0s autopkgtest [18:29:11]: starting date and time: 2024-06-13 18:29:11+0000 0s autopkgtest [18:29:11]: git checkout: 433ed4cb Merge branch 'skia/nova_flock' into 'ubuntu/5.34+prod' 0s autopkgtest [18:29:11]: host juju-7f2275-prod-proposed-migration-environment-3; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.vvzwpidj/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:systemd --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=systemd/256-1ubuntu1 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-3@lcy02-84.secgroup --name adt-oracular-amd64-sssd-20240613-182911-juju-7f2275-prod-proposed-migration-environment-3-f36f4265-a422-4817-b9fa-b55ff9bd2b18 --image adt/ubuntu-oracular-amd64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-3 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 73s autopkgtest [18:30:24]: testbed dpkg architecture: amd64 73s autopkgtest [18:30:24]: testbed apt version: 2.9.3 73s autopkgtest [18:30:24]: @@@@@@@@@@@@@@@@@@@@ test bed setup 73s Get:1 http://ftpmaster.internal/ubuntu oracular-proposed InRelease [110 kB] 73s Get:2 http://ftpmaster.internal/ubuntu oracular-proposed/multiverse Sources [2576 B] 73s Get:3 http://ftpmaster.internal/ubuntu oracular-proposed/main Sources [39.1 kB] 73s Get:4 http://ftpmaster.internal/ubuntu oracular-proposed/restricted Sources [7052 B] 73s Get:5 http://ftpmaster.internal/ubuntu oracular-proposed/universe Sources [346 kB] 73s Get:6 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 Packages [71.8 kB] 73s Get:7 http://ftpmaster.internal/ubuntu oracular-proposed/main i386 Packages [57.0 kB] 73s Get:8 http://ftpmaster.internal/ubuntu oracular-proposed/restricted amd64 Packages [28.9 kB] 73s Get:9 http://ftpmaster.internal/ubuntu oracular-proposed/restricted i386 Packages [6732 B] 73s Get:10 http://ftpmaster.internal/ubuntu oracular-proposed/universe i386 Packages [141 kB] 73s Get:11 http://ftpmaster.internal/ubuntu oracular-proposed/universe amd64 Packages [319 kB] 73s Get:12 http://ftpmaster.internal/ubuntu oracular-proposed/multiverse i386 Packages [3884 B] 73s Get:13 http://ftpmaster.internal/ubuntu oracular-proposed/multiverse amd64 Packages [8364 B] 74s Fetched 1142 kB in 0s (4337 kB/s) 74s Reading package lists... 75s Reading package lists... 75s Building dependency tree... 75s Reading state information... 76s Calculating upgrade... 76s The following package was automatically installed and is no longer required: 76s systemd-dev 76s Use 'sudo apt autoremove' to remove it. 76s The following packages will be upgraded: 76s dhcpcd-base dracut-install libnss-systemd libpam-systemd libsystemd-shared 76s libsystemd0 libudev1 systemd systemd-dev systemd-resolved systemd-sysv 76s systemd-timesyncd udev 76s 13 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 76s Need to get 9567 kB of archives. 76s After this operation, 1857 kB of additional disk space will be used. 76s Get:1 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 systemd-dev all 256-1ubuntu1 [111 kB] 76s Get:2 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 systemd-timesyncd amd64 256-1ubuntu1 [35.6 kB] 76s Get:3 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 systemd-resolved amd64 256-1ubuntu1 [311 kB] 76s Get:4 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libsystemd-shared amd64 256-1ubuntu1 [2191 kB] 76s Get:5 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libsystemd0 amd64 256-1ubuntu1 [442 kB] 76s Get:6 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 systemd-sysv amd64 256-1ubuntu1 [11.8 kB] 76s Get:7 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libnss-systemd amd64 256-1ubuntu1 [164 kB] 76s Get:8 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libpam-systemd amd64 256-1ubuntu1 [243 kB] 76s Get:9 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 systemd amd64 256-1ubuntu1 [3652 kB] 76s Get:10 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 udev amd64 256-1ubuntu1 [1963 kB] 76s Get:11 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libudev1 amd64 256-1ubuntu1 [193 kB] 76s Get:12 http://ftpmaster.internal/ubuntu oracular/main amd64 dhcpcd-base amd64 1:10.0.8-2 [216 kB] 76s Get:13 http://ftpmaster.internal/ubuntu oracular/main amd64 dracut-install amd64 102-3ubuntu1 [32.4 kB] 76s Fetched 9567 kB in 0s (62.2 MB/s) 77s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74428 files and directories currently installed.) 77s Preparing to unpack .../systemd-dev_256-1ubuntu1_all.deb ... 77s Unpacking systemd-dev (256-1ubuntu1) over (255.4-1ubuntu8) ... 77s Preparing to unpack .../systemd-timesyncd_256-1ubuntu1_amd64.deb ... 77s Unpacking systemd-timesyncd (256-1ubuntu1) over (255.4-1ubuntu8) ... 77s Preparing to unpack .../systemd-resolved_256-1ubuntu1_amd64.deb ... 77s Unpacking systemd-resolved (256-1ubuntu1) over (255.4-1ubuntu8) ... 77s Preparing to unpack .../libsystemd-shared_256-1ubuntu1_amd64.deb ... 77s Unpacking libsystemd-shared:amd64 (256-1ubuntu1) over (255.4-1ubuntu8) ... 77s Preparing to unpack .../libsystemd0_256-1ubuntu1_amd64.deb ... 77s Unpacking libsystemd0:amd64 (256-1ubuntu1) over (255.4-1ubuntu8) ... 77s Setting up libsystemd0:amd64 (256-1ubuntu1) ... 77s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74430 files and directories currently installed.) 77s Preparing to unpack .../0-systemd-sysv_256-1ubuntu1_amd64.deb ... 77s Unpacking systemd-sysv (256-1ubuntu1) over (255.4-1ubuntu8) ... 77s Preparing to unpack .../1-libnss-systemd_256-1ubuntu1_amd64.deb ... 77s Unpacking libnss-systemd:amd64 (256-1ubuntu1) over (255.4-1ubuntu8) ... 77s Preparing to unpack .../2-libpam-systemd_256-1ubuntu1_amd64.deb ... 77s Unpacking libpam-systemd:amd64 (256-1ubuntu1) over (255.4-1ubuntu8) ... 77s Preparing to unpack .../3-systemd_256-1ubuntu1_amd64.deb ... 77s Unpacking systemd (256-1ubuntu1) over (255.4-1ubuntu8) ... 77s Preparing to unpack .../4-udev_256-1ubuntu1_amd64.deb ... 77s Unpacking udev (256-1ubuntu1) over (255.4-1ubuntu8) ... 77s Preparing to unpack .../5-libudev1_256-1ubuntu1_amd64.deb ... 77s Unpacking libudev1:amd64 (256-1ubuntu1) over (255.4-1ubuntu8) ... 78s Setting up libudev1:amd64 (256-1ubuntu1) ... 78s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74492 files and directories currently installed.) 78s Preparing to unpack .../dhcpcd-base_1%3a10.0.8-2_amd64.deb ... 78s Unpacking dhcpcd-base (1:10.0.8-2) over (1:10.0.8-1) ... 78s Preparing to unpack .../dracut-install_102-3ubuntu1_amd64.deb ... 78s Unpacking dracut-install (102-3ubuntu1) over (060+5-8ubuntu2) ... 78s Setting up systemd-dev (256-1ubuntu1) ... 78s Setting up libsystemd-shared:amd64 (256-1ubuntu1) ... 78s Setting up dhcpcd-base (1:10.0.8-2) ... 78s Setting up dracut-install (102-3ubuntu1) ... 78s Setting up systemd (256-1ubuntu1) ... 78s Installing new version of config file /etc/systemd/journald.conf ... 78s Installing new version of config file /etc/systemd/logind.conf ... 78s Installing new version of config file /etc/systemd/networkd.conf ... 78s Installing new version of config file /etc/systemd/sleep.conf ... 78s Installing new version of config file /etc/systemd/system.conf ... 78s /usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring. 78s Created symlink '/run/systemd/system/tmp.mount' → '/dev/null'. 78s /usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring. 79s Setting up systemd-timesyncd (256-1ubuntu1) ... 79s Setting up udev (256-1ubuntu1) ... 80s Setting up systemd-resolved (256-1ubuntu1) ... 80s Installing new version of config file /etc/systemd/resolved.conf ... 80s Setting up systemd-sysv (256-1ubuntu1) ... 80s Setting up libnss-systemd:amd64 (256-1ubuntu1) ... 80s Setting up libpam-systemd:amd64 (256-1ubuntu1) ... 81s Processing triggers for libc-bin (2.39-0ubuntu8.1) ... 81s Processing triggers for man-db (2.12.1-2) ... 82s Processing triggers for dbus (1.14.10-4ubuntu4) ... 82s Processing triggers for shared-mime-info (2.4-5) ... 82s Warning: program compiled against libxml 212 using older 209 82s Processing triggers for initramfs-tools (0.142ubuntu28) ... 82s update-initramfs: Generating /boot/initrd.img-6.8.0-31-generic 82s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 91s Reading package lists... 92s Building dependency tree... 92s Reading state information... 92s The following packages will be REMOVED: 92s systemd-dev* 92s 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. 92s After this operation, 760 kB disk space will be freed. 92s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74492 files and directories currently installed.) 92s Removing systemd-dev (256-1ubuntu1) ... 93s Hit:1 http://ftpmaster.internal/ubuntu oracular-proposed InRelease 93s Hit:2 http://ftpmaster.internal/ubuntu oracular InRelease 93s Hit:3 http://ftpmaster.internal/ubuntu oracular-updates InRelease 93s Hit:4 http://ftpmaster.internal/ubuntu oracular-security InRelease 94s Reading package lists... 94s Reading package lists... 94s Building dependency tree... 94s Reading state information... 95s Calculating upgrade... 95s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 95s Reading package lists... 95s Building dependency tree... 95s Reading state information... 96s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 96s autopkgtest [18:30:47]: rebooting testbed after setup commands that affected boot 99s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 112s autopkgtest [18:31:03]: testbed running kernel: Linux 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 113s autopkgtest [18:31:04]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 119s Get:1 http://ftpmaster.internal/ubuntu oracular/main sssd 2.9.4-1.1ubuntu6 (dsc) [5056 B] 119s Get:2 http://ftpmaster.internal/ubuntu oracular/main sssd 2.9.4-1.1ubuntu6 (tar) [7983 kB] 119s Get:3 http://ftpmaster.internal/ubuntu oracular/main sssd 2.9.4-1.1ubuntu6 (diff) [49.2 kB] 120s gpgv: Signature made Tue Apr 16 09:55:57 2024 UTC 120s gpgv: using RSA key 568BF22A66337CBFC9A6B9B72C83DBC8E9BD0E37 120s gpgv: Can't check signature: No public key 120s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.dsc: no acceptable signature found 120s autopkgtest [18:31:11]: testing package sssd version 2.9.4-1.1ubuntu6 120s autopkgtest [18:31:11]: build not needed 121s autopkgtest [18:31:12]: test ldap-user-group-ldap-auth: preparing testbed 121s Reading package lists... 122s Building dependency tree... 122s Reading state information... 122s Starting pkgProblemResolver with broken count: 0 122s Starting 2 pkgProblemResolver with broken count: 0 122s Done 122s The following additional packages will be installed: 122s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 122s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 122s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 122s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 122s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 122s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 122s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 122s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 122s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 122s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 122s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 122s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 122s tcl8.6 122s Suggested packages: 122s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 122s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 122s Recommended packages: 122s cracklib-runtime libsasl2-modules-gssapi-mit 122s | libsasl2-modules-gssapi-heimdal 122s The following NEW packages will be installed: 122s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 122s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 122s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 122s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 122s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 122s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 122s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 122s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 122s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 122s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 122s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 122s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 122s tcl-expect tcl8.6 122s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 122s Need to get 12.7 MB/12.7 MB of archives. 