhism2-certificates-tests.sh: preparing testbed 268s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 273s autopkgtest [20:41:23]: testbed dpkg architecture: s390x 273s autopkgtest [20:41:23]: testbed apt version: 2.7.14build2 273s autopkgtest [20:41:23]: @@@@@@@@@@@@@@@@@@@@ test bed setup 274s autopkgtest [20:41:24]: testbed release detected to be: noble 274s autopkgtest [20:41:24]: updating testbed package index (apt update) 275s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 275s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 275s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 275s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 275s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [103 kB] 275s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [8604 B] 275s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [17.3 kB] 275s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [92.1 kB] 275s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [165 kB] 275s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3744 B] 275s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1384 B] 275s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 275s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [463 kB] 275s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [5504 B] 275s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [972 B] 275s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 277s Fetched 1127 kB in 1s (1285 kB/s) 277s Reading package lists... 278s Reading package lists... 278s Building dependency tree... 278s Reading state information... 278s Calculating upgrade... 278s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 278s Reading package lists... 278s Building dependency tree... 278s Reading state information... 278s 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. 278s autopkgtest [20:41:28]: upgrading testbed (apt dist-upgrade and autopurge) 279s Reading package lists... 279s Building dependency tree... 279s Reading state information... 279s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 279s Starting 2 pkgProblemResolver with broken count: 0 279s Done 279s Entering ResolveByKeep 279s 279s The following packages will be upgraded: 279s login passwd 279s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 279s Need to get 1058 kB of archives. 279s After this operation, 20.5 kB disk space will be freed. 279s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x login s390x 1:4.13+dfsg1-4ubuntu3.3 [202 kB] 280s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x passwd s390x 1:4.13+dfsg1-4ubuntu3.3 [856 kB] 280s Fetched 1058 kB in 1s (1982 kB/s) 280s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54283 files and directories currently installed.) 280s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.3_s390x.deb ... 280s Unpacking login (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 280s Setting up login (1:4.13+dfsg1-4ubuntu3.3) ... 280s Installing new version of config file /etc/pam.d/login ... 280s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54283 files and directories currently installed.) 280s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.3_s390x.deb ... 280s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 280s Setting up passwd (1:4.13+dfsg1-4ubuntu3.3) ... 280s Processing triggers for man-db (2.12.0-4build2) ... 281s Reading package lists... 281s Building dependency tree... 281s Reading state information... 281s Starting pkgProblemResolver with broken count: 0 281s Starting 2 pkgProblemResolver with broken count: 0 281s Done 282s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 284s Reading package lists... 284s Building dependency tree... 284s Reading state information... 284s Starting pkgProblemResolver with broken count: 0 284s Starting 2 pkgProblemResolver with broken count: 0 284s Done 284s The following NEW packages will be installed: 284s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 284s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 284s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 284s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 284s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 284s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 284s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 284s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 284s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 285s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 285s Need to get 10.4 MB of archives. 285s After this operation, 40.6 MB of additional disk space will be used. 285s Get:1 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7t64 s390x 2.1.12-stable-9ubuntu2 [147 kB] 285s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main s390x libunbound8 s390x 1.19.2-1ubuntu3.3 [452 kB] 285s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main s390x libgnutls-dane0t64 s390x 3.8.3-1.1ubuntu3.2 [23.6 kB] 285s Get:4 http://ftpmaster.internal/ubuntu noble-updates/universe s390x gnutls-bin s390x 3.8.3-1.1ubuntu3.2 [283 kB] 285s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu6 [29.7 kB] 285s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu6 [24.1 kB] 285s Get:7 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu6 [27.2 kB] 285s Get:8 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0t64 s390x 0.6.2-2.1build1 [5838 B] 285s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x libcares2 s390x 1.27.0-1.0ubuntu1 [79.2 kB] 285s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4t64 s390x 0.6.2-2.1build1 [23.9 kB] 285s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1build2 [30.0 kB] 285s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1t64 s390x 0.6.2-2.1build1 [9126 B] 285s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1t64 s390x 0.6.2-2.1build1 [9394 B] 285s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1t64 s390x 0.6.2-2.1build1 [7226 B] 285s Get:15 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5t64 s390x 0.6.2-2.1build1 [46.6 kB] 285s Get:16 http://ftpmaster.internal/ubuntu noble-updates/main s390x libipa-hbac0t64 s390x 2.9.4-1.1ubuntu6.1 [17.5 kB] 285s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1build2 [28.4 kB] 285s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1build1 [50.0 kB] 285s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0t64 s390x 0.16.1-2build1 [43.4 kB] 285s Get:20 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [192 kB] 285s Get:21 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.4-3ubuntu5 [50.1 kB] 285s Get:22 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3build1 [7748 B] 285s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3build1 [14.8 kB] 285s Get:24 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3build1 [11.5 kB] 285s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-4ubuntu9 [71.3 kB] 285s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-4ubuntu9 [6231 kB] 285s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient0 s390x 2:4.19.5+dfsg-4ubuntu9 [65.0 kB] 285s Get:28 http://ftpmaster.internal/ubuntu noble-updates/main s390x libnss-sss s390x 2.9.4-1.1ubuntu6.1 [33.1 kB] 285s Get:29 http://ftpmaster.internal/ubuntu noble-updates/main s390x libpam-sss s390x 2.9.4-1.1ubuntu6.1 [52.4 kB] 285s Get:30 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2-common s390x 2.6.1-2.2ubuntu3 [6196 B] 285s Get:31 http://ftpmaster.internal/ubuntu noble/universe s390x libsofthsm2 s390x 2.6.1-2.2ubuntu3 [267 kB] 286s Get:32 http://ftpmaster.internal/ubuntu noble-updates/main s390x libsss-certmap0 s390x 2.9.4-1.1ubuntu6.1 [47.4 kB] 286s Get:33 http://ftpmaster.internal/ubuntu noble-updates/main s390x libsss-idmap0 s390x 2.9.4-1.1ubuntu6.1 [22.6 kB] 286s Get:34 http://ftpmaster.internal/ubuntu noble-updates/main s390x libsss-nss-idmap0 s390x 2.9.4-1.1ubuntu6.1 [31.9 kB] 286s Get:35 http://ftpmaster.internal/ubuntu noble-updates/main s390x python3-sss s390x 2.9.4-1.1ubuntu6.1 [47.2 kB] 286s Get:36 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2 s390x 2.6.1-2.2ubuntu3 [176 kB] 286s Get:37 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-common s390x 2.9.4-1.1ubuntu6.1 [1125 kB] 286s Get:38 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-ad-common s390x 2.9.4-1.1ubuntu6.1 [74.8 kB] 286s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-krb5-common s390x 2.9.4-1.1ubuntu6.1 [90.3 kB] 286s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-ad s390x 2.9.4-1.1ubuntu6.1 [134 kB] 286s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-ipa s390x 2.9.4-1.1ubuntu6.1 [215 kB] 286s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-krb5 s390x 2.9.4-1.1ubuntu6.1 [14.4 kB] 286s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-ldap s390x 2.9.4-1.1ubuntu6.1 [31.0 kB] 286s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd-proxy s390x 2.9.4-1.1ubuntu6.1 [43.9 kB] 286s Get:45 http://ftpmaster.internal/ubuntu noble-updates/main s390x sssd s390x 2.9.4-1.1ubuntu6.1 [4122 B] 286s Fetched 10.4 MB in 1s (8237 kB/s) 286s Selecting previously unselected package libevent-2.1-7t64:s390x. 286s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54283 files and directories currently installed.) 286s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_s390x.deb ... 286s Unpacking libevent-2.1-7t64:s390x (2.1.12-stable-9ubuntu2) ... 286s Selecting previously unselected package libunbound8:s390x. 286s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3.3_s390x.deb ... 286s Unpacking libunbound8:s390x (1.19.2-1ubuntu3.3) ... 286s Selecting previously unselected package libgnutls-dane0t64:s390x. 286s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3.2_s390x.deb ... 286s Unpacking libgnutls-dane0t64:s390x (3.8.3-1.1ubuntu3.2) ... 286s Selecting previously unselected package gnutls-bin. 286s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3.2_s390x.deb ... 286s Unpacking gnutls-bin (3.8.3-1.1ubuntu3.2) ... 286s Selecting previously unselected package libavahi-common-data:s390x. 286s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_s390x.deb ... 286s Unpacking libavahi-common-data:s390x (0.8-13ubuntu6) ... 286s Selecting previously unselected package libavahi-common3:s390x. 286s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_s390x.deb ... 286s Unpacking libavahi-common3:s390x (0.8-13ubuntu6) ... 286s Selecting previously unselected package libavahi-client3:s390x. 286s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_s390x.deb ... 286s Unpacking libavahi-client3:s390x (0.8-13ubuntu6) ... 286s Selecting previously unselected package libbasicobjects0t64:s390x. 286s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_s390x.deb ... 286s Unpacking libbasicobjects0t64:s390x (0.6.2-2.1build1) ... 286s Selecting previously unselected package libcares2:s390x. 286s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_s390x.deb ... 286s Unpacking libcares2:s390x (1.27.0-1.0ubuntu1) ... 286s Selecting previously unselected package libcollection4t64:s390x. 286s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_s390x.deb ... 286s Unpacking libcollection4t64:s390x (0.6.2-2.1build1) ... 286s Selecting previously unselected package libcrack2:s390x. 286s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_s390x.deb ... 286s Unpacking libcrack2:s390x (2.9.6-5.1build2) ... 286s Selecting previously unselected package libdhash1t64:s390x. 286s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_s390x.deb ... 286s Unpacking libdhash1t64:s390x (0.6.2-2.1build1) ... 286s Selecting previously unselected package libpath-utils1t64:s390x. 286s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_s390x.deb ... 286s Unpacking libpath-utils1t64:s390x (0.6.2-2.1build1) ... 286s Selecting previously unselected package libref-array1t64:s390x. 286s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_s390x.deb ... 286s Unpacking libref-array1t64:s390x (0.6.2-2.1build1) ... 286s Selecting previously unselected package libini-config5t64:s390x. 286s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_s390x.deb ... 286s Unpacking libini-config5t64:s390x (0.6.2-2.1build1) ... 286s Selecting previously unselected package libipa-hbac0t64. 286s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package libtalloc2:s390x. 286s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_s390x.deb ... 286s Unpacking libtalloc2:s390x (2.4.2-1build2) ... 286s Selecting previously unselected package libtdb1:s390x. 286s Preparing to unpack .../17-libtdb1_1.4.10-1build1_s390x.deb ... 286s Unpacking libtdb1:s390x (1.4.10-1build1) ... 286s Selecting previously unselected package libtevent0t64:s390x. 286s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_s390x.deb ... 286s Unpacking libtevent0t64:s390x (0.16.1-2build1) ... 286s Selecting previously unselected package libldb2:s390x. 286s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_s390x.deb ... 286s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 286s Selecting previously unselected package libnfsidmap1:s390x. 286s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-3ubuntu5_s390x.deb ... 286s Unpacking libnfsidmap1:s390x (1:2.6.4-3ubuntu5) ... 286s Selecting previously unselected package libpwquality-common. 286s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 286s Unpacking libpwquality-common (1.4.5-3build1) ... 286s Selecting previously unselected package libpwquality1:s390x. 286s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_s390x.deb ... 286s Unpacking libpwquality1:s390x (1.4.5-3build1) ... 286s Selecting previously unselected package libpam-pwquality:s390x. 286s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_s390x.deb ... 286s Unpacking libpam-pwquality:s390x (1.4.5-3build1) ... 286s Selecting previously unselected package libwbclient0:s390x. 286s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 286s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 286s Selecting previously unselected package samba-libs:s390x. 286s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 286s Unpacking samba-libs:s390x (2:4.19.5+dfsg-4ubuntu9) ... 286s Selecting previously unselected package libsmbclient0:s390x. 286s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_s390x.deb ... 286s Unpacking libsmbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 286s Selecting previously unselected package libnss-sss:s390x. 286s Preparing to unpack .../27-libnss-sss_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking libnss-sss:s390x (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package libpam-sss:s390x. 286s Preparing to unpack .../28-libpam-sss_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking libpam-sss:s390x (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package softhsm2-common. 286s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_s390x.deb ... 286s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 286s Selecting previously unselected package libsofthsm2. 286s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_s390x.deb ... 286s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 286s Selecting previously unselected package libsss-certmap0. 286s Preparing to unpack .../31-libsss-certmap0_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package libsss-idmap0. 286s Preparing to unpack .../32-libsss-idmap0_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package libsss-nss-idmap0. 286s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package python3-sss. 286s Preparing to unpack .../34-python3-sss_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking python3-sss (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package softhsm2. 286s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_s390x.deb ... 286s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 286s Selecting previously unselected package sssd-common. 286s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking sssd-common (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package sssd-ad-common. 286s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package sssd-krb5-common. 286s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package sssd-ad. 286s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking sssd-ad (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package sssd-ipa. 286s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.1) ... 286s Selecting previously unselected package sssd-krb5. 286s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6.1_s390x.deb ... 286s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 287s Selecting previously unselected package sssd-ldap. 287s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6.1_s390x.deb ... 287s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.1) ... 287s Selecting previously unselected package sssd-proxy. 287s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6.1_s390x.deb ... 287s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.1) ... 287s Selecting previously unselected package sssd. 287s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6.1_s390x.deb ... 287s Unpacking sssd (2.9.4-1.1ubuntu6.1) ... 287s Setting up libpwquality-common (1.4.5-3build1) ... 287s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 287s 287s Creating config file /etc/softhsm/softhsm2.conf with new version 287s Setting up libnfsidmap1:s390x (1:2.6.4-3ubuntu5) ... 287s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 287s Setting up libbasicobjects0t64:s390x (0.6.2-2.1build1) ... 287s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 287s Setting up libref-array1t64:s390x (0.6.2-2.1build1) ... 287s Setting up libtdb1:s390x (1.4.10-1build1) ... 287s Setting up libcollection4t64:s390x (0.6.2-2.1build1) ... 287s Setting up libevent-2.1-7t64:s390x (2.1.12-stable-9ubuntu2) ... 287s Setting up libwbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 287s Setting up libtalloc2:s390x (2.4.2-1build2) ... 287s Setting up libpath-utils1t64:s390x (0.6.2-2.1build1) ... 287s Setting up libunbound8:s390x (1.19.2-1ubuntu3.3) ... 287s Setting up libgnutls-dane0t64:s390x (3.8.3-1.1ubuntu3.2) ... 287s Setting up libavahi-common-data:s390x (0.8-13ubuntu6) ... 287s Setting up libcares2:s390x (1.27.0-1.0ubuntu1) ... 287s Setting up libdhash1t64:s390x (0.6.2-2.1build1) ... 287s Setting up libcrack2:s390x (2.9.6-5.1build2) ... 287s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 287s Setting up libini-config5t64:s390x (0.6.2-2.1build1) ... 287s Setting up libtevent0t64:s390x (0.16.1-2build1) ... 287s Setting up libnss-sss:s390x (2.9.4-1.1ubuntu6.1) ... 287s Setting up gnutls-bin (3.8.3-1.1ubuntu3.2) ... 287s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 287s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 287s Setting up libavahi-common3:s390x (0.8-13ubuntu6) ... 287s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 287s Setting up libpwquality1:s390x (1.4.5-3build1) ... 287s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 287s Setting up libavahi-client3:s390x (0.8-13ubuntu6) ... 287s Setting up libpam-pwquality:s390x (1.4.5-3build1) ... 287s Setting up samba-libs:s390x (2:4.19.5+dfsg-4ubuntu9) ... 287s Setting up python3-sss (2.9.4-1.1ubuntu6.1) ... 287s Setting up libsmbclient0:s390x (2:4.19.5+dfsg-4ubuntu9) ... 287s Setting up libpam-sss:s390x (2.9.4-1.1ubuntu6.1) ... 287s Setting up sssd-common (2.9.4-1.1ubuntu6.1) ... 287s Creating SSSD system user & group... 287s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 287s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 287s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 287s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 287s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 288s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 288s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 288s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 288s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 288s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 288s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 288s sssd-autofs.service is a disabled or a static unit, not starting it. 289s sssd-nss.service is a disabled or a static unit, not starting it. 289s sssd-pam.service is a disabled or a static unit, not starting it. 289s sssd-ssh.service is a disabled or a static unit, not starting it. 289s sssd-sudo.service is a disabled or a static unit, not starting it. 289s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 289s Setting up sssd-proxy (2.9.4-1.1ubuntu6.1) ... 289s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 289s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 289s sssd-pac.service is a disabled or a static unit, not starting it. 289s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 289s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 289s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 289s Setting up sssd-ldap (2.9.4-1.1ubuntu6.1) ... 289s Setting up sssd-ad (2.9.4-1.1ubuntu6.1) ... 289s Setting up sssd-ipa (2.9.4-1.1ubuntu6.1) ... 289s Setting up sssd (2.9.4-1.1ubuntu6.1) ... 289s Processing triggers for man-db (2.12.0-4build2) ... 289s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 294s autopkgtest [20:41:44]: test sssd-softhism2-certificates-tests.sh: [----------------------- 294s + '[' -z ubuntu ']' 294s + required_tools=(p11tool openssl softhsm2-util) 294s + for cmd in "${required_tools[@]}" 294s + command -v p11tool 294s + for cmd in "${required_tools[@]}" 294s + command -v openssl 294s + for cmd in "${required_tools[@]}" 294s + command -v softhsm2-util 294s + PIN=053350 294s +++ find /usr/lib/softhsm/libsofthsm2.so 294s +++ head -n 1 294s ++ realpath /usr/lib/softhsm/libsofthsm2.so 294s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 294s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 294s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 294s + '[' '!' -v NO_SSSD_TESTS ']' 294s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 294s + ca_db_arg=ca_db 294s ++ /usr/libexec/sssd/p11_child --help 294s + p11_child_help='Usage: p11_child [OPTION...] 294s -d, --debug-level=INT Debug level 294s --debug-timestamps=INT Add debug timestamps 294s --debug-microseconds=INT Show timestamps with microseconds 294s --dumpable=INT Allow core dumps 294s --debug-fd=INT An open file descriptor for the debug 294s logs 294s --logger=stderr|files|journald Set logger 294s --auth Run in auth mode 294s --pre Run in pre-auth mode 294s --wait_for_card Wait until card is available 294s --verification Run in verification mode 294s --pin Expect PIN on stdin 294s --keypad Expect PIN on keypad 294s --verify=STRING Tune validation 294s --ca_db=STRING CA DB to use 294s --module_name=STRING Module name for authentication 294s --token_name=STRING Token name for authentication 294s --key_id=STRING Key ID for authentication 294s --label=STRING Label for authentication 294s --certificate=STRING certificate to verify, base64 encoded 294s --uri=STRING PKCS#11 URI to restrict selection 294s --chain-id=LONG Tevent chain ID used for logging 294s purposes 294s 294s Help options: 294s -?, --help Show this help message 294s --usage Display brief usage message' 294s + echo 'Usage: p11_child [OPTION...] 294s -d, --debug-level=INT Debug level 294s --debug-timestamps=INT Add debug timestamps 294s --debug-microseconds=INT Show timestamps with microseconds 294s --dumpable=INT Allow core dumps 294s --debug-fd=INT An open file descriptor for the debug 294s logs 294s --logger=stderr|files|journald Set logger 294s --auth Run in auth mode 294s --pre Run in pre-auth mode 294s --wait_for_card Wait until card is available 294s --verification Run in verification mode 294s --pin Expect PIN on stdin 294s --keypad Expect PIN on keypad 294s --verify=STRING Tune validation 294s --ca_db=STRING CA DB to use 294s --module_name=STRING Module name for authentication 294s --token_name=STRING Token name for authentication 294s --key_id=STRING Key ID for authentication 294s --label=STRING Label for authentication 294s --certificate=STRING certificate to verify, base64 encoded 294s --uri=STRING PKCS#11 URI to restrict selection 294s --chain-id=LONG Tevent chain ID used for logging 294s purposes 294s 294s Help options: 294s -?, --help Show this help message 294s --usage Display brief usage message' 294s + grep nssdb -qs 294s + echo 'Usage: p11_child [OPTION...] 294s -d, --debug-level=INT Debug level 294s --debug-timestamps=INT Add debug timestamps 294s --debug-microseconds=INT Show timestamps with microseconds 294s --dumpable=INT Allow core dumps 294s --debug-fd=INT An open file descriptor for the debug 294s logs 294s --logger=stderr|files|journald Set logger 294s --auth Run in auth mode 294s --pre Run in pre-auth mode 294s --wait_for_card Wait until card is available 294s --verification Run in verification mode 294s --pin Expect PIN on stdin 294s --keypad Expect PIN on keypad 294s --verify=STRING Tune validation 294s --ca_db=STRING CA DB to use 294s --module_name=STRING Module name for authentication 294s --token_name=STRING Token name for authentication 294s --key_id=STRING Key ID for authentication 294s --label=STRING Label for authentication 294s --certificate=STRING certificate to verify, base64 encoded 294s --uri=STRING PKCS#11 URI to restrict selection 294s --chain-id=LONG Tevent chain ID used for logging 294s purposes 294s 294s Help options: 294s -?, --help Show this help message 294s --usage Display brief usage message' 294s + grep -qs -- --ca_db 294s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 294s ++ mktemp -d -t sssd-softhsm2-XXXXXX 294s + tmpdir=/tmp/sssd-softhsm2-patcvf 294s + keys_size=1024 294s + [[ ! -v KEEP_TEMPORARY_FILES ]] 294s + trap 'rm -rf "$tmpdir"' EXIT 294s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 294s + echo -n 01 294s + touch /tmp/sssd-softhsm2-patcvf/index.txt 294s + mkdir -p /tmp/sssd-softhsm2-patcvf/new_certs 294s + cat 294s + root_ca_key_pass=pass:random-root-CA-password-4928 294s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-patcvf/test-root-CA-key.pem -passout pass:random-root-CA-password-4928 1024 294s + openssl req -passin pass:random-root-CA-password-4928 -batch -config /tmp/sssd-softhsm2-patcvf/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-patcvf/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-patcvf/test-root-CA.pem 294s + openssl x509 -noout -in /tmp/sssd-softhsm2-patcvf/test-root-CA.pem 295s + cat 295s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-4472 295s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-4472 1024 295s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-4472 -config /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.config -key /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-4928 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-certificate-request.pem 295s + openssl req -text -noout -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-certificate-request.pem 295s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-patcvf/test-root-CA.config -passin pass:random-root-CA-password-4928 -keyfile /tmp/sssd-softhsm2-patcvf/test-root-CA-key.pem -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 295s Certificate Request: 295s Data: 295s Version: 1 (0x0) 295s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 295s Subject Public Key Info: 295s Public Key Algorithm: rsaEncryption 295s Public-Key: (1024 bit) 295s Modulus: 295s 00:c0:19:d7:42:3a:25:02:07:4e:fa:60:4c:66:79: 295s e7:8f:ac:20:5e:21:c9:9f:33:20:0a:94:14:df:35: 295s ea:cd:9a:c9:2c:dd:89:51:44:fc:cf:4e:63:39:6d: 295s 6b:54:50:90:90:51:8e:70:82:7a:7c:9b:4e:c9:f6: 295s 88:c2:e8:28:f8:17:0d:60:b1:60:9d:34:4e:ce:a8: 295s 7b:0a:60:fc:eb:b2:16:30:78:6c:3a:15:f5:bd:91: 295s 97:0b:0d:8c:6b:dc:fd:fc:cf:b0:6d:aa:3b:0e:6f: 295s 47:e5:c9:16:11:d3:d9:a2:c8:54:4e:fe:7b:de:44: 295s e6:d9:f2:7d:0c:99:d5:27:a3 295s Exponent: 65537 (0x10001) 295s Attributes: 295s (none) 295s Requested Extensions: 295s Signature Algorithm: sha256WithRSAEncryption 295s Signature Value: 295s a7:48:5e:ea:5f:1d:2e:7e:43:6a:88:d4:35:6f:78:97:05:63: 295s d7:a3:a7:e7:55:54:3c:fb:d3:83:30:b1:9b:c9:5b:d4:89:79: 295s db:2d:6a:8f:6f:d8:d3:86:62:9a:2f:36:29:36:ff:5d:fb:9f: 295s 2b:7e:58:bc:1f:63:35:21:e6:26:d9:38:09:07:71:01:f9:15: 295s 34:8d:06:c5:a9:4b:2e:f2:a3:22:24:a0:b6:27:6b:73:d9:1c: 295s ba:5f:26:4d:9b:22:88:bc:8f:16:8b:55:90:89:f1:ca:33:6f: 295s 2b:de:15:62:fa:47:f1:8f:ad:94:36:62:a6:ce:96:c5:3b:02: 295s c4:16 295s Using configuration from /tmp/sssd-softhsm2-patcvf/test-root-CA.config 295s Check that the request matches the signature 295s Signature ok 295s Certificate Details: 295s Serial Number: 1 (0x1) 295s Validity 295s Not Before: Nov 29 20:41:45 2024 GMT 295s Not After : Nov 29 20:41:45 2025 GMT 295s Subject: 295s organizationName = Test Organization 295s organizationalUnitName = Test Organization Unit 295s commonName = Test Organization Intermediate CA 295s X509v3 extensions: 295s X509v3 Subject Key Identifier: 295s 4F:F3:5C:9D:A7:86:FB:FA:82:E9:29:9E:8C:F2:2F:02:55:62:2C:51 295s X509v3 Authority Key Identifier: 295s keyid:23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 295s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 295s serial:00 295s X509v3 Basic Constraints: 295s CA:TRUE 295s X509v3 Key Usage: critical 295s Digital Signature, Certificate Sign, CRL Sign 295s Certificate is to be certified until Nov 29 20:41:45 2025 GMT (365 days) 295s 295s Write out database with 1 new entries 295s Database updated 295s + openssl x509 -noout -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-root-CA.pem /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 295s /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem: OK 295s + cat 295s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-22533 295s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-22533 1024 295s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-22533 -config /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-4472 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-certificate-request.pem 295s + openssl req -text -noout -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-certificate-request.pem 295s Certificate Request: 295s Data: 295s Version: 1 (0x0) 295s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 295s Subject Public Key Info: 295s Public Key Algorithm: rsaEncryption 295s Public-Key: (1024 bit) 295s Modulus: 295s 00:a6:eb:06:05:65:2a:ab:12:b3:a9:4b:ae:86:ff: 295s 41:10:22:0d:a1:e4:1d:fc:fd:e2:54:2b:c3:e9:ce: 295s fa:c8:76:6d:33:c6:c8:36:91:55:c9:8e:cb:6f:1a: 295s dc:15:81:3d:5c:22:15:1c:d2:b7:52:f0:d4:9f:9d: 295s 64:46:39:e1:80:14:a2:3b:1b:2b:98:cc:94:06:ca: 295s 6e:b7:02:7a:13:69:12:93:fc:af:4f:4b:b9:45:9f: 295s f4:95:bc:5b:fa:0c:45:06:aa:e0:95:d0:0c:25:5f: 295s 65:6d:58:77:53:80:5e:71:ad:98:24:55:a7:77:ba: 295s 6f:a7:96:11:74:87:3a:4a:0d 295s Exponent: 65537 (0x10001) 295s Attributes: 295s (none) 295s Requested Extensions: 295s Signature Algorithm: sha256WithRSAEncryption 295s Signature Value: 295s 1b:c2:e2:bd:bc:2c:dd:0d:e5:74:ac:9b:91:45:9a:6d:fd:0c: 295s 39:bc:57:39:b1:c0:b4:c8:0e:12:0f:ef:a3:a1:4e:04:ff:da: 295s 51:74:ea:ab:d9:8c:5c:83:c1:73:e6:67:88:fd:1d:3f:37:aa: 295s f9:e3:c5:01:dd:df:95:d5:51:73:02:70:d1:fa:ce:a7:a7:81: 295s 89:36:de:5a:a5:36:99:62:9e:a1:23:c9:41:07:32:0e:5b:1e: 295s 16:fd:f1:8c:54:75:00:c0:4a:bc:6f:b4:0e:bc:6d:98:92:4f: 295s 1a:f0:c4:d4:94:4a:75:74:ba:e8:e3:d9:13:7c:17:e6:a8:87: 295s 1f:6f 295s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-4472 -keyfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 295s Using configuration from /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.config 295s Check that the request matches the signature 295s Signature ok 295s Certificate Details: 295s Serial Number: 2 (0x2) 295s Validity 295s Not Before: Nov 29 20:41:45 2024 GMT 295s Not After : Nov 29 20:41:45 2025 GMT 295s Subject: 295s organizationName = Test Organization 295s organizationalUnitName = Test Organization Unit 295s commonName = Test Organization Sub Intermediate CA 295s X509v3 extensions: 295s X509v3 Subject Key Identifier: 295s AA:22:5A:19:7B:A7:77:58:6B:AA:77:0F:FC:EC:11:4F:CA:D7:44:F4 295s X509v3 Authority Key Identifier: 295s keyid:4F:F3:5C:9D:A7:86:FB:FA:82:E9:29:9E:8C:F2:2F:02:55:62:2C:51 295s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 295s serial:01 295s /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem: OK 295s X509v3 Basic Constraints: 295s CA:TRUE 295s X509v3 Key Usage: critical 295s Digital Signature, Certificate Sign, CRL Sign 295s Certificate is to be certified until Nov 29 20:41:45 2025 GMT (365 days) 295s 295s Write out database with 1 new entries 295s Database updated 295s + openssl x509 -noout -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 295s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 295s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-root-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 295s + local cmd=openssl 295s + shift 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-root-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 295s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 295s error 20 at 0 depth lookup: unable to get local issuer certificate 295s error /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem: verification failed 295s + cat 295s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-7515 295s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-7515 1024 295s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-7515 -key /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001-request.pem 295s + openssl req -text -noout -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001-request.pem 295s Certificate Request: 295s Data: 295s Version: 1 (0x0) 295s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 295s Subject Public Key Info: 295s Public Key Algorithm: rsaEncryption 295s Public-Key: (1024 bit) 295s Modulus: 295s 00:b9:74:32:52:36:39:1f:10:22:a2:6e:99:93:6a: 295s 47:f6:73:87:75:a4:5a:a2:63:ba:06:d3:13:d4:be: 295s 74:ae:08:df:f5:cb:20:a8:85:8e:90:f5:08:84:99: 295s 8a:51:bd:e8:e0:68:fe:52:3a:0e:29:57:2e:40:67: 295s 8b:1e:ab:40:3a:ad:97:64:9a:e0:a0:dd:14:de:00: 295s d4:4a:73:35:3d:02:45:35:90:6f:4c:7e:e9:d5:bb: 295s 28:df:6a:11:9e:6c:61:de:71:7e:a9:b2:9f:f5:6d: 295s 15:83:0b:b6:67:1a:62:00:a4:cc:32:7c:f7:c5:04: 295s 15:81:2c:77:d8:71:f4:6c:5b 295s Exponent: 65537 (0x10001) 295s Attributes: 295s Requested Extensions: 295s X509v3 Basic Constraints: 295s CA:FALSE 295s Netscape Cert Type: 295s SSL Client, S/MIME 295s Netscape Comment: 295s Test Organization Root CA trusted Certificate 295s X509v3 Subject Key Identifier: 295s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 295s X509v3 Key Usage: critical 295s Digital Signature, Non Repudiation, Key Encipherment 295s X509v3 Extended Key Usage: 295s TLS Web Client Authentication, E-mail Protection 