122s After this operation, 48.8 MB of additional disk space will be used. 122s Get:1 /tmp/autopkgtest.blXj30/1-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [868 B] 122s Get:2 http://ftpmaster.internal/ubuntu oracular/main amd64 libltdl7 amd64 2.4.7-7build1 [40.3 kB] 122s Get:3 http://ftpmaster.internal/ubuntu oracular/main amd64 libodbc2 amd64 2.3.12-1ubuntu1 [158 kB] 122s Get:4 http://ftpmaster.internal/ubuntu oracular/main amd64 slapd amd64 2.6.7+dfsg-1~exp1ubuntu8 [1553 kB] 122s Get:5 http://ftpmaster.internal/ubuntu oracular/main amd64 libtcl8.6 amd64 8.6.14+dfsg-1build1 [988 kB] 122s Get:6 http://ftpmaster.internal/ubuntu oracular/main amd64 tcl8.6 amd64 8.6.14+dfsg-1build1 [14.7 kB] 122s Get:7 http://ftpmaster.internal/ubuntu oracular/universe amd64 tcl-expect amd64 5.45.4-3 [110 kB] 122s Get:8 http://ftpmaster.internal/ubuntu oracular/universe amd64 expect amd64 5.45.4-3 [137 kB] 122s Get:9 http://ftpmaster.internal/ubuntu oracular/main amd64 ldap-utils amd64 2.6.7+dfsg-1~exp1ubuntu8 [153 kB] 122s Get:10 http://ftpmaster.internal/ubuntu oracular/main amd64 libavahi-common-data amd64 0.8-13ubuntu6 [29.7 kB] 122s Get:11 http://ftpmaster.internal/ubuntu oracular/main amd64 libavahi-common3 amd64 0.8-13ubuntu6 [23.3 kB] 122s Get:12 http://ftpmaster.internal/ubuntu oracular/main amd64 libavahi-client3 amd64 0.8-13ubuntu6 [26.8 kB] 122s Get:13 http://ftpmaster.internal/ubuntu oracular/main amd64 libbasicobjects0t64 amd64 0.6.2-2.1build1 [5854 B] 122s Get:14 http://ftpmaster.internal/ubuntu oracular/main amd64 libcares2 amd64 1.27.0-1.0ubuntu1 [73.7 kB] 122s Get:15 http://ftpmaster.internal/ubuntu oracular/main amd64 libcollection4t64 amd64 0.6.2-2.1build1 [22.8 kB] 122s Get:16 http://ftpmaster.internal/ubuntu oracular/main amd64 libcrack2 amd64 2.9.6-5.1build2 [29.0 kB] 122s Get:17 http://ftpmaster.internal/ubuntu oracular/main amd64 libdhash1t64 amd64 0.6.2-2.1build1 [8614 B] 122s Get:18 http://ftpmaster.internal/ubuntu oracular/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-10 [144 kB] 122s Get:19 http://ftpmaster.internal/ubuntu oracular/main amd64 libpath-utils1t64 amd64 0.6.2-2.1build1 [8744 B] 122s Get:20 http://ftpmaster.internal/ubuntu oracular/main amd64 libref-array1t64 amd64 0.6.2-2.1build1 [7420 B] 122s Get:21 http://ftpmaster.internal/ubuntu oracular/main amd64 libini-config5t64 amd64 0.6.2-2.1build1 [43.5 kB] 122s Get:22 http://ftpmaster.internal/ubuntu oracular/main amd64 libipa-hbac0t64 amd64 2.9.4-1.1ubuntu6 [17.4 kB] 122s Get:23 http://ftpmaster.internal/ubuntu oracular/universe amd64 libjose0 amd64 13-1 [44.5 kB] 122s Get:24 http://ftpmaster.internal/ubuntu oracular/main amd64 libverto-libevent1t64 amd64 0.3.1-1.2ubuntu3 [6424 B] 122s Get:25 http://ftpmaster.internal/ubuntu oracular/main amd64 libverto1t64 amd64 0.3.1-1.2ubuntu3 [10.5 kB] 122s Get:26 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libkrad0 amd64 1.20.1-6ubuntu2 [22.2 kB] 122s Get:27 http://ftpmaster.internal/ubuntu oracular/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 122s Get:28 http://ftpmaster.internal/ubuntu oracular/main amd64 libtdb1 amd64 1.4.10-1build1 [46.8 kB] 122s Get:29 http://ftpmaster.internal/ubuntu oracular/main amd64 libtevent0t64 amd64 0.16.1-2build1 [42.6 kB] 122s Get:30 http://ftpmaster.internal/ubuntu oracular/main amd64 libldb2 amd64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [187 kB] 123s Get:31 http://ftpmaster.internal/ubuntu oracular/main amd64 libnfsidmap1 amd64 1:2.6.4-4ubuntu1 [48.3 kB] 123s Get:32 http://ftpmaster.internal/ubuntu oracular/universe amd64 libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 123s Get:33 http://ftpmaster.internal/ubuntu oracular/main amd64 libpwquality-common all 1.4.5-3build1 [7748 B] 123s Get:34 http://ftpmaster.internal/ubuntu oracular/main amd64 libpwquality1 amd64 1.4.5-3build1 [13.5 kB] 123s Get:35 http://ftpmaster.internal/ubuntu oracular/main amd64 libpam-pwquality amd64 1.4.5-3build1 [11.7 kB] 123s Get:36 http://ftpmaster.internal/ubuntu oracular/main amd64 libwbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [70.6 kB] 123s Get:37 http://ftpmaster.internal/ubuntu oracular/main amd64 samba-libs amd64 2:4.19.5+dfsg-4ubuntu9 [6017 kB] 123s Get:38 http://ftpmaster.internal/ubuntu oracular/main amd64 libsmbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [62.4 kB] 123s Get:39 http://ftpmaster.internal/ubuntu oracular/main amd64 libnss-sss amd64 2.9.4-1.1ubuntu6 [31.6 kB] 123s Get:40 http://ftpmaster.internal/ubuntu oracular/main amd64 libpam-sss amd64 2.9.4-1.1ubuntu6 [50.4 kB] 123s Get:41 http://ftpmaster.internal/ubuntu oracular/main amd64 python3-sss amd64 2.9.4-1.1ubuntu6 [47.1 kB] 123s Get:42 http://ftpmaster.internal/ubuntu oracular/main amd64 libsss-certmap0 amd64 2.9.4-1.1ubuntu6 [47.1 kB] 123s Get:43 http://ftpmaster.internal/ubuntu oracular/main amd64 libsss-idmap0 amd64 2.9.4-1.1ubuntu6 [21.7 kB] 123s Get:44 http://ftpmaster.internal/ubuntu oracular/main amd64 libsss-nss-idmap0 amd64 2.9.4-1.1ubuntu6 [30.3 kB] 123s Get:45 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-common amd64 2.9.4-1.1ubuntu6 [1139 kB] 123s Get:46 http://ftpmaster.internal/ubuntu oracular/universe amd64 sssd-idp amd64 2.9.4-1.1ubuntu6 [27.4 kB] 123s Get:47 http://ftpmaster.internal/ubuntu oracular/universe amd64 sssd-passkey amd64 2.9.4-1.1ubuntu6 [32.4 kB] 123s Get:48 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-ad-common amd64 2.9.4-1.1ubuntu6 [77.1 kB] 123s Get:49 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-krb5-common amd64 2.9.4-1.1ubuntu6 [88.8 kB] 123s Get:50 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-ad amd64 2.9.4-1.1ubuntu6 [135 kB] 123s Get:51 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-ipa amd64 2.9.4-1.1ubuntu6 [221 kB] 123s Get:52 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-krb5 amd64 2.9.4-1.1ubuntu6 [14.5 kB] 123s Get:53 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-ldap amd64 2.9.4-1.1ubuntu6 [31.3 kB] 123s Get:54 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-proxy amd64 2.9.4-1.1ubuntu6 [44.6 kB] 123s Get:55 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd amd64 2.9.4-1.1ubuntu6 [4118 B] 123s Get:56 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-dbus amd64 2.9.4-1.1ubuntu6 [104 kB] 123s Get:57 http://ftpmaster.internal/ubuntu oracular/universe amd64 sssd-kcm amd64 2.9.4-1.1ubuntu6 [140 kB] 123s Get:58 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-tools amd64 2.9.4-1.1ubuntu6 [97.8 kB] 123s Get:59 http://ftpmaster.internal/ubuntu oracular/main amd64 libipa-hbac-dev amd64 2.9.4-1.1ubuntu6 [6670 B] 123s Get:60 http://ftpmaster.internal/ubuntu oracular/main amd64 libsss-certmap-dev amd64 2.9.4-1.1ubuntu6 [5730 B] 123s Get:61 http://ftpmaster.internal/ubuntu oracular/main amd64 libsss-idmap-dev amd64 2.9.4-1.1ubuntu6 [8382 B] 123s Get:62 http://ftpmaster.internal/ubuntu oracular/main amd64 libsss-nss-idmap-dev amd64 2.9.4-1.1ubuntu6 [6716 B] 123s Get:63 http://ftpmaster.internal/ubuntu oracular/universe amd64 libsss-sudo amd64 2.9.4-1.1ubuntu6 [21.2 kB] 123s Get:64 http://ftpmaster.internal/ubuntu oracular/universe amd64 python3-libipa-hbac amd64 2.9.4-1.1ubuntu6 [16.8 kB] 123s Get:65 http://ftpmaster.internal/ubuntu oracular/universe amd64 python3-libsss-nss-idmap amd64 2.9.4-1.1ubuntu6 [9178 B] 123s Preconfiguring packages ... 123s Fetched 12.7 MB in 0s (44.4 MB/s) 123s Selecting previously unselected package libltdl7:amd64. 123s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74445 files and directories currently installed.) 123s Preparing to unpack .../00-libltdl7_2.4.7-7build1_amd64.deb ... 123s Unpacking libltdl7:amd64 (2.4.7-7build1) ... 123s Selecting previously unselected package libodbc2:amd64. 123s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu1_amd64.deb ... 123s Unpacking libodbc2:amd64 (2.3.12-1ubuntu1) ... 123s Selecting previously unselected package slapd. 123s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8_amd64.deb ... 124s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 124s Selecting previously unselected package libtcl8.6:amd64. 124s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_amd64.deb ... 124s Unpacking libtcl8.6:amd64 (8.6.14+dfsg-1build1) ... 124s Selecting previously unselected package tcl8.6. 124s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_amd64.deb ... 124s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 124s Selecting previously unselected package tcl-expect:amd64. 124s Preparing to unpack .../05-tcl-expect_5.45.4-3_amd64.deb ... 124s Unpacking tcl-expect:amd64 (5.45.4-3) ... 124s Selecting previously unselected package expect. 124s Preparing to unpack .../06-expect_5.45.4-3_amd64.deb ... 124s Unpacking expect (5.45.4-3) ... 124s Selecting previously unselected package ldap-utils. 124s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8_amd64.deb ... 124s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 124s Selecting previously unselected package libavahi-common-data:amd64. 124s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_amd64.deb ... 124s Unpacking libavahi-common-data:amd64 (0.8-13ubuntu6) ... 124s Selecting previously unselected package libavahi-common3:amd64. 124s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_amd64.deb ... 124s Unpacking libavahi-common3:amd64 (0.8-13ubuntu6) ... 124s Selecting previously unselected package libavahi-client3:amd64. 124s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_amd64.deb ... 124s Unpacking libavahi-client3:amd64 (0.8-13ubuntu6) ... 124s Selecting previously unselected package libbasicobjects0t64:amd64. 124s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_amd64.deb ... 124s Unpacking libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 124s Selecting previously unselected package libcares2:amd64. 124s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_amd64.deb ... 124s Unpacking libcares2:amd64 (1.27.0-1.0ubuntu1) ... 124s Selecting previously unselected package libcollection4t64:amd64. 124s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_amd64.deb ... 124s Unpacking libcollection4t64:amd64 (0.6.2-2.1build1) ... 124s Selecting previously unselected package libcrack2:amd64. 124s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_amd64.deb ... 124s Unpacking libcrack2:amd64 (2.9.6-5.1build2) ... 124s Selecting previously unselected package libdhash1t64:amd64. 124s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_amd64.deb ... 124s Unpacking libdhash1t64:amd64 (0.6.2-2.1build1) ... 124s Selecting previously unselected package libevent-2.1-7t64:amd64. 124s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-10_amd64.deb ... 124s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-10) ... 124s Selecting previously unselected package libpath-utils1t64:amd64. 124s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_amd64.deb ... 124s Unpacking libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 124s Selecting previously unselected package libref-array1t64:amd64. 124s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_amd64.deb ... 124s Unpacking libref-array1t64:amd64 (0.6.2-2.1build1) ... 124s Selecting previously unselected package libini-config5t64:amd64. 124s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_amd64.deb ... 124s Unpacking libini-config5t64:amd64 (0.6.2-2.1build1) ... 124s Selecting previously unselected package libipa-hbac0t64. 124s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6_amd64.deb ... 124s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 124s Selecting previously unselected package libjose0:amd64. 124s Preparing to unpack .../21-libjose0_13-1_amd64.deb ... 124s Unpacking libjose0:amd64 (13-1) ... 124s Selecting previously unselected package libverto-libevent1t64:amd64. 124s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_amd64.deb ... 124s Unpacking libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 124s Selecting previously unselected package libverto1t64:amd64. 124s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_amd64.deb ... 124s Unpacking libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 124s Selecting previously unselected package libkrad0:amd64. 124s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2_amd64.deb ... 124s Unpacking libkrad0:amd64 (1.20.1-6ubuntu2) ... 124s Selecting previously unselected package libtalloc2:amd64. 124s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_amd64.deb ... 124s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 124s Selecting previously unselected package libtdb1:amd64. 124s Preparing to unpack .../26-libtdb1_1.4.10-1build1_amd64.deb ... 124s Unpacking libtdb1:amd64 (1.4.10-1build1) ... 124s Selecting previously unselected package libtevent0t64:amd64. 124s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_amd64.deb ... 124s Unpacking libtevent0t64:amd64 (0.16.1-2build1) ... 124s Selecting previously unselected package libldb2:amd64. 124s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_amd64.deb ... 124s Unpacking libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 124s Selecting previously unselected package libnfsidmap1:amd64. 124s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-4ubuntu1_amd64.deb ... 124s Unpacking libnfsidmap1:amd64 (1:2.6.4-4ubuntu1) ... 125s Selecting previously unselected package libnss-sudo. 125s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 125s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 125s Selecting previously unselected package libpwquality-common. 125s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 125s Unpacking libpwquality-common (1.4.5-3build1) ... 125s Selecting previously unselected package libpwquality1:amd64. 125s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_amd64.deb ... 125s Unpacking libpwquality1:amd64 (1.4.5-3build1) ... 125s Selecting previously unselected package libpam-pwquality:amd64. 125s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_amd64.deb ... 125s Unpacking libpam-pwquality:amd64 (1.4.5-3build1) ... 125s Selecting previously unselected package libwbclient0:amd64. 125s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 125s Unpacking libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 125s Selecting previously unselected package samba-libs:amd64. 125s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 125s Unpacking samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 125s Selecting previously unselected package libsmbclient0:amd64. 125s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 125s Unpacking libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 125s Selecting previously unselected package libnss-sss:amd64. 125s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking libnss-sss:amd64 (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package libpam-sss:amd64. 125s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking libpam-sss:amd64 (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package python3-sss. 125s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package libsss-certmap0. 125s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package libsss-idmap0. 125s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package libsss-nss-idmap0. 125s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-common. 125s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-idp. 125s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-idp (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-passkey. 125s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-passkey (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-ad-common. 125s Preparing to unpack .../46-sssd-ad-common_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-krb5-common. 125s Preparing to unpack .../47-sssd-krb5-common_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-ad. 125s Preparing to unpack .../48-sssd-ad_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-ipa. 125s Preparing to unpack .../49-sssd-ipa_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-krb5. 125s Preparing to unpack .../50-sssd-krb5_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-ldap. 125s Preparing to unpack .../51-sssd-ldap_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-proxy. 125s Preparing to unpack .../52-sssd-proxy_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd. 125s Preparing to unpack .../53-sssd_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-dbus. 125s Preparing to unpack .../54-sssd-dbus_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-dbus (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-kcm. 125s Preparing to unpack .../55-sssd-kcm_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-kcm (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package sssd-tools. 125s Preparing to unpack .../56-sssd-tools_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking sssd-tools (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package libipa-hbac-dev. 125s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package libsss-certmap-dev. 125s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package libsss-idmap-dev. 125s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package libsss-nss-idmap-dev. 125s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package libsss-sudo. 125s Preparing to unpack .../61-libsss-sudo_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking libsss-sudo (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package python3-libipa-hbac. 125s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 125s Selecting previously unselected package python3-libsss-nss-idmap. 125s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6_amd64.deb ... 125s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 126s Selecting previously unselected package autopkgtest-satdep. 126s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 126s Unpacking autopkgtest-satdep (0) ... 126s Setting up libpwquality-common (1.4.5-3build1) ... 126s Setting up libnfsidmap1:amd64 (1:2.6.4-4ubuntu1) ... 126s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 126s Setting up libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 126s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 126s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 126s Setting up libref-array1t64:amd64 (0.6.2-2.1build1) ... 126s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 126s Setting up libtdb1:amd64 (1.4.10-1build1) ... 126s Setting up libcollection4t64:amd64 (0.6.2-2.1build1) ... 126s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-10) ... 126s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 126s Setting up libjose0:amd64 (13-1) ... 126s Setting up libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 126s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 126s Setting up libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 126s Setting up libavahi-common-data:amd64 (0.8-13ubuntu6) ... 126s Setting up libcares2:amd64 (1.27.0-1.0ubuntu1) ... 126s Setting up libdhash1t64:amd64 (0.6.2-2.1build1) ... 126s Setting up libtcl8.6:amd64 (8.6.14+dfsg-1build1) ... 126s Setting up libltdl7:amd64 (2.4.7-7build1) ... 126s Setting up libcrack2:amd64 (2.9.6-5.1build2) ... 126s Setting up libodbc2:amd64 (2.3.12-1ubuntu1) ... 126s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 126s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 126s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 126s Setting up libini-config5t64:amd64 (0.6.2-2.1build1) ... 126s Setting up libtevent0t64:amd64 (0.16.1-2build1) ... 126s Setting up libnss-sss:amd64 (2.9.4-1.1ubuntu6) ... 126s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 126s Creating new user openldap... done. 126s Creating initial configuration... done. 126s Creating LDAP directory... done. 126s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 126s Setting up libsss-sudo (2.9.4-1.1ubuntu6) ... 126s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 126s Setting up libavahi-common3:amd64 (0.8-13ubuntu6) ... 126s Setting up tcl-expect:amd64 (5.45.4-3) ... 126s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 126s Setting up libpwquality1:amd64 (1.4.5-3build1) ... 126s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 126s Setting up libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 126s Setting up libavahi-client3:amd64 (0.8-13ubuntu6) ... 126s Setting up expect (5.45.4-3) ... 126s Setting up libpam-pwquality:amd64 (1.4.5-3build1) ... 127s Setting up samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 127s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 127s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 127s Setting up libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 127s Setting up libpam-sss:amd64 (2.9.4-1.1ubuntu6) ... 127s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 127s Creating SSSD system user & group... 127s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 127s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 127s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 127s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 128s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 128s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 128s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 128s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 128s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 129s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 129s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 129s sssd-autofs.service is a disabled or a static unit, not starting it. 129s sssd-nss.service is a disabled or a static unit, not starting it. 129s sssd-pam.service is a disabled or a static unit, not starting it. 129s sssd-ssh.service is a disabled or a static unit, not starting it. 129s sssd-sudo.service is a disabled or a static unit, not starting it. 129s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 129s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 129s Setting up sssd-kcm (2.9.4-1.1ubuntu6) ... 130s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 130s sssd-kcm.service is a disabled or a static unit, not starting it. 130s Setting up sssd-dbus (2.9.4-1.1ubuntu6) ... 130s sssd-ifp.service is a disabled or a static unit, not starting it. 130s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 131s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 131s sssd-pac.service is a disabled or a static unit, not starting it. 131s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 131s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 131s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 131s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 131s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 131s Setting up sssd-tools (2.9.4-1.1ubuntu6) ... 131s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 131s Setting up sssd (2.9.4-1.1ubuntu6) ... 131s Setting up libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 131s Setting up libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 131s Setting up libkrad0:amd64 (1.20.1-6ubuntu2) ... 131s Setting up sssd-passkey (2.9.4-1.1ubuntu6) ... 131s Setting up sssd-idp (2.9.4-1.1ubuntu6) ... 131s Setting up autopkgtest-satdep (0) ... 131s Processing triggers for libc-bin (2.39-0ubuntu8.1) ... 131s Processing triggers for ufw (0.36.2-6) ... 131s Processing triggers for man-db (2.12.1-2) ... 133s Processing triggers for dbus (1.14.10-4ubuntu4) ... 138s (Reading database ... 75736 files and directories currently installed.) 138s Removing autopkgtest-satdep (0) ... 138s autopkgtest [18:31:29]: test ldap-user-group-ldap-auth: [----------------------- 138s + . debian/tests/util 138s + . debian/tests/common-tests 138s + mydomain=example.com 138s + myhostname=ldap.example.com 138s + mysuffix=dc=example,dc=com 138s + admin_dn=cn=admin,dc=example,dc=com 138s + admin_pw=secret 138s + ldap_user=testuser1 138s + ldap_user_pw=testuser1secret 138s + ldap_group=ldapusers 138s + adjust_hostname ldap.example.com 138s + local myhostname=ldap.example.com 138s + echo ldap.example.com 138s + hostname ldap.example.com 138s + grep -qE ldap.example.com /etc/hosts 138s + echo 127.0.1.10 ldap.example.com 138s + reconfigure_slapd 138s + debconf-set-selections 138s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 138s + dpkg-reconfigure -fnoninteractive -pcritical slapd 139s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 139s Moving old database directory to /var/backups: 139s - directory unknown... done. 139s Creating initial configuration... done. 139s Creating LDAP directory... done. 139s + generate_certs ldap.example.com 139s + local cn=ldap.example.com 139s + local cert=/etc/ldap/server.pem 139s + local key=/etc/ldap/server.key 139s + local cnf=/etc/ldap/openssl.cnf 139s + cat 139s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 139s ....................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 139s .......++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 139s ----- 139s + chmod 0640 /etc/ldap/server.key 139s + chgrp openldap /etc/ldap/server.key 139s + [ ! -f /etc/ldap/server.pem ] 139s + [ ! -f /etc/ldap/server.key ] 139s + enable_ldap_ssl 139s + cat 139s + cat 139s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 139s modifying entry "cn=config" 139s 139s + populate_ldap_rfc2307 139s + cat 139s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 139s adding new entry "ou=People,dc=example,dc=com" 139s 139s adding new entry "ou=Group,dc=example,dc=com" 139s 139s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 139s 139s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 139s 139s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 139s 139s + configure_sssd_ldap_rfc2307 139s + cat 139s + chmod 0600 /etc/sssd/sssd.conf 139s + systemctl restart sssd 139s + enable_pam_mkhomedir 139s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 139s + echo session optional pam_mkhomedir.so 139s + run_common_tests 139s + echo Assert local user databases do not have our LDAP test data 139s + check_local_user testuser1 139s + local local_user=testuser1 139s + grep -q ^testuser1 /etc/passwd 139s Assert local user databases do not have our LDAP test data 139s + check_local_group testuser1 139s + local local_group=testuser1 139s + grep -q ^testuser1 /etc/group 139s + check_local_group ldapusers 139s + local local_group=ldapusers 139s + grep -q ^ldapusers /etc/group 139s + The LDAP user is known to the system via getent 139s echo The LDAP user is known to the system via getent 139s + check_getent_user testuser1 139s + local getent_user=testuser1 139s + local output 139s + getent passwd testuser1 139s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 139s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 139s + echo The LDAP user's private group is known to the system via getent 139s + check_getent_group testuser1 139s + local getent_group=testuser1 139s + local output 139s The LDAP user's private group is known to the system via getent 139s + getent group testuser1 139s + output=testuser1:*:10001:testuser1 139s + [ -z testuser1:*:10001:testuser1 ] 139s + echo The LDAP group ldapusers is known to the system via getent 139s + check_getent_group ldapusers 139s + local getent_group=ldapusers 139s + local output 139s The LDAP group ldapusers is known to the system via getent 139s + getent group ldapusers 139s + output=ldapusers:*:10100:testuser1 139s + [ -z ldapusers:*:10100:testuser1 ] 139s + echo The id(1) command can resolve the group membership of the LDAP user 139s + id -Gn testuser1 139s The id(1) command can resolve the group membership of the LDAP user 139s + output=testuser1 ldapusers 139s + [ testuser1 ldapusers != testuser1 ldapusers ] 139s + echo The LDAP user can login on a terminal 139s The LDAP user can login on a terminal 139s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 139s spawn login 139s ldap.example.com login: testuser1 139s Password: 140s Welcome to Ubuntu Oracular Oriole (development branch) (GNU/Linux 6.8.0-31-generic x86_64) 140s 140s * Documentation: https://help.ubuntu.com 140s * Management: https://landscape.canonical.com 140s * Support: https://ubuntu.com/pro 140s 140s 140s The programs included with the Ubuntu system are free software; 140s the exact distribution terms for each program are described in the 140s individual files in /usr/share/doc/*/copyright. 