295s X509v3 Subject Alternative Name: 295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 295s Signature Algorithm: sha256WithRSAEncryption 295s Signature Value: 295s aa:0c:d9:5e:1c:eb:47:e9:6b:42:9c:6b:e7:65:0f:cb:54:5b: 295s 09:5b:4e:37:c5:b3:cf:01:66:50:13:8f:43:cc:24:d8:a2:40: 295s 50:06:09:fc:db:63:71:cf:30:b5:5d:91:16:c1:31:16:7a:5c: 295s bd:b3:de:79:0a:12:02:50:3c:51:1b:3b:c3:95:17:d4:e5:a1: 295s be:aa:0e:48:38:8b:75:bd:54:0f:a2:39:4d:88:a0:59:44:ed: 295s 77:f4:3b:61:5d:1c:72:a1:40:dc:65:97:ec:de:85:13:7c:21: 295s 32:cc:e3:b9:da:0a:77:d8:2b:fb:3c:0f:26:67:ea:bf:36:80: 295s 81:0c 295s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-patcvf/test-root-CA.config -passin pass:random-root-CA-password-4928 -keyfile /tmp/sssd-softhsm2-patcvf/test-root-CA-key.pem -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s Using configuration from /tmp/sssd-softhsm2-patcvf/test-root-CA.config 295s Check that the request matches the signature 295s Signature ok 295s Certificate Details: 295s Serial Number: 3 (0x3) 295s Validity 295s Not Before: Nov 29 20:41:45 2024 GMT 295s Not After : Nov 29 20:41:45 2025 GMT 295s Subject: 295s organizationName = Test Organization 295s organizationalUnitName = Test Organization Unit 295s commonName = Test Organization Root Trusted Certificate 0001 295s X509v3 extensions: 295s X509v3 Authority Key Identifier: 295s 23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 295s X509v3 Basic Constraints: 295s CA:FALSE 295s Netscape Cert Type: 295s SSL Client, S/MIME 295s Netscape Comment: 295s Test Organization Root CA trusted Certificate 295s X509v3 Subject Key Identifier: 295s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 295s X509v3 Key Usage: critical 295s Digital Signature, Non Repudiation, Key Encipherment 295s X509v3 Extended Key Usage: 295s TLS Web Client Authentication, E-mail Protection 295s X509v3 Subject Alternative Name: 295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 295s Certificate is to be certified until Nov 29 20:41:45 2025 GMT (365 days) 295s 295s Write out database with 1 new entries 295s Database updated 295s + openssl x509 -noout -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-root-CA.pem /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem: OK 295s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + local cmd=openssl 295s + shift 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 295s error 20 at 0 depth lookup: unable to get local issuer certificate 295s error /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem: verification failed 295s + cat 295s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 295s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-17242 1024 295s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-17242 -key /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001-request.pem 295s + openssl req -text -noout -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001-request.pem 295s Certificate Request: 295s Data: 295s Version: 1 (0x0) 295s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 295s Subject Public Key Info: 295s Public Key Algorithm: rsaEncryption 295s Public-Key: (1024 bit) 295s Modulus: 295s 00:b7:e3:62:43:09:db:39:37:82:54:63:89:23:b6: 295s 43:09:69:8c:91:75:64:8d:ad:9b:d1:fa:94:db:96: 295s a4:ce:1a:14:cf:ed:91:8d:ac:f4:0b:dc:32:1c:f8: 295s 00:49:b0:69:aa:8a:7b:1c:20:33:4b:71:c9:96:73: 295s dc:ce:d8:7b:24:8e:bc:21:d5:e3:60:8e:4f:57:a3: 295s 4f:b6:89:0f:13:26:28:91:c6:aa:21:f1:ff:ec:34: 295s f0:61:bb:46:5e:a6:29:6b:0b:c0:95:76:43:14:37: 295s 24:e6:38:9f:b7:cd:0e:80:d8:01:db:a3:89:3e:1f: 295s 59:59:0b:76:97:2c:e0:65:39 295s Exponent: 65537 (0x10001) 295s Attributes: 295s Requested Extensions: 295s X509v3 Basic Constraints: 295s CA:FALSE 295s Netscape Cert Type: 295s SSL Client, S/MIME 295s Netscape Comment: 295s Test Organization Intermediate CA trusted Certificate 295s X509v3 Subject Key Identifier: 295s 38:6F:96:77:EE:48:7F:45:D5:D1:26:CF:55:F4:50:F1:D9:11:A9:B1 295s X509v3 Key Usage: critical 295s Digital Signature, Non Repudiation, Key Encipherment 295s X509v3 Extended Key Usage: 295s TLS Web Client Authentication, E-mail Protection 295s X509v3 Subject Alternative Name: 295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 295s Signature Algorithm: sha256WithRSAEncryption 295s Signature Value: 295s 22:30:89:a9:f7:83:71:ba:00:37:71:25:41:d4:09:df:67:f8: 295s 58:ff:b6:d7:11:a5:32:df:06:6e:4e:62:30:e4:a4:f3:37:37: 295s f8:c5:28:3b:d4:c5:70:5a:c5:d5:07:dd:d2:62:51:a0:75:b2: 295s 7b:44:e9:19:cc:30:87:89:e0:33:76:ab:cd:a3:dc:ee:7d:d0: 295s 2d:3d:a3:60:43:42:44:c8:07:10:19:b0:2f:0a:0d:c9:dc:bf: 295s 94:14:d6:16:6f:a7:00:fb:68:af:10:85:61:13:6a:d5:ca:9b: 295s 91:45:b1:58:f5:c2:0c:ff:e4:b6:34:f1:75:83:75:46:75:14: 295s d3:ca 295s + openssl ca -passin pass:random-intermediate-CA-password-4472 -config /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 295s Using configuration from /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.config 295s Check that the request matches the signature 295s Signature ok 295s Certificate Details: 295s Serial Number: 4 (0x4) 295s Validity 295s Not Before: Nov 29 20:41:45 2024 GMT 295s Not After : Nov 29 20:41:45 2025 GMT 295s Subject: 295s organizationName = Test Organization 295s organizationalUnitName = Test Organization Unit 295s commonName = Test Organization Intermediate Trusted Certificate 0001 295s X509v3 extensions: 295s X509v3 Authority Key Identifier: 295s 4F:F3:5C:9D:A7:86:FB:FA:82:E9:29:9E:8C:F2:2F:02:55:62:2C:51 295s X509v3 Basic Constraints: 295s CA:FALSE 295s Netscape Cert Type: 295s SSL Client, S/MIME 295s Netscape Comment: 295s Test Organization Intermediate CA trusted Certificate 295s X509v3 Subject Key Identifier: 295s 38:6F:96:77:EE:48:7F:45:D5:D1:26:CF:55:F4:50:F1:D9:11:A9:B1 295s X509v3 Key Usage: critical 295s Digital Signature, Non Repudiation, Key Encipherment 295s X509v3 Extended Key Usage: 295s TLS Web Client Authentication, E-mail Protection 295s X509v3 Subject Alternative Name: 295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 295s Certificate is to be certified until Nov 29 20:41:45 2025 GMT (365 days) 295s 295s Write out database with 1 new entries 295s Database updated 295s + openssl x509 -noout -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 295s This certificate should not be trusted fully 295s + echo 'This certificate should not be trusted fully' 295s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 295s + local cmd=openssl 295s + shift 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 295s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 295s error 2 at 1 depth lookup: unable to get issuer certificate 295s error /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 295s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 295s /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem: OK 295s + cat 295s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 295s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-31969 1024 295s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-31969 -key /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 295s + openssl req -text -noout -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 295s Certificate Request: 295s Data: 295s Version: 1 (0x0) 295s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 295s Subject Public Key Info: 295s Public Key Algorithm: rsaEncryption 295s Public-Key: (1024 bit) 295s Modulus: 295s 00:ca:8f:6e:7f:8a:64:68:c0:83:10:46:42:9e:74: 295s 1f:e8:7b:62:dd:69:7c:0b:a1:22:2c:a0:c6:10:02: 295s 23:76:07:81:0e:f5:c9:a2:17:8b:46:94:6b:b4:3f: 295s cc:74:64:84:22:3e:c3:78:10:c3:29:0f:61:0b:ca: 295s 69:22:74:dd:56:b1:99:e7:64:39:29:f2:07:81:7e: 295s 05:d9:8b:31:f5:c8:40:dc:ab:9e:5f:d4:7d:c9:b5: 295s 0b:db:c5:cd:01:4a:9f:5f:e1:0a:9b:e2:c6:6e:3e: 295s d7:55:22:16:90:64:de:40:e5:29:6f:9e:13:7a:f9: 295s 9d:2e:20:92:fd:13:ef:12:eb 295s Exponent: 65537 (0x10001) 295s Attributes: 295s Requested Extensions: 295s X509v3 Basic Constraints: 295s CA:FALSE 295s Netscape Cert Type: 295s SSL Client, S/MIME 295s Netscape Comment: 295s Test Organization Sub Intermediate CA trusted Certificate 295s X509v3 Subject Key Identifier: 295s B1:FC:36:D1:A1:02:17:9D:37:70:D4:AC:BD:ED:A9:23:FF:BF:12:BA 295s X509v3 Key Usage: critical 295s Digital Signature, Non Repudiation, Key Encipherment 295s X509v3 Extended Key Usage: 295s TLS Web Client Authentication, E-mail Protection 295s X509v3 Subject Alternative Name: 295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 295s Signature Algorithm: sha256WithRSAEncryption 295s Signature Value: 295s 72:2d:ec:8e:b3:9a:49:82:19:c3:01:f1:39:71:bf:f3:b8:7f: 295s 6e:4b:63:c9:50:f1:7d:7f:8a:ec:78:17:f5:a9:6d:44:d5:ff: 295s 01:e7:d2:48:42:66:07:c5:79:ff:11:53:03:97:77:27:d3:ad: 295s a9:e0:42:38:37:e6:3c:56:2a:24:a3:d3:40:4a:d3:54:39:1c: 295s 9b:64:03:3a:68:84:3e:0a:64:4c:d5:42:c0:7c:78:f7:fa:85: 295s c8:b9:f4:9a:9d:73:ba:9b:7f:56:ef:e2:9d:f2:e8:df:8b:bf: 295s ce:05:cb:84:9a:2c:ed:11:8a:92:31:9b:91:71:45:f1:ec:ae: 295s f8:9d 295s + openssl ca -passin pass:random-sub-intermediate-CA-password-22533 -config /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 295s Using configuration from /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.config 295s Check that the request matches the signature 295s Signature ok 295s Certificate Details: 295s Serial Number: 5 (0x5) 295s Validity 295s Not Before: Nov 29 20:41:45 2024 GMT 295s Not After : Nov 29 20:41:45 2025 GMT 295s Subject: 295s organizationName = Test Organization 295s organizationalUnitName = Test Organization Unit 295s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 295s X509v3 extensions: 295s X509v3 Authority Key Identifier: 295s AA:22:5A:19:7B:A7:77:58:6B:AA:77:0F:FC:EC:11:4F:CA:D7:44:F4 295s X509v3 Basic Constraints: 295s CA:FALSE 295s Netscape Cert Type: 295s SSL Client, S/MIME 295s Netscape Comment: 295s Test Organization Sub Intermediate CA trusted Certificate 295s X509v3 Subject Key Identifier: 295s B1:FC:36:D1:A1:02:17:9D:37:70:D4:AC:BD:ED:A9:23:FF:BF:12:BA 295s X509v3 Key Usage: critical 295s Digital Signature, Non Repudiation, Key Encipherment 295s X509v3 Extended Key Usage: 295s TLS Web Client Authentication, E-mail Protection 295s X509v3 Subject Alternative Name: 295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 295s Certificate is to be certified until Nov 29 20:41:45 2025 GMT (365 days) 295s 295s Write out database with 1 new entries 295s Database updated 295s + openssl x509 -noout -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 295s This certificate should not be trusted fully 295s + echo 'This certificate should not be trusted fully' 295s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 295s + local cmd=openssl 295s + shift 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 295s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 295s error 2 at 1 depth lookup: unable to get issuer certificate 295s error /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 295s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 295s + local cmd=openssl 295s + shift 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 295s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 295s error 20 at 0 depth lookup: unable to get local issuer certificate 295s error /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 295s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 295s /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 295s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 295s + local cmd=openssl 295s + shift 295s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 295s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 295s error 20 at 0 depth lookup: unable to get local issuer certificate 295s error /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 295s + echo 'Building a the full-chain CA file...' 295s Building a the full-chain CA file... 295s + cat /tmp/sssd-softhsm2-patcvf/test-root-CA.pem /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 295s + cat /tmp/sssd-softhsm2-patcvf/test-root-CA.pem /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 295s + cat /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 295s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 295s + openssl pkcs7 -print_certs -noout 295s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 295s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 295s 295s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 295s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 295s 295s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 295s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 295s 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 295s /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem: OK 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem: OK 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 295s /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem: OK 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem /tmp/sssd-softhsm2-patcvf/test-root-intermediate-chain-CA.pem 295s /tmp/sssd-softhsm2-patcvf/test-root-intermediate-chain-CA.pem: OK 295s + openssl verify -CAfile /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 295s /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 295s + echo 'Certificates generation completed!' 295s Certificates generation completed! 295s + [[ -v NO_SSSD_TESTS ]] 295s + invalid_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /dev/null 295s + check_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /dev/null 295s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 295s + local key_ring=/dev/null 295s + local verify_option= 295s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 295s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 295s + local key_cn 295s + local key_name 295s + local tokens_dir 295s + local output_cert_file 295s + token_name= 295s ++ basename /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem .pem 295s + key_name=test-root-CA-trusted-certificate-0001 295s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s ++ sed -n 's/ *commonName *= //p' 295s + key_cn='Test Organization Root Trusted Certificate 0001' 295s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 295s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 295s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 295s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 295s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 295s + token_name='Test Organization Root Tr Token' 295s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 295s + local key_file 295s + local decrypted_key 295s + mkdir -p /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 295s + key_file=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001-key.pem 295s + decrypted_key=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001-key-decrypted.pem 295s + cat 295s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 295s Slot 0 has a free/uninitialized token. 295s The token has been initialized and is reassigned to slot 1928183913 295s + softhsm2-util --show-slots 295s Available slots: 295s Slot 1928183913 295s Slot info: 295s Description: SoftHSM slot ID 0x72edc069 295s Manufacturer ID: SoftHSM project 295s Hardware version: 2.6 295s Firmware version: 2.6 295s Token present: yes 295s Token info: 295s Manufacturer ID: SoftHSM project 295s Model: SoftHSM v2 295s Hardware version: 2.6 295s Firmware version: 2.6 295s Serial number: 4e5d14bc72edc069 295s Initialized: yes 295s User PIN init.: yes 295s Label: Test Organization Root Tr Token 295s Slot 1 295s Slot info: 295s Description: SoftHSM slot ID 0x1 295s Manufacturer ID: SoftHSM project 295s Hardware version: 2.6 295s Firmware version: 2.6 295s Token present: yes 295s Token info: 295s Manufacturer ID: SoftHSM project 295s Model: SoftHSM v2 295s Hardware version: 2.6 295s Firmware version: 2.6 295s Serial number: 295s Initialized: no 295s User PIN init.: no 295s Label: 295s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 295s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-7515 -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001-key-decrypted.pem 295s writing RSA key 295s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 295s + rm /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001-key-decrypted.pem 295s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 295s Object 0: 295s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e5d14bc72edc069;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 295s Type: X.509 Certificate (RSA-1024) 295s Expires: Sat Nov 29 20:41:45 2025 295s Label: Test Organization Root Trusted Certificate 0001 295s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 295s 295s + echo 'Test Organization Root Tr Token' 295s + '[' -n '' ']' 295s + local output_base_name=SSSD-child-29528 295s Test Organization Root Tr Token 295s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-29528.output 295s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-29528.pem 295s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 295s [p11_child[2935]] [main] (0x0400): p11_child started. 295s [p11_child[2935]] [main] (0x2000): Running in [pre-auth] mode. 295s [p11_child[2935]] [main] (0x2000): Running with effective IDs: [0][0]. 295s [p11_child[2935]] [main] (0x2000): Running with real IDs [0][0]. 295s [p11_child[2935]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 295s [p11_child[2935]] [do_work] (0x0040): init_verification failed. 295s [p11_child[2935]] [main] (0x0020): p11_child failed (5) 295s + return 2 295s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /dev/null no_verification 295s + check_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /dev/null no_verification 295s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 295s + local key_ring=/dev/null 295s + local verify_option=no_verification 295s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 295s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 295s + local key_cn 295s + local key_name 295s + local tokens_dir 295s + local output_cert_file 295s + token_name= 295s ++ basename /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem .pem 295s + key_name=test-root-CA-trusted-certificate-0001 295s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s ++ sed -n 's/ *commonName *= //p' 295s + key_cn='Test Organization Root Trusted Certificate 0001' 295s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 295s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 295s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 295s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 295s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 295s + token_name='Test Organization Root Tr Token' 295s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 295s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 295s Test Organization Root Tr Token 295s + echo 'Test Organization Root Tr Token' 295s + '[' -n no_verification ']' 295s + local verify_arg=--verify=no_verification 295s + local output_base_name=SSSD-child-19888 295s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-19888.output 295s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-19888.pem 295s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 295s [p11_child[2941]] [main] (0x0400): p11_child started. 295s [p11_child[2941]] [main] (0x2000): Running in [pre-auth] mode. 295s [p11_child[2941]] [main] (0x2000): Running with effective IDs: [0][0]. 295s [p11_child[2941]] [main] (0x2000): Running with real IDs [0][0]. 295s [p11_child[2941]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 295s [p11_child[2941]] [do_card] (0x4000): Module List: 295s [p11_child[2941]] [do_card] (0x4000): common name: [softhsm2]. 295s [p11_child[2941]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 295s [p11_child[2941]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 295s [p11_child[2941]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 295s [p11_child[2941]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 295s [p11_child[2941]] [do_card] (0x4000): Login NOT required. 295s [p11_child[2941]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 295s [p11_child[2941]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 295s [p11_child[2941]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72edc069;slot-manufacturer=SoftHSM%20project;slot-id=1928183913;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e5d14bc72edc069;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 295s [p11_child[2941]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 295s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-19888.output 295s + echo '-----BEGIN CERTIFICATE-----' 295s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-19888.output 295s + echo '-----END CERTIFICATE-----' 295s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-19888.pem 295s Certificate: 295s Data: 295s Version: 3 (0x2) 295s Serial Number: 3 (0x3) 295s Signature Algorithm: sha256WithRSAEncryption 295s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 295s Validity 295s Not Before: Nov 29 20:41:45 2024 GMT 295s Not After : Nov 29 20:41:45 2025 GMT 295s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 295s Subject Public Key Info: 295s Public Key Algorithm: rsaEncryption 295s Public-Key: (1024 bit) 295s Modulus: 295s 00:b9:74:32:52:36:39:1f:10:22:a2:6e:99:93:6a: 295s 47:f6:73:87:75:a4:5a:a2:63:ba:06:d3:13:d4:be: 295s 74:ae:08:df:f5:cb:20:a8:85:8e:90:f5:08:84:99: 295s 8a:51:bd:e8:e0:68:fe:52:3a:0e:29:57:2e:40:67: 295s 8b:1e:ab:40:3a:ad:97:64:9a:e0:a0:dd:14:de:00: 295s d4:4a:73:35:3d:02:45:35:90:6f:4c:7e:e9:d5:bb: 295s 28:df:6a:11:9e:6c:61:de:71:7e:a9:b2:9f:f5:6d: 295s 15:83:0b:b6:67:1a:62:00:a4:cc:32:7c:f7:c5:04: 295s 15:81:2c:77:d8:71:f4:6c:5b 295s Exponent: 65537 (0x10001) 295s X509v3 extensions: 295s X509v3 Authority Key Identifier: 295s 23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 295s X509v3 Basic Constraints: 295s CA:FALSE 295s Netscape Cert Type: 295s SSL Client, S/MIME 295s Netscape Comment: 295s Test Organization Root CA trusted Certificate 295s X509v3 Subject Key Identifier: 295s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 295s X509v3 Key Usage: critical 295s Digital Signature, Non Repudiation, Key Encipherment 295s X509v3 Extended Key Usage: 295s TLS Web Client Authentication, E-mail Protection 295s X509v3 Subject Alternative Name: 295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 295s Signature Algorithm: sha256WithRSAEncryption 295s Signature Value: 295s 88:af:e0:22:ad:7b:4f:c1:2f:87:a8:1a:c5:11:86:08:c6:fe: 295s f7:41:f2:98:5c:d1:7c:2e:12:9d:40:78:ab:36:f5:c6:b1:33: 295s a8:96:f2:2e:e4:36:6e:1d:01:e4:49:2a:20:8a:d5:df:95:f8: 295s b4:09:e5:1e:c0:f0:9a:a7:23:83:0d:2d:cf:3b:1f:9d:bf:e5: 295s d7:a5:24:61:8b:86:89:de:9b:68:a9:30:19:10:9b:23:74:b0: 295s 9c:c3:84:ec:55:aa:32:7b:58:be:c6:dc:3d:44:bb:4c:79:90: 295s 9b:c6:e9:4e:44:18:cc:6f:95:f6:65:fd:70:8d:12:98:78:ee: 295s c7:66 295s + local found_md5 expected_md5 295s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + expected_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 295s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-19888.pem 295s + found_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 295s + '[' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B '!=' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B ']' 295s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-19888-auth.output 295s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-19888-auth.output .output 295s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-19888-auth.pem 295s + echo -n 053350 295s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 295s [p11_child[2949]] [main] (0x0400): p11_child started. 295s [p11_child[2949]] [main] (0x2000): Running in [auth] mode. 295s [p11_child[2949]] [main] (0x2000): Running with effective IDs: [0][0]. 295s [p11_child[2949]] [main] (0x2000): Running with real IDs [0][0]. 295s [p11_child[2949]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 295s [p11_child[2949]] [do_card] (0x4000): Module List: 295s [p11_child[2949]] [do_card] (0x4000): common name: [softhsm2]. 295s [p11_child[2949]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 295s [p11_child[2949]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 295s [p11_child[2949]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 295s [p11_child[2949]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 295s [p11_child[2949]] [do_card] (0x4000): Login required. 295s [p11_child[2949]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 295s [p11_child[2949]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 295s [p11_child[2949]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72edc069;slot-manufacturer=SoftHSM%20project;slot-id=1928183913;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e5d14bc72edc069;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 295s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 295s [p11_child[2949]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 295s [p11_child[2949]] [do_card] (0x4000): Certificate verified and validated. 295s [p11_child[2949]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 295s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-19888-auth.output 295s + echo '-----BEGIN CERTIFICATE-----' 295s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-19888-auth.output 295s + echo '-----END CERTIFICATE-----' 295s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-19888-auth.pem 295s Certificate: 295s Data: 295s Version: 3 (0x2) 295s Serial Number: 3 (0x3) 295s Signature Algorithm: sha256WithRSAEncryption 295s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 295s Validity 295s Not Before: Nov 29 20:41:45 2024 GMT 295s Not After : Nov 29 20:41:45 2025 GMT 295s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 295s Subject Public Key Info: 295s Public Key Algorithm: rsaEncryption 295s Public-Key: (1024 bit) 295s Modulus: 295s 00:b9:74:32:52:36:39:1f:10:22:a2:6e:99:93:6a: 295s 47:f6:73:87:75:a4:5a:a2:63:ba:06:d3:13:d4:be: 295s 74:ae:08:df:f5:cb:20:a8:85:8e:90:f5:08:84:99: 295s 8a:51:bd:e8:e0:68:fe:52:3a:0e:29:57:2e:40:67: 295s 8b:1e:ab:40:3a:ad:97:64:9a:e0:a0:dd:14:de:00: 295s d4:4a:73:35:3d:02:45:35:90:6f:4c:7e:e9:d5:bb: 295s 28:df:6a:11:9e:6c:61:de:71:7e:a9:b2:9f:f5:6d: 295s 15:83:0b:b6:67:1a:62:00:a4:cc:32:7c:f7:c5:04: 295s 15:81:2c:77:d8:71:f4:6c:5b 295s Exponent: 65537 (0x10001) 295s X509v3 extensions: 295s X509v3 Authority Key Identifier: 295s 23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 295s X509v3 Basic Constraints: 295s CA:FALSE 295s Netscape Cert Type: 295s SSL Client, S/MIME 295s Netscape Comment: 295s Test Organization Root CA trusted Certificate 295s X509v3 Subject Key Identifier: 295s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 295s X509v3 Key Usage: critical 295s Digital Signature, Non Repudiation, Key Encipherment 295s X509v3 Extended Key Usage: 295s TLS Web Client Authentication, E-mail Protection 295s X509v3 Subject Alternative Name: 295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 295s Signature Algorithm: sha256WithRSAEncryption 295s Signature Value: 295s 88:af:e0:22:ad:7b:4f:c1:2f:87:a8:1a:c5:11:86:08:c6:fe: 295s f7:41:f2:98:5c:d1:7c:2e:12:9d:40:78:ab:36:f5:c6:b1:33: 295s a8:96:f2:2e:e4:36:6e:1d:01:e4:49:2a:20:8a:d5:df:95:f8: 295s b4:09:e5:1e:c0:f0:9a:a7:23:83:0d:2d:cf:3b:1f:9d:bf:e5: 295s d7:a5:24:61:8b:86:89:de:9b:68:a9:30:19:10:9b:23:74:b0: 295s 9c:c3:84:ec:55:aa:32:7b:58:be:c6:dc:3d:44:bb:4c:79:90: 295s 9b:c6:e9:4e:44:18:cc:6f:95:f6:65:fd:70:8d:12:98:78:ee: 295s c7:66 295s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-19888-auth.pem 295s + found_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 295s + '[' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B '!=' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B ']' 295s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem 295s + check_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem 295s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 295s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 295s + local verify_option= 295s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 295s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 295s + local key_cn 295s + local key_name 295s + local tokens_dir 295s + local output_cert_file 295s + token_name= 295s ++ basename /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem .pem 295s + key_name=test-root-CA-trusted-certificate-0001 295s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s ++ sed -n 's/ *commonName *= //p' 295s + key_cn='Test Organization Root Trusted Certificate 0001' 295s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 295s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 295s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 295s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 295s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 295s + token_name='Test Organization Root Tr Token' 295s Test Organization Root Tr Token 295s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 295s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 295s + echo 'Test Organization Root Tr Token' 295s + '[' -n '' ']' 295s + local output_base_name=SSSD-child-21056 295s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-21056.output 295s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-21056.pem 295s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 295s [p11_child[2959]] [main] (0x0400): p11_child started. 295s [p11_child[2959]] [main] (0x2000): Running in [pre-auth] mode. 295s [p11_child[2959]] [main] (0x2000): Running with effective IDs: [0][0]. 295s [p11_child[2959]] [main] (0x2000): Running with real IDs [0][0]. 295s [p11_child[2959]] [do_card] (0x4000): Module List: 295s [p11_child[2959]] [do_card] (0x4000): common name: [softhsm2]. 295s [p11_child[2959]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 295s [p11_child[2959]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 295s [p11_child[2959]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 295s [p11_child[2959]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 295s [p11_child[2959]] [do_card] (0x4000): Login NOT required. 295s [p11_child[2959]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 295s [p11_child[2959]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 295s [p11_child[2959]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 295s [p11_child[2959]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72edc069;slot-manufacturer=SoftHSM%20project;slot-id=1928183913;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e5d14bc72edc069;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 295s [p11_child[2959]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 295s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-21056.output 295s + echo '-----BEGIN CERTIFICATE-----' 295s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-21056.output 295s + echo '-----END CERTIFICATE-----' 295s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-21056.pem 295s Certificate: 295s Data: 295s Version: 3 (0x2) 295s Serial Number: 3 (0x3) 295s Signature Algorithm: sha256WithRSAEncryption 295s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 295s Validity 295s Not Before: Nov 29 20:41:45 2024 GMT 295s Not After : Nov 29 20:41:45 2025 GMT 295s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 295s Subject Public Key Info: 295s Public Key Algorithm: rsaEncryption 295s Public-Key: (1024 bit) 295s Modulus: 295s 00:b9:74:32:52:36:39:1f:10:22:a2:6e:99:93:6a: 295s 47:f6:73:87:75:a4:5a:a2:63:ba:06:d3:13:d4:be: 295s 74:ae:08:df:f5:cb:20:a8:85:8e:90:f5:08:84:99: 295s 8a:51:bd:e8:e0:68:fe:52:3a:0e:29:57:2e:40:67: 295s 8b:1e:ab:40:3a:ad:97:64:9a:e0:a0:dd:14:de:00: 295s d4:4a:73:35:3d:02:45:35:90:6f:4c:7e:e9:d5:bb: 295s 28:df:6a:11:9e:6c:61:de:71:7e:a9:b2:9f:f5:6d: 295s 15:83:0b:b6:67:1a:62:00:a4:cc:32:7c:f7:c5:04: 295s 15:81:2c:77:d8:71:f4:6c:5b 295s Exponent: 65537 (0x10001) 295s X509v3 extensions: 295s X509v3 Authority Key Identifier: 295s 23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 295s X509v3 Basic Constraints: 295s CA:FALSE 295s Netscape Cert Type: 295s SSL Client, S/MIME 295s Netscape Comment: 295s Test Organization Root CA trusted Certificate 295s X509v3 Subject Key Identifier: 295s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 295s X509v3 Key Usage: critical 295s Digital Signature, Non Repudiation, Key Encipherment 295s X509v3 Extended Key Usage: 295s TLS Web Client Authentication, E-mail Protection 295s X509v3 Subject Alternative Name: 295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 295s Signature Algorithm: sha256WithRSAEncryption 295s Signature Value: 295s 88:af:e0:22:ad:7b:4f:c1:2f:87:a8:1a:c5:11:86:08:c6:fe: 295s f7:41:f2:98:5c:d1:7c:2e:12:9d:40:78:ab:36:f5:c6:b1:33: 295s a8:96:f2:2e:e4:36:6e:1d:01:e4:49:2a:20:8a:d5:df:95:f8: 295s b4:09:e5:1e:c0:f0:9a:a7:23:83:0d:2d:cf:3b:1f:9d:bf:e5: 295s d7:a5:24:61:8b:86:89:de:9b:68:a9:30:19:10:9b:23:74:b0: 295s 9c:c3:84:ec:55:aa:32:7b:58:be:c6:dc:3d:44:bb:4c:79:90: 295s 9b:c6:e9:4e:44:18:cc:6f:95:f6:65:fd:70:8d:12:98:78:ee: 295s c7:66 295s + local found_md5 expected_md5 295s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + expected_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 295s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-21056.pem 295s + found_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 295s + '[' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B '!=' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B ']' 295s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-21056-auth.output 295s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-21056-auth.output .output 295s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-21056-auth.pem 295s + echo -n 053350 295s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 295s [p11_child[2967]] [main] (0x0400): p11_child started. 295s [p11_child[2967]] [main] (0x2000): Running in [auth] mode. 295s [p11_child[2967]] [main] (0x2000): Running with effective IDs: [0][0]. 295s [p11_child[2967]] [main] (0x2000): Running with real IDs [0][0]. 295s [p11_child[2967]] [do_card] (0x4000): Module List: 295s [p11_child[2967]] [do_card] (0x4000): common name: [softhsm2]. 295s [p11_child[2967]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 295s [p11_child[2967]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 295s [p11_child[2967]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 295s [p11_child[2967]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 295s [p11_child[2967]] [do_card] (0x4000): Login required. 