140s 140s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 140s applicable law. 140s 140s 140s The programs included with the Ubuntu system are free software; 140s the exact distribution terms for each program are described in the 140s individual files in /usr/share/doc/*/copyright. 140s 140s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 140s applicable law. 140s 140s Creating directory '/home/testuser1'. 140s [?2004htestuser1@ldap:~$ id -un 140s [?2004l testuser1 140s [?2004htestuser1@ldap:~$ autopkgtest [18:31:31]: test ldap-user-group-ldap-auth: -----------------------] 140s ldap-user-group-ldap-auth PASS 140s autopkgtest [18:31:31]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 140s autopkgtest [18:31:31]: test ldap-user-group-krb5-auth: preparing testbed 141s Reading package lists... 141s Building dependency tree... 141s Reading state information... 141s Starting pkgProblemResolver with broken count: 0 142s Starting 2 pkgProblemResolver with broken count: 0 142s Done 142s The following additional packages will be installed: 142s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 142s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 142s Suggested packages: 142s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 142s The following NEW packages will be installed: 142s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 142s libgssrpc4t64 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 142s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 142s Need to get 599 kB/600 kB of archives. 142s After this operation, 2119 kB of additional disk space will be used. 142s Get:1 /tmp/autopkgtest.blXj30/2-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [892 B] 142s Get:2 http://ftpmaster.internal/ubuntu oracular/main amd64 krb5-config all 2.7 [22.0 kB] 142s Get:3 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libgssrpc4t64 amd64 1.20.1-6ubuntu2 [57.6 kB] 142s Get:4 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libkadm5clnt-mit12 amd64 1.20.1-6ubuntu2 [40.1 kB] 142s Get:5 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libkdb5-10t64 amd64 1.20.1-6ubuntu2 [40.3 kB] 142s Get:6 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libkadm5srv-mit12 amd64 1.20.1-6ubuntu2 [53.0 kB] 142s Get:7 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 krb5-user amd64 1.20.1-6ubuntu2 [109 kB] 142s Get:8 http://ftpmaster.internal/ubuntu oracular-proposed/universe amd64 krb5-kdc amd64 1.20.1-6ubuntu2 [182 kB] 142s Get:9 http://ftpmaster.internal/ubuntu oracular-proposed/universe amd64 krb5-admin-server amd64 1.20.1-6ubuntu2 [95.9 kB] 142s Preconfiguring packages ... 143s Fetched 599 kB in 0s (7260 kB/s) 144s Selecting previously unselected package krb5-config. 144s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75736 files and directories currently installed.) 144s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 144s Unpacking krb5-config (2.7) ... 144s Selecting previously unselected package libgssrpc4t64:amd64. 144s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2_amd64.deb ... 144s Unpacking libgssrpc4t64:amd64 (1.20.1-6ubuntu2) ... 144s Selecting previously unselected package libkadm5clnt-mit12:amd64. 144s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2_amd64.deb ... 144s Unpacking libkadm5clnt-mit12:amd64 (1.20.1-6ubuntu2) ... 144s Selecting previously unselected package libkdb5-10t64:amd64. 144s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2_amd64.deb ... 144s Unpacking libkdb5-10t64:amd64 (1.20.1-6ubuntu2) ... 144s Selecting previously unselected package libkadm5srv-mit12:amd64. 144s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2_amd64.deb ... 144s Unpacking libkadm5srv-mit12:amd64 (1.20.1-6ubuntu2) ... 144s Selecting previously unselected package krb5-user. 144s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2_amd64.deb ... 144s Unpacking krb5-user (1.20.1-6ubuntu2) ... 144s Selecting previously unselected package krb5-kdc. 144s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2_amd64.deb ... 144s Unpacking krb5-kdc (1.20.1-6ubuntu2) ... 144s Selecting previously unselected package krb5-admin-server. 144s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2_amd64.deb ... 144s Unpacking krb5-admin-server (1.20.1-6ubuntu2) ... 144s Selecting previously unselected package autopkgtest-satdep. 144s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 144s Unpacking autopkgtest-satdep (0) ... 144s Setting up libgssrpc4t64:amd64 (1.20.1-6ubuntu2) ... 144s Setting up krb5-config (2.7) ... 144s Setting up libkadm5clnt-mit12:amd64 (1.20.1-6ubuntu2) ... 144s Setting up libkdb5-10t64:amd64 (1.20.1-6ubuntu2) ... 144s Setting up libkadm5srv-mit12:amd64 (1.20.1-6ubuntu2) ... 144s Setting up krb5-user (1.20.1-6ubuntu2) ... 144s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 144s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 144s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 144s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 144s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 144s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 144s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 144s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 144s Setting up krb5-kdc (1.20.1-6ubuntu2) ... 145s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 145s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 145s Setting up krb5-admin-server (1.20.1-6ubuntu2) ... 146s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 146s Setting up autopkgtest-satdep (0) ... 146s Processing triggers for man-db (2.12.1-2) ... 146s Processing triggers for libc-bin (2.39-0ubuntu8.1) ... 150s (Reading database ... 75831 files and directories currently installed.) 150s Removing autopkgtest-satdep (0) ... 151s autopkgtest [18:31:42]: test ldap-user-group-krb5-auth: [----------------------- 151s + . debian/tests/util 151s + . debian/tests/common-tests 151s + mydomain=example.com 151s + myhostname=ldap.example.com 151s + mysuffix=dc=example,dc=com 151s + myrealm=EXAMPLE.COM 151s + admin_dn=cn=admin,dc=example,dc=com 151s + admin_pw=secret 151s + ldap_user=testuser1 151s + ldap_user_pw=testuser1secret 151s + kerberos_principal_pw=testuser1kerberos 151s + ldap_group=ldapusers 151s + adjust_hostname ldap.example.com 151s + local myhostname=ldap.example.com 151s + echo ldap.example.com 151s + hostname ldap.example.com 151s + grep -qE ldap.example.com /etc/hosts 151s + reconfigure_slapd 151s + debconf-set-selections 151s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8-20240613-183130.ldapdb 151s + dpkg-reconfigure -fnoninteractive -pcritical slapd 151s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 151s Moving old database directory to /var/backups: 151s - directory unknown... done. 151s Creating initial configuration... done. 151s Creating LDAP directory... done. 152s + generate_certs ldap.example.com 152s + local cn=ldap.example.com 152s + local cert=/etc/ldap/server.pem 152s + local key=/etc/ldap/server.key 152s + local cnf=/etc/ldap/openssl.cnf 152s + cat 152s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 152s ..++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 152s .................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 152s ----- 152s + chmod 0640 /etc/ldap/server.key 152s + chgrp openldap /etc/ldap/server.key 152s + [ ! -f /etc/ldap/server.pem ] 152s + [ ! -f /etc/ldap/server.key ] 152s + enable_ldap_ssl 152s + cat 152s + cat 152s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 152s modifying entry "cn=config" 152s 152s + populate_ldap_rfc2307 152s + + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 152s cat 152s adding new entry "ou=People,dc=example,dc=com" 152s 152s adding new entry "ou=Group,dc=example,dc=com" 152s 152s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 152s 152s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 152s 152s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 152s 152s + create_realm EXAMPLE.COM ldap.example.com 152s + local realm_name=EXAMPLE.COM 152s + local kerberos_server=ldap.example.com 152s + rm -rf /var/lib/krb5kdc/* 152s + rm -rf /etc/krb5kdc/kdc.conf 152s + rm -f /etc/krb5.keytab 152s + cat 152s + cat 152s + echo # */admin * 152s + kdb5_util create -s -P secretpassword 152s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 152s master key name 'K/M@EXAMPLE.COM' 152s + systemctl restart krb5-kdc.service krb5-admin-server.service 152s + create_krb_principal testuser1 testuser1kerberos 152s + local principal=testuser1 152s + local password=testuser1kerberos 152s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 152s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 152s Authenticating as principal root/admin@EXAMPLE.COM with password. 152s Principal "testuser1@EXAMPLE.COM" created. 152s + configure_sssd_ldap_rfc2307_krb5_auth 152s + cat 152s + chmod 0600 /etc/sssd/sssd.conf 152s + systemctl restart sssd 152s + enable_pam_mkhomedir 152s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 152s Assert local user databases do not have our LDAP test data 152s + run_common_tests 152s + echo Assert local user databases do not have our LDAP test data 152s + check_local_user testuser1 152s + local local_user=testuser1 152s + grep -q ^testuser1 /etc/passwd 152s + check_local_group testuser1 152s + local local_group=testuser1 152s + grep -q ^testuser1 /etc/group 152s + check_local_group ldapusers 152s + local local_group=ldapusers 152s + grep -q ^ldapusers /etc/group 152s The LDAP user is known to the system via getent 152s + echo The LDAP user is known to the system via getent 152s + check_getent_user testuser1 152s + local getent_user=testuser1 152s + local output 152s + getent passwd testuser1 152s The LDAP user's private group is known to the system via getent 152s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 152s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 152s + echo The LDAP user's private group is known to the system via getent 152s + check_getent_group testuser1 152s + local getent_group=testuser1 152s + local output 152s + getent group testuser1 152s The LDAP group ldapusers is known to the system via getent 152s + output=testuser1:*:10001:testuser1 152s + [ -z testuser1:*:10001:testuser1 ] 152s + echo The LDAP group ldapusers is known to the system via getent 152s + check_getent_group ldapusers 152s + local getent_group=ldapusers 152s + local output 152s + getent group ldapusers 152s + output=ldapusers:*:10100:testuser1 152s + [ -z ldapusers:*:10100:testuser1 ] 152s + echoThe id(1) command can resolve the group membership of the LDAP user 152s The id(1) command can resolve the group membership of the LDAP user 152s + id -Gn testuser1 152s The Kerberos principal can login on a terminal 152s + output=testuser1 ldapusers 152s + [ testuser1 ldapusers != testuser1 ldapusers ] 152s + echo The Kerberos principal can login on a terminal 152s + kdestroy 152s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 152s spawn login 152s ldap.example.com login: testuser1 152s Password: 152s Welcome to Ubuntu Oracular Oriole (development branch) (GNU/Linux 6.8.0-31-generic x86_64) 152s 152s * Documentation: https://help.ubuntu.com 152s * Management: https://landscape.canonical.com 152s * Support: https://ubuntu.com/pro 152s 152s 152s The programs included with the Ubuntu system are free software; 152s the exact distribution terms for each program are described in the 152s individual files in /usr/share/doc/*/copyright. 