295s [p11_child[2967]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 295s [p11_child[2967]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 295s [p11_child[2967]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 295s [p11_child[2967]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72edc069;slot-manufacturer=SoftHSM%20project;slot-id=1928183913;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e5d14bc72edc069;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 295s [p11_child[2967]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 295s [p11_child[2967]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 295s [p11_child[2967]] [do_card] (0x4000): Certificate verified and validated. 295s [p11_child[2967]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 295s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-21056-auth.output 295s + echo '-----BEGIN CERTIFICATE-----' 295s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-21056-auth.output 295s + echo '-----END CERTIFICATE-----' 295s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-21056-auth.pem 295s Certificate: 295s Data: 295s Version: 3 (0x2) 295s Serial Number: 3 (0x3) 295s Signature Algorithm: sha256WithRSAEncryption 295s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 295s Validity 295s Not Before: Nov 29 20:41:45 2024 GMT 295s Not After : Nov 29 20:41:45 2025 GMT 295s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 295s Subject Public Key Info: 295s Public Key Algorithm: rsaEncryption 295s Public-Key: (1024 bit) 295s Modulus: 295s 00:b9:74:32:52:36:39:1f:10:22:a2:6e:99:93:6a: 295s 47:f6:73:87:75:a4:5a:a2:63:ba:06:d3:13:d4:be: 295s 74:ae:08:df:f5:cb:20:a8:85:8e:90:f5:08:84:99: 295s 8a:51:bd:e8:e0:68:fe:52:3a:0e:29:57:2e:40:67: 295s 8b:1e:ab:40:3a:ad:97:64:9a:e0:a0:dd:14:de:00: 295s d4:4a:73:35:3d:02:45:35:90:6f:4c:7e:e9:d5:bb: 295s 28:df:6a:11:9e:6c:61:de:71:7e:a9:b2:9f:f5:6d: 295s 15:83:0b:b6:67:1a:62:00:a4:cc:32:7c:f7:c5:04: 295s 15:81:2c:77:d8:71:f4:6c:5b 295s Exponent: 65537 (0x10001) 295s X509v3 extensions: 295s X509v3 Authority Key Identifier: 295s 23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 295s X509v3 Basic Constraints: 295s CA:FALSE 295s Netscape Cert Type: 295s SSL Client, S/MIME 295s Netscape Comment: 295s Test Organization Root CA trusted Certificate 295s X509v3 Subject Key Identifier: 295s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 295s X509v3 Key Usage: critical 295s Digital Signature, Non Repudiation, Key Encipherment 295s X509v3 Extended Key Usage: 295s TLS Web Client Authentication, E-mail Protection 295s X509v3 Subject Alternative Name: 295s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 295s Signature Algorithm: sha256WithRSAEncryption 295s Signature Value: 295s 88:af:e0:22:ad:7b:4f:c1:2f:87:a8:1a:c5:11:86:08:c6:fe: 295s f7:41:f2:98:5c:d1:7c:2e:12:9d:40:78:ab:36:f5:c6:b1:33: 295s a8:96:f2:2e:e4:36:6e:1d:01:e4:49:2a:20:8a:d5:df:95:f8: 295s b4:09:e5:1e:c0:f0:9a:a7:23:83:0d:2d:cf:3b:1f:9d:bf:e5: 295s d7:a5:24:61:8b:86:89:de:9b:68:a9:30:19:10:9b:23:74:b0: 295s 9c:c3:84:ec:55:aa:32:7b:58:be:c6:dc:3d:44:bb:4c:79:90: 295s 9b:c6:e9:4e:44:18:cc:6f:95:f6:65:fd:70:8d:12:98:78:ee: 295s c7:66 295s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-21056-auth.pem 295s + found_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 295s + '[' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B '!=' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B ']' 295s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem partial_chain 295s + check_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem partial_chain 295s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 295s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 295s + local verify_option=partial_chain 295s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 295s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 295s + local key_cn 295s + local key_name 295s + local tokens_dir 295s + local output_cert_file 295s + token_name= 295s ++ basename /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem .pem 295s + key_name=test-root-CA-trusted-certificate-0001 295s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 295s ++ sed -n 's/ *commonName *= //p' 295s + key_cn='Test Organization Root Trusted Certificate 0001' 295s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 295s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 295s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 295s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 295s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 295s + token_name='Test Organization Root Tr Token' 295s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 295s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 295s Test Organization Root Tr Token 295s + echo 'Test Organization Root Tr Token' 295s + '[' -n partial_chain ']' 295s + local verify_arg=--verify=partial_chain 295s + local output_base_name=SSSD-child-4563 295s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-4563.output 295s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-4563.pem 295s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 295s [p11_child[2977]] [main] (0x0400): p11_child started. 295s [p11_child[2977]] [main] (0x2000): Running in [pre-auth] mode. 295s [p11_child[2977]] [main] (0x2000): Running with effective IDs: [0][0]. 295s [p11_child[2977]] [main] (0x2000): Running with real IDs [0][0]. 295s [p11_child[2977]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 295s [p11_child[2977]] [do_card] (0x4000): Module List: 295s [p11_child[2977]] [do_card] (0x4000): common name: [softhsm2]. 295s [p11_child[2977]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 295s [p11_child[2977]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 295s [p11_child[2977]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 295s [p11_child[2977]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 295s [p11_child[2977]] [do_card] (0x4000): Login NOT required. 295s [p11_child[2977]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 295s [p11_child[2977]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 295s [p11_child[2977]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 295s [p11_child[2977]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72edc069;slot-manufacturer=SoftHSM%20project;slot-id=1928183913;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e5d14bc72edc069;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 295s [p11_child[2977]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 295s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-4563.output 295s + echo '-----BEGIN CERTIFICATE-----' 295s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-4563.output 295s + echo '-----END CERTIFICATE-----' 295s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-4563.pem 296s Certificate: 296s Data: 296s Version: 3 (0x2) 296s Serial Number: 3 (0x3) 296s Signature Algorithm: sha256WithRSAEncryption 296s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 296s Validity 296s Not Before: Nov 29 20:41:45 2024 GMT 296s Not After : Nov 29 20:41:45 2025 GMT 296s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 296s Subject Public Key Info: 296s Public Key Algorithm: rsaEncryption 296s Public-Key: (1024 bit) 296s Modulus: 296s 00:b9:74:32:52:36:39:1f:10:22:a2:6e:99:93:6a: 296s 47:f6:73:87:75:a4:5a:a2:63:ba:06:d3:13:d4:be: 296s 74:ae:08:df:f5:cb:20:a8:85:8e:90:f5:08:84:99: 296s 8a:51:bd:e8:e0:68:fe:52:3a:0e:29:57:2e:40:67: 296s 8b:1e:ab:40:3a:ad:97:64:9a:e0:a0:dd:14:de:00: 296s d4:4a:73:35:3d:02:45:35:90:6f:4c:7e:e9:d5:bb: 296s 28:df:6a:11:9e:6c:61:de:71:7e:a9:b2:9f:f5:6d: 296s 15:83:0b:b6:67:1a:62:00:a4:cc:32:7c:f7:c5:04: 296s 15:81:2c:77:d8:71:f4:6c:5b 296s Exponent: 65537 (0x10001) 296s X509v3 extensions: 296s X509v3 Authority Key Identifier: 296s 23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 296s X509v3 Basic Constraints: 296s CA:FALSE 296s Netscape Cert Type: 296s SSL Client, S/MIME 296s Netscape Comment: 296s Test Organization Root CA trusted Certificate 296s X509v3 Subject Key Identifier: 296s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 296s X509v3 Key Usage: critical 296s Digital Signature, Non Repudiation, Key Encipherment 296s X509v3 Extended Key Usage: 296s TLS Web Client Authentication, E-mail Protection 296s X509v3 Subject Alternative Name: 296s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 296s Signature Algorithm: sha256WithRSAEncryption 296s Signature Value: 296s 88:af:e0:22:ad:7b:4f:c1:2f:87:a8:1a:c5:11:86:08:c6:fe: 296s f7:41:f2:98:5c:d1:7c:2e:12:9d:40:78:ab:36:f5:c6:b1:33: 296s a8:96:f2:2e:e4:36:6e:1d:01:e4:49:2a:20:8a:d5:df:95:f8: 296s b4:09:e5:1e:c0:f0:9a:a7:23:83:0d:2d:cf:3b:1f:9d:bf:e5: 296s d7:a5:24:61:8b:86:89:de:9b:68:a9:30:19:10:9b:23:74:b0: 296s 9c:c3:84:ec:55:aa:32:7b:58:be:c6:dc:3d:44:bb:4c:79:90: 296s 9b:c6:e9:4e:44:18:cc:6f:95:f6:65:fd:70:8d:12:98:78:ee: 296s c7:66 296s + local found_md5 expected_md5 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s + expected_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-4563.pem 296s + found_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 296s + '[' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B '!=' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B ']' 296s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-4563-auth.output 296s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-4563-auth.output .output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-4563-auth.pem 296s + echo -n 053350 296s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 296s [p11_child[2985]] [main] (0x0400): p11_child started. 296s [p11_child[2985]] [main] (0x2000): Running in [auth] mode. 296s [p11_child[2985]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[2985]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[2985]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 296s [p11_child[2985]] [do_card] (0x4000): Module List: 296s [p11_child[2985]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[2985]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[2985]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[2985]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 296s [p11_child[2985]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[2985]] [do_card] (0x4000): Login required. 296s [p11_child[2985]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 296s [p11_child[2985]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 296s [p11_child[2985]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 296s [p11_child[2985]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72edc069;slot-manufacturer=SoftHSM%20project;slot-id=1928183913;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e5d14bc72edc069;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 296s [p11_child[2985]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 296s [p11_child[2985]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 296s [p11_child[2985]] [do_card] (0x4000): Certificate verified and validated. 296s [p11_child[2985]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-4563-auth.output 296s + echo '-----BEGIN CERTIFICATE-----' 296s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-4563-auth.output 296s + echo '-----END CERTIFICATE-----' 296s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-4563-auth.pem 296s Certificate: 296s Data: 296s Version: 3 (0x2) 296s Serial Number: 3 (0x3) 296s Signature Algorithm: sha256WithRSAEncryption 296s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 296s Validity 296s Not Before: Nov 29 20:41:45 2024 GMT 296s Not After : Nov 29 20:41:45 2025 GMT 296s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 296s Subject Public Key Info: 296s Public Key Algorithm: rsaEncryption 296s Public-Key: (1024 bit) 296s Modulus: 296s 00:b9:74:32:52:36:39:1f:10:22:a2:6e:99:93:6a: 296s 47:f6:73:87:75:a4:5a:a2:63:ba:06:d3:13:d4:be: 296s 74:ae:08:df:f5:cb:20:a8:85:8e:90:f5:08:84:99: 296s 8a:51:bd:e8:e0:68:fe:52:3a:0e:29:57:2e:40:67: 296s 8b:1e:ab:40:3a:ad:97:64:9a:e0:a0:dd:14:de:00: 296s d4:4a:73:35:3d:02:45:35:90:6f:4c:7e:e9:d5:bb: 296s 28:df:6a:11:9e:6c:61:de:71:7e:a9:b2:9f:f5:6d: 296s 15:83:0b:b6:67:1a:62:00:a4:cc:32:7c:f7:c5:04: 296s 15:81:2c:77:d8:71:f4:6c:5b 296s Exponent: 65537 (0x10001) 296s X509v3 extensions: 296s X509v3 Authority Key Identifier: 296s 23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 296s X509v3 Basic Constraints: 296s CA:FALSE 296s Netscape Cert Type: 296s SSL Client, S/MIME 296s Netscape Comment: 296s Test Organization Root CA trusted Certificate 296s X509v3 Subject Key Identifier: 296s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 296s X509v3 Key Usage: critical 296s Digital Signature, Non Repudiation, Key Encipherment 296s X509v3 Extended Key Usage: 296s TLS Web Client Authentication, E-mail Protection 296s X509v3 Subject Alternative Name: 296s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 296s Signature Algorithm: sha256WithRSAEncryption 296s Signature Value: 296s 88:af:e0:22:ad:7b:4f:c1:2f:87:a8:1a:c5:11:86:08:c6:fe: 296s f7:41:f2:98:5c:d1:7c:2e:12:9d:40:78:ab:36:f5:c6:b1:33: 296s a8:96:f2:2e:e4:36:6e:1d:01:e4:49:2a:20:8a:d5:df:95:f8: 296s b4:09:e5:1e:c0:f0:9a:a7:23:83:0d:2d:cf:3b:1f:9d:bf:e5: 296s d7:a5:24:61:8b:86:89:de:9b:68:a9:30:19:10:9b:23:74:b0: 296s 9c:c3:84:ec:55:aa:32:7b:58:be:c6:dc:3d:44:bb:4c:79:90: 296s 9b:c6:e9:4e:44:18:cc:6f:95:f6:65:fd:70:8d:12:98:78:ee: 296s c7:66 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-4563-auth.pem 296s + found_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 296s + '[' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B '!=' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B ']' 296s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 296s + check_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 296s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 296s + local verify_option= 296s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 296s + local key_cn 296s + local key_name 296s + local tokens_dir 296s + local output_cert_file 296s + token_name= 296s ++ basename /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem .pem 296s + key_name=test-root-CA-trusted-certificate-0001 296s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s ++ sed -n 's/ *commonName *= //p' 296s + key_cn='Test Organization Root Trusted Certificate 0001' 296s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 296s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 296s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 296s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 296s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 296s + token_name='Test Organization Root Tr Token' 296s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 296s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 296s + echo 'Test Organization Root Tr Token' 296s + '[' -n '' ']' 296s Test Organization Root Tr Token 296s + local output_base_name=SSSD-child-14657 296s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-14657.output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-14657.pem 296s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 296s [p11_child[2995]] [main] (0x0400): p11_child started. 296s [p11_child[2995]] [main] (0x2000): Running in [pre-auth] mode. 296s [p11_child[2995]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[2995]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[2995]] [do_card] (0x4000): Module List: 296s [p11_child[2995]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[2995]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[2995]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[2995]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 296s [p11_child[2995]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[2995]] [do_card] (0x4000): Login NOT required. 296s [p11_child[2995]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 296s [p11_child[2995]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 296s [p11_child[2995]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 296s [p11_child[2995]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72edc069;slot-manufacturer=SoftHSM%20project;slot-id=1928183913;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e5d14bc72edc069;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 296s [p11_child[2995]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-14657.output 296s + echo '-----BEGIN CERTIFICATE-----' 296s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-14657.output 296s + echo '-----END CERTIFICATE-----' 296s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-14657.pem 296s Certificate: 296s Data: 296s Version: 3 (0x2) 296s Serial Number: 3 (0x3) 296s Signature Algorithm: sha256WithRSAEncryption 296s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 296s Validity 296s Not Before: Nov 29 20:41:45 2024 GMT 296s Not After : Nov 29 20:41:45 2025 GMT 296s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 296s Subject Public Key Info: 296s Public Key Algorithm: rsaEncryption 296s Public-Key: (1024 bit) 296s Modulus: 296s 00:b9:74:32:52:36:39:1f:10:22:a2:6e:99:93:6a: 296s 47:f6:73:87:75:a4:5a:a2:63:ba:06:d3:13:d4:be: 296s 74:ae:08:df:f5:cb:20:a8:85:8e:90:f5:08:84:99: 296s 8a:51:bd:e8:e0:68:fe:52:3a:0e:29:57:2e:40:67: 296s 8b:1e:ab:40:3a:ad:97:64:9a:e0:a0:dd:14:de:00: 296s d4:4a:73:35:3d:02:45:35:90:6f:4c:7e:e9:d5:bb: 296s 28:df:6a:11:9e:6c:61:de:71:7e:a9:b2:9f:f5:6d: 296s 15:83:0b:b6:67:1a:62:00:a4:cc:32:7c:f7:c5:04: 296s 15:81:2c:77:d8:71:f4:6c:5b 296s Exponent: 65537 (0x10001) 296s X509v3 extensions: 296s X509v3 Authority Key Identifier: 296s 23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 296s X509v3 Basic Constraints: 296s CA:FALSE 296s Netscape Cert Type: 296s SSL Client, S/MIME 296s Netscape Comment: 296s Test Organization Root CA trusted Certificate 296s X509v3 Subject Key Identifier: 296s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 296s X509v3 Key Usage: critical 296s Digital Signature, Non Repudiation, Key Encipherment 296s X509v3 Extended Key Usage: 296s TLS Web Client Authentication, E-mail Protection 296s X509v3 Subject Alternative Name: 296s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 296s Signature Algorithm: sha256WithRSAEncryption 296s Signature Value: 296s 88:af:e0:22:ad:7b:4f:c1:2f:87:a8:1a:c5:11:86:08:c6:fe: 296s f7:41:f2:98:5c:d1:7c:2e:12:9d:40:78:ab:36:f5:c6:b1:33: 296s a8:96:f2:2e:e4:36:6e:1d:01:e4:49:2a:20:8a:d5:df:95:f8: 296s b4:09:e5:1e:c0:f0:9a:a7:23:83:0d:2d:cf:3b:1f:9d:bf:e5: 296s d7:a5:24:61:8b:86:89:de:9b:68:a9:30:19:10:9b:23:74:b0: 296s 9c:c3:84:ec:55:aa:32:7b:58:be:c6:dc:3d:44:bb:4c:79:90: 296s 9b:c6:e9:4e:44:18:cc:6f:95:f6:65:fd:70:8d:12:98:78:ee: 296s c7:66 296s + local found_md5 expected_md5 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s + expected_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-14657.pem 296s + found_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 296s + '[' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B '!=' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B ']' 296s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-14657-auth.output 296s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-14657-auth.output .output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-14657-auth.pem 296s + echo -n 053350 296s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 296s [p11_child[3003]] [main] (0x0400): p11_child started. 296s [p11_child[3003]] [main] (0x2000): Running in [auth] mode. 296s [p11_child[3003]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3003]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3003]] [do_card] (0x4000): Module List: 296s [p11_child[3003]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[3003]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3003]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[3003]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 296s [p11_child[3003]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3003]] [do_card] (0x4000): Login required. 296s [p11_child[3003]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 296s [p11_child[3003]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 296s [p11_child[3003]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 296s [p11_child[3003]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72edc069;slot-manufacturer=SoftHSM%20project;slot-id=1928183913;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e5d14bc72edc069;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 296s [p11_child[3003]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 296s [p11_child[3003]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 296s [p11_child[3003]] [do_card] (0x4000): Certificate verified and validated. 296s [p11_child[3003]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-14657-auth.output 296s + echo '-----BEGIN CERTIFICATE-----' 296s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-14657-auth.output 296s + echo '-----END CERTIFICATE-----' 296s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-14657-auth.pem 296s Certificate: 296s Data: 296s Version: 3 (0x2) 296s Serial Number: 3 (0x3) 296s Signature Algorithm: sha256WithRSAEncryption 296s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 296s Validity 296s Not Before: Nov 29 20:41:45 2024 GMT 296s Not After : Nov 29 20:41:45 2025 GMT 296s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 296s Subject Public Key Info: 296s Public Key Algorithm: rsaEncryption 296s Public-Key: (1024 bit) 296s Modulus: 296s 00:b9:74:32:52:36:39:1f:10:22:a2:6e:99:93:6a: 296s 47:f6:73:87:75:a4:5a:a2:63:ba:06:d3:13:d4:be: 296s 74:ae:08:df:f5:cb:20:a8:85:8e:90:f5:08:84:99: 296s 8a:51:bd:e8:e0:68:fe:52:3a:0e:29:57:2e:40:67: 296s 8b:1e:ab:40:3a:ad:97:64:9a:e0:a0:dd:14:de:00: 296s d4:4a:73:35:3d:02:45:35:90:6f:4c:7e:e9:d5:bb: 296s 28:df:6a:11:9e:6c:61:de:71:7e:a9:b2:9f:f5:6d: 296s 15:83:0b:b6:67:1a:62:00:a4:cc:32:7c:f7:c5:04: 296s 15:81:2c:77:d8:71:f4:6c:5b 296s Exponent: 65537 (0x10001) 296s X509v3 extensions: 296s X509v3 Authority Key Identifier: 296s 23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 296s X509v3 Basic Constraints: 296s CA:FALSE 296s Netscape Cert Type: 296s SSL Client, S/MIME 296s Netscape Comment: 296s Test Organization Root CA trusted Certificate 296s X509v3 Subject Key Identifier: 296s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 296s X509v3 Key Usage: critical 296s Digital Signature, Non Repudiation, Key Encipherment 296s X509v3 Extended Key Usage: 296s TLS Web Client Authentication, E-mail Protection 296s X509v3 Subject Alternative Name: 296s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 296s Signature Algorithm: sha256WithRSAEncryption 296s Signature Value: 296s 88:af:e0:22:ad:7b:4f:c1:2f:87:a8:1a:c5:11:86:08:c6:fe: 296s f7:41:f2:98:5c:d1:7c:2e:12:9d:40:78:ab:36:f5:c6:b1:33: 296s a8:96:f2:2e:e4:36:6e:1d:01:e4:49:2a:20:8a:d5:df:95:f8: 296s b4:09:e5:1e:c0:f0:9a:a7:23:83:0d:2d:cf:3b:1f:9d:bf:e5: 296s d7:a5:24:61:8b:86:89:de:9b:68:a9:30:19:10:9b:23:74:b0: 296s 9c:c3:84:ec:55:aa:32:7b:58:be:c6:dc:3d:44:bb:4c:79:90: 296s 9b:c6:e9:4e:44:18:cc:6f:95:f6:65:fd:70:8d:12:98:78:ee: 296s c7:66 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-14657-auth.pem 296s + found_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 296s + '[' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B '!=' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B ']' 296s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem partial_chain 296s + check_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem partial_chain 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 296s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 296s + local verify_option=partial_chain 296s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 296s + local key_cn 296s + local key_name 296s + local tokens_dir 296s + local output_cert_file 296s + token_name= 296s ++ basename /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem .pem 296s + key_name=test-root-CA-trusted-certificate-0001 296s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s ++ sed -n 's/ *commonName *= //p' 296s + key_cn='Test Organization Root Trusted Certificate 0001' 296s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 296s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 296s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 296s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 296s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 296s + token_name='Test Organization Root Tr Token' 296s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 296s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 296s + echo 'Test Organization Root Tr Token' 296s + '[' -n partial_chain ']' 296s + local verify_arg=--verify=partial_chain 296s + local output_base_name=SSSD-child-28657 296s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-28657.output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-28657.pem 296s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 296s Test Organization Root Tr Token 296s [p11_child[3013]] [main] (0x0400): p11_child started. 296s [p11_child[3013]] [main] (0x2000): Running in [pre-auth] mode. 296s [p11_child[3013]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3013]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3013]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 296s [p11_child[3013]] [do_card] (0x4000): Module List: 296s [p11_child[3013]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[3013]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3013]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[3013]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 296s [p11_child[3013]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3013]] [do_card] (0x4000): Login NOT required. 296s [p11_child[3013]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 296s [p11_child[3013]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 296s [p11_child[3013]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 296s [p11_child[3013]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72edc069;slot-manufacturer=SoftHSM%20project;slot-id=1928183913;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e5d14bc72edc069;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 296s [p11_child[3013]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-28657.output 296s + echo '-----BEGIN CERTIFICATE-----' 296s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-28657.output 296s + echo '-----END CERTIFICATE-----' 296s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-28657.pem 296s + local found_md5 expected_md5 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s Certificate: 296s Data: 296s Version: 3 (0x2) 296s Serial Number: 3 (0x3) 296s Signature Algorithm: sha256WithRSAEncryption 296s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 296s Validity 296s Not Before: Nov 29 20:41:45 2024 GMT 296s Not After : Nov 29 20:41:45 2025 GMT 296s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 296s Subject Public Key Info: 296s Public Key Algorithm: rsaEncryption 296s Public-Key: (1024 bit) 296s Modulus: 296s 00:b9:74:32:52:36:39:1f:10:22:a2:6e:99:93:6a: 296s 47:f6:73:87:75:a4:5a:a2:63:ba:06:d3:13:d4:be: 296s 74:ae:08:df:f5:cb:20:a8:85:8e:90:f5:08:84:99: 296s 8a:51:bd:e8:e0:68:fe:52:3a:0e:29:57:2e:40:67: 296s 8b:1e:ab:40:3a:ad:97:64:9a:e0:a0:dd:14:de:00: 296s d4:4a:73:35:3d:02:45:35:90:6f:4c:7e:e9:d5:bb: 296s 28:df:6a:11:9e:6c:61:de:71:7e:a9:b2:9f:f5:6d: 296s 15:83:0b:b6:67:1a:62:00:a4:cc:32:7c:f7:c5:04: 296s 15:81:2c:77:d8:71:f4:6c:5b 296s Exponent: 65537 (0x10001) 296s X509v3 extensions: 296s X509v3 Authority Key Identifier: 296s 23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 296s X509v3 Basic Constraints: 296s CA:FALSE 296s Netscape Cert Type: 296s SSL Client, S/MIME 296s Netscape Comment: 296s Test Organization Root CA trusted Certificate 296s X509v3 Subject Key Identifier: 296s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 296s X509v3 Key Usage: critical 296s Digital Signature, Non Repudiation, Key Encipherment 296s X509v3 Extended Key Usage: 296s TLS Web Client Authentication, E-mail Protection 296s X509v3 Subject Alternative Name: 296s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 296s Signature Algorithm: sha256WithRSAEncryption 296s Signature Value: 296s 88:af:e0:22:ad:7b:4f:c1:2f:87:a8:1a:c5:11:86:08:c6:fe: 296s f7:41:f2:98:5c:d1:7c:2e:12:9d:40:78:ab:36:f5:c6:b1:33: 296s a8:96:f2:2e:e4:36:6e:1d:01:e4:49:2a:20:8a:d5:df:95:f8: 296s b4:09:e5:1e:c0:f0:9a:a7:23:83:0d:2d:cf:3b:1f:9d:bf:e5: 296s d7:a5:24:61:8b:86:89:de:9b:68:a9:30:19:10:9b:23:74:b0: 296s 9c:c3:84:ec:55:aa:32:7b:58:be:c6:dc:3d:44:bb:4c:79:90: 296s 9b:c6:e9:4e:44:18:cc:6f:95:f6:65:fd:70:8d:12:98:78:ee: 296s c7:66 296s + expected_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-28657.pem 296s + found_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 296s + '[' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B '!=' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B ']' 296s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-28657-auth.output 296s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-28657-auth.output .output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-28657-auth.pem 296s + echo -n 053350 296s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 296s [p11_child[3021]] [main] (0x0400): p11_child started. 296s [p11_child[3021]] [main] (0x2000): Running in [auth] mode. 296s [p11_child[3021]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3021]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3021]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 296s [p11_child[3021]] [do_card] (0x4000): Module List: 296s [p11_child[3021]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[3021]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3021]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[3021]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 296s [p11_child[3021]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3021]] [do_card] (0x4000): Login required. 296s [p11_child[3021]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 296s [p11_child[3021]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 296s [p11_child[3021]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 296s [p11_child[3021]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72edc069;slot-manufacturer=SoftHSM%20project;slot-id=1928183913;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e5d14bc72edc069;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 296s [p11_child[3021]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 296s [p11_child[3021]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 296s [p11_child[3021]] [do_card] (0x4000): Certificate verified and validated. 296s [p11_child[3021]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-28657-auth.output 296s + echo '-----BEGIN CERTIFICATE-----' 296s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-28657-auth.output 296s + echo '-----END CERTIFICATE-----' 296s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-28657-auth.pem 296s Certificate: 296s Data: 296s Version: 3 (0x2) 296s Serial Number: 3 (0x3) 296s Signature Algorithm: sha256WithRSAEncryption 296s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 296s Validity 296s Not Before: Nov 29 20:41:45 2024 GMT 296s Not After : Nov 29 20:41:45 2025 GMT 296s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 296s Subject Public Key Info: 296s Public Key Algorithm: rsaEncryption 296s Public-Key: (1024 bit) 296s Modulus: 296s 00:b9:74:32:52:36:39:1f:10:22:a2:6e:99:93:6a: 296s 47:f6:73:87:75:a4:5a:a2:63:ba:06:d3:13:d4:be: 296s 74:ae:08:df:f5:cb:20:a8:85:8e:90:f5:08:84:99: 296s 8a:51:bd:e8:e0:68:fe:52:3a:0e:29:57:2e:40:67: 296s 8b:1e:ab:40:3a:ad:97:64:9a:e0:a0:dd:14:de:00: 296s d4:4a:73:35:3d:02:45:35:90:6f:4c:7e:e9:d5:bb: 296s 28:df:6a:11:9e:6c:61:de:71:7e:a9:b2:9f:f5:6d: 296s 15:83:0b:b6:67:1a:62:00:a4:cc:32:7c:f7:c5:04: 296s 15:81:2c:77:d8:71:f4:6c:5b 296s Exponent: 65537 (0x10001) 296s X509v3 extensions: 296s X509v3 Authority Key Identifier: 296s 23:E8:0B:E8:16:B3:FB:ED:DD:FF:11:8A:5C:F4:73:F2:20:EF:F9:18 296s X509v3 Basic Constraints: 296s CA:FALSE 296s Netscape Cert Type: 296s SSL Client, S/MIME 296s Netscape Comment: 296s Test Organization Root CA trusted Certificate 296s X509v3 Subject Key Identifier: 296s C9:47:0A:2A:8A:2F:19:9F:4D:30:B5:4B:8E:55:AD:50:67:5E:D2:63 296s X509v3 Key Usage: critical 296s Digital Signature, Non Repudiation, Key Encipherment 296s X509v3 Extended Key Usage: 296s TLS Web Client Authentication, E-mail Protection 296s X509v3 Subject Alternative Name: 296s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 296s Signature Algorithm: sha256WithRSAEncryption 296s Signature Value: 296s 88:af:e0:22:ad:7b:4f:c1:2f:87:a8:1a:c5:11:86:08:c6:fe: 296s f7:41:f2:98:5c:d1:7c:2e:12:9d:40:78:ab:36:f5:c6:b1:33: 296s a8:96:f2:2e:e4:36:6e:1d:01:e4:49:2a:20:8a:d5:df:95:f8: 296s b4:09:e5:1e:c0:f0:9a:a7:23:83:0d:2d:cf:3b:1f:9d:bf:e5: 296s d7:a5:24:61:8b:86:89:de:9b:68:a9:30:19:10:9b:23:74:b0: 296s 9c:c3:84:ec:55:aa:32:7b:58:be:c6:dc:3d:44:bb:4c:79:90: 296s 9b:c6:e9:4e:44:18:cc:6f:95:f6:65:fd:70:8d:12:98:78:ee: 296s c7:66 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-28657-auth.pem 296s + found_md5=Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B 296s + '[' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B '!=' Modulus=B974325236391F1022A26E99936A47F6738775A45AA263BA06D313D4BE74AE08DFF5CB20A8858E90F50884998A51BDE8E068FE523A0E29572E40678B1EAB403AAD97649AE0A0DD14DE00D44A73353D024535906F4C7EE9D5BB28DF6A119E6C61DE717EA9B29FF56D15830BB6671A6200A4CC327CF7C50415812C77D871F46C5B ']' 296s + invalid_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 296s + check_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 296s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 296s + local verify_option= 296s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 296s + local key_cn 296s + local key_name 296s + local tokens_dir 296s + local output_cert_file 296s + token_name= 296s ++ basename /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem .pem 296s + key_name=test-root-CA-trusted-certificate-0001 296s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s ++ sed -n 's/ *commonName *= //p' 296s + key_cn='Test Organization Root Trusted Certificate 0001' 296s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 296s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 296s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 296s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 296s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 296s + token_name='Test Organization Root Tr Token' 296s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 296s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 296s + echo 'Test Organization Root Tr Token' 296s + '[' -n '' ']' 296s + local output_base_name=SSSD-child-31150 296s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-31150.output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-31150.pem 296s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 296s Test Organization Root Tr Token 296s [p11_child[3031]] [main] (0x0400): p11_child started. 296s [p11_child[3031]] [main] (0x2000): Running in [pre-auth] mode. 296s [p11_child[3031]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3031]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3031]] [do_card] (0x4000): Module List: 296s [p11_child[3031]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[3031]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3031]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[3031]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 296s [p11_child[3031]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3031]] [do_card] (0x4000): Login NOT required. 296s [p11_child[3031]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 296s [p11_child[3031]] [do_verification] (0x0040): X509_verify_cert failed [0]. 296s [p11_child[3031]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 296s [p11_child[3031]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 296s [p11_child[3031]] [do_card] (0x4000): No certificate found. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-31150.output 296s + return 2 296s + invalid_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem partial_chain 296s + check_certificate /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem partial_chain 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 296s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 296s + local verify_option=partial_chain 296s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7515 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-root-ca-trusted-cert-0001-7515 296s + local key_cn 296s + local key_name 296s + local tokens_dir 296s + local output_cert_file 296s + token_name= 296s ++ basename /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem .pem 296s + key_name=test-root-CA-trusted-certificate-0001 296s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-root-CA-trusted-certificate-0001.pem 296s ++ sed -n 's/ *commonName *= //p' 296s + key_cn='Test Organization Root Trusted Certificate 0001' 296s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 296s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 296s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf 296s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 296s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 296s + token_name='Test Organization Root Tr Token' 296s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 296s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-root-CA-trusted-certificate-0001 ']' 296s + echo 'Test Organization Root Tr Token' 296s Test Organization Root Tr Token 296s + '[' -n partial_chain ']' 296s + local verify_arg=--verify=partial_chain 296s + local output_base_name=SSSD-child-20279 296s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-20279.output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-20279.pem 296s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 296s [p11_child[3038]] [main] (0x0400): p11_child started. 296s [p11_child[3038]] [main] (0x2000): Running in [pre-auth] mode. 296s [p11_child[3038]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3038]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3038]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 296s [p11_child[3038]] [do_card] (0x4000): Module List: 296s [p11_child[3038]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[3038]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3038]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72edc069] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[3038]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 296s [p11_child[3038]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x72edc069][1928183913] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3038]] [do_card] (0x4000): Login NOT required. 296s [p11_child[3038]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 296s [p11_child[3038]] [do_verification] (0x0040): X509_verify_cert failed [0]. 296s [p11_child[3038]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 296s [p11_child[3038]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 296s [p11_child[3038]] [do_card] (0x4000): No certificate found. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-20279.output 296s + return 2 296s + invalid_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /dev/null 296s + check_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /dev/null 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local key_ring=/dev/null 296s + local verify_option= 296s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local key_cn 296s + local key_name 296s + local tokens_dir 296s + local output_cert_file 296s + token_name= 296s ++ basename /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem .pem 296s + key_name=test-intermediate-CA-trusted-certificate-0001 296s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s ++ sed -n 's/ *commonName *= //p' 296s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 296s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 296s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 296s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 296s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 296s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 296s + token_name='Test Organization Interme Token' 296s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 296s + local key_file 296s + local decrypted_key 296s + mkdir -p /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 296s + key_file=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001-key.pem 296s + decrypted_key=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 296s + cat 296s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 296s Slot 0 has a free/uninitialized token. 296s The token has been initialized and is reassigned to slot 867274308 296s + softhsm2-util --show-slots 296s Available slots: 296s Slot 867274308 296s Slot info: 296s Description: SoftHSM slot ID 0x33b18e44 296s Manufacturer ID: SoftHSM project 296s Hardware version: 2.6 296s Firmware version: 2.6 296s Token present: yes 296s Token info: 296s Manufacturer ID: SoftHSM project 296s Model: SoftHSM v2 296s Hardware version: 2.6 296s Firmware version: 2.6 296s Serial number: 3bd4d251b3b18e44 296s Initialized: yes 296s User PIN init.: yes 296s Label: Test Organization Interme Token 296s Slot 1 296s Slot info: 296s Description: SoftHSM slot ID 0x1 296s Manufacturer ID: SoftHSM project 296s Hardware version: 2.6 296s Firmware version: 2.6 296s Token present: yes 296s Token info: 296s Manufacturer ID: SoftHSM project 296s Model: SoftHSM v2 296s Hardware version: 2.6 296s Firmware version: 2.6 296s Serial number: 296s Initialized: no 296s User PIN init.: no 296s Label: 296s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 296s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-17242 -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 296s writing RSA key 296s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 296s + rm /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 296s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 296s Object 0: 296s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3bd4d251b3b18e44;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 296s Type: X.509 Certificate (RSA-1024) 296s Expires: Sat Nov 29 20:41:45 2025 296s Label: Test Organization Intermediate Trusted Certificate 0001 296s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 296s 296s Test Organization Interme Token 296s + echo 'Test Organization Interme Token' 296s + '[' -n '' ']' 296s + local output_base_name=SSSD-child-1425 296s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-1425.output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-1425.pem 296s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 296s [p11_child[3054]] [main] (0x0400): p11_child started. 296s [p11_child[3054]] [main] (0x2000): Running in [pre-auth] mode. 296s [p11_child[3054]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3054]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3054]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 296s [p11_child[3054]] [do_work] (0x0040): init_verification failed. 296s [p11_child[3054]] [main] (0x0020): p11_child failed (5) 296s + return 2 296s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /dev/null no_verification 296s + check_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /dev/null no_verification 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local key_ring=/dev/null 296s + local verify_option=no_verification 296s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local key_cn 296s + local key_name 296s + local tokens_dir 296s + local output_cert_file 296s + token_name= 296s ++ basename /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem .pem 296s + key_name=test-intermediate-CA-trusted-certificate-0001 296s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s ++ sed -n 's/ *commonName *= //p' 296s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 296s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 296s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 296s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 296s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 296s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 296s + token_name='Test Organization Interme Token' 296s Test Organization Interme Token 296s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 296s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 296s + echo 'Test Organization Interme Token' 296s + '[' -n no_verification ']' 296s + local verify_arg=--verify=no_verification 296s + local output_base_name=SSSD-child-16263 296s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-16263.output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-16263.pem 296s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 296s [p11_child[3060]] [main] (0x0400): p11_child started. 296s [p11_child[3060]] [main] (0x2000): Running in [pre-auth] mode. 296s [p11_child[3060]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3060]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3060]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 296s [p11_child[3060]] [do_card] (0x4000): Module List: 296s [p11_child[3060]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[3060]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3060]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33b18e44] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[3060]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 296s [p11_child[3060]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x33b18e44][867274308] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3060]] [do_card] (0x4000): Login NOT required. 296s [p11_child[3060]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 296s [p11_child[3060]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 296s [p11_child[3060]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33b18e44;slot-manufacturer=SoftHSM%20project;slot-id=867274308;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3bd4d251b3b18e44;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 296s [p11_child[3060]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-16263.output 296s + echo '-----BEGIN CERTIFICATE-----' 296s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-16263.output 296s + echo '-----END CERTIFICATE-----' 296s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-16263.pem 296s + local found_md5 expected_md5 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s Certificate: 296s Data: 296s Version: 3 (0x2) 296s Serial Number: 4 (0x4) 296s Signature Algorithm: sha256WithRSAEncryption 296s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 296s Validity 296s Not Before: Nov 29 20:41:45 2024 GMT 296s Not After : Nov 29 20:41:45 2025 GMT 296s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 296s Subject Public Key Info: 296s Public Key Algorithm: rsaEncryption 296s Public-Key: (1024 bit) 296s Modulus: 296s 00:b7:e3:62:43:09:db:39:37:82:54:63:89:23:b6: 296s 43:09:69:8c:91:75:64:8d:ad:9b:d1:fa:94:db:96: 296s a4:ce:1a:14:cf:ed:91:8d:ac:f4:0b:dc:32:1c:f8: 296s 00:49:b0:69:aa:8a:7b:1c:20:33:4b:71:c9:96:73: 296s dc:ce:d8:7b:24:8e:bc:21:d5:e3:60:8e:4f:57:a3: 296s 4f:b6:89:0f:13:26:28:91:c6:aa:21:f1:ff:ec:34: 296s f0:61:bb:46:5e:a6:29:6b:0b:c0:95:76:43:14:37: 296s 24:e6:38:9f:b7:cd:0e:80:d8:01:db:a3:89:3e:1f: 296s 59:59:0b:76:97:2c:e0:65:39 296s Exponent: 65537 (0x10001) 296s X509v3 extensions: 296s X509v3 Authority Key Identifier: 296s 4F:F3:5C:9D:A7:86:FB:FA:82:E9:29:9E:8C:F2:2F:02:55:62:2C:51 296s X509v3 Basic Constraints: 296s CA:FALSE 296s Netscape Cert Type: 296s SSL Client, S/MIME 296s Netscape Comment: 296s Test Organization Intermediate CA trusted Certificate 296s X509v3 Subject Key Identifier: 296s 38:6F:96:77:EE:48:7F:45:D5:D1:26:CF:55:F4:50:F1:D9:11:A9:B1 296s X509v3 Key Usage: critical 296s Digital Signature, Non Repudiation, Key Encipherment 296s X509v3 Extended Key Usage: 296s TLS Web Client Authentication, E-mail Protection 296s X509v3 Subject Alternative Name: 296s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 296s Signature Algorithm: sha256WithRSAEncryption 296s Signature Value: 296s b4:53:0d:72:50:7a:b5:49:cd:2d:05:2e:49:32:94:d9:70:2b: 296s 3b:43:43:67:2f:18:00:59:83:22:18:64:25:09:23:65:47:0f: 296s 98:2b:c8:8f:23:4d:db:b2:f5:4d:18:00:a9:0f:93:17:e0:fa: 296s 27:3e:c1:be:88:94:c2:21:db:f5:19:45:9e:e0:19:6f:37:e1: 296s 66:ca:be:38:31:16:ed:4c:2a:33:37:e7:63:7f:62:fb:c3:ab: 296s 60:db:a6:27:f3:b5:7e:dc:c6:a2:84:10:ae:ba:8d:5b:0c:ff: 296s 71:1e:f3:ff:90:07:ca:13:80:b0:de:18:84:16:6c:2a:fb:a3: 296s 49:6e 296s + expected_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-16263.pem 296s + found_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 296s + '[' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 '!=' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 ']' 296s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-16263-auth.output 296s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-16263-auth.output .output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-16263-auth.pem 296s + echo -n 053350 296s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 296s [p11_child[3068]] [main] (0x0400): p11_child started. 296s [p11_child[3068]] [main] (0x2000): Running in [auth] mode. 296s [p11_child[3068]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3068]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3068]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 296s [p11_child[3068]] [do_card] (0x4000): Module List: 296s [p11_child[3068]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[3068]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3068]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33b18e44] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[3068]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 296s [p11_child[3068]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x33b18e44][867274308] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3068]] [do_card] (0x4000): Login required. 296s [p11_child[3068]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 296s [p11_child[3068]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 296s [p11_child[3068]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33b18e44;slot-manufacturer=SoftHSM%20project;slot-id=867274308;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3bd4d251b3b18e44;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 296s [p11_child[3068]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 296s [p11_child[3068]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 296s [p11_child[3068]] [do_card] (0x4000): Certificate verified and validated. 296s [p11_child[3068]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-16263-auth.output 296s + echo '-----BEGIN CERTIFICATE-----' 296s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-16263-auth.output 296s + echo '-----END CERTIFICATE-----' 296s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-16263-auth.pem 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-16263-auth.pem 296s Certificate: 296s Data: 296s Version: 3 (0x2) 296s Serial Number: 4 (0x4) 296s Signature Algorithm: sha256WithRSAEncryption 296s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 296s Validity 296s Not Before: Nov 29 20:41:45 2024 GMT 296s Not After : Nov 29 20:41:45 2025 GMT 296s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 296s Subject Public Key Info: 296s Public Key Algorithm: rsaEncryption 296s Public-Key: (1024 bit) 296s Modulus: 296s 00:b7:e3:62:43:09:db:39:37:82:54:63:89:23:b6: 296s 43:09:69:8c:91:75:64:8d:ad:9b:d1:fa:94:db:96: 296s a4:ce:1a:14:cf:ed:91:8d:ac:f4:0b:dc:32:1c:f8: 296s 00:49:b0:69:aa:8a:7b:1c:20:33:4b:71:c9:96:73: 296s dc:ce:d8:7b:24:8e:bc:21:d5:e3:60:8e:4f:57:a3: 296s 4f:b6:89:0f:13:26:28:91:c6:aa:21:f1:ff:ec:34: 296s f0:61:bb:46:5e:a6:29:6b:0b:c0:95:76:43:14:37: 296s 24:e6:38:9f:b7:cd:0e:80:d8:01:db:a3:89:3e:1f: 296s 59:59:0b:76:97:2c:e0:65:39 296s Exponent: 65537 (0x10001) 296s X509v3 extensions: 296s X509v3 Authority Key Identifier: 296s 4F:F3:5C:9D:A7:86:FB:FA:82:E9:29:9E:8C:F2:2F:02:55:62:2C:51 296s X509v3 Basic Constraints: 296s CA:FALSE 296s Netscape Cert Type: 296s SSL Client, S/MIME 296s Netscape Comment: 296s Test Organization Intermediate CA trusted Certificate 296s X509v3 Subject Key Identifier: 296s 38:6F:96:77:EE:48:7F:45:D5:D1:26:CF:55:F4:50:F1:D9:11:A9:B1 296s X509v3 Key Usage: critical 296s Digital Signature, Non Repudiation, Key Encipherment 296s X509v3 Extended Key Usage: 296s TLS Web Client Authentication, E-mail Protection 296s X509v3 Subject Alternative Name: 296s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 296s Signature Algorithm: sha256WithRSAEncryption 296s Signature Value: 296s b4:53:0d:72:50:7a:b5:49:cd:2d:05:2e:49:32:94:d9:70:2b: 296s 3b:43:43:67:2f:18:00:59:83:22:18:64:25:09:23:65:47:0f: 296s 98:2b:c8:8f:23:4d:db:b2:f5:4d:18:00:a9:0f:93:17:e0:fa: 296s 27:3e:c1:be:88:94:c2:21:db:f5:19:45:9e:e0:19:6f:37:e1: 296s 66:ca:be:38:31:16:ed:4c:2a:33:37:e7:63:7f:62:fb:c3:ab: 296s 60:db:a6:27:f3:b5:7e:dc:c6:a2:84:10:ae:ba:8d:5b:0c:ff: 296s 71:1e:f3:ff:90:07:ca:13:80:b0:de:18:84:16:6c:2a:fb:a3: 296s 49:6e 296s + found_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 296s + '[' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 '!=' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 ']' 296s + invalid_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem 296s + check_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 296s + local verify_option= 296s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local key_cn 296s + local key_name 296s + local tokens_dir 296s + local output_cert_file 296s + token_name= 296s ++ basename /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem .pem 296s + key_name=test-intermediate-CA-trusted-certificate-0001 296s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s ++ sed -n 's/ *commonName *= //p' 296s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 296s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 296s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 296s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 296s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 296s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 296s + token_name='Test Organization Interme Token' 296s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 296s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 296s + echo 'Test Organization Interme Token' 296s + '[' -n '' ']' 296s + local output_base_name=SSSD-child-24092 296s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-24092.output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-24092.pem 296s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 296s Test Organization Interme Token 296s [p11_child[3078]] [main] (0x0400): p11_child started. 296s [p11_child[3078]] [main] (0x2000): Running in [pre-auth] mode. 296s [p11_child[3078]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3078]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3078]] [do_card] (0x4000): Module List: 296s [p11_child[3078]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[3078]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3078]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33b18e44] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[3078]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 296s [p11_child[3078]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x33b18e44][867274308] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3078]] [do_card] (0x4000): Login NOT required. 296s [p11_child[3078]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 296s [p11_child[3078]] [do_verification] (0x0040): X509_verify_cert failed [0]. 296s [p11_child[3078]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 296s [p11_child[3078]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 296s [p11_child[3078]] [do_card] (0x4000): No certificate found. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-24092.output 296s + return 2 296s + invalid_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem partial_chain 296s + check_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem partial_chain 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 296s + local verify_option=partial_chain 296s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local key_cn 296s + local key_name 296s + local tokens_dir 296s + local output_cert_file 296s + token_name= 296s ++ basename /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem .pem 296s + key_name=test-intermediate-CA-trusted-certificate-0001 296s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s ++ sed -n 's/ *commonName *= //p' 296s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 296s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 296s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 296s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 296s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 296s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 296s + token_name='Test Organization Interme Token' 296s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 296s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 296s + echo 'Test Organization Interme Token' 296s + '[' -n partial_chain ']' 296s Test Organization Interme Token 296s + local verify_arg=--verify=partial_chain 296s + local output_base_name=SSSD-child-24618 296s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-24618.output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-24618.pem 296s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 296s [p11_child[3085]] [main] (0x0400): p11_child started. 296s [p11_child[3085]] [main] (0x2000): Running in [pre-auth] mode. 296s [p11_child[3085]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3085]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3085]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 296s [p11_child[3085]] [do_card] (0x4000): Module List: 296s [p11_child[3085]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[3085]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3085]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33b18e44] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[3085]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 296s [p11_child[3085]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x33b18e44][867274308] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3085]] [do_card] (0x4000): Login NOT required. 296s [p11_child[3085]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 296s [p11_child[3085]] [do_verification] (0x0040): X509_verify_cert failed [0]. 296s [p11_child[3085]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 296s [p11_child[3085]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 296s [p11_child[3085]] [do_card] (0x4000): No certificate found. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-24618.output 296s + return 2 296s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 296s + check_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 296s + local verify_option= 296s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 296s + local key_cn 296s + local key_name 296s + local tokens_dir 296s + local output_cert_file 296s + token_name= 296s ++ basename /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem .pem 296s + key_name=test-intermediate-CA-trusted-certificate-0001 296s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s ++ sed -n 's/ *commonName *= //p' 296s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 296s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 296s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 296s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 296s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 296s Test Organization Interme Token 296s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 296s + token_name='Test Organization Interme Token' 296s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 296s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 296s + echo 'Test Organization Interme Token' 296s + '[' -n '' ']' 296s + local output_base_name=SSSD-child-23832 296s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-23832.output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-23832.pem 296s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 296s [p11_child[3092]] [main] (0x0400): p11_child started. 296s [p11_child[3092]] [main] (0x2000): Running in [pre-auth] mode. 296s [p11_child[3092]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3092]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3092]] [do_card] (0x4000): Module List: 296s [p11_child[3092]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[3092]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3092]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33b18e44] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[3092]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 296s [p11_child[3092]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x33b18e44][867274308] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3092]] [do_card] (0x4000): Login NOT required. 296s [p11_child[3092]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 296s [p11_child[3092]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 296s [p11_child[3092]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 296s [p11_child[3092]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33b18e44;slot-manufacturer=SoftHSM%20project;slot-id=867274308;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3bd4d251b3b18e44;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 296s [p11_child[3092]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-23832.output 296s + echo '-----BEGIN CERTIFICATE-----' 296s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-23832.output 296s + echo '-----END CERTIFICATE-----' 296s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-23832.pem 296s Certificate: 296s Data: 296s Version: 3 (0x2) 296s Serial Number: 4 (0x4) 296s Signature Algorithm: sha256WithRSAEncryption 296s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 296s Validity 296s Not Before: Nov 29 20:41:45 2024 GMT 296s Not After : Nov 29 20:41:45 2025 GMT 296s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 296s Subject Public Key Info: 296s Public Key Algorithm: rsaEncryption 296s Public-Key: (1024 bit) 296s Modulus: 296s 00:b7:e3:62:43:09:db:39:37:82:54:63:89:23:b6: 296s 43:09:69:8c:91:75:64:8d:ad:9b:d1:fa:94:db:96: 296s a4:ce:1a:14:cf:ed:91:8d:ac:f4:0b:dc:32:1c:f8: 296s 00:49:b0:69:aa:8a:7b:1c:20:33:4b:71:c9:96:73: 296s dc:ce:d8:7b:24:8e:bc:21:d5:e3:60:8e:4f:57:a3: 296s 4f:b6:89:0f:13:26:28:91:c6:aa:21:f1:ff:ec:34: 296s f0:61:bb:46:5e:a6:29:6b:0b:c0:95:76:43:14:37: 296s 24:e6:38:9f:b7:cd:0e:80:d8:01:db:a3:89:3e:1f: 296s 59:59:0b:76:97:2c:e0:65:39 296s Exponent: 65537 (0x10001) 296s X509v3 extensions: 296s X509v3 Authority Key Identifier: 296s 4F:F3:5C:9D:A7:86:FB:FA:82:E9:29:9E:8C:F2:2F:02:55:62:2C:51 296s X509v3 Basic Constraints: 296s CA:FALSE 296s Netscape Cert Type: 296s SSL Client, S/MIME 296s Netscape Comment: 296s Test Organization Intermediate CA trusted Certificate 296s X509v3 Subject Key Identifier: 296s 38:6F:96:77:EE:48:7F:45:D5:D1:26:CF:55:F4:50:F1:D9:11:A9:B1 296s X509v3 Key Usage: critical 296s Digital Signature, Non Repudiation, Key Encipherment 296s X509v3 Extended Key Usage: 296s TLS Web Client Authentication, E-mail Protection 296s X509v3 Subject Alternative Name: 296s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 296s Signature Algorithm: sha256WithRSAEncryption 296s Signature Value: 296s b4:53:0d:72:50:7a:b5:49:cd:2d:05:2e:49:32:94:d9:70:2b: 296s 3b:43:43:67:2f:18:00:59:83:22:18:64:25:09:23:65:47:0f: 296s 98:2b:c8:8f:23:4d:db:b2:f5:4d:18:00:a9:0f:93:17:e0:fa: 296s 27:3e:c1:be:88:94:c2:21:db:f5:19:45:9e:e0:19:6f:37:e1: 296s 66:ca:be:38:31:16:ed:4c:2a:33:37:e7:63:7f:62:fb:c3:ab: 296s 60:db:a6:27:f3:b5:7e:dc:c6:a2:84:10:ae:ba:8d:5b:0c:ff: 296s 71:1e:f3:ff:90:07:ca:13:80:b0:de:18:84:16:6c:2a:fb:a3: 296s 49:6e 296s + local found_md5 expected_md5 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 296s + expected_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 296s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-23832.pem 296s + found_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 296s + '[' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 '!=' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 ']' 296s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-23832-auth.output 296s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-23832-auth.output .output 296s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-23832-auth.pem 296s + echo -n 053350 296s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 296s [p11_child[3100]] [main] (0x0400): p11_child started. 296s [p11_child[3100]] [main] (0x2000): Running in [auth] mode. 296s [p11_child[3100]] [main] (0x2000): Running with effective IDs: [0][0]. 296s [p11_child[3100]] [main] (0x2000): Running with real IDs [0][0]. 296s [p11_child[3100]] [do_card] (0x4000): Module List: 296s [p11_child[3100]] [do_card] (0x4000): common name: [softhsm2]. 296s [p11_child[3100]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3100]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33b18e44] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 296s [p11_child[3100]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 296s [p11_child[3100]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x33b18e44][867274308] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 296s [p11_child[3100]] [do_card] (0x4000): Login required. 296s [p11_child[3100]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 296s [p11_child[3100]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 296s [p11_child[3100]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 296s [p11_child[3100]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33b18e44;slot-manufacturer=SoftHSM%20project;slot-id=867274308;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3bd4d251b3b18e44;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 296s [p11_child[3100]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 296s [p11_child[3100]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 296s [p11_child[3100]] [do_card] (0x4000): Certificate verified and validated. 296s [p11_child[3100]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 296s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-23832-auth.output 296s + echo '-----BEGIN CERTIFICATE-----' 296s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-23832-auth.output 296s + echo '-----END CERTIFICATE-----' 296s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-23832-auth.pem 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-23832-auth.pem 297s Certificate: 297s Data: 297s Version: 3 (0x2) 297s Serial Number: 4 (0x4) 297s Signature Algorithm: sha256WithRSAEncryption 297s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 297s Validity 297s Not Before: Nov 29 20:41:45 2024 GMT 297s Not After : Nov 29 20:41:45 2025 GMT 297s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 297s Subject Public Key Info: 297s Public Key Algorithm: rsaEncryption 297s Public-Key: (1024 bit) 297s Modulus: 297s 00:b7:e3:62:43:09:db:39:37:82:54:63:89:23:b6: 297s 43:09:69:8c:91:75:64:8d:ad:9b:d1:fa:94:db:96: 297s a4:ce:1a:14:cf:ed:91:8d:ac:f4:0b:dc:32:1c:f8: 297s 00:49:b0:69:aa:8a:7b:1c:20:33:4b:71:c9:96:73: 297s dc:ce:d8:7b:24:8e:bc:21:d5:e3:60:8e:4f:57:a3: 297s 4f:b6:89:0f:13:26:28:91:c6:aa:21:f1:ff:ec:34: 297s f0:61:bb:46:5e:a6:29:6b:0b:c0:95:76:43:14:37: 297s 24:e6:38:9f:b7:cd:0e:80:d8:01:db:a3:89:3e:1f: 297s 59:59:0b:76:97:2c:e0:65:39 297s Exponent: 65537 (0x10001) 297s X509v3 extensions: 297s X509v3 Authority Key Identifier: 297s 4F:F3:5C:9D:A7:86:FB:FA:82:E9:29:9E:8C:F2:2F:02:55:62:2C:51 297s X509v3 Basic Constraints: 297s CA:FALSE 297s Netscape Cert Type: 297s SSL Client, S/MIME 297s Netscape Comment: 297s Test Organization Intermediate CA trusted Certificate 297s X509v3 Subject Key Identifier: 297s 38:6F:96:77:EE:48:7F:45:D5:D1:26:CF:55:F4:50:F1:D9:11:A9:B1 297s X509v3 Key Usage: critical 297s Digital Signature, Non Repudiation, Key Encipherment 297s X509v3 Extended Key Usage: 297s TLS Web Client Authentication, E-mail Protection 297s X509v3 Subject Alternative Name: 297s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 297s Signature Algorithm: sha256WithRSAEncryption 297s Signature Value: 297s b4:53:0d:72:50:7a:b5:49:cd:2d:05:2e:49:32:94:d9:70:2b: 297s 3b:43:43:67:2f:18:00:59:83:22:18:64:25:09:23:65:47:0f: 297s 98:2b:c8:8f:23:4d:db:b2:f5:4d:18:00:a9:0f:93:17:e0:fa: 297s 27:3e:c1:be:88:94:c2:21:db:f5:19:45:9e:e0:19:6f:37:e1: 297s 66:ca:be:38:31:16:ed:4c:2a:33:37:e7:63:7f:62:fb:c3:ab: 297s 60:db:a6:27:f3:b5:7e:dc:c6:a2:84:10:ae:ba:8d:5b:0c:ff: 297s 71:1e:f3:ff:90:07:ca:13:80:b0:de:18:84:16:6c:2a:fb:a3: 297s 49:6e 297s + found_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 297s + '[' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 '!=' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 ']' 297s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem partial_chain 297s + check_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem partial_chain 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 297s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 297s + local verify_option=partial_chain 297s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 297s + local key_cn 297s + local key_name 297s + local tokens_dir 297s + local output_cert_file 297s + token_name= 297s ++ basename /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem .pem 297s + key_name=test-intermediate-CA-trusted-certificate-0001 297s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 297s ++ sed -n 's/ *commonName *= //p' 297s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 297s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 297s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 297s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 297s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 297s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 297s + token_name='Test Organization Interme Token' 297s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 297s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 297s + echo 'Test Organization Interme Token' 297s + '[' -n partial_chain ']' 297s + local verify_arg=--verify=partial_chain 297s + local output_base_name=SSSD-child-15817 297s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-15817.output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-15817.pem 297s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 297s Test Organization Interme Token 297s [p11_child[3110]] [main] (0x0400): p11_child started. 297s [p11_child[3110]] [main] (0x2000): Running in [pre-auth] mode. 297s [p11_child[3110]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3110]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3110]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 297s [p11_child[3110]] [do_card] (0x4000): Module List: 297s [p11_child[3110]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3110]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3110]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33b18e44] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3110]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 297s [p11_child[3110]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x33b18e44][867274308] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3110]] [do_card] (0x4000): Login NOT required. 297s [p11_child[3110]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 297s [p11_child[3110]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 297s [p11_child[3110]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 297s [p11_child[3110]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33b18e44;slot-manufacturer=SoftHSM%20project;slot-id=867274308;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3bd4d251b3b18e44;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 297s [p11_child[3110]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-15817.output 297s + echo '-----BEGIN CERTIFICATE-----' 297s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-15817.output 297s + echo '-----END CERTIFICATE-----' 297s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-15817.pem 297s Certificate: 297s Data: 297s Version: 3 (0x2) 297s Serial Number: 4 (0x4) 297s Signature Algorithm: sha256WithRSAEncryption 297s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 297s Validity 297s Not Before: Nov 29 20:41:45 2024 GMT 297s Not After : Nov 29 20:41:45 2025 GMT 297s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 297s Subject Public Key Info: 297s Public Key Algorithm: rsaEncryption 297s Public-Key: (1024 bit) 297s Modulus: 297s 00:b7:e3:62:43:09:db:39:37:82:54:63:89:23:b6: 297s 43:09:69:8c:91:75:64:8d:ad:9b:d1:fa:94:db:96: 297s a4:ce:1a:14:cf:ed:91:8d:ac:f4:0b:dc:32:1c:f8: 297s 00:49:b0:69:aa:8a:7b:1c:20:33:4b:71:c9:96:73: 297s dc:ce:d8:7b:24:8e:bc:21:d5:e3:60:8e:4f:57:a3: 297s 4f:b6:89:0f:13:26:28:91:c6:aa:21:f1:ff:ec:34: 297s f0:61:bb:46:5e:a6:29:6b:0b:c0:95:76:43:14:37: 297s 24:e6:38:9f:b7:cd:0e:80:d8:01:db:a3:89:3e:1f: 297s 59:59:0b:76:97:2c:e0:65:39 297s Exponent: 65537 (0x10001) 297s X509v3 extensions: 297s X509v3 Authority Key Identifier: 297s 4F:F3:5C:9D:A7:86:FB:FA:82:E9:29:9E:8C:F2:2F:02:55:62:2C:51 297s X509v3 Basic Constraints: 297s CA:FALSE 297s Netscape Cert Type: 297s SSL Client, S/MIME 297s Netscape Comment: 297s Test Organization Intermediate CA trusted Certificate 297s X509v3 Subject Key Identifier: 297s 38:6F:96:77:EE:48:7F:45:D5:D1:26:CF:55:F4:50:F1:D9:11:A9:B1 297s X509v3 Key Usage: critical 297s Digital Signature, Non Repudiation, Key Encipherment 297s X509v3 Extended Key Usage: 297s TLS Web Client Authentication, E-mail Protection 297s X509v3 Subject Alternative Name: 297s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 297s Signature Algorithm: sha256WithRSAEncryption 297s Signature Value: 297s b4:53:0d:72:50:7a:b5:49:cd:2d:05:2e:49:32:94:d9:70:2b: 297s 3b:43:43:67:2f:18:00:59:83:22:18:64:25:09:23:65:47:0f: 297s 98:2b:c8:8f:23:4d:db:b2:f5:4d:18:00:a9:0f:93:17:e0:fa: 297s 27:3e:c1:be:88:94:c2:21:db:f5:19:45:9e:e0:19:6f:37:e1: 297s 66:ca:be:38:31:16:ed:4c:2a:33:37:e7:63:7f:62:fb:c3:ab: 297s 60:db:a6:27:f3:b5:7e:dc:c6:a2:84:10:ae:ba:8d:5b:0c:ff: 297s 71:1e:f3:ff:90:07:ca:13:80:b0:de:18:84:16:6c:2a:fb:a3: 297s 49:6e 297s + local found_md5 expected_md5 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 297s + expected_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 297s Certificate: 297s Data: 297s Version: 3 (0x2) 297s Serial Number: 4 (0x4) 297s Signature Algorithm: sha256WithRSAEncryption 297s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 297s Validity 297s Not Before: Nov 29 20:41:45 2024 GMT 297s Not After : Nov 29 20:41:45 2025 GMT 297s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 297s Subject Public Key Info: 297s Public Key Algorithm: rsaEncryption 297s Public-Key: (1024 bit) 297s Modulus: 297s 00:b7:e3:62:43:09:db:39:37:82:54:63:89:23:b6: 297s 43:09:69:8c:91:75:64:8d:ad:9b:d1:fa:94:db:96: 297s a4:ce:1a:14:cf:ed:91:8d:ac:f4:0b:dc:32:1c:f8: 297s 00:49:b0:69:aa:8a:7b:1c:20:33:4b:71:c9:96:73: 297s dc:ce:d8:7b:24:8e:bc:21:d5:e3:60:8e:4f:57:a3: 297s 4f:b6:89:0f:13:26:28:91:c6:aa:21:f1:ff:ec:34: 297s f0:61:bb:46:5e:a6:29:6b:0b:c0:95:76:43:14:37: 297s 24:e6:38:9f:b7:cd:0e:80:d8:01:db:a3:89:3e:1f: 297s 59:59:0b:76:97:2c:e0:65:39 297s Exponent: 65537 (0x10001) 297s X509v3 extensions: 297s X509v3 Authority Key Identifier: 297s 4F:F3:5C:9D:A7:86:FB:FA:82:E9:29:9E:8C:F2:2F:02:55:62:2C:51 297s X509v3 Basic Constraints: 297s CA:FALSE 297s Netscape Cert Type: 297s SSL Client, S/MIME 297s Netscape Comment: 297s Test Organization Intermediate CA trusted Certificate 297s X509v3 Subject Key Identifier: 297s 38:6F:96:77:EE:48:7F:45:D5:D1:26:CF:55:F4:50:F1:D9:11:A9:B1 297s X509v3 Key Usage: critical 297s Digital Signature, Non Repudiation, Key Encipherment 297s X509v3 Extended Key Usage: 297s TLS Web Client Authentication, E-mail Protection 297s X509v3 Subject Alternative Name: 297s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 297s Signature Algorithm: sha256WithRSAEncryption 297s Signature Value: 297s b4:53:0d:72:50:7a:b5:49:cd:2d:05:2e:49:32:94:d9:70:2b: 297s 3b:43:43:67:2f:18:00:59:83:22:18:64:25:09:23:65:47:0f: 297s 98:2b:c8:8f:23:4d:db:b2:f5:4d:18:00:a9:0f:93:17:e0:fa: 297s 27:3e:c1:be:88:94:c2:21:db:f5:19:45:9e:e0:19:6f:37:e1: 297s 66:ca:be:38:31:16:ed:4c:2a:33:37:e7:63:7f:62:fb:c3:ab: 297s 60:db:a6:27:f3:b5:7e:dc:c6:a2:84:10:ae:ba:8d:5b:0c:ff: 297s 71:1e:f3:ff:90:07:ca:13:80:b0:de:18:84:16:6c:2a:fb:a3: 297s 49:6e 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-15817.pem 297s + found_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 297s + '[' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 '!=' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 ']' 297s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-15817-auth.output 297s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-15817-auth.output .output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-15817-auth.pem 297s + echo -n 053350 297s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 297s [p11_child[3118]] [main] (0x0400): p11_child started. 297s [p11_child[3118]] [main] (0x2000): Running in [auth] mode. 297s [p11_child[3118]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3118]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3118]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 297s [p11_child[3118]] [do_card] (0x4000): Module List: 297s [p11_child[3118]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3118]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3118]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33b18e44] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3118]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 297s [p11_child[3118]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x33b18e44][867274308] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3118]] [do_card] (0x4000): Login required. 297s [p11_child[3118]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 297s [p11_child[3118]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 297s [p11_child[3118]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 297s [p11_child[3118]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33b18e44;slot-manufacturer=SoftHSM%20project;slot-id=867274308;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3bd4d251b3b18e44;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 297s [p11_child[3118]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 297s [p11_child[3118]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 297s [p11_child[3118]] [do_card] (0x4000): Certificate verified and validated. 297s [p11_child[3118]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-15817-auth.output 297s + echo '-----BEGIN CERTIFICATE-----' 297s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-15817-auth.output 297s + echo '-----END CERTIFICATE-----' 297s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-15817-auth.pem 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-15817-auth.pem 297s + found_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 297s + '[' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 '!=' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 ']' 297s + invalid_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 297s + check_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 297s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 297s + local verify_option= 297s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 297s + local key_cn 297s + local key_name 297s + local tokens_dir 297s + local output_cert_file 297s + token_name= 297s ++ basename /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem .pem 297s + key_name=test-intermediate-CA-trusted-certificate-0001 297s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 297s ++ sed -n 's/ *commonName *= //p' 297s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 297s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 297s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 297s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 297s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 297s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 297s + token_name='Test Organization Interme Token' 297s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 297s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 297s + echo 'Test Organization Interme Token' 297s + '[' -n '' ']' 297s + local output_base_name=SSSD-child-8248 297s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-8248.output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-8248.pem 297s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 297s [p11_child[3128]] [main] (0x0400): p11_child started. 297s [p11_child[3128]] [main] (0x2000): Running in [pre-auth] mode. 297s [p11_child[3128]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3128]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3128]] [do_card] (0x4000): Module List: 297s [p11_child[3128]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3128]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3128]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33b18e44] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3128]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 297s [p11_child[3128]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x33b18e44][867274308] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3128]] [do_card] (0x4000): Login NOT required. 297s [p11_child[3128]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 297s [p11_child[3128]] [do_verification] (0x0040): X509_verify_cert failed [0]. 297s [p11_child[3128]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 297s [p11_child[3128]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 297s [p11_child[3128]] [do_card] (0x4000): No certificate found. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-8248.output 297s + return 2 297s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem partial_chain 297s + check_certificate /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 /tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem partial_chain 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 297s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 297s + local verify_option=partial_chain 297s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17242 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17242 297s + local key_cn 297s + local key_name 297s + local tokens_dir 297s + local output_cert_file 297s + token_name= 297s ++ basename /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem .pem 297s + key_name=test-intermediate-CA-trusted-certificate-0001 297s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 297s ++ sed -n 's/ *commonName *= //p' 297s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 297s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 297s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 297s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 297s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 297s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 297s + token_name='Test Organization Interme Token' 297s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 297s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 297s + echo 'Test Organization Interme Token' 297s + '[' -n partial_chain ']' 297s + local verify_arg=--verify=partial_chain 297s + local output_base_name=SSSD-child-26698 297s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-26698.output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-26698.pem 297s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem 297s [p11_child[3135]] [main] (0x0400): p11_child started. 297s [p11_child[3135]] [main] (0x2000): Running in [pre-auth] mode. 297s [p11_child[3135]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3135]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3135]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 297s [p11_child[3135]] [do_card] (0x4000): Module List: 297s [p11_child[3135]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3135]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3135]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33b18e44] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3135]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 297s [p11_child[3135]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x33b18e44][867274308] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3135]] [do_card] (0x4000): Login NOT required. 297s [p11_child[3135]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 297s [p11_child[3135]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 297s [p11_child[3135]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 297s [p11_child[3135]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33b18e44;slot-manufacturer=SoftHSM%20project;slot-id=867274308;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3bd4d251b3b18e44;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 297s [p11_child[3135]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-26698.output 297s + echo '-----BEGIN CERTIFICATE-----' 297s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-26698.output 297s + echo '-----END CERTIFICATE-----' 297s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-26698.pem 297s + local found_md5 expected_md5 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-intermediate-CA-trusted-certificate-0001.pem 297s + expected_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-26698.pem 297s + found_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 297s + '[' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 '!=' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 ']' 297s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-26698-auth.output 297s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-26698-auth.output .output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-26698-auth.pem 297s + echo -n 053350 297s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-patcvf/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 297s [p11_child[3143]] [main] (0x0400): p11_child started. 297s [p11_child[3143]] [main] (0x2000): Running in [auth] mode. 297s [p11_child[3143]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3143]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3143]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 297s [p11_child[3143]] [do_card] (0x4000): Module List: 297s [p11_child[3143]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3143]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3143]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33b18e44] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3143]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 297s [p11_child[3143]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x33b18e44][867274308] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3143]] [do_card] (0x4000): Login required. 297s [p11_child[3143]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 297s [p11_child[3143]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 297s [p11_child[3143]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 297s [p11_child[3143]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33b18e44;slot-manufacturer=SoftHSM%20project;slot-id=867274308;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3bd4d251b3b18e44;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 297s [p11_child[3143]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 297s [p11_child[3143]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 297s [p11_child[3143]] [do_card] (0x4000): Certificate verified and validated. 297s [p11_child[3143]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-26698-auth.output 297s + echo '-----BEGIN CERTIFICATE-----' 297s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-26698-auth.output 297s + echo '-----END CERTIFICATE-----' 297s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-26698-auth.pem 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-26698-auth.pem 297s + found_md5=Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 297s + '[' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 '!=' Modulus=B7E3624309DB39378254638923B64309698C9175648DAD9BD1FA94DB96A4CE1A14CFED918DACF40BDC321CF80049B069AA8A7B1C20334B71C99673DCCED87B248EBC21D5E3608E4F57A34FB6890F13262891C6AA21F1FFEC34F061BB465EA6296B0BC0957643143724E6389FB7CD0E80D801DBA3893E1F59590B76972CE06539 ']' 297s + invalid_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem 297s + check_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 297s + local verify_option= 297s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_cn 297s + local key_name 297s + local tokens_dir 297s + local output_cert_file 297s + token_name= 297s ++ basename /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 297s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 297s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s ++ sed -n 's/ *commonName *= //p' 297s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 297s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 297s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 297s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 297s + token_name='Test Organization Sub Int Token' 297s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 297s + local key_file 297s + local decrypted_key 297s + mkdir -p /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 297s + key_file=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 297s + decrypted_key=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 297s + cat 297s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 297s + softhsm2-util --show-slots 297s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 297s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-31969 -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 297s writing RSA key 297s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 297s + rm /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 297s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 297s + echo 'Test Organization Sub Int Token' 297s + '[' -n '' ']' 297s + local output_base_name=SSSD-child-29350 297s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-29350.output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-29350.pem 297s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 297s [p11_child[3162]] [main] (0x0400): p11_child started. 297s [p11_child[3162]] [main] (0x2000): Running in [pre-auth] mode. 297s [p11_child[3162]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3162]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3162]] [do_card] (0x4000): Module List: 297s [p11_child[3162]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3162]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3162]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3162]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 297s [p11_child[3162]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3162]] [do_card] (0x4000): Login NOT required. 297s [p11_child[3162]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 297s [p11_child[3162]] [do_verification] (0x0040): X509_verify_cert failed [0]. 297s [p11_child[3162]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 297s [p11_child[3162]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 297s [p11_child[3162]] [do_card] (0x4000): No certificate found. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-29350.output 297s + return 2 297s + invalid_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem partial_chain 297s + check_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-root-CA.pem partial_chain 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 297s + local verify_option=partial_chain 297s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_cn 297s + local key_name 297s + local tokens_dir 297s + local output_cert_file 297s + token_name= 297s ++ basename /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 297s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 297s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s ++ sed -n 's/ *commonName *= //p' 297s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 297s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 297s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 297s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 297s + token_name='Test Organization Sub Int Token' 297s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 297s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 297s + echo 'Test Organization Sub Int Token' 297s + '[' -n partial_chain ']' 297s + local verify_arg=--verify=partial_chain 297s + local output_base_name=SSSD-child-26648 297s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-26648.output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-26648.pem 297s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-patcvf/test-root-CA.pem 297s [p11_child[3169]] [main] (0x0400): p11_child started. 297s [p11_child[3169]] [main] (0x2000): Running in [pre-auth] mode. 297s [p11_child[3169]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3169]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3169]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 297s [p11_child[3169]] [do_card] (0x4000): Module List: 297s [p11_child[3169]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3169]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3169]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3169]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 297s [p11_child[3169]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3169]] [do_card] (0x4000): Login NOT required. 297s [p11_child[3169]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 297s [p11_child[3169]] [do_verification] (0x0040): X509_verify_cert failed [0]. 297s [p11_child[3169]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 297s [p11_child[3169]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 297s [p11_child[3169]] [do_card] (0x4000): No certificate found. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-26648.output 297s + return 2 297s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 297s + check_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 297s + local verify_option= 297s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_cn 297s + local key_name 297s + local tokens_dir 297s + local output_cert_file 297s + token_name= 297s ++ basename /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 297s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 297s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s ++ sed -n 's/ *commonName *= //p' 297s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 297s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 297s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 297s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 297s + token_name='Test Organization Sub Int Token' 297s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 297s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 297s + echo 'Test Organization Sub Int Token' 297s + '[' -n '' ']' 297s + local output_base_name=SSSD-child-18625 297s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-18625.output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-18625.pem 297s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 297s [p11_child[3176]] [main] (0x0400): p11_child started. 297s [p11_child[3176]] [main] (0x2000): Running in [pre-auth] mode. 297s [p11_child[3176]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3176]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3176]] [do_card] (0x4000): Module List: 297s [p11_child[3176]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3176]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3176]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3176]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 297s [p11_child[3176]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3176]] [do_card] (0x4000): Login NOT required. 297s [p11_child[3176]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 297s [p11_child[3176]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 297s [p11_child[3176]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 297s [p11_child[3176]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3437f465;slot-manufacturer=SoftHSM%20project;slot-id=876082277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d2e171aeb437f465;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 297s [p11_child[3176]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-18625.output 297s + echo '-----BEGIN CERTIFICATE-----' 297s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-18625.output 297s + echo '-----END CERTIFICATE-----' 297s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-18625.pem 297s + local found_md5 expected_md5 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + expected_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-18625.pem 297s + found_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 297s + '[' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB '!=' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB ']' 297s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-18625-auth.output 297s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-18625-auth.output .output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-18625-auth.pem 297s + echo -n 053350 297s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 297s [p11_child[3184]] [main] (0x0400): p11_child started. 297s [p11_child[3184]] [main] (0x2000): Running in [auth] mode. 297s [p11_child[3184]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3184]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3184]] [do_card] (0x4000): Module List: 297s [p11_child[3184]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3184]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3184]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3184]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 297s [p11_child[3184]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3184]] [do_card] (0x4000): Login required. 297s [p11_child[3184]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 297s [p11_child[3184]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 297s [p11_child[3184]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 297s [p11_child[3184]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3437f465;slot-manufacturer=SoftHSM%20project;slot-id=876082277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d2e171aeb437f465;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 297s [p11_child[3184]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 297s [p11_child[3184]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 297s [p11_child[3184]] [do_card] (0x4000): Certificate verified and validated. 297s [p11_child[3184]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-18625-auth.output 297s + echo '-----BEGIN CERTIFICATE-----' 297s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-18625-auth.output 297s + echo '-----END CERTIFICATE-----' 297s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-18625-auth.pem 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-18625-auth.pem 297s + found_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 297s + '[' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB '!=' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB ']' 297s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem partial_chain 297s + check_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem partial_chain 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 297s + local verify_option=partial_chain 297s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_cn 297s + local key_name 297s + local tokens_dir 297s + local output_cert_file 297s + token_name= 297s ++ basename /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 297s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 297s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s ++ sed -n 's/ *commonName *= //p' 297s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 297s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 297s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 297s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 297s + token_name='Test Organization Sub Int Token' 297s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 297s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 297s + echo 'Test Organization Sub Int Token' 297s + '[' -n partial_chain ']' 297s + local verify_arg=--verify=partial_chain 297s + local output_base_name=SSSD-child-13391 297s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-13391.output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-13391.pem 297s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem 297s Test Organization Interme Token 297s Test Organization Interme Token 297s Certificate: 297s Data: 297s Version: 3 (0x2) 297s Serial Number: 4 (0x4) 297s Signature Algorithm: sha256WithRSAEncryption 297s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 297s Validity 297s Not Before: Nov 29 20:41:45 2024 GMT 297s Not After : Nov 29 20:41:45 2025 GMT 297s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 297s Subject Public Key Info: 297s Public Key Algorithm: rsaEncryption 297s Public-Key: (1024 bit) 297s Modulus: 297s 00:b7:e3:62:43:09:db:39:37:82:54:63:89:23:b6: 297s 43:09:69:8c:91:75:64:8d:ad:9b:d1:fa:94:db:96: 297s a4:ce:1a:14:cf:ed:91:8d:ac:f4:0b:dc:32:1c:f8: 297s 00:49:b0:69:aa:8a:7b:1c:20:33:4b:71:c9:96:73: 297s dc:ce:d8:7b:24:8e:bc:21:d5:e3:60:8e:4f:57:a3: 297s 4f:b6:89:0f:13:26:28:91:c6:aa:21:f1:ff:ec:34: 297s f0:61:bb:46:5e:a6:29:6b:0b:c0:95:76:43:14:37: 297s 24:e6:38:9f:b7:cd:0e:80:d8:01:db:a3:89:3e:1f: 297s 59:59:0b:76:97:2c:e0:65:39 297s Exponent: 65537 (0x10001) 297s X509v3 extensions: 297s X509v3 Authority Key Identifier: 297s 4F:F3:5C:9D:A7:86:FB:FA:82:E9:29:9E:8C:F2:2F:02:55:62:2C:51 297s X509v3 Basic Constraints: 297s CA:FALSE 297s Netscape Cert Type: 297s SSL Client, S/MIME 297s Netscape Comment: 297s Test Organization Intermediate CA trusted Certificate 297s X509v3 Subject Key Identifier: 297s 38:6F:96:77:EE:48:7F:45:D5:D1:26:CF:55:F4:50:F1:D9:11:A9:B1 297s X509v3 Key Usage: critical 297s Digital Signature, Non Repudiation, Key Encipherment 297s X509v3 Extended Key Usage: 297s TLS Web Client Authentication, E-mail Protection 297s X509v3 Subject Alternative Name: 297s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 297s Signature Algorithm: sha256WithRSAEncryption 297s Signature Value: 297s b4:53:0d:72:50:7a:b5:49:cd:2d:05:2e:49:32:94:d9:70:2b: 297s 3b:43:43:67:2f:18:00:59:83:22:18:64:25:09:23:65:47:0f: 297s 98:2b:c8:8f:23:4d:db:b2:f5:4d:18:00:a9:0f:93:17:e0:fa: 297s 27:3e:c1:be:88:94:c2:21:db:f5:19:45:9e:e0:19:6f:37:e1: 297s 66:ca:be:38:31:16:ed:4c:2a:33:37:e7:63:7f:62:fb:c3:ab: 297s 60:db:a6:27:f3:b5:7e:dc:c6:a2:84:10:ae:ba:8d:5b:0c:ff: 297s 71:1e:f3:ff:90:07:ca:13:80:b0:de:18:84:16:6c:2a:fb:a3: 297s 49:6e 297s Certificate: 297s Data: 297s Version: 3 (0x2) 297s Serial Number: 4 (0x4) 297s Signature Algorithm: sha256WithRSAEncryption 297s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 297s Validity 297s Not Before: Nov 29 20:41:45 2024 GMT 297s Not After : Nov 29 20:41:45 2025 GMT 297s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 297s Subject Public Key Info: 297s Public Key Algorithm: rsaEncryption 297s Public-Key: (1024 bit) 297s Modulus: 297s 00:b7:e3:62:43:09:db:39:37:82:54:63:89:23:b6: 297s 43:09:69:8c:91:75:64:8d:ad:9b:d1:fa:94:db:96: 297s a4:ce:1a:14:cf:ed:91:8d:ac:f4:0b:dc:32:1c:f8: 297s 00:49:b0:69:aa:8a:7b:1c:20:33:4b:71:c9:96:73: 297s dc:ce:d8:7b:24:8e:bc:21:d5:e3:60:8e:4f:57:a3: 297s 4f:b6:89:0f:13:26:28:91:c6:aa:21:f1:ff:ec:34: 297s f0:61:bb:46:5e:a6:29:6b:0b:c0:95:76:43:14:37: 297s 24:e6:38:9f:b7:cd:0e:80:d8:01:db:a3:89:3e:1f: 297s 59:59:0b:76:97:2c:e0:65:39 297s Exponent: 65537 (0x10001) 297s X509v3 extensions: 297s X509v3 Authority Key Identifier: 297s 4F:F3:5C:9D:A7:86:FB:FA:82:E9:29:9E:8C:F2:2F:02:55:62:2C:51 297s X509v3 Basic Constraints: 297s CA:FALSE 297s Netscape Cert Type: 297s SSL Client, S/MIME 297s Netscape Comment: 297s Test Organization Intermediate CA trusted Certificate 297s X509v3 Subject Key Identifier: 297s 38:6F:96:77:EE:48:7F:45:D5:D1:26:CF:55:F4:50:F1:D9:11:A9:B1 297s X509v3 Key Usage: critical 297s Digital Signature, Non Repudiation, Key Encipherment 297s X509v3 Extended Key Usage: 297s TLS Web Client Authentication, E-mail Protection 297s X509v3 Subject Alternative Name: 297s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 297s Signature Algorithm: sha256WithRSAEncryption 297s Signature Value: 297s b4:53:0d:72:50:7a:b5:49:cd:2d:05:2e:49:32:94:d9:70:2b: 297s 3b:43:43:67:2f:18:00:59:83:22:18:64:25:09:23:65:47:0f: 297s 98:2b:c8:8f:23:4d:db:b2:f5:4d:18:00:a9:0f:93:17:e0:fa: 297s 27:3e:c1:be:88:94:c2:21:db:f5:19:45:9e:e0:19:6f:37:e1: 297s 66:ca:be:38:31:16:ed:4c:2a:33:37:e7:63:7f:62:fb:c3:ab: 297s 60:db:a6:27:f3:b5:7e:dc:c6:a2:84:10:ae:ba:8d:5b:0c:ff: 297s 71:1e:f3:ff:90:07:ca:13:80:b0:de:18:84:16:6c:2a:fb:a3: 297s 49:6e 297s Slot 0 has a free/uninitialized token. 