152s 152s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 152s applicable law. 152s 152s [?2004htestuser1@ldap:~$ id -un 152s [?2004l testuser1 152s [?2004htestuser1@ldap:~$ klist 152s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_NYbxef 153s Default principal: testuser1@EXAMPLE.COMautopkgtest [18:31:44]: test ldap-user-group-krb5-auth: -----------------------] 153s ldap-user-group-krb5-auth PASS 153s autopkgtest [18:31:44]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 153s autopkgtest [18:31:44]: test sssd-softhism2-certificates-tests.sh: preparing testbed 238s autopkgtest [18:33:09]: testbed dpkg architecture: amd64 238s autopkgtest [18:33:09]: testbed apt version: 2.9.3 238s autopkgtest [18:33:09]: @@@@@@@@@@@@@@@@@@@@ test bed setup 238s Get:1 http://ftpmaster.internal/ubuntu oracular-proposed InRelease [110 kB] 238s Get:2 http://ftpmaster.internal/ubuntu oracular-proposed/universe Sources [346 kB] 238s Get:3 http://ftpmaster.internal/ubuntu oracular-proposed/main Sources [39.1 kB] 238s Get:4 http://ftpmaster.internal/ubuntu oracular-proposed/multiverse Sources [2576 B] 238s Get:5 http://ftpmaster.internal/ubuntu oracular-proposed/restricted Sources [7052 B] 238s Get:6 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 Packages [71.8 kB] 238s Get:7 http://ftpmaster.internal/ubuntu oracular-proposed/main i386 Packages [57.0 kB] 238s Get:8 http://ftpmaster.internal/ubuntu oracular-proposed/restricted amd64 Packages [28.9 kB] 238s Get:9 http://ftpmaster.internal/ubuntu oracular-proposed/restricted i386 Packages [6732 B] 238s Get:10 http://ftpmaster.internal/ubuntu oracular-proposed/universe i386 Packages [141 kB] 238s Get:11 http://ftpmaster.internal/ubuntu oracular-proposed/universe amd64 Packages [319 kB] 238s Get:12 http://ftpmaster.internal/ubuntu oracular-proposed/multiverse i386 Packages [3884 B] 238s Get:13 http://ftpmaster.internal/ubuntu oracular-proposed/multiverse amd64 Packages [8364 B] 239s Fetched 1142 kB in 0s (4194 kB/s) 239s Reading package lists... 240s Reading package lists... 240s Building dependency tree... 240s Reading state information... 241s Calculating upgrade... 241s The following package was automatically installed and is no longer required: 241s systemd-dev 241s Use 'sudo apt autoremove' to remove it. 241s The following packages will be upgraded: 241s dhcpcd-base dracut-install libnss-systemd libpam-systemd libsystemd-shared 241s libsystemd0 libudev1 systemd systemd-dev systemd-resolved systemd-sysv 241s systemd-timesyncd udev 241s 13 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 241s Need to get 9567 kB of archives. 241s After this operation, 1857 kB of additional disk space will be used. 241s Get:1 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 systemd-dev all 256-1ubuntu1 [111 kB] 241s Get:2 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 systemd-timesyncd amd64 256-1ubuntu1 [35.6 kB] 241s Get:3 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 systemd-resolved amd64 256-1ubuntu1 [311 kB] 241s Get:4 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libsystemd-shared amd64 256-1ubuntu1 [2191 kB] 241s Get:5 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libsystemd0 amd64 256-1ubuntu1 [442 kB] 241s Get:6 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 systemd-sysv amd64 256-1ubuntu1 [11.8 kB] 241s Get:7 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libnss-systemd amd64 256-1ubuntu1 [164 kB] 241s Get:8 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libpam-systemd amd64 256-1ubuntu1 [243 kB] 241s Get:9 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 systemd amd64 256-1ubuntu1 [3652 kB] 241s Get:10 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 udev amd64 256-1ubuntu1 [1963 kB] 241s Get:11 http://ftpmaster.internal/ubuntu oracular-proposed/main amd64 libudev1 amd64 256-1ubuntu1 [193 kB] 241s Get:12 http://ftpmaster.internal/ubuntu oracular/main amd64 dhcpcd-base amd64 1:10.0.8-2 [216 kB] 241s Get:13 http://ftpmaster.internal/ubuntu oracular/main amd64 dracut-install amd64 102-3ubuntu1 [32.4 kB] 242s Fetched 9567 kB in 0s (73.9 MB/s) 242s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74428 files and directories currently installed.) 242s Preparing to unpack .../systemd-dev_256-1ubuntu1_all.deb ... 242s Unpacking systemd-dev (256-1ubuntu1) over (255.4-1ubuntu8) ... 242s Preparing to unpack .../systemd-timesyncd_256-1ubuntu1_amd64.deb ... 242s Unpacking systemd-timesyncd (256-1ubuntu1) over (255.4-1ubuntu8) ... 242s Preparing to unpack .../systemd-resolved_256-1ubuntu1_amd64.deb ... 242s Unpacking systemd-resolved (256-1ubuntu1) over (255.4-1ubuntu8) ... 242s Preparing to unpack .../libsystemd-shared_256-1ubuntu1_amd64.deb ... 242s Unpacking libsystemd-shared:amd64 (256-1ubuntu1) over (255.4-1ubuntu8) ... 242s Preparing to unpack .../libsystemd0_256-1ubuntu1_amd64.deb ... 242s Unpacking libsystemd0:amd64 (256-1ubuntu1) over (255.4-1ubuntu8) ... 242s Setting up libsystemd0:amd64 (256-1ubuntu1) ... 242s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74430 files and directories currently installed.) 242s Preparing to unpack .../0-systemd-sysv_256-1ubuntu1_amd64.deb ... 242s Unpacking systemd-sysv (256-1ubuntu1) over (255.4-1ubuntu8) ... 242s Preparing to unpack .../1-libnss-systemd_256-1ubuntu1_amd64.deb ... 242s Unpacking libnss-systemd:amd64 (256-1ubuntu1) over (255.4-1ubuntu8) ... 242s Preparing to unpack .../2-libpam-systemd_256-1ubuntu1_amd64.deb ... 242s Unpacking libpam-systemd:amd64 (256-1ubuntu1) over (255.4-1ubuntu8) ... 242s Preparing to unpack .../3-systemd_256-1ubuntu1_amd64.deb ... 242s Unpacking systemd (256-1ubuntu1) over (255.4-1ubuntu8) ... 243s Preparing to unpack .../4-udev_256-1ubuntu1_amd64.deb ... 243s Unpacking udev (256-1ubuntu1) over (255.4-1ubuntu8) ... 243s Preparing to unpack .../5-libudev1_256-1ubuntu1_amd64.deb ... 243s Unpacking libudev1:amd64 (256-1ubuntu1) over (255.4-1ubuntu8) ... 243s Setting up libudev1:amd64 (256-1ubuntu1) ... 243s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74492 files and directories currently installed.) 243s Preparing to unpack .../dhcpcd-base_1%3a10.0.8-2_amd64.deb ... 243s Unpacking dhcpcd-base (1:10.0.8-2) over (1:10.0.8-1) ... 243s Preparing to unpack .../dracut-install_102-3ubuntu1_amd64.deb ... 243s Unpacking dracut-install (102-3ubuntu1) over (060+5-8ubuntu2) ... 243s Setting up systemd-dev (256-1ubuntu1) ... 243s Setting up libsystemd-shared:amd64 (256-1ubuntu1) ... 243s Setting up dhcpcd-base (1:10.0.8-2) ... 243s Setting up dracut-install (102-3ubuntu1) ... 243s Setting up systemd (256-1ubuntu1) ... 243s Installing new version of config file /etc/systemd/journald.conf ... 243s Installing new version of config file /etc/systemd/logind.conf ... 243s Installing new version of config file /etc/systemd/networkd.conf ... 243s Installing new version of config file /etc/systemd/sleep.conf ... 243s Installing new version of config file /etc/systemd/system.conf ... 243s /usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring. 243s Created symlink '/run/systemd/system/tmp.mount' → '/dev/null'. 244s /usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring. 244s Setting up systemd-timesyncd (256-1ubuntu1) ... 245s Setting up udev (256-1ubuntu1) ... 246s Setting up systemd-resolved (256-1ubuntu1) ... 246s Installing new version of config file /etc/systemd/resolved.conf ... 246s Setting up systemd-sysv (256-1ubuntu1) ... 246s Setting up libnss-systemd:amd64 (256-1ubuntu1) ... 246s Setting up libpam-systemd:amd64 (256-1ubuntu1) ... 246s Processing triggers for libc-bin (2.39-0ubuntu8.1) ... 246s Processing triggers for man-db (2.12.1-2) ... 248s Processing triggers for dbus (1.14.10-4ubuntu4) ... 248s Processing triggers for shared-mime-info (2.4-5) ... 248s Warning: program compiled against libxml 212 using older 209 248s Processing triggers for initramfs-tools (0.142ubuntu28) ... 248s update-initramfs: Generating /boot/initrd.img-6.8.0-31-generic 248s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 257s Reading package lists... 257s Building dependency tree... 257s Reading state information... 257s The following packages will be REMOVED: 257s systemd-dev* 258s 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. 258s After this operation, 760 kB disk space will be freed. 258s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74492 files and directories currently installed.) 258s Removing systemd-dev (256-1ubuntu1) ... 265s Hit:1 http://ftpmaster.internal/ubuntu oracular-proposed InRelease 265s Hit:2 http://ftpmaster.internal/ubuntu oracular InRelease 265s Hit:3 http://ftpmaster.internal/ubuntu oracular-updates InRelease 265s Hit:4 http://ftpmaster.internal/ubuntu oracular-security InRelease 267s Reading package lists... 267s Reading package lists... 267s Building dependency tree... 267s Reading state information... 267s Calculating upgrade... 268s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 268s Reading package lists... 268s Building dependency tree... 268s Reading state information... 269s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 269s autopkgtest [18:33:40]: rebooting testbed after setup commands that affected boot 288s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 394s Reading package lists... 394s Building dependency tree... 394s Reading state information... 394s Starting pkgProblemResolver with broken count: 0 394s Starting 2 pkgProblemResolver with broken count: 0 394s Done 395s The following additional packages will be installed: 395s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 395s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 395s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 395s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 395s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 395s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 395s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 395s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 395s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 395s Suggested packages: 395s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 395s Recommended packages: 395s cracklib-runtime libsasl2-modules-gssapi-mit 395s | libsasl2-modules-gssapi-heimdal ldap-utils 395s The following NEW packages will be installed: 395s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 395s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 395s libdhash1t64 libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 395s libipa-hbac0t64 libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 395s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 395s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 395s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 395s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 395s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 395s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 395s Need to get 10.1 MB/10.1 MB of archives. 395s After this operation, 39.2 MB of additional disk space will be used. 395s Get:1 /tmp/autopkgtest.blXj30/3-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [740 B] 395s Get:2 http://ftpmaster.internal/ubuntu oracular/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-10 [144 kB] 395s Get:3 http://ftpmaster.internal/ubuntu oracular/main amd64 libunbound8 amd64 1.19.2-1ubuntu3 [440 kB] 395s Get:4 http://ftpmaster.internal/ubuntu oracular/main amd64 libgnutls-dane0t64 amd64 3.8.5-4ubuntu1 [23.7 kB] 395s Get:5 http://ftpmaster.internal/ubuntu oracular/universe amd64 gnutls-bin amd64 3.8.5-4ubuntu1 [270 kB] 395s Get:6 http://ftpmaster.internal/ubuntu oracular/main amd64 libavahi-common-data amd64 0.8-13ubuntu6 [29.7 kB] 395s Get:7 http://ftpmaster.internal/ubuntu oracular/main amd64 libavahi-common3 amd64 0.8-13ubuntu6 [23.3 kB] 395s Get:8 http://ftpmaster.internal/ubuntu oracular/main amd64 libavahi-client3 amd64 0.8-13ubuntu6 [26.8 kB] 395s Get:9 http://ftpmaster.internal/ubuntu oracular/main amd64 libbasicobjects0t64 amd64 0.6.2-2.1build1 [5854 B] 395s Get:10 http://ftpmaster.internal/ubuntu oracular/main amd64 libcares2 amd64 1.27.0-1.0ubuntu1 [73.7 kB] 395s Get:11 http://ftpmaster.internal/ubuntu oracular/main amd64 libcollection4t64 amd64 0.6.2-2.1build1 [22.8 kB] 395s Get:12 http://ftpmaster.internal/ubuntu oracular/main amd64 libcrack2 amd64 2.9.6-5.1build2 [29.0 kB] 395s Get:13 http://ftpmaster.internal/ubuntu oracular/main amd64 libdhash1t64 amd64 0.6.2-2.1build1 [8614 B] 395s Get:14 http://ftpmaster.internal/ubuntu oracular/main amd64 libpath-utils1t64 amd64 0.6.2-2.1build1 [8744 B] 395s Get:15 http://ftpmaster.internal/ubuntu oracular/main amd64 libref-array1t64 amd64 0.6.2-2.1build1 [7420 B] 395s Get:16 http://ftpmaster.internal/ubuntu oracular/main amd64 libini-config5t64 amd64 0.6.2-2.1build1 [43.5 kB] 395s Get:17 http://ftpmaster.internal/ubuntu oracular/main amd64 libipa-hbac0t64 amd64 2.9.4-1.1ubuntu6 [17.4 kB] 395s Get:18 http://ftpmaster.internal/ubuntu oracular/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 395s Get:19 http://ftpmaster.internal/ubuntu oracular/main amd64 libtdb1 amd64 1.4.10-1build1 [46.8 kB] 395s Get:20 http://ftpmaster.internal/ubuntu oracular/main amd64 libtevent0t64 amd64 0.16.1-2build1 [42.6 kB] 395s Get:21 http://ftpmaster.internal/ubuntu oracular/main amd64 libldb2 amd64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [187 kB] 395s Get:22 http://ftpmaster.internal/ubuntu oracular/main amd64 libnfsidmap1 amd64 1:2.6.4-4ubuntu1 [48.3 kB] 395s Get:23 http://ftpmaster.internal/ubuntu oracular/main amd64 libpwquality-common all 1.4.5-3build1 [7748 B] 395s Get:24 http://ftpmaster.internal/ubuntu oracular/main amd64 libpwquality1 amd64 1.4.5-3build1 [13.5 kB] 395s Get:25 http://ftpmaster.internal/ubuntu oracular/main amd64 libpam-pwquality amd64 1.4.5-3build1 [11.7 kB] 395s Get:26 http://ftpmaster.internal/ubuntu oracular/main amd64 libwbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [70.6 kB] 395s Get:27 http://ftpmaster.internal/ubuntu oracular/main amd64 samba-libs amd64 2:4.19.5+dfsg-4ubuntu9 [6017 kB] 395s Get:28 http://ftpmaster.internal/ubuntu oracular/main amd64 libsmbclient0 amd64 2:4.19.5+dfsg-4ubuntu9 [62.4 