297s The token has been initialized and is reassigned to slot 876082277 297s Available slots: 297s Slot 876082277 297s Slot info: 297s Description: SoftHSM slot ID 0x3437f465 297s Manufacturer ID: SoftHSM project 297s Hardware version: 2.6 297s Firmware version: 2.6 297s Token present: yes 297s Token info: 297s Manufacturer ID: SoftHSM project 297s Model: SoftHSM v2 297s Hardware version: 2.6 297s Firmware version: 2.6 297s Serial number: d2e171aeb437f465 297s Initialized: yes 297s User PIN init.: yes 297s Label: Test Organization Sub Int Token 297s Slot 1 297s Slot info: 297s Description: SoftHSM slot ID 0x1 297s Manufacturer ID: SoftHSM project 297s Hardware version: 2.6 297s Firmware version: 2.6 297s Token present: yes 297s Token info: 297s Manufacturer ID: SoftHSM project 297s Model: SoftHSM v2 297s Hardware version: 2.6 297s Firmware version: 2.6 297s Serial number: 297s Initialized: no 297s User PIN init.: no 297s Label: 297s Object 0: 297s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d2e171aeb437f465;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 297s Type: X.509 Certificate (RSA-1024) 297s Expires: Sat Nov 29 20:41:45 2025 297s Label: Test Organization Sub Intermediate Trusted Certificate 0001 297s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 297s 297s Test Organization Sub Int Token 297s Test Organization Sub Int Token 297s Test Organization Sub Int Token 297s Certificate: 297s Data: 297s Version: 3 (0x2) 297s Serial Number: 5 (0x5) 297s Signature Algorithm: sha256WithRSAEncryption 297s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 297s Validity 297s Not Before: Nov 29 20:41:45 2024 GMT 297s Not After : Nov 29 20:41:45 2025 GMT 297s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 297s Subject Public Key Info: 297s Public Key Algorithm: rsaEncryption 297s Public-Key: (1024 bit) 297s Modulus: 297s 00:ca:8f:6e:7f:8a:64:68:c0:83:10:46:42:9e:74: 297s 1f:e8:7b:62:dd:69:7c:0b:a1:22:2c:a0:c6:10:02: 297s 23:76:07:81:0e:f5:c9:a2:17:8b:46:94:6b:b4:3f: 297s cc:74:64:84:22:3e:c3:78:10:c3:29:0f:61:0b:ca: 297s 69:22:74:dd:56:b1:99:e7:64:39:29:f2:07:81:7e: 297s 05:d9:8b:31:f5:c8:40:dc:ab:9e:5f:d4:7d:c9:b5: 297s 0b:db:c5:cd:01:4a:9f:5f:e1:0a:9b:e2:c6:6e:3e: 297s d7:55:22:16:90:64:de:40:e5:29:6f:9e:13:7a:f9: 297s 9d:2e:20:92:fd:13:ef:12:eb 297s Exponent: 65537 (0x10001) 297s X509v3 extensions: 297s X509v3 Authority Key Identifier: 297s AA:22:5A:19:7B:A7:77:58:6B:AA:77:0F:FC:EC:11:4F:CA:D7:44:F4 297s X509v3 Basic Constraints: 297s CA:FALSE 297s Netscape Cert Type: 297s SSL Client, S/MIME 297s Netscape Comment: 297s Test Organization Sub Intermediate CA trusted Certificate 297s X509v3 Subject Key Identifier: 297s B1:FC:36:D1:A1:02:17:9D:37:70:D4:AC:BD:ED:A9:23:FF:BF:12:BA 297s X509v3 Key Usage: critical 297s Digital Signature, Non Repudiation, Key Encipherment 297s X509v3 Extended Key Usage: 297s TLS Web Client Authentication, E-mail Protection 297s X509v3 Subject Alternative Name: 297s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 297s Signature Algorithm: sha256WithRSAEncryption 297s Signature Value: 297s 7a:e6:95:81:50:26:39:3e:59:76:8a:f7:12:20:a0:78:cb:73: 297s a2:f0:9a:46:39:1d:be:49:15:55:e1:71:04:28:85:b4:f4:d7: 297s 03:0b:4d:26:b9:17:a9:ea:b3:22:e1:73:0c:aa:36:ae:e6:25: 297s b0:21:0f:92:d4:e8:43:42:df:07:57:9a:cf:2e:d4:8f:15:0f: 297s 9b:e2:2a:8a:40:a1:3d:19:8c:29:1c:44:01:5c:a4:19:cf:8a: 297s f8:0e:21:3f:a1:a3:a1:44:97:42:e4:c8:c6:52:cb:53:61:57: 297s a2:65:ef:93:4c:59:27:77:c7:47:0a:e3:b0:5c:53:22:b4:62: 297s bc:5c 297s Certificate: 297s Data: 297s Version: 3 (0x2) 297s Serial Number: 5 (0x5) 297s Signature Algorithm: sha256WithRSAEncryption 297s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 297s Validity 297s Not Before: Nov 29 20:41:45 2024 GMT 297s Not After : Nov 29 20:41:45 2025 GMT 297s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 297s Subject Public Key Info: 297s Public Key Algorithm: rsaEncryption 297s Public-Key: (1024 bit) 297s Modulus: 297s 00:ca:8f:6e:7f:8a:64:68:c0:83:10:46:42:9e:74: 297s 1f:e8:7b:62:dd:69:7c:0b:a1:22:2c:a0:c6:10:02: 297s 23:76:07:81:0e:f5:c9:a2:17:8b:46:94:6b:b4:3f: 297s cc:74:64:84:22:3e:c3:78:10:c3:29:0f:61:0b:ca: 297s 69:22:74:dd:56:b1:99:e7:64:39:29:f2:07:81:7e: 297s 05:d9:8b:31:f5:c8:40:dc:ab:9e:5f:d4:7d:c9:b5: 297s 0b:db:c5:cd:01:4a:9f:5f:e1:0a:9b:e2:c6:6e:3e: 297s d7:55:22:16:90:64:de:40:e5:29:6f:9e:13:7a:f9: 297s 9d:2e:20:92:fd:13:ef:12:eb 297s Exponent: 65537 (0x10001) 297s X509v3 extensions: 297s X509v3 Authority Key Identifier: 297s AA:22:5A:19:7B:A7:77:58:6B:AA:77:0F:FC:EC:11:4F:CA:D7:44:F4 297s X509v3 Basic Constraints: 297s CA:FALSE 297s Netscape Cert Type: 297s SSL Client, S/MIME 297s Netscape Comment: 297s Test Organization Sub Intermediate CA trusted Certificate 297s X509v3 Subject Key Identifier: 297s B1:FC:36:D1:A1:02:17:9D:37:70:D4:AC:BD:ED:A9:23:FF:BF:12:BA 297s X509v3 Key Usage: critical 297s Digital Signature, Non Repudiation, Key Encipherment 297s X509v3 Extended Key Usage: 297s TLS Web Client Authentication, E-mail Protection 297s X509v3 Subject Alternative Name: 297s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 297s Signature Algorithm: sha256WithRSAEncryption 297s Signature Value: 297s 7a:e6:95:81:50:26:39:3e:59:76:8a:f7:12:20:a0:78:cb:73: 297s a2:f0:9a:46:39:1d:be:49:15:55:e1:71:04:28:85:b4:f4:d7: 297s 03:0b:4d:26:b9:17:a9:ea:b3:22:e1:73:0c:aa:36:ae:e6:25: 297s b0:21:0f:92:d4:e8:43:42:df:07:57:9a:cf:2e:d4:8f:15:0f: 297s 9b:e2:2a:8a:40:a1:3d:19:8c:29:1c:44:01:5c:a4:19:cf:8a: 297s f8:0e:21:3f:a1:a3:a1:44:97:42:e4:c8:c6:52:cb:53:61:57: 297s a2:65:ef:93:4c:59:27:77:c7:47:0a:e3:b0:5c:53:22:b4:62: 297s bc:5c 297s Test Organization Sub Int Token 297s [p11_child[3194]] [main] (0x0400): p11_child started. 297s [p11_child[3194]] [main] (0x2000): Running in [pre-auth] mode. 297s [p11_child[3194]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3194]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3194]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 297s [p11_child[3194]] [do_card] (0x4000): Module List: 297s [p11_child[3194]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3194]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3194]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3194]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 297s [p11_child[3194]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3194]] [do_card] (0x4000): Login NOT required. 297s [p11_child[3194]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 297s [p11_child[3194]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 297s [p11_child[3194]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 297s [p11_child[3194]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3437f465;slot-manufacturer=SoftHSM%20project;slot-id=876082277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d2e171aeb437f465;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 297s [p11_child[3194]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-13391.output 297s + echo '-----BEGIN CERTIFICATE-----' 297s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-13391.output 297s + echo '-----END CERTIFICATE-----' 297s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-13391.pem 297s Certificate: 297s Data: 297s Version: 3 (0x2) 297s Serial Number: 5 (0x5) 297s Signature Algorithm: sha256WithRSAEncryption 297s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 297s Validity 297s Not Before: Nov 29 20:41:45 2024 GMT 297s Not After : Nov 29 20:41:45 2025 GMT 297s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 297s Subject Public Key Info: 297s Public Key Algorithm: rsaEncryption 297s Public-Key: (1024 bit) 297s Modulus: 297s 00:ca:8f:6e:7f:8a:64:68:c0:83:10:46:42:9e:74: 297s 1f:e8:7b:62:dd:69:7c:0b:a1:22:2c:a0:c6:10:02: 297s 23:76:07:81:0e:f5:c9:a2:17:8b:46:94:6b:b4:3f: 297s cc:74:64:84:22:3e:c3:78:10:c3:29:0f:61:0b:ca: 297s 69:22:74:dd:56:b1:99:e7:64:39:29:f2:07:81:7e: 297s 05:d9:8b:31:f5:c8:40:dc:ab:9e:5f:d4:7d:c9:b5: 297s 0b:db:c5:cd:01:4a:9f:5f:e1:0a:9b:e2:c6:6e:3e: 297s d7:55:22:16:90:64:de:40:e5:29:6f:9e:13:7a:f9: 297s 9d:2e:20:92:fd:13:ef:12:eb 297s Exponent: 65537 (0x10001) 297s X509v3 extensions: 297s X509v3 Authority Key Identifier: 297s AA:22:5A:19:7B:A7:77:58:6B:AA:77:0F:FC:EC:11:4F:CA:D7:44:F4 297s X509v3 Basic Constraints: 297s CA:FALSE 297s Netscape Cert Type: 297s SSL Client, S/MIME 297s Netscape Comment: 297s Test Organization Sub Intermediate CA trusted Certificate 297s X509v3 Subject Key Identifier: 297s B1:FC:36:D1:A1:02:17:9D:37:70:D4:AC:BD:ED:A9:23:FF:BF:12:BA 297s X509v3 Key Usage: critical 297s Digital Signature, Non Repudiation, Key Encipherment 297s X509v3 Extended Key Usage: 297s TLS Web Client Authentication, E-mail Protection 297s X509v3 Subject Alternative Name: 297s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 297s Signature Algorithm: sha256WithRSAEncryption 297s Signature Value: 297s 7a:e6:95:81:50:26:39:3e:59:76:8a:f7:12:20:a0:78:cb:73: 297s a2:f0:9a:46:39:1d:be:49:15:55:e1:71:04:28:85:b4:f4:d7: 297s 03:0b:4d:26:b9:17:a9:ea:b3:22:e1:73:0c:aa:36:ae:e6:25: 297s b0:21:0f:92:d4:e8:43:42:df:07:57:9a:cf:2e:d4:8f:15:0f: 297s 9b:e2:2a:8a:40:a1:3d:19:8c:29:1c:44:01:5c:a4:19:cf:8a: 297s f8:0e:21:3f:a1:a3:a1:44:97:42:e4:c8:c6:52:cb:53:61:57: 297s a2:65:ef:93:4c:59:27:77:c7:47:0a:e3:b0:5c:53:22:b4:62: 297s bc:5c 297s + local found_md5 expected_md5 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + expected_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-13391.pem 297s + found_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 297s + '[' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB '!=' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB ']' 297s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-13391-auth.output 297s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-13391-auth.output .output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-13391-auth.pem 297s + echo -n 053350 297s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-patcvf/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 297s [p11_child[3202]] [main] (0x0400): p11_child started. 297s [p11_child[3202]] [main] (0x2000): Running in [auth] mode. 297s [p11_child[3202]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3202]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3202]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 297s [p11_child[3202]] [do_card] (0x4000): Module List: 297s [p11_child[3202]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3202]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3202]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3202]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 297s [p11_child[3202]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3202]] [do_card] (0x4000): Login required. 297s [p11_child[3202]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 297s [p11_child[3202]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 297s [p11_child[3202]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 297s [p11_child[3202]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3437f465;slot-manufacturer=SoftHSM%20project;slot-id=876082277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d2e171aeb437f465;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 297s [p11_child[3202]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 297s [p11_child[3202]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 297s [p11_child[3202]] [do_card] (0x4000): Certificate verified and validated. 297s [p11_child[3202]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-13391-auth.output 297s + echo '-----BEGIN CERTIFICATE-----' 297s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-13391-auth.output 297s + echo '-----END CERTIFICATE-----' 297s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-13391-auth.pem 297s Certificate: 297s Data: 297s Version: 3 (0x2) 297s Serial Number: 5 (0x5) 297s Signature Algorithm: sha256WithRSAEncryption 297s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 297s Validity 297s Not Before: Nov 29 20:41:45 2024 GMT 297s Not After : Nov 29 20:41:45 2025 GMT 297s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 297s Subject Public Key Info: 297s Public Key Algorithm: rsaEncryption 297s Public-Key: (1024 bit) 297s Modulus: 297s 00:ca:8f:6e:7f:8a:64:68:c0:83:10:46:42:9e:74: 297s 1f:e8:7b:62:dd:69:7c:0b:a1:22:2c:a0:c6:10:02: 297s 23:76:07:81:0e:f5:c9:a2:17:8b:46:94:6b:b4:3f: 297s cc:74:64:84:22:3e:c3:78:10:c3:29:0f:61:0b:ca: 297s 69:22:74:dd:56:b1:99:e7:64:39:29:f2:07:81:7e: 297s 05:d9:8b:31:f5:c8:40:dc:ab:9e:5f:d4:7d:c9:b5: 297s 0b:db:c5:cd:01:4a:9f:5f:e1:0a:9b:e2:c6:6e:3e: 297s d7:55:22:16:90:64:de:40:e5:29:6f:9e:13:7a:f9: 297s 9d:2e:20:92:fd:13:ef:12:eb 297s Exponent: 65537 (0x10001) 297s X509v3 extensions: 297s X509v3 Authority Key Identifier: 297s AA:22:5A:19:7B:A7:77:58:6B:AA:77:0F:FC:EC:11:4F:CA:D7:44:F4 297s X509v3 Basic Constraints: 297s CA:FALSE 297s Netscape Cert Type: 297s SSL Client, S/MIME 297s Netscape Comment: 297s Test Organization Sub Intermediate CA trusted Certificate 297s X509v3 Subject Key Identifier: 297s B1:FC:36:D1:A1:02:17:9D:37:70:D4:AC:BD:ED:A9:23:FF:BF:12:BA 297s X509v3 Key Usage: critical 297s Digital Signature, Non Repudiation, Key Encipherment 297s X509v3 Extended Key Usage: 297s TLS Web Client Authentication, E-mail Protection 297s X509v3 Subject Alternative Name: 297s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 297s Signature Algorithm: sha256WithRSAEncryption 297s Signature Value: 297s 7a:e6:95:81:50:26:39:3e:59:76:8a:f7:12:20:a0:78:cb:73: 297s a2:f0:9a:46:39:1d:be:49:15:55:e1:71:04:28:85:b4:f4:d7: 297s 03:0b:4d:26:b9:17:a9:ea:b3:22:e1:73:0c:aa:36:ae:e6:25: 297s b0:21:0f:92:d4:e8:43:42:df:07:57:9a:cf:2e:d4:8f:15:0f: 297s 9b:e2:2a:8a:40:a1:3d:19:8c:29:1c:44:01:5c:a4:19:cf:8a: 297s f8:0e:21:3f:a1:a3:a1:44:97:42:e4:c8:c6:52:cb:53:61:57: 297s a2:65:ef:93:4c:59:27:77:c7:47:0a:e3:b0:5c:53:22:b4:62: 297s bc:5c 297s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-13391-auth.pem 297s + found_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 297s + '[' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB '!=' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB ']' 297s + invalid_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 297s + check_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 297s + local verify_option= 297s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_cn 297s + local key_name 297s + local tokens_dir 297s + local output_cert_file 297s + token_name= 297s ++ basename /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 297s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 297s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s ++ sed -n 's/ *commonName *= //p' 297s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 297s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 297s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 297s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 297s + token_name='Test Organization Sub Int Token' 297s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 297s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 297s Test Organization Sub Int Token 297s + echo 'Test Organization Sub Int Token' 297s + '[' -n '' ']' 297s + local output_base_name=SSSD-child-27848 297s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-27848.output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-27848.pem 297s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 297s [p11_child[3212]] [main] (0x0400): p11_child started. 297s [p11_child[3212]] [main] (0x2000): Running in [pre-auth] mode. 297s [p11_child[3212]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3212]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3212]] [do_card] (0x4000): Module List: 297s [p11_child[3212]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3212]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3212]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3212]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 297s [p11_child[3212]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3212]] [do_card] (0x4000): Login NOT required. 297s [p11_child[3212]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 297s [p11_child[3212]] [do_verification] (0x0040): X509_verify_cert failed [0]. 297s [p11_child[3212]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 297s [p11_child[3212]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 297s [p11_child[3212]] [do_card] (0x4000): No certificate found. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-27848.output 297s + return 2 297s + invalid_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-root-intermediate-chain-CA.pem partial_chain 297s + check_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-root-intermediate-chain-CA.pem partial_chain 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-root-intermediate-chain-CA.pem 297s + local verify_option=partial_chain 297s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_cn 297s + local key_name 297s + local tokens_dir 297s + local output_cert_file 297s + token_name= 297s ++ basename /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 297s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 297s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s ++ sed -n 's/ *commonName *= //p' 297s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 297s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 297s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 297s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 297s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 297s + token_name='Test Organization Sub Int Token' 297s Test Organization Sub Int Token 297s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 297s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 297s + echo 'Test Organization Sub Int Token' 297s + '[' -n partial_chain ']' 297s + local verify_arg=--verify=partial_chain 297s + local output_base_name=SSSD-child-26871 297s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-26871.output 297s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-26871.pem 297s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-patcvf/test-root-intermediate-chain-CA.pem 297s [p11_child[3219]] [main] (0x0400): p11_child started. 297s [p11_child[3219]] [main] (0x2000): Running in [pre-auth] mode. 297s [p11_child[3219]] [main] (0x2000): Running with effective IDs: [0][0]. 297s [p11_child[3219]] [main] (0x2000): Running with real IDs [0][0]. 297s [p11_child[3219]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 297s [p11_child[3219]] [do_card] (0x4000): Module List: 297s [p11_child[3219]] [do_card] (0x4000): common name: [softhsm2]. 297s [p11_child[3219]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3219]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 297s [p11_child[3219]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 297s [p11_child[3219]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 297s [p11_child[3219]] [do_card] (0x4000): Login NOT required. 297s [p11_child[3219]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 297s [p11_child[3219]] [do_verification] (0x0040): X509_verify_cert failed [0]. 297s [p11_child[3219]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 297s [p11_child[3219]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 297s [p11_child[3219]] [do_card] (0x4000): No certificate found. 297s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-26871.output 297s + return 2 297s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem partial_chain 297s + check_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem partial_chain 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 297s + local verify_option=partial_chain 297s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 297s + local key_cn 297s + local key_name 297s + local tokens_dir 297s + local output_cert_file 297s + token_name= 297s ++ basename /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 297s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 297s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 297s ++ sed -n 's/ *commonName *= //p' 298s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 298s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 298s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 298s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 298s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 298s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 298s + token_name='Test Organization Sub Int Token' 298s Test Organization Sub Int Token 298s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 298s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 298s + echo 'Test Organization Sub Int Token' 298s + '[' -n partial_chain ']' 298s + local verify_arg=--verify=partial_chain 298s + local output_base_name=SSSD-child-32417 298s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-32417.output 298s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-32417.pem 298s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem 298s [p11_child[3226]] [main] (0x0400): p11_child started. 298s [p11_child[3226]] [main] (0x2000): Running in [pre-auth] mode. 298s [p11_child[3226]] [main] (0x2000): Running with effective IDs: [0][0]. 298s [p11_child[3226]] [main] (0x2000): Running with real IDs [0][0]. 298s [p11_child[3226]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 298s [p11_child[3226]] [do_card] (0x4000): Module List: 298s [p11_child[3226]] [do_card] (0x4000): common name: [softhsm2]. 298s [p11_child[3226]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 298s [p11_child[3226]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 298s [p11_child[3226]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 298s [p11_child[3226]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 298s [p11_child[3226]] [do_card] (0x4000): Login NOT required. 298s [p11_child[3226]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 298s [p11_child[3226]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 298s [p11_child[3226]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 298s [p11_child[3226]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3437f465;slot-manufacturer=SoftHSM%20project;slot-id=876082277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d2e171aeb437f465;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 298s [p11_child[3226]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 298s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-32417.output 298s + echo '-----BEGIN CERTIFICATE-----' 298s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-32417.output 298s + echo '-----END CERTIFICATE-----' 298s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-32417.pem 298s Certificate: 298s Data: 298s Version: 3 (0x2) 298s Serial Number: 5 (0x5) 298s Signature Algorithm: sha256WithRSAEncryption 298s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 298s Validity 298s Not Before: Nov 29 20:41:45 2024 GMT 298s Not After : Nov 29 20:41:45 2025 GMT 298s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 298s Subject Public Key Info: 298s Public Key Algorithm: rsaEncryption 298s Public-Key: (1024 bit) 298s Modulus: 298s 00:ca:8f:6e:7f:8a:64:68:c0:83:10:46:42:9e:74: 298s 1f:e8:7b:62:dd:69:7c:0b:a1:22:2c:a0:c6:10:02: 298s 23:76:07:81:0e:f5:c9:a2:17:8b:46:94:6b:b4:3f: 298s cc:74:64:84:22:3e:c3:78:10:c3:29:0f:61:0b:ca: 298s 69:22:74:dd:56:b1:99:e7:64:39:29:f2:07:81:7e: 298s 05:d9:8b:31:f5:c8:40:dc:ab:9e:5f:d4:7d:c9:b5: 298s 0b:db:c5:cd:01:4a:9f:5f:e1:0a:9b:e2:c6:6e:3e: 298s d7:55:22:16:90:64:de:40:e5:29:6f:9e:13:7a:f9: 298s 9d:2e:20:92:fd:13:ef:12:eb 298s Exponent: 65537 (0x10001) 298s X509v3 extensions: 298s X509v3 Authority Key Identifier: 298s AA:22:5A:19:7B:A7:77:58:6B:AA:77:0F:FC:EC:11:4F:CA:D7:44:F4 298s X509v3 Basic Constraints: 298s CA:FALSE 298s Netscape Cert Type: 298s SSL Client, S/MIME 298s Netscape Comment: 298s Test Organization Sub Intermediate CA trusted Certificate 298s X509v3 Subject Key Identifier: 298s B1:FC:36:D1:A1:02:17:9D:37:70:D4:AC:BD:ED:A9:23:FF:BF:12:BA 298s X509v3 Key Usage: critical 298s Digital Signature, Non Repudiation, Key Encipherment 298s X509v3 Extended Key Usage: 298s TLS Web Client Authentication, E-mail Protection 298s X509v3 Subject Alternative Name: 298s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 298s Signature Algorithm: sha256WithRSAEncryption 298s Signature Value: 298s 7a:e6:95:81:50:26:39:3e:59:76:8a:f7:12:20:a0:78:cb:73: 298s a2:f0:9a:46:39:1d:be:49:15:55:e1:71:04:28:85:b4:f4:d7: 298s 03:0b:4d:26:b9:17:a9:ea:b3:22:e1:73:0c:aa:36:ae:e6:25: 298s b0:21:0f:92:d4:e8:43:42:df:07:57:9a:cf:2e:d4:8f:15:0f: 298s 9b:e2:2a:8a:40:a1:3d:19:8c:29:1c:44:01:5c:a4:19:cf:8a: 298s f8:0e:21:3f:a1:a3:a1:44:97:42:e4:c8:c6:52:cb:53:61:57: 298s a2:65:ef:93:4c:59:27:77:c7:47:0a:e3:b0:5c:53:22:b4:62: 298s bc:5c 298s + local found_md5 expected_md5 298s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 298s + expected_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 298s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-32417.pem 298s + found_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 298s + '[' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB '!=' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB ']' 298s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-32417-auth.output 298s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-32417-auth.output .output 298s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-32417-auth.pem 298s + echo -n 053350 298s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 298s [p11_child[3234]] [main] (0x0400): p11_child started. 298s [p11_child[3234]] [main] (0x2000): Running in [auth] mode. 298s [p11_child[3234]] [main] (0x2000): Running with effective IDs: [0][0]. 298s [p11_child[3234]] [main] (0x2000): Running with real IDs [0][0]. 298s [p11_child[3234]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 298s [p11_child[3234]] [do_card] (0x4000): Module List: 298s [p11_child[3234]] [do_card] (0x4000): common name: [softhsm2]. 298s [p11_child[3234]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 298s [p11_child[3234]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 298s [p11_child[3234]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 298s [p11_child[3234]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 298s [p11_child[3234]] [do_card] (0x4000): Login required. 298s [p11_child[3234]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 298s [p11_child[3234]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 298s [p11_child[3234]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 298s [p11_child[3234]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3437f465;slot-manufacturer=SoftHSM%20project;slot-id=876082277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d2e171aeb437f465;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 298s [p11_child[3234]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 298s [p11_child[3234]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 298s [p11_child[3234]] [do_card] (0x4000): Certificate verified and validated. 298s [p11_child[3234]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 298s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-32417-auth.output 298s + echo '-----BEGIN CERTIFICATE-----' 298s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-32417-auth.output 298s + echo '-----END CERTIFICATE-----' 298s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-32417-auth.pem 298s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-32417-auth.pem 298s Certificate: 298s Data: 298s Version: 3 (0x2) 298s Serial Number: 5 (0x5) 298s Signature Algorithm: sha256WithRSAEncryption 298s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 298s Validity 298s Not Before: Nov 29 20:41:45 2024 GMT 298s Not After : Nov 29 20:41:45 2025 GMT 298s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 298s Subject Public Key Info: 298s Public Key Algorithm: rsaEncryption 298s Public-Key: (1024 bit) 298s Modulus: 298s 00:ca:8f:6e:7f:8a:64:68:c0:83:10:46:42:9e:74: 298s 1f:e8:7b:62:dd:69:7c:0b:a1:22:2c:a0:c6:10:02: 298s 23:76:07:81:0e:f5:c9:a2:17:8b:46:94:6b:b4:3f: 298s cc:74:64:84:22:3e:c3:78:10:c3:29:0f:61:0b:ca: 298s 69:22:74:dd:56:b1:99:e7:64:39:29:f2:07:81:7e: 298s 05:d9:8b:31:f5:c8:40:dc:ab:9e:5f:d4:7d:c9:b5: 298s 0b:db:c5:cd:01:4a:9f:5f:e1:0a:9b:e2:c6:6e:3e: 298s d7:55:22:16:90:64:de:40:e5:29:6f:9e:13:7a:f9: 298s 9d:2e:20:92:fd:13:ef:12:eb 298s Exponent: 65537 (0x10001) 298s X509v3 extensions: 298s X509v3 Authority Key Identifier: 298s AA:22:5A:19:7B:A7:77:58:6B:AA:77:0F:FC:EC:11:4F:CA:D7:44:F4 298s X509v3 Basic Constraints: 298s CA:FALSE 298s Netscape Cert Type: 298s SSL Client, S/MIME 298s Netscape Comment: 298s Test Organization Sub Intermediate CA trusted Certificate 298s X509v3 Subject Key Identifier: 298s B1:FC:36:D1:A1:02:17:9D:37:70:D4:AC:BD:ED:A9:23:FF:BF:12:BA 298s X509v3 Key Usage: critical 298s Digital Signature, Non Repudiation, Key Encipherment 298s X509v3 Extended Key Usage: 298s TLS Web Client Authentication, E-mail Protection 298s X509v3 Subject Alternative Name: 298s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 298s Signature Algorithm: sha256WithRSAEncryption 298s Signature Value: 298s 7a:e6:95:81:50:26:39:3e:59:76:8a:f7:12:20:a0:78:cb:73: 298s a2:f0:9a:46:39:1d:be:49:15:55:e1:71:04:28:85:b4:f4:d7: 298s 03:0b:4d:26:b9:17:a9:ea:b3:22:e1:73:0c:aa:36:ae:e6:25: 298s b0:21:0f:92:d4:e8:43:42:df:07:57:9a:cf:2e:d4:8f:15:0f: 298s 9b:e2:2a:8a:40:a1:3d:19:8c:29:1c:44:01:5c:a4:19:cf:8a: 298s f8:0e:21:3f:a1:a3:a1:44:97:42:e4:c8:c6:52:cb:53:61:57: 298s a2:65:ef:93:4c:59:27:77:c7:47:0a:e3:b0:5c:53:22:b4:62: 298s bc:5c 298s + found_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 298s + '[' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB '!=' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB ']' 298s + valid_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-intermediate-sub-chain-CA.pem partial_chain 298s + check_certificate /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 /tmp/sssd-softhsm2-patcvf/test-intermediate-sub-chain-CA.pem partial_chain 298s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 298s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 298s + local key_ring=/tmp/sssd-softhsm2-patcvf/test-intermediate-sub-chain-CA.pem 298s + local verify_option=partial_chain 298s + prepare_softhsm2_card /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31969 298s + local certificate=/tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 298s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31969 298s + local key_cn 298s + local key_name 298s + local tokens_dir 298s + local output_cert_file 298s + token_name= 298s ++ basename /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 298s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 298s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 298s ++ sed -n 's/ *commonName *= //p' 298s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 298s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 298s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 298s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 298s ++ basename /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 298s + tokens_dir=/tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 298s + token_name='Test Organization Sub Int Token' 298s + '[' '!' -e /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 298s + '[' '!' -d /tmp/sssd-softhsm2-patcvf/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 298s + echo 'Test Organization Sub Int Token' 298s + '[' -n partial_chain ']' 298s + local verify_arg=--verify=partial_chain 298s + local output_base_name=SSSD-child-32329 298s + local output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-32329.output 298s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-32329.pem 298s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-patcvf/test-intermediate-sub-chain-CA.pem 298s Test Organization Sub Int Token 298s [p11_child[3244]] [main] (0x0400): p11_child started. 298s [p11_child[3244]] [main] (0x2000): Running in [pre-auth] mode. 298s [p11_child[3244]] [main] (0x2000): Running with effective IDs: [0][0]. 298s [p11_child[3244]] [main] (0x2000): Running with real IDs [0][0]. 298s [p11_child[3244]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 298s [p11_child[3244]] [do_card] (0x4000): Module List: 298s [p11_child[3244]] [do_card] (0x4000): common name: [softhsm2]. 298s [p11_child[3244]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 298s [p11_child[3244]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 298s [p11_child[3244]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 298s [p11_child[3244]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 298s [p11_child[3244]] [do_card] (0x4000): Login NOT required. 