kB] 395s Get:29 http://ftpmaster.internal/ubuntu oracular/universe amd64 softhsm2-common amd64 2.6.1-2.2ubuntu3 [6198 B] 395s Get:30 http://ftpmaster.internal/ubuntu oracular/universe amd64 libsofthsm2 amd64 2.6.1-2.2ubuntu3 [266 kB] 395s Get:31 http://ftpmaster.internal/ubuntu oracular/universe amd64 softhsm2 amd64 2.6.1-2.2ubuntu3 [175 kB] 395s Get:32 http://ftpmaster.internal/ubuntu oracular/main amd64 python3-sss amd64 2.9.4-1.1ubuntu6 [47.1 kB] 395s Get:33 http://ftpmaster.internal/ubuntu oracular/main amd64 libsss-idmap0 amd64 2.9.4-1.1ubuntu6 [21.7 kB] 395s Get:34 http://ftpmaster.internal/ubuntu oracular/main amd64 libnss-sss amd64 2.9.4-1.1ubuntu6 [31.6 kB] 395s Get:35 http://ftpmaster.internal/ubuntu oracular/main amd64 libpam-sss amd64 2.9.4-1.1ubuntu6 [50.4 kB] 395s Get:36 http://ftpmaster.internal/ubuntu oracular/main amd64 libsss-certmap0 amd64 2.9.4-1.1ubuntu6 [47.1 kB] 395s Get:37 http://ftpmaster.internal/ubuntu oracular/main amd64 libsss-nss-idmap0 amd64 2.9.4-1.1ubuntu6 [30.3 kB] 395s Get:38 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-common amd64 2.9.4-1.1ubuntu6 [1139 kB] 395s Get:39 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-ad-common amd64 2.9.4-1.1ubuntu6 [77.1 kB] 395s Get:40 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-krb5-common amd64 2.9.4-1.1ubuntu6 [88.8 kB] 395s Get:41 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-ad amd64 2.9.4-1.1ubuntu6 [135 kB] 395s Get:42 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-ipa amd64 2.9.4-1.1ubuntu6 [221 kB] 395s Get:43 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-krb5 amd64 2.9.4-1.1ubuntu6 [14.5 kB] 395s Get:44 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-ldap amd64 2.9.4-1.1ubuntu6 [31.3 kB] 395s Get:45 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd-proxy amd64 2.9.4-1.1ubuntu6 [44.6 kB] 395s Get:46 http://ftpmaster.internal/ubuntu oracular/main amd64 sssd amd64 2.9.4-1.1ubuntu6 [4118 B] 396s Fetched 10.1 MB in 0s (58.2 MB/s) 396s Selecting previously unselected package libevent-2.1-7t64:amd64. 396s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74445 files and directories currently installed.) 396s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10_amd64.deb ... 396s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-10) ... 396s Selecting previously unselected package libunbound8:amd64. 396s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3_amd64.deb ... 396s Unpacking libunbound8:amd64 (1.19.2-1ubuntu3) ... 396s Selecting previously unselected package libgnutls-dane0t64:amd64. 396s Preparing to unpack .../02-libgnutls-dane0t64_3.8.5-4ubuntu1_amd64.deb ... 396s Unpacking libgnutls-dane0t64:amd64 (3.8.5-4ubuntu1) ... 396s Selecting previously unselected package gnutls-bin. 396s Preparing to unpack .../03-gnutls-bin_3.8.5-4ubuntu1_amd64.deb ... 396s Unpacking gnutls-bin (3.8.5-4ubuntu1) ... 396s Selecting previously unselected package libavahi-common-data:amd64. 396s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_amd64.deb ... 396s Unpacking libavahi-common-data:amd64 (0.8-13ubuntu6) ... 396s Selecting previously unselected package libavahi-common3:amd64. 396s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_amd64.deb ... 396s Unpacking libavahi-common3:amd64 (0.8-13ubuntu6) ... 396s Selecting previously unselected package libavahi-client3:amd64. 396s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_amd64.deb ... 396s Unpacking libavahi-client3:amd64 (0.8-13ubuntu6) ... 396s Selecting previously unselected package libbasicobjects0t64:amd64. 396s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_amd64.deb ... 396s Unpacking libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 396s Selecting previously unselected package libcares2:amd64. 396s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_amd64.deb ... 396s Unpacking libcares2:amd64 (1.27.0-1.0ubuntu1) ... 396s Selecting previously unselected package libcollection4t64:amd64. 396s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_amd64.deb ... 396s Unpacking libcollection4t64:amd64 (0.6.2-2.1build1) ... 396s Selecting previously unselected package libcrack2:amd64. 396s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_amd64.deb ... 396s Unpacking libcrack2:amd64 (2.9.6-5.1build2) ... 396s Selecting previously unselected package libdhash1t64:amd64. 396s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_amd64.deb ... 396s Unpacking libdhash1t64:amd64 (0.6.2-2.1build1) ... 396s Selecting previously unselected package libpath-utils1t64:amd64. 396s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_amd64.deb ... 396s Unpacking libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 396s Selecting previously unselected package libref-array1t64:amd64. 396s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_amd64.deb ... 396s Unpacking libref-array1t64:amd64 (0.6.2-2.1build1) ... 396s Selecting previously unselected package libini-config5t64:amd64. 396s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_amd64.deb ... 396s Unpacking libini-config5t64:amd64 (0.6.2-2.1build1) ... 396s Selecting previously unselected package libipa-hbac0t64. 396s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6_amd64.deb ... 396s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 396s Selecting previously unselected package libtalloc2:amd64. 396s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_amd64.deb ... 396s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 396s Selecting previously unselected package libtdb1:amd64. 396s Preparing to unpack .../17-libtdb1_1.4.10-1build1_amd64.deb ... 396s Unpacking libtdb1:amd64 (1.4.10-1build1) ... 396s Selecting previously unselected package libtevent0t64:amd64. 396s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_amd64.deb ... 396s Unpacking libtevent0t64:amd64 (0.16.1-2build1) ... 396s Selecting previously unselected package libldb2:amd64. 396s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_amd64.deb ... 396s Unpacking libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 396s Selecting previously unselected package libnfsidmap1:amd64. 396s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-4ubuntu1_amd64.deb ... 396s Unpacking libnfsidmap1:amd64 (1:2.6.4-4ubuntu1) ... 396s Selecting previously unselected package libpwquality-common. 397s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 397s Unpacking libpwquality-common (1.4.5-3build1) ... 397s Selecting previously unselected package libpwquality1:amd64. 397s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_amd64.deb ... 397s Unpacking libpwquality1:amd64 (1.4.5-3build1) ... 397s Selecting previously unselected package libpam-pwquality:amd64. 397s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_amd64.deb ... 397s Unpacking libpam-pwquality:amd64 (1.4.5-3build1) ... 397s Selecting previously unselected package libwbclient0:amd64. 397s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 397s Unpacking libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 397s Selecting previously unselected package samba-libs:amd64. 397s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 397s Unpacking samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 397s Selecting previously unselected package libsmbclient0:amd64. 397s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_amd64.deb ... 397s Unpacking libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 397s Selecting previously unselected package softhsm2-common. 397s Preparing to unpack .../27-softhsm2-common_2.6.1-2.2ubuntu3_amd64.deb ... 397s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 397s Selecting previously unselected package libsofthsm2. 397s Preparing to unpack .../28-libsofthsm2_2.6.1-2.2ubuntu3_amd64.deb ... 397s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 397s Selecting previously unselected package softhsm2. 397s Preparing to unpack .../29-softhsm2_2.6.1-2.2ubuntu3_amd64.deb ... 397s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 397s Selecting previously unselected package python3-sss. 397s Preparing to unpack .../30-python3-sss_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package libsss-idmap0. 397s Preparing to unpack .../31-libsss-idmap0_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package libnss-sss:amd64. 397s Preparing to unpack .../32-libnss-sss_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking libnss-sss:amd64 (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package libpam-sss:amd64. 397s Preparing to unpack .../33-libpam-sss_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking libpam-sss:amd64 (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package libsss-certmap0. 397s Preparing to unpack .../34-libsss-certmap0_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package libsss-nss-idmap0. 397s Preparing to unpack .../35-libsss-nss-idmap0_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package sssd-common. 397s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package sssd-ad-common. 397s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package sssd-krb5-common. 397s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package sssd-ad. 397s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package sssd-ipa. 397s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package sssd-krb5. 397s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package sssd-ldap. 397s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package sssd-proxy. 397s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package sssd. 397s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6_amd64.deb ... 397s Unpacking sssd (2.9.4-1.1ubuntu6) ... 397s Selecting previously unselected package autopkgtest-satdep. 397s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 397s Unpacking autopkgtest-satdep (0) ... 397s Setting up libpwquality-common (1.4.5-3build1) ... 397s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 398s 398s Creating config file /etc/softhsm/softhsm2.conf with new version 398s Setting up libnfsidmap1:amd64 (1:2.6.4-4ubuntu1) ... 398s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 398s Setting up libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 398s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 398s Setting up libref-array1t64:amd64 (0.6.2-2.1build1) ... 398s Setting up libtdb1:amd64 (1.4.10-1build1) ... 398s Setting up libcollection4t64:amd64 (0.6.2-2.1build1) ... 398s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-10) ... 398s Setting up libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 398s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 398s Setting up libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 398s Setting up libunbound8:amd64 (1.19.2-1ubuntu3) ... 398s Setting up libgnutls-dane0t64:amd64 (3.8.5-4ubuntu1) ... 398s Setting up libavahi-common-data:amd64 (0.8-13ubuntu6) ... 398s Setting up libcares2:amd64 (1.27.0-1.0ubuntu1) ... 398s Setting up libdhash1t64:amd64 (0.6.2-2.1build1) ... 398s Setting up libcrack2:amd64 (2.9.6-5.1build2) ... 398s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 398s Setting up libini-config5t64:amd64 (0.6.2-2.1build1) ... 398s Setting up libtevent0t64:amd64 (0.16.1-2build1) ... 398s Setting up libnss-sss:amd64 (2.9.4-1.1ubuntu6) ... 398s Setting up gnutls-bin (3.8.5-4ubuntu1) ... 398s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 398s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 398s Setting up libavahi-common3:amd64 (0.8-13ubuntu6) ... 398s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 398s Setting up libpwquality1:amd64 (1.4.5-3build1) ... 398s Setting up libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 398s Setting up libavahi-client3:amd64 (0.8-13ubuntu6) ... 398s Setting up libpam-pwquality:amd64 (1.4.5-3build1) ... 398s Setting up samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 398s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 398s Setting up libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu9) ... 398s Setting up libpam-sss:amd64 (2.9.4-1.1ubuntu6) ... 398s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 398s Creating SSSD system user & group... 399s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 399s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 399s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 399s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 399s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 399s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 400s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 400s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 400s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 400s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 401s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 401s sssd-autofs.service is a disabled or a static unit, not starting it. 401s sssd-nss.service is a disabled or a static unit, not starting it. 401s sssd-pam.service is a disabled or a static unit, not starting it. 401s sssd-ssh.service is a disabled or a static unit, not starting it. 401s sssd-sudo.service is a disabled or a static unit, not starting it. 401s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 401s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 401s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 401s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 402s sssd-pac.service is a disabled or a static unit, not starting it. 402s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 402s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 402s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 402s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 402s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 402s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 402s Setting up sssd (2.9.4-1.1ubuntu6) ... 402s Setting up autopkgtest-satdep (0) ... 402s Processing triggers for man-db (2.12.1-2) ... 403s Processing triggers for libc-bin (2.39-0ubuntu8.1) ... 427s (Reading database ... 75041 files and directories currently installed.) 427s Removing autopkgtest-satdep (0) ... 445s autopkgtest [18:36:36]: test sssd-softhism2-certificates-tests.sh: [----------------------- 445s + '[' -z ubuntu ']' 445s + required_tools=(p11tool openssl softhsm2-util) 445s + for cmd in "${required_tools[@]}" 445s + command -v p11tool 445s + for cmd in "${required_tools[@]}" 445s + command -v openssl 445s + for cmd in "${required_tools[@]}" 445s + command -v softhsm2-util 445s + PIN=053350 445s +++ find /usr/lib/softhsm/libsofthsm2.so 445s +++ head -n 1 445s ++ realpath /usr/lib/softhsm/libsofthsm2.so 445s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 445s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 445s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 445s + '[' '!' -v NO_SSSD_TESTS ']' 445s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 445s + ca_db_arg=ca_db 445s ++ /usr/libexec/sssd/p11_child --help 445s + p11_child_help='Usage: p11_child [OPTION...] 445s -d, --debug-level=INT Debug level 445s --debug-timestamps=INT Add debug timestamps 445s --debug-microseconds=INT Show timestamps with microseconds 445s --dumpable=INT Allow core dumps 445s --debug-fd=INT An open file descriptor for the debug 445s logs 445s --logger=stderr|files|journald Set logger 445s --auth Run in auth mode 445s --pre Run in pre-auth mode 445s --wait_for_card Wait until card is available 445s --verification Run in verification mode 445s --pin Expect PIN on stdin 445s --keypad Expect PIN on keypad 445s --verify=STRING Tune validation 445s --ca_db=STRING CA DB to use 445s --module_name=STRING Module name for authentication 445s --token_name=STRING Token name for authentication 445s --key_id=STRING Key ID for authentication 445s --label=STRING Label for authentication 445s --certificate=STRING certificate to verify, base64 encoded 445s --uri=STRING PKCS#11 URI to restrict selection 445s --chain-id=LONG Tevent chain ID used for logging 445s purposes 445s 445s Help options: 445s -?, --help Show this help message 445s --usage Display brief usage message' 445s + echo 'Usage: p11_child [OPTION...] 445s -d, --debug-level=INT Debug level 445s --debug-timestamps=INT Add debug timestamps 445s --debug-microseconds=INT Show timestamps with microseconds 445s --dumpable=INT Allow core dumps 445s --debug-fd=INT An open file descriptor for the debug 445s logs 445s --logger=stderr|files|journald Set logger 445s --auth Run in auth mode 445s --pre Run in pre-auth mode 445s --wait_for_card Wait until card is available 445s --verification Run in verification mode 445s --pin Expect PIN on stdin 445s --keypad Expect PIN on keypad 445s --verify=STRING Tune validation 445s --ca_db=STRING CA DB to use 445s --module_name=STRING Module name for authentication 445s --token_name=STRING Token name for authentication 445s --key_id=STRING Key ID for authentication 445s --label=STRING Label for authentication 445s --certificate=STRING certificate to verify, base64 encoded 445s --uri=STRING PKCS#11 URI to restrict selection 445s --chain-id=LONG Tevent chain ID used for logging 445s purposes 445s 445s Help options: 445s -?, --help Show this help message 445s --usage Display brief usage message' 445s + grep nssdb -qs 445s + echo 'Usage: p11_child [OPTION...] 445s -d, --debug-level=INT Debug level 445s --debug-timestamps=INT Add debug timestamps 445s --debug-microseconds=INT Show timestamps with microseconds 445s --dumpable=INT Allow core dumps 445s --debug-fd=INT An open file descriptor for the debug 445s logs 445s --logger=stderr|files|journald Set logger 445s --auth Run in auth mode 445s --pre Run in pre-auth mode 445s --wait_for_card Wait until card is available 445s --verification Run in verification mode 445s --pin Expect PIN on stdin 445s --keypad Expect PIN on keypad 445s --verify=STRING Tune validation 445s --ca_db=STRING CA DB to use 445s --module_name=STRING Module name for authentication 445s --token_name=STRING Token name for authentication 445s --key_id=STRING Key ID for authentication 445s --label=STRING Label for authentication 445s --certificate=STRING certificate to verify, base64 encoded 445s --uri=STRING PKCS#11 URI to restrict selection 445s --chain-id=LONG Tevent chain ID used for logging 445s purposes 445s 445s Help options: 445s -?, --help Show this help message 445s --usage Display brief usage message' 445s + grep -qs -- --ca_db 445s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 445s ++ mktemp -d -t sssd-softhsm2-XXXXXX 445s + tmpdir=/tmp/sssd-softhsm2-YAH4lk 445s + keys_size=1024 445s + [[ ! -v KEEP_TEMPORARY_FILES ]] 445s + trap 'rm -rf "$tmpdir"' EXIT 445s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 445s + echo -n 01 445s + touch /tmp/sssd-softhsm2-YAH4lk/index.txt 445s + mkdir -p /tmp/sssd-softhsm2-YAH4lk/new_certs 445s + cat 445s + root_ca_key_pass=pass:random-root-CA-password-16529 445s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-YAH4lk/test-root-CA-key.pem -passout pass:random-root-CA-password-16529 1024 445s + openssl req -passin pass:random-root-CA-password-16529 -batch -config /tmp/sssd-softhsm2-YAH4lk/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-YAH4lk/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 445s + openssl x509 -noout -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 445s + cat 445s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-25727 445s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-25727 1024 445s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-25727 -config /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.config -key /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-16529 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-certificate-request.pem 445s + openssl req -text -noout -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-certificate-request.pem 445s Certificate Request: 445s Data: 445s Version: 1 (0x0) 445s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 445s Subject Public Key Info: 445s Public Key Algorithm: rsaEncryption 445s Public-Key: (1024 bit) 445s Modulus: 445s 00:c4:4a:74:3a:3c:2f:ac:a2:59:21:7e:10:06:d1: 445s a7:57:a4:a6:00:66:44:6e:a5:05:77:40:82:c6:1f: 445s 04:77:ca:cc:c1:17:3b:f1:01:7e:46:24:21:60:ee: 445s ae:f1:c8:5e:a9:6d:86:86:3d:43:19:bf:84:9d:91: 445s ad:f2:da:6e:d7:6b:27:66:db:1b:4a:8d:27:3e:5d: 445s 8b:ad:ee:19:2e:d7:3a:5d:57:e9:b3:8b:da:5c:41: 445s 33:ca:7b:45:1e:1c:58:4f:16:e5:78:b2:70:95:47: 445s b9:9c:ea:ce:16:0c:a4:c6:25:16:e8:3b:b6:c4:bc: 445s ac:01:bb:5c:b9:84:89:12:47 445s Exponent: 65537 (0x10001) 445s Attributes: 445s (none) 445s Requested Extensions: 445s Signature Algorithm: sha256WithRSAEncryption 445s Signature Value: 445s b4:28:d8:8b:e4:df:d1:5d:64:3e:d5:ec:70:ae:94:2e:2b:46: 445s 4a:97:69:88:26:db:48:e1:3f:03:4f:9a:89:d8:bb:e5:c1:26: 445s 86:01:df:93:60:54:a0:d0:e0:f6:1d:07:67:fa:14:52:41:38: 445s 85:ac:2c:f8:99:66:8d:f5:62:8f:8e:45:26:75:17:20:8b:f4: 445s 78:7a:1a:22:14:18:ed:19:82:71:6d:0a:e6:8c:f6:51:4d:62: 445s 5f:f9:b5:9b:59:cd:4e:09:38:c1:a1:22:c5:76:c0:c9:1b:44: 445s e4:99:ae:ac:f7:39:59:67:1d:43:89:01:ab:cd:5f:f2:1f:d4: 445s 8a:7e 445s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-YAH4lk/test-root-CA.config -passin pass:random-root-CA-password-16529 -keyfile /tmp/sssd-softhsm2-YAH4lk/test-root-CA-key.pem -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 445s Using configuration from /tmp/sssd-softhsm2-YAH4lk/test-root-CA.config 445s Check that the request matches the signature 445s Signature ok 445s Certificate Details: 445s Serial Number: 1 (0x1) 445s Validity 445s Not Before: Jun 13 18:36:36 2024 GMT 445s Not After : Jun 13 18:36:36 2025 GMT 445s Subject: 445s organizationName = Test Organization 445s organizationalUnitName = Test Organization Unit 445s commonName = Test Organization Intermediate CA 445s X509v3 extensions: 445s X509v3 Subject Key Identifier: 445s B4:68:70:B8:6B:F6:86:1D:0E:E1:B4:E8:30:1E:75:25:07:20:7F:8A 445s X509v3 Authority Key Identifier: 445s keyid:B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 445s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 445s serial:00 445s X509v3 Basic Constraints: 445s CA:TRUE 445s X509v3 Key Usage: critical 445s Digital Signature, Certificate Sign, CRL Sign 445s Certificate is to be certified until Jun 13 18:36:36 2025 GMT (365 days) 445s 445s Write out database with 1 new entries 445s Database updated 445s + openssl x509 -noout -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 445s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 445s /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem: OK 445s + cat 445s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-29962 445s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-29962 1024 445s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-29962 -config /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-25727 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-certificate-request.pem 445s + openssl req -text -noout -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-certificate-request.pem 445s Certificate Request: 445s Data: 445s Version: 1 (0x0) 445s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 445s Subject Public Key Info: 445s Public Key Algorithm: rsaEncryption 445s Public-Key: (1024 bit) 445s Modulus: 445s 00:c7:ff:7d:57:69:ec:64:75:ba:3e:a4:bd:71:cc: 445s 8c:56:12:32:0d:d8:d8:fb:04:65:73:95:10:38:7c: 445s c8:50:e7:55:6d:38:0a:af:92:5a:09:c6:42:38:30: 445s ec:49:92:e7:7e:ef:01:92:e6:50:06:f5:1d:3b:ee: 445s f9:ee:1e:96:2b:bc:17:0a:71:ff:bc:9d:c9:3a:2c: 445s 4c:c8:22:d1:96:0d:eb:f4:1a:a2:1e:2d:29:29:56: 445s 14:90:00:28:85:04:f0:a0:8a:7f:4c:9b:42:78:32: 445s 0e:df:6a:87:80:d3:4d:e1:e4:c0:ce:5c:54:49:3c: 445s 43:c5:a1:fc:50:7b:b4:59:9d 445s Exponent: 65537 (0x10001) 445s Attributes: 445s (none) 445s Requested Extensions: 445s Signature Algorithm: sha256WithRSAEncryption 445s Signature Value: 445s 5c:e3:9d:94:84:b7:8a:3e:f3:97:02:a0:7b:7e:05:2b:a2:d2: 445s 90:ff:22:b9:ea:81:34:db:fc:e9:e2:f0:fd:3c:31:53:e6:2b: 445s d1:65:1a:4d:f2:6e:ab:1e:bb:29:49:30:a9:e3:c6:69:4b:fd: 445s 3e:08:73:12:29:3b:ac:34:7b:7d:30:18:a7:31:3c:5e:75:33: 445s f8:94:d5:f3:1f:2d:4e:59:60:f3:19:45:d5:22:7a:7b:dd:25: 445s 75:95:cd:45:46:67:49:f6:db:90:11:97:ea:1c:68:c8:fa:51: 445s 62:62:86:3d:0b:3e:60:a6:2a:29:0e:31:61:5a:f2:75:eb:a6: 445s fe:81 445s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-25727 -keyfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 445s Using configuration from /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.config 445s Check that the request matches the signature 445s Signature ok 445s Certificate Details: 445s Serial Number: 2 (0x2) 445s Validity 445s Not Before: Jun 13 18:36:36 2024 GMT 445s Not After : Jun 13 18:36:36 2025 GMT 445s Subject: 445s organizationName = Test Organization 445s organizationalUnitName = Test Organization Unit 445s commonName = Test Organization Sub Intermediate CA 445s X509v3 extensions: 445s X509v3 Subject Key Identifier: 445s C2:2B:2B:CA:33:8C:A3:FF:A3:04:DF:35:55:2E:A5:7B:0B:D8:85:91 445s X509v3 Authority Key Identifier: 445s keyid:B4:68:70:B8:6B:F6:86:1D:0E:E1:B4:E8:30:1E:75:25:07:20:7F:8A 445s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 445s serial:01 445s X509v3 Basic Constraints: 445s CA:TRUE 445s X509v3 Key Usage: critical 445s Digital Signature, Certificate Sign, CRL Sign 445s Certificate is to be certified until Jun 13 18:36:36 2025 GMT (365 days) 445s 445s Write out database with 1 new entries 445s Database updated 445s + openssl x509 -noout -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 445s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 445s /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem: OK 445s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 445s + local cmd=openssl 445s + shift 445s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 445s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 445s error 20 at 0 depth lookup: unable to get local issuer certificate 445s error /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem: verification failed 445s + cat 445s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-23884 445s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-23884 1024 445s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-23884 -key /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001-request.pem 445s + openssl req -text -noout -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001-request.pem 445s Certificate Request: 445s Data: 445s Version: 1 (0x0) 445s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 