298s [p11_child[3244]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 298s [p11_child[3244]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 298s [p11_child[3244]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 298s [p11_child[3244]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3437f465;slot-manufacturer=SoftHSM%20project;slot-id=876082277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d2e171aeb437f465;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 298s [p11_child[3244]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 298s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-32329.output 298s + echo '-----BEGIN CERTIFICATE-----' 298s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-32329.output 298s + echo '-----END CERTIFICATE-----' 298s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-32329.pem 298s + local found_md5 expected_md5 298s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/test-sub-intermediate-CA-trusted-certificate-0001.pem 298s Certificate: 298s Data: 298s Version: 3 (0x2) 298s Serial Number: 5 (0x5) 298s Signature Algorithm: sha256WithRSAEncryption 298s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 298s Validity 298s Not Before: Nov 29 20:41:45 2024 GMT 298s Not After : Nov 29 20:41:45 2025 GMT 298s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 298s Subject Public Key Info: 298s Public Key Algorithm: rsaEncryption 298s Public-Key: (1024 bit) 298s Modulus: 298s 00:ca:8f:6e:7f:8a:64:68:c0:83:10:46:42:9e:74: 298s 1f:e8:7b:62:dd:69:7c:0b:a1:22:2c:a0:c6:10:02: 298s 23:76:07:81:0e:f5:c9:a2:17:8b:46:94:6b:b4:3f: 298s cc:74:64:84:22:3e:c3:78:10:c3:29:0f:61:0b:ca: 298s 69:22:74:dd:56:b1:99:e7:64:39:29:f2:07:81:7e: 298s 05:d9:8b:31:f5:c8:40:dc:ab:9e:5f:d4:7d:c9:b5: 298s 0b:db:c5:cd:01:4a:9f:5f:e1:0a:9b:e2:c6:6e:3e: 298s d7:55:22:16:90:64:de:40:e5:29:6f:9e:13:7a:f9: 298s 9d:2e:20:92:fd:13:ef:12:eb 298s Exponent: 65537 (0x10001) 298s X509v3 extensions: 298s X509v3 Authority Key Identifier: 298s AA:22:5A:19:7B:A7:77:58:6B:AA:77:0F:FC:EC:11:4F:CA:D7:44:F4 298s X509v3 Basic Constraints: 298s CA:FALSE 298s Netscape Cert Type: 298s SSL Client, S/MIME 298s Netscape Comment: 298s Test Organization Sub Intermediate CA trusted Certificate 298s X509v3 Subject Key Identifier: 298s B1:FC:36:D1:A1:02:17:9D:37:70:D4:AC:BD:ED:A9:23:FF:BF:12:BA 298s X509v3 Key Usage: critical 298s Digital Signature, Non Repudiation, Key Encipherment 298s X509v3 Extended Key Usage: 298s TLS Web Client Authentication, E-mail Protection 298s X509v3 Subject Alternative Name: 298s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 298s Signature Algorithm: sha256WithRSAEncryption 298s Signature Value: 298s 7a:e6:95:81:50:26:39:3e:59:76:8a:f7:12:20:a0:78:cb:73: 298s a2:f0:9a:46:39:1d:be:49:15:55:e1:71:04:28:85:b4:f4:d7: 298s 03:0b:4d:26:b9:17:a9:ea:b3:22:e1:73:0c:aa:36:ae:e6:25: 298s b0:21:0f:92:d4:e8:43:42:df:07:57:9a:cf:2e:d4:8f:15:0f: 298s 9b:e2:2a:8a:40:a1:3d:19:8c:29:1c:44:01:5c:a4:19:cf:8a: 298s f8:0e:21:3f:a1:a3:a1:44:97:42:e4:c8:c6:52:cb:53:61:57: 298s a2:65:ef:93:4c:59:27:77:c7:47:0a:e3:b0:5c:53:22:b4:62: 298s bc:5c 298s + expected_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 298s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-32329.pem 298s + found_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 298s + '[' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB '!=' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB ']' 298s + output_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-32329-auth.output 298s ++ basename /tmp/sssd-softhsm2-patcvf/SSSD-child-32329-auth.output .output 298s + output_cert_file=/tmp/sssd-softhsm2-patcvf/SSSD-child-32329-auth.pem 298s + echo -n 053350 298s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-patcvf/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 298s [p11_child[3252]] [main] (0x0400): p11_child started. 298s [p11_child[3252]] [main] (0x2000): Running in [auth] mode. 298s [p11_child[3252]] [main] (0x2000): Running with effective IDs: [0][0]. 298s [p11_child[3252]] [main] (0x2000): Running with real IDs [0][0]. 298s [p11_child[3252]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 298s [p11_child[3252]] [do_card] (0x4000): Module List: 298s [p11_child[3252]] [do_card] (0x4000): common name: [softhsm2]. 298s [p11_child[3252]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 298s [p11_child[3252]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3437f465] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 298s [p11_child[3252]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 298s [p11_child[3252]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3437f465][876082277] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 298s [p11_child[3252]] [do_card] (0x4000): Login required. 298s [p11_child[3252]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 298s [p11_child[3252]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 298s [p11_child[3252]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 298s [p11_child[3252]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3437f465;slot-manufacturer=SoftHSM%20project;slot-id=876082277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d2e171aeb437f465;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 298s [p11_child[3252]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 298s [p11_child[3252]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 298s [p11_child[3252]] [do_card] (0x4000): Certificate verified and validated. 298s [p11_child[3252]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 298s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-patcvf/SSSD-child-32329-auth.output 298s + echo '-----BEGIN CERTIFICATE-----' 298s + tail -n1 /tmp/sssd-softhsm2-patcvf/SSSD-child-32329-auth.output 298s + echo '-----END CERTIFICATE-----' 298s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-patcvf/SSSD-child-32329-auth.pem 298s Certificate: 298s Data: 298s Version: 3 (0x2) 298s Serial Number: 5 (0x5) 298s Signature Algorithm: sha256WithRSAEncryption 298s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 298s Validity 298s Not Before: Nov 29 20:41:45 2024 GMT 298s Not After : Nov 29 20:41:45 2025 GMT 298s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 298s Subject Public Key Info: 298s Public Key Algorithm: rsaEncryption 298s Public-Key: (1024 bit) 298s Modulus: 298s 00:ca:8f:6e:7f:8a:64:68:c0:83:10:46:42:9e:74: 298s 1f:e8:7b:62:dd:69:7c:0b:a1:22:2c:a0:c6:10:02: 298s 23:76:07:81:0e:f5:c9:a2:17:8b:46:94:6b:b4:3f: 298s cc:74:64:84:22:3e:c3:78:10:c3:29:0f:61:0b:ca: 298s 69:22:74:dd:56:b1:99:e7:64:39:29:f2:07:81:7e: 298s 05:d9:8b:31:f5:c8:40:dc:ab:9e:5f:d4:7d:c9:b5: 298s 0b:db:c5:cd:01:4a:9f:5f:e1:0a:9b:e2:c6:6e:3e: 298s d7:55:22:16:90:64:de:40:e5:29:6f:9e:13:7a:f9: 298s 9d:2e:20:92:fd:13:ef:12:eb 298s Exponent: 65537 (0x10001) 298s X509v3 extensions: 298s X509v3 Authority Key Identifier: 298s AA:22:5A:19:7B:A7:77:58:6B:AA:77:0F:FC:EC:11:4F:CA:D7:44:F4 298s X509v3 Basic Constraints: 298s CA:FALSE 298s Netscape Cert Type: 298s SSL Client, S/MIME 298s Netscape Comment: 298s Test Organization Sub Intermediate CA trusted Certificate 298s X509v3 Subject Key Identifier: 298s B1:FC:36:D1:A1:02:17:9D:37:70:D4:AC:BD:ED:A9:23:FF:BF:12:BA 298s X509v3 Key Usage: critical 298s Digital Signature, Non Repudiation, Key Encipherment 298s X509v3 Extended Key Usage: 298s TLS Web Client Authentication, E-mail Protection 298s X509v3 Subject Alternative Name: 298s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 298s Signature Algorithm: sha256WithRSAEncryption 298s Signature Value: 298s 7a:e6:95:81:50:26:39:3e:59:76:8a:f7:12:20:a0:78:cb:73: 298s a2:f0:9a:46:39:1d:be:49:15:55:e1:71:04:28:85:b4:f4:d7: 298s 03:0b:4d:26:b9:17:a9:ea:b3:22:e1:73:0c:aa:36:ae:e6:25: 298s b0:21:0f:92:d4:e8:43:42:df:07:57:9a:cf:2e:d4:8f:15:0f: 298s 9b:e2:2a:8a:40:a1:3d:19:8c:29:1c:44:01:5c:a4:19:cf:8a: 298s f8:0e:21:3f:a1:a3:a1:44:97:42:e4:c8:c6:52:cb:53:61:57: 298s a2:65:ef:93:4c:59:27:77:c7:47:0a:e3:b0:5c:53:22:b4:62: 298s bc:5c 298s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-patcvf/SSSD-child-32329-auth.pem 298s + found_md5=Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB 298s + '[' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB '!=' Modulus=CA8F6E7F8A6468C0831046429E741FE87B62DD697C0BA1222CA0C61002237607810EF5C9A2178B46946BB43FCC746484223EC37810C3290F610BCA692274DD56B199E7643929F207817E05D98B31F5C840DCAB9E5FD47DC9B50BDBC5CD014A9F5FE10A9BE2C66E3ED75522169064DE40E5296F9E137AF99D2E2092FD13EF12EB ']' 298s + set +x 298s 298s Test completed, Root CA and intermediate issued certificates verified! 298s autopkgtest [20:41:48]: test sssd-softhism2-certificates-tests.sh: -----------------------] 299s autopkgtest [20:41:49]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 299s sssd-softhism2-certificates-tests.sh PASS 299s autopkgtest [20:41:49]: test sssd-smart-card-pam-auth-configs: preparing testbed 299s Reading package lists... 299s Building dependency tree... 299s Reading state information... 299s Starting pkgProblemResolver with broken count: 0 299s Starting 2 pkgProblemResolver with broken count: 0 299s Done 300s The following NEW packages will be installed: 300s pamtester 300s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 300s Need to get 12.2 kB of archives. 300s After this operation, 36.9 kB of additional disk space will be used. 300s Get:1 http://ftpmaster.internal/ubuntu noble/universe s390x pamtester s390x 0.1.2-4 [12.2 kB] 300s Fetched 12.2 kB in 0s (89.2 kB/s) 300s Selecting previously unselected package pamtester. 300s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 54880 files and directories currently installed.) 300s Preparing to unpack .../pamtester_0.1.2-4_s390x.deb ... 300s Unpacking pamtester (0.1.2-4) ... 300s Setting up pamtester (0.1.2-4) ... 300s Processing triggers for man-db (2.12.0-4build2) ... 301s autopkgtest [20:41:51]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 301s autopkgtest [20:41:51]: test sssd-smart-card-pam-auth-configs: [----------------------- 301s + '[' -z ubuntu ']' 301s + export DEBIAN_FRONTEND=noninteractive 301s + DEBIAN_FRONTEND=noninteractive 301s + required_tools=(pamtester softhsm2-util sssd) 301s + [[ ! -v OFFLINE_MODE ]] 301s + for cmd in "${required_tools[@]}" 301s + command -v pamtester 301s + for cmd in "${required_tools[@]}" 301s + command -v softhsm2-util 301s + for cmd in "${required_tools[@]}" 301s + command -v sssd 301s + PIN=123456 301s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 301s + tmpdir=/tmp/sssd-softhsm2-certs-TZep9a 301s + backupsdir= 301s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 301s + declare -a restore_paths 301s + declare -a delete_paths 301s + trap handle_exit EXIT 301s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 301s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 301s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 301s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 301s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-TZep9a GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 301s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-TZep9a 301s + GENERATE_SMART_CARDS=1 301s + KEEP_TEMPORARY_FILES=1 301s + NO_SSSD_TESTS=1 301s + bash debian/tests/sssd-softhism2-certificates-tests.sh 301s + '[' -z ubuntu ']' 301s + required_tools=(p11tool openssl softhsm2-util) 301s + for cmd in "${required_tools[@]}" 301s + command -v p11tool 301s + for cmd in "${required_tools[@]}" 301s + command -v openssl 301s + for cmd in "${required_tools[@]}" 301s + command -v softhsm2-util 301s + PIN=123456 301s +++ find /usr/lib/softhsm/libsofthsm2.so 301s +++ head -n 1 301s ++ realpath /usr/lib/softhsm/libsofthsm2.so 301s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 301s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 301s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 301s + '[' '!' -v NO_SSSD_TESTS ']' 301s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 301s + tmpdir=/tmp/sssd-softhsm2-certs-TZep9a 301s + keys_size=1024 301s + [[ ! -v KEEP_TEMPORARY_FILES ]] 301s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 301s + echo -n 01 301s + touch /tmp/sssd-softhsm2-certs-TZep9a/index.txt 301s + mkdir -p /tmp/sssd-softhsm2-certs-TZep9a/new_certs 301s + cat 301s + root_ca_key_pass=pass:random-root-CA-password-11209 301s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-key.pem -passout pass:random-root-CA-password-11209 1024 301s + openssl req -passin pass:random-root-CA-password-11209 -batch -config /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.pem 301s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.pem 301s + cat 301s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-7019 301s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-7019 1024 301s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-7019 -config /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-11209 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-certificate-request.pem 301s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-certificate-request.pem 301s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.config -passin pass:random-root-CA-password-11209 -keyfile /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem 301s Certificate Request: 301s Data: 301s Version: 1 (0x0) 301s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 301s Subject Public Key Info: 301s Public Key Algorithm: rsaEncryption 301s Public-Key: (1024 bit) 301s Modulus: 301s 00:9a:be:f7:d4:a2:2e:e3:34:72:56:9c:f5:9c:06: 301s 78:54:0d:1e:4f:8c:06:7a:06:1d:63:55:16:34:84: 301s 3d:05:cf:bf:f8:79:0e:db:72:ed:7a:df:3e:67:17: 301s 38:f6:de:c1:5e:8b:22:95:e1:30:5d:26:b4:f2:21: 301s e9:85:bb:6a:1d:4a:15:37:da:93:50:e4:cf:1f:3e: 301s 8e:a3:35:da:7c:03:fa:52:ef:df:ae:0a:28:1c:79: 301s 6e:2f:71:4c:a9:a1:b4:0f:ba:8a:c6:71:cd:81:9a: 301s fa:4c:45:a3:d7:2b:1d:cc:36:ec:dd:ff:67:32:91: 301s 53:40:12:d6:61:f7:b2:8e:33 301s Exponent: 65537 (0x10001) 301s Attributes: 301s (none) 301s Requested Extensions: 301s Signature Algorithm: sha256WithRSAEncryption 301s Signature Value: 301s 89:b5:7a:a3:99:b5:ac:31:84:a5:21:f7:ba:d2:b7:d5:1d:ee: 301s 3c:fa:e3:2f:79:cf:61:04:2c:4c:3a:0e:65:66:eb:2b:de:9b: 301s 40:0e:50:59:04:09:a0:e6:f6:7a:0e:c8:5f:bc:0d:ea:40:0f: 301s d8:eb:57:67:4f:17:6c:03:8b:98:f2:a8:20:25:46:63:ed:67: 301s 67:cb:0a:67:38:48:d5:33:c4:a3:f2:e4:ea:46:6f:49:c8:4c: 301s a7:88:9a:12:29:ec:7a:6e:9e:2d:6a:22:bd:85:90:ab:67:af: 301s 16:e2:6c:83:72:a7:bd:57:8d:94:06:c7:e2:43:98:71:e4:7c: 301s 8a:b9 301s Using configuration from /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.config 301s Check that the request matches the signature 301s Signature ok 301s Certificate Details: 301s Serial Number: 1 (0x1) 301s Validity 301s Not Before: Nov 29 20:41:51 2024 GMT 301s Not After : Nov 29 20:41:51 2025 GMT 301s Subject: 301s organizationName = Test Organization 301s organizationalUnitName = Test Organization Unit 301s commonName = Test Organization Intermediate CA 301s X509v3 extensions: 301s X509v3 Subject Key Identifier: 301s CF:53:1A:41:1F:97:13:BF:58:B8:01:C1:8F:31:75:5B:C7:4F:28:7B 301s X509v3 Authority Key Identifier: 301s keyid:AF:8F:88:0A:9E:FB:79:7A:D8:73:02:47:2E:2E:0E:54:36:A3:19:51 301s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 301s serial:00 301s X509v3 Basic Constraints: 301s CA:TRUE 301s X509v3 Key Usage: critical 301s Digital Signature, Certificate Sign, CRL Sign 301s Certificate is to be certified until Nov 29 20:41:51 2025 GMT (365 days) 301s 301s Write out database with 1 new entries 301s Database updated 301s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem 301s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem 301s /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem: OK 301s + cat 301s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-6868 301s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-6868 1024 301s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-6868 -config /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-7019 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-certificate-request.pem 301s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-certificate-request.pem 301s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-7019 -keyfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem 301s Certificate Request: 301s Data: 301s Version: 1 (0x0) 301s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 301s Subject Public Key Info: 301s Public Key Algorithm: rsaEncryption 301s Public-Key: (1024 bit) 301s Modulus: 301s 00:e1:dc:62:d7:80:a1:81:d1:3b:e8:77:6d:aa:e5: 301s 3f:c4:fa:8e:77:07:13:5b:db:ce:21:1a:bb:7e:d3: 301s 3c:1a:3b:a5:54:b6:8d:a2:20:ca:60:9f:ff:93:7a: 301s be:98:2f:59:65:e2:ee:b3:8e:4b:03:96:7f:5f:42: 301s 8c:5a:56:7b:5a:f2:52:ca:8f:63:ca:c8:ff:b9:4d: 301s 76:2e:47:14:eb:04:ee:2d:45:ac:b3:9e:5d:c4:64: 301s 2a:4a:80:bd:61:e3:ec:fa:28:48:fd:76:bf:31:ee: 301s 03:60:d1:ef:bf:76:67:cb:88:71:52:34:38:8c:58: 301s b5:ea:5c:b3:65:c5:bb:8b:ef 301s Exponent: 65537 (0x10001) 301s Attributes: 301s (none) 301s Requested Extensions: 301s Signature Algorithm: sha256WithRSAEncryption 301s Signature Value: 301s 7c:af:4a:26:c0:f6:cb:2a:e4:e9:40:fc:15:51:03:14:50:6d: 301s 9e:70:18:af:c7:1b:cd:34:f0:6f:f0:79:88:01:f1:d0:0d:07: 301s 5f:10:72:f0:84:68:e9:81:9d:7c:fc:16:69:89:65:6c:25:09: 301s 0a:45:32:72:71:b6:7f:2c:84:d5:d0:db:b2:5e:23:0b:61:91: 301s 82:4b:c4:b6:19:ba:c6:9a:80:61:4f:9c:42:1f:71:82:48:a3: 301s 7e:c1:3b:c8:90:c0:c8:65:f0:2f:56:74:47:da:9c:af:56:ce: 301s b8:aa:04:cc:5f:3f:05:bf:c7:41:53:64:a5:31:da:2e:c6:5b: 301s 98:bf 301s Using configuration from /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.config 301s Check that the request matches the signature 301s Signature ok 301s Certificate Details: 301s Serial Number: 2 (0x2) 301s Validity 301s Not Before: Nov 29 20:41:51 2024 GMT 301s Not After : Nov 29 20:41:51 2025 GMT 301s Subject: 301s organizationName = Test Organization 301s organizationalUnitName = Test Organization Unit 301s commonName = Test Organization Sub Intermediate CA 301s X509v3 extensions: 301s X509v3 Subject Key Identifier: 301s 06:9E:5C:80:0B:FE:99:DE:31:69:75:B7:1E:F9:E3:CC:95:0C:8C:A3 301s X509v3 Authority Key Identifier: 301s keyid:CF:53:1A:41:1F:97:13:BF:58:B8:01:C1:8F:31:75:5B:C7:4F:28:7B 301s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 301s serial:01 301s X509v3 Basic Constraints: 301s CA:TRUE 301s X509v3 Key Usage: critical 301s Digital Signature, Certificate Sign, CRL Sign 301s Certificate is to be certified until Nov 29 20:41:51 2025 GMT (365 days) 301s 301s Write out database with 1 new entries 301s Database updated 301s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem 301s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem 301s /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem: OK 301s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem 301s + local cmd=openssl 301s + shift 301s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem 301s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 301s error 20 at 0 depth lookup: unable to get local issuer certificate 301s error /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem: verification failed 301s + cat 301s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-16347 301s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-16347 1024 302s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-16347 -key /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001-request.pem 302s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001-request.pem 302s Certificate Request: 302s Data: 302s Version: 1 (0x0) 302s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 302s Subject Public Key Info: 302s Public Key Algorithm: rsaEncryption 302s Public-Key: (1024 bit) 302s Modulus: 302s 00:ce:b7:c4:2e:22:f7:a1:5a:24:1a:26:d8:86:97: 302s 80:d7:e1:8b:7e:a4:10:8f:25:51:10:10:c1:c0:3d: 302s 60:3b:77:df:b6:74:84:9b:5a:98:07:db:55:72:35: 302s 0f:bc:6e:b5:2f:3a:23:af:95:16:37:8a:5a:6c:5f: 302s df:37:04:31:da:ea:0c:bb:bb:f6:43:fa:07:fe:53: 302s c0:7d:ed:03:54:15:5e:ab:63:d3:e5:8c:62:58:ff: 302s fc:67:c0:0c:2c:b6:24:37:70:10:6f:f9:cd:f7:9d: 302s 0b:41:21:a8:53:e6:90:17:5d:6e:f9:bd:7c:2e:76: 302s 2a:d5:a4:f8:da:a3:9e:a3:53 302s Exponent: 65537 (0x10001) 302s Attributes: 302s Requested Extensions: 302s X509v3 Basic Constraints: 302s CA:FALSE 302s Netscape Cert Type: 302s SSL Client, S/MIME 302s Netscape Comment: 302s Test Organization Root CA trusted Certificate 302s X509v3 Subject Key Identifier: 302s 1F:E0:6E:03:A0:71:FF:A4:42:FD:E5:27:7A:07:1E:2A:D3:BB:EE:CE 302s X509v3 Key Usage: critical 302s Digital Signature, Non Repudiation, Key Encipherment 302s X509v3 Extended Key Usage: 302s TLS Web Client Authentication, E-mail Protection 302s X509v3 Subject Alternative Name: 302s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 302s Signature Algorithm: sha256WithRSAEncryption 302s Signature Value: 302s 11:a8:6b:94:f9:61:38:96:45:fc:70:61:71:17:5e:85:0c:af: 302s 31:6b:70:1f:77:c1:02:a0:33:62:81:c9:4e:c2:a0:c1:38:a2: 302s cd:f9:13:14:36:17:3f:b4:ad:ca:83:cf:b5:42:0e:c3:73:9e: 302s 1f:25:f3:7b:d8:27:ae:dd:be:2c:b0:e4:46:f6:25:36:1b:2d: 302s af:96:33:7a:cc:39:76:cc:ae:c3:7f:87:95:5e:a1:56:b8:75: 302s cb:f8:0a:9d:72:d3:a5:8d:e5:48:59:98:35:d1:b5:71:93:94: 302s e0:6f:46:5e:45:62:b9:e4:a1:82:5c:69:d9:90:9f:36:22:f6: 302s e7:5b 302s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.config -passin pass:random-root-CA-password-11209 -keyfile /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem 302s Using configuration from /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.config 302s Check that the request matches the signature 302s Signature ok 302s Certificate Details: 302s Serial Number: 3 (0x3) 302s Validity 302s Not Before: Nov 29 20:41:52 2024 GMT 302s Not After : Nov 29 20:41:52 2025 GMT 302s Subject: 302s organizationName = Test Organization 302s organizationalUnitName = Test Organization Unit 302s commonName = Test Organization Root Trusted Certificate 0001 302s X509v3 extensions: 302s X509v3 Authority Key Identifier: 302s AF:8F:88:0A:9E:FB:79:7A:D8:73:02:47:2E:2E:0E:54:36:A3:19:51 302s X509v3 Basic Constraints: 302s CA:FALSE 302s Netscape Cert Type: 302s SSL Client, S/MIME 302s Netscape Comment: 302s Test Organization Root CA trusted Certificate 302s X509v3 Subject Key Identifier: 302s 1F:E0:6E:03:A0:71:FF:A4:42:FD:E5:27:7A:07:1E:2A:D3:BB:EE:CE 302s X509v3 Key Usage: critical 302s Digital Signature, Non Repudiation, Key Encipherment 302s X509v3 Extended Key Usage: 302s TLS Web Client Authentication, E-mail Protection 302s X509v3 Subject Alternative Name: 302s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 302s Certificate is to be certified until Nov 29 20:41:52 2025 GMT (365 days) 302s 302s Write out database with 1 new entries 302s Database updated 302s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem 302s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem 302s /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem: OK 302s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem 302s + local cmd=openssl 302s + shift 302s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem 302s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 302s error 20 at 0 depth lookup: unable to get local issuer certificate 302s error /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem: verification failed 302s + cat 302s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-15802 302s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-15802 1024 302s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-15802 -key /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001-request.pem 302s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001-request.pem 302s Certificate Request: 302s Data: 302s Version: 1 (0x0) 302s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 302s Subject Public Key Info: 302s Public Key Algorithm: rsaEncryption 302s Public-Key: (1024 bit) 302s Modulus: 302s 00:cf:2b:6f:d6:44:79:fd:15:8b:ab:a4:d0:b7:ed: 302s 05:1f:98:cc:a4:70:98:9e:bf:6f:42:c7:60:b7:0c: 302s 66:3d:66:4d:83:40:10:03:49:79:a1:b7:a2:ac:50: 302s 1b:47:4a:81:a8:36:c8:ad:6c:ee:a3:2f:09:16:2b: 302s 64:0a:f6:9c:f8:e1:92:b5:68:bb:4d:57:e2:7b:d5: 302s c5:06:92:4b:e1:72:0b:da:e2:41:f3:f8:e8:88:70: 302s 71:6b:21:ea:f8:86:64:50:a0:43:3f:3a:0e:f8:c2: 302s 33:01:dc:da:fe:bd:3e:ff:c3:e2:6f:47:4f:49:12: 302s de:4d:e9:ac:19:e1:bf:00:e5 302s Exponent: 65537 (0x10001) 302s Attributes: 302s Requested Extensions: 302s X509v3 Basic Constraints: 302s CA:FALSE 302s Netscape Cert Type: 302s SSL Client, S/MIME 302s Netscape Comment: 302s Test Organization Intermediate CA trusted Certificate 302s X509v3 Subject Key Identifier: 302s AD:A8:7B:D4:03:C9:4A:E4:B2:5D:28:2A:56:B4:91:F9:42:28:D8:1F 302s X509v3 Key Usage: critical 302s Digital Signature, Non Repudiation, Key Encipherment 302s X509v3 Extended Key Usage: 302s TLS Web Client Authentication, E-mail Protection 302s X509v3 Subject Alternative Name: 302s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 302s Signature Algorithm: sha256WithRSAEncryption 302s Signature Value: 302s be:cb:6b:3c:d9:fb:00:8f:79:f1:89:35:c8:3a:cd:6f:77:21: 302s 43:c5:28:b9:21:4b:cb:0c:4f:01:16:98:82:c0:9a:aa:4a:29: 302s 98:81:62:a4:8b:b9:cb:4b:bc:18:d2:cd:91:c9:4a:d8:42:73: 302s bf:22:aa:bc:7f:56:62:4d:be:e5:7b:d3:e9:20:87:05:14:df: 302s ae:59:dd:b2:25:ca:f3:0d:10:17:91:e4:27:9d:1f:ef:da:09: 302s 32:b1:b6:5e:3e:79:d2:53:3c:19:d5:72:ea:d2:f8:78:de:a5: 302s 8b:58:70:25:f2:4c:9a:72:e2:4a:4c:81:6e:b8:28:da:d3:08: 302s 23:64 302s + openssl ca -passin pass:random-intermediate-CA-password-7019 -config /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem 302s Using configuration from /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.config 302s Check that the request matches the signature 302s Signature ok 302s Certificate Details: 302s Serial Number: 4 (0x4) 302s Validity 302s Not Before: Nov 29 20:41:52 2024 GMT 302s Not After : Nov 29 20:41:52 2025 GMT 302s Subject: 302s organizationName = Test Organization 302s organizationalUnitName = Test Organization Unit 302s commonName = Test Organization Intermediate Trusted Certificate 0001 302s X509v3 extensions: 302s X509v3 Authority Key Identifier: 302s CF:53:1A:41:1F:97:13:BF:58:B8:01:C1:8F:31:75:5B:C7:4F:28:7B 302s X509v3 Basic Constraints: 302s CA:FALSE 302s Netscape Cert Type: 302s SSL Client, S/MIME 302s Netscape Comment: 302s Test Organization Intermediate CA trusted Certificate 302s X509v3 Subject Key Identifier: 302s AD:A8:7B:D4:03:C9:4A:E4:B2:5D:28:2A:56:B4:91:F9:42:28:D8:1F 302s X509v3 Key Usage: critical 302s Digital Signature, Non Repudiation, Key Encipherment 302s X509v3 Extended Key Usage: 302s TLS Web Client Authentication, E-mail Protection 302s X509v3 Subject Alternative Name: 302s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 302s Certificate is to be certified until Nov 29 20:41:52 2025 GMT (365 days) 302s 302s Write out database with 1 new entries 302s Database updated 302s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem 302s + echo 'This certificate should not be trusted fully' 302s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem 302s + local cmd=openssl 302s + shift 302s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem 302s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 302s error 2 at 1 depth lookup: unable to get issuer certificate 302s error /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 302s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem 302s + cat 302s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-15957 302s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-15957 1024 302s This certificate should not be trusted fully 302s /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem: OK 302s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-15957 -key /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 302s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 302s Certificate Request: 302s Data: 302s Version: 1 (0x0) 302s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 302s Subject Public Key Info: 302s Public Key Algorithm: rsaEncryption 302s Public-Key: (1024 bit) 302s Modulus: 302s 00:b9:13:5c:26:ce:74:81:fb:68:f6:2e:00:6e:57: 302s 89:d6:cd:87:e5:dc:f1:e5:de:5f:c1:08:a0:e6:52: 302s 6c:1c:7e:51:42:3c:d0:4b:3d:55:ff:d1:bd:1f:c8: 302s 08:b4:26:fa:cd:4e:83:e3:fb:93:ff:14:22:16:77: 302s c6:20:2a:91:59:05:74:4f:47:05:bf:ef:46:bd:fb: 302s 88:14:06:8b:e1:e8:5c:e0:ba:de:b9:71:c5:d6:32: 302s 22:47:28:1b:cc:a8:05:07:a1:a5:50:b6:e4:14:ae: 302s 4a:66:62:20:21:be:14:91:98:f5:bf:39:71:e4:ab: 302s 65:70:83:8a:8a:34:c5:de:33 302s Exponent: 65537 (0x10001) 302s Attributes: 302s Requested Extensions: 302s X509v3 Basic Constraints: 302s CA:FALSE 302s Netscape Cert Type: 302s SSL Client, S/MIME 302s Netscape Comment: 302s Test Organization Sub Intermediate CA trusted Certificate 302s X509v3 Subject Key Identifier: 302s 70:EF:B3:4F:DC:81:3A:D8:4C:32:72:9A:67:48:2B:55:FF:C6:DA:8A 302s X509v3 Key Usage: critical 302s Digital Signature, Non Repudiation, Key Encipherment 302s X509v3 Extended Key Usage: 302s TLS Web Client Authentication, E-mail Protection 302s X509v3 Subject Alternative Name: 302s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 302s Signature Algorithm: sha256WithRSAEncryption 302s Signature Value: 302s 45:a7:f4:12:94:dd:bf:c0:74:64:40:67:3d:86:d4:92:db:09: 302s 84:19:cf:c1:30:a7:ca:3c:e5:ac:dc:56:a9:48:24:ec:d4:e7: 302s 03:e6:cf:6d:28:a8:20:fc:58:ea:48:47:a7:7c:e0:05:14:9d: 302s dd:11:f0:b0:fc:8c:f9:9f:b5:92:b5:d2:71:b6:fd:6d:8b:9f: 302s 87:2f:96:14:3c:64:b6:db:e6:df:03:3e:44:11:40:a9:6c:08: 302s f4:a1:dd:c3:0d:1f:16:81:46:ee:e9:4a:95:7b:03:63:fb:07: 302s e9:1a:48:87:94:34:83:ca:bb:04:72:97:5d:d5:54:bf:37:77: 302s f4:f9 302s + openssl ca -passin pass:random-sub-intermediate-CA-password-6868 -config /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s Using configuration from /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.config 302s Check that the request matches the signature 302s Signature ok 302s Certificate Details: 302s Serial Number: 5 (0x5) 302s Validity 302s Not Before: Nov 29 20:41:52 2024 GMT 302s Not After : Nov 29 20:41:52 2025 GMT 302s Subject: 302s organizationName = Test Organization 302s organizationalUnitName = Test Organization Unit 302s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 302s X509v3 extensions: 302s X509v3 Authority Key Identifier: 302s 06:9E:5C:80:0B:FE:99:DE:31:69:75:B7:1E:F9:E3:CC:95:0C:8C:A3 302s X509v3 Basic Constraints: 302s CA:FALSE 302s Netscape Cert Type: 302s SSL Client, S/MIME 302s Netscape Comment: 302s Test Organization Sub Intermediate CA trusted Certificate 302s X509v3 Subject Key Identifier: 302s 70:EF:B3:4F:DC:81:3A:D8:4C:32:72:9A:67:48:2B:55:FF:C6:DA:8A 302s X509v3 Key Usage: critical 302s Digital Signature, Non Repudiation, Key Encipherment 302s X509v3 Extended Key Usage: 302s TLS Web Client Authentication, E-mail Protection 302s X509v3 Subject Alternative Name: 302s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 302s Certificate is to be certified until Nov 29 20:41:52 2025 GMT (365 days) 302s 302s Write out database with 1 new entries 302s Database updated 302s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s This certificate should not be trusted fully 302s + echo 'This certificate should not be trusted fully' 302s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s + local cmd=openssl 302s + shift 302s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 302s error 2 at 1 depth lookup: unable to get issuer certificate 302s error /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 302s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s + local cmd=openssl 302s + shift 302s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 302s error 20 at 0 depth lookup: unable to get local issuer certificate 302s error /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 302s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 302s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s + local cmd=openssl 302s + shift 302s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 302s error 20 at 0 depth lookup: unable to get local issuer certificate 302s error /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 302s + echo 'Building a the full-chain CA file...' 302s + cat /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem 302s Building a the full-chain CA file... 302s + cat /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem 302s + cat /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem 302s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem 302s + openssl pkcs7 -print_certs -noout 302s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 302s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 302s 302s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 302s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 302s 302s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 302s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 302s 302s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem 302s /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA.pem: OK 302s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem 302s /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem: OK 302s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem 302s /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem: OK 302s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-root-intermediate-chain-CA.pem 302s /tmp/sssd-softhsm2-certs-TZep9a/test-root-intermediate-chain-CA.pem: OK 302s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 302s Certificates generation completed! 302s + echo 'Certificates generation completed!' 302s + [[ -v NO_SSSD_TESTS ]] 302s + [[ -v GENERATE_SMART_CARDS ]] 302s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-16347 302s + local certificate=/tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem 302s + local key_pass=pass:random-root-ca-trusted-cert-0001-16347 302s + local key_cn 302s + local key_name 302s + local tokens_dir 302s + local output_cert_file 302s + token_name= 302s ++ basename /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem .pem 302s + key_name=test-root-CA-trusted-certificate-0001 302s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem 302s ++ sed -n 's/ *commonName *= //p' 302s + key_cn='Test Organization Root Trusted Certificate 0001' 302s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 302s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-root-CA-trusted-certificate-0001.conf 302s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-root-CA-trusted-certificate-0001.conf 302s ++ basename /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 302s + tokens_dir=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-root-CA-trusted-certificate-0001 302s + token_name='Test Organization Root Tr Token' 302s + '[' '!' -e /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 302s + local key_file 302s + local decrypted_key 302s + mkdir -p /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-root-CA-trusted-certificate-0001 302s + key_file=/tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001-key.pem 302s + decrypted_key=/tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001-key-decrypted.pem 302s + cat 302s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 302s Slot 0 has a free/uninitialized token. 302s The token has been initialized and is reassigned to slot 816749986 302s + softhsm2-util --show-slots 302s Available slots: 302s Slot 816749986 302s Slot info: 302s Description: SoftHSM slot ID 0x30ae9da2 302s Manufacturer ID: SoftHSM project 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Token present: yes 302s Token info: 302s Manufacturer ID: SoftHSM project 302s Model: SoftHSM v2 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Serial number: aaddfbac30ae9da2 302s Initialized: yes 302s User PIN init.: yes 302s Label: Test Organization Root Tr Token 302s Slot 1 302s Slot info: 302s Description: SoftHSM slot ID 0x1 302s Manufacturer ID: SoftHSM project 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Token present: yes 302s Token info: 302s Manufacturer ID: SoftHSM project 302s Model: SoftHSM v2 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Serial number: 302s Initialized: no 302s User PIN init.: no 302s Label: 302s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 302s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-16347 -in /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001-key-decrypted.pem 302s writing RSA key 302s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 302s + rm /tmp/sssd-softhsm2-certs-TZep9a/test-root-CA-trusted-certificate-0001-key-decrypted.pem 302s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 302s Object 0: 302s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=aaddfbac30ae9da2;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 302s Type: X.509 Certificate (RSA-1024) 302s Expires: Sat Nov 29 20:41:52 2025 302s Label: Test Organization Root Trusted Certificate 0001 302s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 302s 302s Test Organization Root Tr Token 302s + echo 'Test Organization Root Tr Token' 302s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15802 302s + local certificate=/tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem 302s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15802 302s + local key_cn 302s + local key_name 302s + local tokens_dir 302s + local output_cert_file 302s + token_name= 302s ++ basename /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem .pem 302s + key_name=test-intermediate-CA-trusted-certificate-0001 302s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem 302s ++ sed -n 's/ *commonName *= //p' 302s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 302s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 302s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 302s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 302s ++ basename /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 302s + tokens_dir=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-intermediate-CA-trusted-certificate-0001 302s + token_name='Test Organization Interme Token' 302s + '[' '!' -e /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 302s + local key_file 302s + local decrypted_key 302s + mkdir -p /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-intermediate-CA-trusted-certificate-0001 302s + key_file=/tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001-key.pem 302s + decrypted_key=/tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 302s + cat 302s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 302s Slot 0 has a free/uninitialized token. 302s The token has been initialized and is reassigned to slot 490587310 302s + softhsm2-util --show-slots 302s Available slots: 302s Slot 490587310 302s Slot info: 302s Description: SoftHSM slot ID 0x1d3dc4ae 302s Manufacturer ID: SoftHSM project 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Token present: yes 302s Token info: 302s Manufacturer ID: SoftHSM project 302s Model: SoftHSM v2 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Serial number: 2f9e6efe9d3dc4ae 302s Initialized: yes 302s User PIN init.: yes 302s Label: Test Organization Interme Token 302s Slot 1 302s Slot info: 302s Description: SoftHSM slot ID 0x1 302s Manufacturer ID: SoftHSM project 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Token present: yes 302s Token info: 302s Manufacturer ID: SoftHSM project 302s Model: SoftHSM v2 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Serial number: 302s Initialized: no 302s User PIN init.: no 302s Label: 302s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 302s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-15802 -in /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 302s writing RSA key 302s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 302s + rm /tmp/sssd-softhsm2-certs-TZep9a/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 302s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 302s Object 0: 302s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2f9e6efe9d3dc4ae;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 302s Type: X.509 Certificate (RSA-1024) 302s Expires: Sat Nov 29 20:41:52 2025 302s Label: Test Organization Intermediate Trusted Certificate 0001 302s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 302s 302s + echo 'Test Organization Interme Token' 302s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-15957 302s + local certificate=/tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-15957 302s + local key_cn 302s + local key_name 302s + local tokens_dir 302s + local output_cert_file 302s + token_name= 302s ++ basename /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 302s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 302s Test Organization Interme Token 302s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 302s ++ sed -n 's/ *commonName *= //p' 302s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 302s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 302s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 302s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 302s ++ basename /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 302s + tokens_dir=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 302s + token_name='Test Organization Sub Int Token' 302s + '[' '!' -e /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 302s + local key_file 302s + local decrypted_key 302s + mkdir -p /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 302s + key_file=/tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 302s + decrypted_key=/tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 302s + cat 302s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 302s Slot 0 has a free/uninitialized token. 302s The token has been initialized and is reassigned to slot 1199933801 302s + softhsm2-util --show-slots 302s Available slots: 302s Slot 1199933801 302s Slot info: 302s Description: SoftHSM slot ID 0x47858969 302s Manufacturer ID: SoftHSM project 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Token present: yes 302s Token info: 302s Manufacturer ID: SoftHSM project 302s Model: SoftHSM v2 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Serial number: f3edb4a947858969 302s Initialized: yes 302s User PIN init.: yes 302s Label: Test Organization Sub Int Token 302s Slot 1 302s Slot info: 302s Description: SoftHSM slot ID 0x1 302s Manufacturer ID: SoftHSM project 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Token present: yes 302s Token info: 302s Manufacturer ID: SoftHSM project 302s Model: SoftHSM v2 302s Hardware version: 2.6 302s Firmware version: 2.6 302s Serial number: 302s Initialized: no 302s User PIN init.: no 302s Label: 302s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 302s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-15957 -in /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 302s writing RSA key 302s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 302s + rm /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 302s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 302s Object 0: 302s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f3edb4a947858969;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 302s Type: X.509 Certificate (RSA-1024) 302s Expires: Sat Nov 29 20:41:52 2025 302s Label: Test Organization Sub Intermediate Trusted Certificate 0001 302s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 302s 302s Test Organization Sub Int Token 302s Certificates generation completed! 302s + echo 'Test Organization Sub Int Token' 302s + echo 'Certificates generation completed!' 302s + exit 0 302s + find /tmp/sssd-softhsm2-certs-TZep9a -type d -exec chmod 777 '{}' ';' 302s + find /tmp/sssd-softhsm2-certs-TZep9a -type f -exec chmod 666 '{}' ';' 302s + backup_file /etc/sssd/sssd.conf 302s + '[' -z '' ']' 302s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 302s + backupsdir=/tmp/sssd-softhsm2-backups-8Tr5xD 302s + '[' -e /etc/sssd/sssd.conf ']' 302s + delete_paths+=("$1") 302s + rm -f /etc/sssd/sssd.conf 302s ++ runuser -u ubuntu -- sh -c 'echo ~' 302s + user_home=/home/ubuntu 302s + mkdir -p /home/ubuntu 302s + chown ubuntu:ubuntu /home/ubuntu 302s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 302s + user_config=/home/ubuntu/.config 302s + system_config=/etc 302s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 302s + for path_pair in "${softhsm2_conf_paths[@]}" 302s + IFS=: 302s + read -r -a path 302s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 302s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 302s + '[' -z /tmp/sssd-softhsm2-backups-8Tr5xD ']' 302s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 302s + delete_paths+=("$1") 302s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 302s + for path_pair in "${softhsm2_conf_paths[@]}" 302s + IFS=: 302s + read -r -a path 302s + path=/etc/softhsm/softhsm2.conf 302s + backup_file /etc/softhsm/softhsm2.conf 302s + '[' -z /tmp/sssd-softhsm2-backups-8Tr5xD ']' 302s + '[' -e /etc/softhsm/softhsm2.conf ']' 302s ++ dirname /etc/softhsm/softhsm2.conf 302s + local back_dir=/tmp/sssd-softhsm2-backups-8Tr5xD//etc/softhsm 302s ++ basename /etc/softhsm/softhsm2.conf 302s + local back_path=/tmp/sssd-softhsm2-backups-8Tr5xD//etc/softhsm/softhsm2.conf 302s + '[' '!' -e /tmp/sssd-softhsm2-backups-8Tr5xD//etc/softhsm/softhsm2.conf ']' 302s + mkdir -p /tmp/sssd-softhsm2-backups-8Tr5xD//etc/softhsm 302s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-8Tr5xD//etc/softhsm/softhsm2.conf 302s + restore_paths+=("$back_path") 302s + rm -f /etc/softhsm/softhsm2.conf 302s + test_authentication login /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem 302s + pam_service=login 302s + certificate_config=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-root-CA-trusted-certificate-0001.conf 302s + ca_db=/tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem 302s + verification_options= 302s + mkdir -p -m 700 /etc/sssd 302s Using CA DB '/tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem' with verification options: '' 302s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 302s + cat 302s + chmod 600 /etc/sssd/sssd.conf 302s + for path_pair in "${softhsm2_conf_paths[@]}" 302s + IFS=: 302s + read -r -a path 302s + user=ubuntu 302s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 302s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 302s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 302s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 302s + runuser -u ubuntu -- softhsm2-util --show-slots 302s + grep 'Test Organization' 302s Label: Test Organization Root Tr Token 302s + for path_pair in "${softhsm2_conf_paths[@]}" 302s + IFS=: 302s + read -r -a path 302s + user=root 302s + path=/etc/softhsm/softhsm2.conf 302s ++ dirname /etc/softhsm/softhsm2.conf 302s + runuser -u root -- mkdir -p /etc/softhsm 302s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 302s + runuser -u root -- softhsm2-util --show-slots 302s + grep 'Test Organization' 302s Label: Test Organization Root Tr Token 302s + systemctl restart sssd 302s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 302s + for alternative in "${alternative_pam_configs[@]}" 302s + pam-auth-update --enable sss-smart-card-optional 302s + cat /etc/pam.d/common-auth 302s # 302s # /etc/pam.d/common-auth - authentication settings common to all services 302s # 302s # This file is included from other service-specific PAM config files, 302s # and should contain a list of the authentication modules that define 302s # the central authentication scheme for use on the system 302s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 302s # traditional Unix authentication mechanisms. 302s # 302s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 302s # To take advantage of this, it is recommended that you configure any 302s # local modules either before or after the default block, and use 302s # pam-auth-update to manage selection of other modules. See 302s # pam-auth-update(8) for details. 302s 302s # here are the per-package modules (the "Primary" block) 302s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 302s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 302s auth [success=1 default=ignore] pam_sss.so use_first_pass 302s # here's the fallback if no module succeeds 302s auth requisite pam_deny.so 302s # prime the stack with a positive return value if there isn't one already; 302s # this avoids us returning an error just because nothing sets a success code 302s # since the modules above will each just jump around 302s auth required pam_permit.so 302s # and here are more per-package modules (the "Additional" block) 302s auth optional pam_cap.so 302s # end of pam-auth-update config 302s + echo -n -e 123456 302s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 302s pamtester: invoking pam_start(login, ubuntu, ...) 302s pamtester: performing operation - authenticate 302s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 302s + echo -n -e 123456 302s + runuser -u ubuntu -- pamtester -v login '' authenticate 302s pamtester: invoking pam_start(login, , ...) 302s pamtester: performing operation - authenticate 302s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 302s + echo -n -e wrong123456 302s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 302s pamtester: invoking pam_start(login, ubuntu, ...) 302s pamtester: performing operation - authenticate 306s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 306s + echo -n -e wrong123456 306s + runuser -u ubuntu -- pamtester -v login '' authenticate 306s pamtester: invoking pam_start(login, , ...) 306s pamtester: performing operation - authenticate 310s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 310s + echo -n -e 123456 310s + pamtester -v login root authenticate 310s pamtester: invoking pam_start(login, root, ...) 310s pamtester: performing operation - authenticate 313s Password: pamtester: Authentication failure 313s + for alternative in "${alternative_pam_configs[@]}" 313s + pam-auth-update --enable sss-smart-card-required 313s PAM configuration 313s ----------------- 313s 313s Incompatible PAM profiles selected. 313s 313s The following PAM profiles cannot be used together: 313s 313s SSS required smart card authentication, SSS optional smart card 313s authentication 313s 313s Please select a different set of modules to enable. 313s 313s + cat /etc/pam.d/common-auth 313s # 313s # /etc/pam.d/common-auth - authentication settings common to all services 313s # 313s # This file is included from other service-specific PAM config files, 313s # and should contain a list of the authentication modules that define 313s # the central authentication scheme for use on the system 313s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 313s # traditional Unix authentication mechanisms. 313s # 313s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 313s # To take advantage of this, it is recommended that you configure any 313s # local modules either before or after the default block, and use 313s # pam-auth-update to manage selection of other modules. See 313s # pam-auth-update(8) for details. 313s 313s # here are the per-package modules (the "Primary" block) 313s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 313s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 313s auth [success=1 default=ignore] pam_sss.so use_first_pass 313s # here's the fallback if no module succeeds 313s auth requisite pam_deny.so 313s # prime the stack with a positive return value if there isn't one already; 313s # this avoids us returning an error just because nothing sets a success code 313s # since the modules above will each just jump around 313s auth required pam_permit.so 313s # and here are more per-package modules (the "Additional" block) 313s auth optional pam_cap.so 313s # end of pam-auth-update config 313s + echo -n -e 123456 313s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 313s pamtester: invoking pam_start(login, ubuntu, ...) 313s pamtester: performing operation - authenticate 313s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 313s pamtester: successfully authenticated 313s + echo -n -e 123456 313s + runuser -u ubuntu -- pamtester -v login '' authenticate 313s pamtester: invoking pam_start(login, , ...) 313s pamtester: performing operation - authenticate 313s PIN for Test Organization Root Tr Token: + echo -n -e wrong123456 313s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 313s pamtester: invoking pam_start(login, ubuntu, ...) 313s pamtester: performing operation - authenticate 316s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 316s + echo -n -e wrong123456 316s + runuser -u ubuntu -- pamtester -v login '' authenticate 316s pamtester: invoking pam_start(login, , ...) 316s pamtester: performing operation - authenticate 319s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 319s + echo -n -e 123456 319s + pamtester -v login root authenticate 319s pamtester: invoking pam_start(login, root, ...) 319s pamtester: performing operation - authenticate 321s pamtester: Authentication service cannot retrieve authentication info 321s Using CA DB '/tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem' with verification options: '' 321s + test_authentication login /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem 321s + pam_service=login 321s + certificate_config=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 321s + ca_db=/tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem 321s + verification_options= 321s + mkdir -p -m 700 /etc/sssd 321s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-TZep9a/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 321s + cat 321s + chmod 600 /etc/sssd/sssd.conf 321s + for path_pair in "${softhsm2_conf_paths[@]}" 321s + IFS=: 321s + read -r -a path 321s + user=ubuntu 321s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 321s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 321s Label: Test Organization Sub Int Token 321s Label: Test Organization Sub Int Token 321s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 321s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 321s + runuser -u ubuntu -- softhsm2-util --show-slots 321s + grep 'Test Organization' 321s + for path_pair in "${softhsm2_conf_paths[@]}" 321s + IFS=: 321s + read -r -a path 321s + user=root 321s + path=/etc/softhsm/softhsm2.conf 321s ++ dirname /etc/softhsm/softhsm2.conf 321s + runuser -u root -- mkdir -p /etc/softhsm 321s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 321s + runuser -u root -- softhsm2-util --show-slots 321s + grep 'Test Organization' 321s + systemctl restart sssd 321s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 321s + for alternative in "${alternative_pam_configs[@]}" 321s + pam-auth-update --enable sss-smart-card-optional 321s + cat /etc/pam.d/common-auth 321s # 321s # /etc/pam.d/common-auth - authentication settings common to all services 321s # 321s # This file is included from other service-specific PAM config files, 321s # and should contain a list of the authentication modules that define 321s # the central authentication scheme for use on the system 321s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 321s # traditional Unix authentication mechanisms. 321s # 321s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 321s # To take advantage of this, it is recommended that you configure any 321s # local modules either before or after the default block, and use 321s # pam-auth-update to manage selection of other modules. See 321s # pam-auth-update(8) for details. 321s 321s # here are the per-package modules (the "Primary" block) 321s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 321s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 321s auth [success=1 default=ignore] pam_sss.so use_first_pass 321s # here's the fallback if no module succeeds 321s auth requisite pam_deny.so 321s # prime the stack with a positive return value if there isn't one already; 321s # this avoids us returning an error just because nothing sets a success code 321s # since the modules above will each just jump around 321s auth required pam_permit.so 321s # and here are more per-package modules (the "Additional" block) 321s auth optional pam_cap.so 321s # end of pam-auth-update config 321s + echo -n -e 123456 321s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 322s pamtester: invoking pam_start(login, ubuntu, ...) 322s pamtester: performing operation - authenticate 322s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 322s + echo -n -e 123456 322s + runuser -u ubuntu -- pamtester -v login '' authenticate 322s pamtester: invoking pam_start(login, , ...) 322s pamtester: performing operation - authenticate 322s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 322s + echo -n -e wrong123456 322s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 322s pamtester: invoking pam_start(login, ubuntu, ...) 322s pamtester: performing operation - authenticate 325s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 325s + echo -n -e wrong123456 325s + runuser -u ubuntu -- pamtester -v login '' authenticate 325s pamtester: invoking pam_start(login, , ...) 325s pamtester: performing operation - authenticate 328s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 328s + echo -n -e 123456 328s + pamtester -v login root authenticate 328s pamtester: invoking pam_start(login, root, ...) 328s pamtester: performing operation - authenticate 330s Password: pamtester: Authentication failure 330s + for alternative in "${alternative_pam_configs[@]}" 330s + pam-auth-update --enable sss-smart-card-required 331s PAM configuration 331s ----------------- 331s 331s Incompatible PAM profiles selected. 331s 331s The following PAM profiles cannot be used together: 331s 331s SSS required smart card authentication, SSS optional smart card 331s authentication 331s 331s Please select a different set of modules to enable. 331s 331s # 331s # /etc/pam.d/common-auth - authentication settings common to all services 331s # 331s # This file is included from other service-specific PAM config files, 331s # and should contain a list of the authentication modules that define 331s # the central authentication scheme for use on the system 331s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 331s # traditional Unix authentication mechanisms. 331s # 331s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 331s # To take advantage of this, it is recommended that you configure any 331s # local modules either before or after the default block, and use 331s # pam-auth-update to manage selection of other modules. See 331s # pam-auth-update(8) for details. 331s 331s # here are the per-package modules (the "Primary" block) 331s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 331s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 331s auth [success=1 default=ignore] pam_sss.so use_first_pass 331s # here's the fallback if no module succeeds 331s auth requisite pam_deny.so 331s # prime the stack with a positive return value if there isn't one already; 331s # this avoids us returning an error just because nothing sets a success code 331s # since the modules above will each just jump around 331s auth required pam_permit.so 331s # and here are more per-package modules (the "Additional" block) 331s auth optional pam_cap.so 331s # end of pam-auth-update config 331s + cat /etc/pam.d/common-auth 331s + echo -n -e 123456 331s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 331s pamtester: invoking pam_start(login, ubuntu, ...) 331s pamtester: performing operation - authenticate 331s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 331s + echo -n -e 123456 331s pamtester: successfully authenticated 331s + runuser -u ubuntu -- pamtester -v login '' authenticate 331s pamtester: invoking pam_start(login, , ...) 331s pamtester: performing operation - authenticate 331s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 331s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 331s pamtester: invoking pam_start(login, ubuntu, ...) 331s pamtester: performing operation - authenticate 333s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 333s + echo -n -e wrong123456 333s + runuser -u ubuntu -- pamtester -v login '' authenticate 333s pamtester: invoking pam_start(login, , ...) 333s pamtester: performing operation - authenticate 336s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 336s + echo -n -e 123456 336s + pamtester -v login root authenticate 336s pamtester: invoking pam_start(login, root, ...) 336s pamtester: performing operation - authenticate 340s pamtester: Authentication service cannot retrieve authentication info 340s + test_authentication login /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem partial_chain 340s + pam_service=login 340s + certificate_config=/tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 340s + ca_db=/tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem 340s + verification_options=partial_chain 340s + mkdir -p -m 700 /etc/sssd 340s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 340s + cat 340s Using CA DB '/tmp/sssd-softhsm2-certs-TZep9a/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 340s Label: Test Organization Sub Int Token 340s Label: Test Organization Sub Int Token 340s + chmod 600 /etc/sssd/sssd.conf 340s + for path_pair in "${softhsm2_conf_paths[@]}" 340s + IFS=: 340s + read -r -a path 340s + user=ubuntu 340s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 340s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 340s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 340s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 340s + runuser -u ubuntu -- softhsm2-util --show-slots 340s + grep 'Test Organization' 340s + for path_pair in "${softhsm2_conf_paths[@]}" 340s + IFS=: 340s + read -r -a path 340s + user=root 340s + path=/etc/softhsm/softhsm2.conf 340s ++ dirname /etc/softhsm/softhsm2.conf 340s + runuser -u root -- mkdir -p /etc/softhsm 340s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-TZep9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 340s + runuser -u root -- softhsm2-util --show-slots 340s + grep 'Test Organization' 340s + systemctl restart sssd 340s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 340s + for alternative in "${alternative_pam_configs[@]}" 340s + pam-auth-update --enable sss-smart-card-optional 340s # 340s # /etc/pam.d/common-auth - authentication settings common to all services 340s # 340s # This file is included from other service-specific PAM config files, 340s # and should contain a list of the authentication modules that define 340s # the central authentication scheme for use on the system 340s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 340s # traditional Unix authentication mechanisms. 340s # 340s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 340s # To take advantage of this, it is recommended that you configure any 340s # local modules either before or after the default block, and use 340s # pam-auth-update to manage selection of other modules. See 340s # pam-auth-update(8) for details. 340s 340s # here are the per-package modules (the "Primary" block) 340s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 340s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 340s auth [success=1 default=ignore] pam_sss.so use_first_pass 340s # here's the fallback if no module succeeds 340s auth requisite pam_deny.so 340s # prime the stack with a positive return value if there isn't one already; 340s # this avoids us returning an error just because nothing sets a success code 340s # since the modules above will each just jump around 340s auth required pam_permit.so 340s # and here are more per-package modules (the "Additional" block) 340s auth optional pam_cap.so 340s # end of pam-auth-update config 340s + cat /etc/pam.d/common-auth 340s + echo -n -e 123456 340s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 340s pamtester: invoking pam_start(login, ubuntu, ...) 340s pamtester: performing operation - authenticate 340s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 340s + echo -n -e 123456 340s + runuser -u ubuntu -- pamtester -v login '' authenticate 340s pamtester: invoking pam_start(login, , ...) 340s pamtester: performing operation - authenticate 340s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 340s + echo -n -e wrong123456 340s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 340s pamtester: invoking pam_start(login, ubuntu, ...) 340s pamtester: performing operation - authenticate 343s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 343s + echo -n -e wrong123456 343s + runuser -u ubuntu -- pamtester -v login '' authenticate 343s pamtester: invoking pam_start(login, , ...) 343s pamtester: performing operation - authenticate 345s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 345s + echo -n -e 123456 345s + pamtester -v login root authenticate 345s pamtester: invoking pam_start(login, root, ...) 345s pamtester: performing operation - authenticate 348s Password: pamtester: Authentication failure 348s + for alternative in "${alternative_pam_configs[@]}" 348s + pam-auth-update --enable sss-smart-card-required 348s PAM configuration 348s ----------------- 348s 348s Incompatible PAM profiles selected. 348s 348s The following PAM profiles cannot be used together: 348s 348s SSS required smart card authentication, SSS optional smart card 348s authentication 348s 348s Please select a different set of modules to enable. 348s 348s + cat /etc/pam.d/common-auth 348s # 348s # /etc/pam.d/common-auth - authentication settings common to all services 348s # 348s # This file is included from other service-specific PAM config files, 348s # and should contain a list of the authentication modules that define 348s # the central authentication scheme for use on the system 348s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 348s # traditional Unix authentication mechanisms. 348s # 348s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 348s # To take advantage of this, it is recommended that you configure any 348s # local modules either before or after the default block, and use 348s # pam-auth-update to manage selection of other modules. See 348s # pam-auth-update(8) for details. 348s 348s # here are the per-package modules (the "Primary" block) 348s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 348s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 348s auth [success=1 default=ignore] pam_sss.so use_first_pass 348s # here's the fallback if no module succeeds 348s auth requisite pam_deny.so 348s # prime the stack with a positive return value if there isn't one already; 348s # this avoids us returning an error just because nothing sets a success code 348s # since the modules above will each just jump around 348s auth required pam_permit.so 348s # and here are more per-package modules (the "Additional" block) 348s auth optional pam_cap.so 348s # end of pam-auth-update config 348s + echo -n -e 123456 348s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 348s pamtester: invoking pam_start(login, ubuntu, ...) 348s pamtester: performing operation - authenticate 348s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 348s pamtester: successfully authenticated 348s + echo -n -e 123456 348s + runuser -u ubuntu -- pamtester -v login '' authenticate 348s pamtester: invoking pam_start(login, , ...) 348s pamtester: performing operation - authenticate 348s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 348s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 348s pamtester: invoking pam_start(login, ubuntu, ...) 348s pamtester: performing operation - authenticate 352s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 352s + echo -n -e wrong123456 352s + runuser -u ubuntu -- pamtester -v login '' authenticate 352s pamtester: invoking pam_start(login, , ...) 352s pamtester: performing operation - authenticate 355s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 355s + echo -n -e 123456 355s + pamtester -v login root authenticate 355s pamtester: invoking pam_start(login, root, ...) 355s pamtester: performing operation - authenticate 358s pamtester: Authentication service cannot retrieve authentication info 358s + handle_exit 358s + exit_code=0 358s + restore_changes 358s + for path in "${restore_paths[@]}" 358s + local original_path 358s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-8Tr5xD /tmp/sssd-softhsm2-backups-8Tr5xD//etc/softhsm/softhsm2.conf 358s + original_path=/etc/softhsm/softhsm2.conf 358s + rm /etc/softhsm/softhsm2.conf 358s + mv /tmp/sssd-softhsm2-backups-8Tr5xD//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 358s + for path in "${delete_paths[@]}" 358s + rm -f /etc/sssd/sssd.conf 358s + for path in "${delete_paths[@]}" 358s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 358s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 358s + '[' -e /etc/sssd/sssd.conf ']' 358s + systemctl stop sssd 358s + '[' -e /etc/softhsm/softhsm2.conf ']' 358s + chmod 600 /etc/softhsm/softhsm2.conf 358s + rm -rf /tmp/sssd-softhsm2-certs-TZep9a 358s + '[' 0 = 0 ']' 358s + rm -rf /tmp/sssd-softhsm2-backups-8Tr5xD 358s Script completed successfully! 358s + set +x 358s autopkgtest [20:42:48]: test sssd-smart-card-pam-auth-configs: -----------------------] 359s autopkgtest [20:42:49]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 359s sssd-smart-card-pam-auth-configs PASS 359s autopkgtest [20:42:49]: @@@@@@@@@@@@@@@@@@@@ summary 359s ldap-user-group-ldap-auth PASS 359s ldap-user-group-krb5-auth PASS 359s sssd-softhism2-certificates-tests.sh PASS 359s sssd-smart-card-pam-auth-configs PASS 371s nova [W] Using flock in prodstack6-s390x 371s flock: timeout while waiting to get lock 371s Creating nova instance adt-noble-s390x-sssd-20241129-203650-juju-7f2275-prod-proposed-migration-environment-20-9cee22d1-e1be-4f36-83ed-98480decf8a2 from image adt/ubuntu-noble-s390x-server-20241129.img (UUID 859f7a69-783a-4201-85fa-e0105c728d11)... 371s nova [W] Using flock in prodstack6-s390x 371s Creating nova instance adt-noble-s390x-sssd-20241129-203650-juju-7f2275-prod-proposed-migration-environment-20-9cee22d1-e1be-4f36-83ed-98480decf8a2 from image adt/ubuntu-noble-s390x-server-20241129.img (UUID 859f7a69-783a-4201-85fa-e0105c728d11)...