445s Subject Public Key Info: 445s Public Key Algorithm: rsaEncryption 445s Public-Key: (1024 bit) 445s Modulus: 445s 00:e7:5e:55:69:87:b2:02:a9:e0:78:6e:4b:1d:1a: 445s 8d:8a:3f:86:e8:0a:af:d8:62:4b:ab:e7:6f:39:3a: 445s 54:1c:82:62:c8:0b:31:d3:fb:8d:bc:b0:19:ed:36: 445s 9d:3f:1e:45:ab:28:c2:21:c6:48:90:f1:0e:b8:f8: 445s ec:c7:de:68:5e:0a:40:71:39:f5:75:1a:c8:b2:00: 445s df:dc:b2:11:91:15:e0:06:94:ca:a0:ef:66:1c:d8: 445s 95:f4:f0:bb:f9:c0:4d:8a:cf:49:5b:d7:14:d0:7a: 445s 9c:07:de:7b:87:f8:41:a0:dc:b0:64:35:6e:00:0d: 445s cc:8e:e0:6e:b4:a2:d0:86:61 445s Exponent: 65537 (0x10001) 445s Attributes: 445s Requested Extensions: 445s X509v3 Basic Constraints: 445s CA:FALSE 445s Netscape Cert Type: 445s SSL Client, S/MIME 445s Netscape Comment: 445s Test Organization Root CA trusted Certificate 445s X509v3 Subject Key Identifier: 445s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 445s X509v3 Key Usage: critical 445s Digital Signature, Non Repudiation, Key Encipherment 445s X509v3 Extended Key Usage: 445s TLS Web Client Authentication, E-mail Protection 445s X509v3 Subject Alternative Name: 445s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 445s Signature Algorithm: sha256WithRSAEncryption 445s Signature Value: 445s ad:d0:15:c2:e6:b9:bc:77:e4:3c:84:83:16:10:f0:f0:f3:b2: 445s 6f:ca:ba:85:65:3b:95:49:67:2f:c0:4c:39:cf:49:b3:8f:df: 445s 96:03:e8:2e:b4:1a:c0:b2:a9:dc:2d:57:9d:2f:f8:39:da:74: 445s c2:a5:10:ad:d2:a2:8e:34:69:48:3b:22:56:5f:74:f3:d6:23: 445s 4a:67:3d:58:39:1d:e3:c7:c4:07:46:89:13:f7:85:ed:69:fb: 445s 60:6a:5e:58:dc:80:11:28:b5:93:6b:24:39:26:0f:62:12:e8: 445s 31:26:b2:1e:ef:2f:76:70:f1:7a:30:76:d7:3a:f3:54:49:7f: 445s f2:76 445s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-YAH4lk/test-root-CA.config -passin pass:random-root-CA-password-16529 -keyfile /tmp/sssd-softhsm2-YAH4lk/test-root-CA-key.pem -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 445s Using configuration from /tmp/sssd-softhsm2-YAH4lk/test-root-CA.config 445s Check that the request matches the signature 445s Signature ok 445s Certificate Details: 445s Serial Number: 3 (0x3) 445s Validity 445s Not Before: Jun 13 18:36:36 2024 GMT 445s Not After : Jun 13 18:36:36 2025 GMT 445s Subject: 445s organizationName = Test Organization 445s organizationalUnitName = Test Organization Unit 445s commonName = Test Organization Root Trusted Certificate 0001 445s X509v3 extensions: 445s X509v3 Authority Key Identifier: 445s B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 445s X509v3 Basic Constraints: 445s CA:FALSE 445s Netscape Cert Type: 445s SSL Client, S/MIME 445s Netscape Comment: 445s Test Organization Root CA trusted Certificate 445s X509v3 Subject Key Identifier: 445s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 445s X509v3 Key Usage: critical 445s Digital Signature, Non Repudiation, Key Encipherment 445s X509v3 Extended Key Usage: 445s TLS Web Client Authentication, E-mail Protection 445s X509v3 Subject Alternative Name: 445s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 445s Certificate is to be certified until Jun 13 18:36:36 2025 GMT (365 days) 445s 445s Write out database with 1 new entries 445s Database updated 445s + openssl x509 -noout -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 445s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 445s /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem: OK 445s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 445s + local cmd=openssl 445s + shift 445s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 445s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 445s error 20 at 0 depth lookup: unable to get local issuer certificate 445s error /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem: verification failed 445s + cat 445s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 445s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-19388 1024 445s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-19388 -key /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001-request.pem 445s + openssl req -text -noout -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001-request.pem 445s Certificate Request: 445s Data: 445s Version: 1 (0x0) 445s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 445s Subject Public Key Info: 445s Public Key Algorithm: rsaEncryption 445s Public-Key: (1024 bit) 445s Modulus: 445s 00:d2:49:bf:95:8c:a2:c2:8a:e8:69:66:d0:f1:65: 445s 42:93:61:ba:45:93:3e:94:1c:ff:aa:75:1e:95:2d: 445s 80:43:71:0f:af:3d:23:21:16:ce:c5:e6:00:b2:b3: 445s fd:d6:e0:d4:01:05:10:99:57:19:3c:d1:53:02:78: 445s 39:b7:49:fc:ac:ed:be:35:12:4f:48:a0:91:2b:da: 445s ba:95:36:3e:0c:04:b0:ce:66:39:98:6a:2b:bd:0d: 445s 58:1e:49:24:16:02:38:ac:99:ed:d3:64:97:04:63: 445s 57:39:23:9b:e1:5b:a7:21:27:43:82:02:a3:b7:0b: 445s a4:7b:c2:9a:6f:3b:a5:86:c3 445s Exponent: 65537 (0x10001) 445s Attributes: 445s Requested Extensions: 445s X509v3 Basic Constraints: 445s CA:FALSE 445s Netscape Cert Type: 445s SSL Client, S/MIME 445s Netscape Comment: 445s Test Organization Intermediate CA trusted Certificate 445s X509v3 Subject Key Identifier: 445s 86:BA:0B:08:D6:1A:A4:2A:F1:D1:8C:46:70:13:D7:FF:8B:73:E9:91 445s X509v3 Key Usage: critical 445s Digital Signature, Non Repudiation, Key Encipherment 445s X509v3 Extended Key Usage: 445s TLS Web Client Authentication, E-mail Protection 445s X509v3 Subject Alternative Name: 445s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 445s Signature Algorithm: sha256WithRSAEncryption 445s Signature Value: 445s 9d:3f:00:64:6a:4c:1b:76:9c:86:23:bb:fb:c0:89:b4:b9:ae: 445s c7:7f:f8:02:ca:19:9b:14:a0:77:7b:0f:1b:cd:ff:44:d4:12: 445s 4a:fb:9e:42:04:b5:6d:0b:d7:48:a0:cf:89:05:5e:23:e9:7b: 445s ac:59:7b:e1:02:d8:06:87:01:b7:42:ec:48:b7:16:83:ae:bf: 445s 89:0f:c2:bf:7c:66:c8:e8:de:42:9d:0d:f4:f9:8b:6e:83:a6: 445s b7:9d:c3:34:e5:e4:a0:17:c8:23:39:e3:ac:3e:c5:0e:06:fe: 445s 94:1c:a4:d9:0f:53:cb:37:3d:de:b6:d4:a0:ce:2e:b0:f4:cb: 445s 37:89 445s + openssl ca -passin pass:random-intermediate-CA-password-25727 -config /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 445s Using configuration from /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.config 445s Check that the request matches the signature 445s Signature ok 445s Certificate Details: 445s Serial Number: 4 (0x4) 445s Validity 445s Not Before: Jun 13 18:36:36 2024 GMT 445s Not After : Jun 13 18:36:36 2025 GMT 445s Subject: 445s organizationName = Test Organization 445s organizationalUnitName = Test Organization Unit 445s commonName = Test Organization Intermediate Trusted Certificate 0001 445s X509v3 extensions: 445s X509v3 Authority Key Identifier: 445s B4:68:70:B8:6B:F6:86:1D:0E:E1:B4:E8:30:1E:75:25:07:20:7F:8A 445s X509v3 Basic Constraints: 445s CA:FALSE 445s Netscape Cert Type: 445s SSL Client, S/MIME 445s Netscape Comment: 445s Test Organization Intermediate CA trusted Certificate 445s X509v3 Subject Key Identifier: 445s 86:BA:0B:08:D6:1A:A4:2A:F1:D1:8C:46:70:13:D7:FF:8B:73:E9:91 445s X509v3 Key Usage: critical 445s Digital Signature, Non Repudiation, Key Encipherment 445s X509v3 Extended Key Usage: 445s TLS Web Client Authentication, E-mail Protection 445s X509v3 Subject Alternative Name: 445s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 445s Certificate is to be certified until Jun 13 18:36:36 2025 GMT (365 days) 445s 445s Write out database with 1 new entries 445s Database updated 445s + openssl x509 -noout -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 446s This certificate should not be trusted fully 446s + echo 'This certificate should not be trusted fully' 446s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 446s + local cmd=openssl 446s + shift 446s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 446s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 446s error 2 at 1 depth lookup: unable to get issuer certificate 446s error /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 446s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 446s /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem: OK 446s + cat 446s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 446s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-23034 1024 446s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-23034 -key /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 446s + openssl req -text -noout -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 446s Certificate Request: 446s Data: 446s Version: 1 (0x0) 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:c9:5e:8c:50:f1:19:b2:cb:18:6d:01:8a:bb:b7: 446s 17:6a:a5:f4:f2:ec:1b:cd:8d:46:fb:64:bc:8f:10: 446s 31:48:9b:87:10:a9:76:71:0c:36:24:cb:92:f1:9d: 446s cd:84:b3:4e:1b:ca:02:16:fe:28:cd:9b:ae:d0:a9: 446s 12:67:38:3e:aa:ea:d7:6a:7e:d6:b1:dd:e8:a6:c0: 446s b6:92:7c:2f:31:0b:cf:93:6a:b2:ac:fe:47:33:d6: 446s f2:11:ec:cc:40:3e:e5:8a:04:bd:14:00:51:54:7f: 446s 3b:a2:a5:d1:91:3d:8c:d5:6d:65:d4:99:65:b7:09: 446s 48:ef:c3:19:c1:2c:4f:c1:e1 446s Exponent: 65537 (0x10001) 446s Attributes: 446s Requested Extensions: 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Sub Intermediate CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s F9:7D:DD:04:C6:43:D5:B9:B5:49:A5:92:3E:19:74:2C:B6:58:33:89 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s 0c:fe:80:da:a5:00:08:88:a8:16:d1:76:df:ee:4a:5e:03:1e: 446s 3b:63:42:e5:4c:9c:f7:89:26:3b:43:18:2d:95:02:80:22:e4: 446s 26:eb:a3:66:02:a5:9b:73:3a:93:ca:38:8d:e1:de:3f:6a:23: 446s 52:56:d5:7c:05:68:68:24:01:91:5d:af:3f:94:09:62:e2:ad: 446s 4a:fc:8b:ce:53:05:e9:7a:93:72:48:bd:ab:8e:d1:d3:7d:e6: 446s 30:d3:79:23:30:1d:cd:61:36:0d:63:80:d6:dd:f9:5f:da:36: 446s b3:f8:9c:20:24:35:9c:e1:61:dc:99:98:0c:95:9b:1f:cf:ca: 446s 1e:16 446s + openssl ca -passin pass:random-sub-intermediate-CA-password-29962 -config /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 446s Using configuration from /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.config 446s Check that the request matches the signature 446s Signature ok 446s Certificate Details: 446s Serial Number: 5 (0x5) 446s Validity 446s Not Before: Jun 13 18:36:37 2024 GMT 446s Not After : Jun 13 18:36:37 2025 GMT 446s Subject: 446s organizationName = Test Organization 446s organizationalUnitName = Test Organization Unit 446s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s C2:2B:2B:CA:33:8C:A3:FF:A3:04:DF:35:55:2E:A5:7B:0B:D8:85:91 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Sub Intermediate CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s F9:7D:DD:04:C6:43:D5:B9:B5:49:A5:92:3E:19:74:2C:B6:58:33:89 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Certificate is to be certified until Jun 13 18:36:37 2025 GMT (365 days) 446s 446s Write out database with 1 new entries 446s Database updated 446s + openssl x509 -noout -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 446s This certificate should not be trusted fully 446s + echo 'This certificate should not be trusted fully' 446s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 446s + local cmd=openssl 446s + shift 446s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 446s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 446s error 2 at 1 depth lookup: unable to get issuer certificate 446s error /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 446s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 446s + local cmd=openssl 446s + shift 446s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 446s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 446s error 20 at 0 depth lookup: unable to get local issuer certificate 446s error /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 446s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 446s /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 446s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 446s + local cmd=openssl 446s + shift 446s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 446s Building a the full-chain CA file... 446s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 446s error 20 at 0 depth lookup: unable to get local issuer certificate 446s error /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 446s + echo 'Building a the full-chain CA file...' 446s + cat /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 446s + cat /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 446s + cat /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 446s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 446s + openssl pkcs7 -print_certs -noout 446s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 446s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 446s 446s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 446s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 446s 446s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 446s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 446s 446s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 446s /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem: OK 446s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem: OK 446s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 446s /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem: OK 446s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-root-intermediate-chain-CA.pem 446s /tmp/sssd-softhsm2-YAH4lk/test-root-intermediate-chain-CA.pem: OK 446s + openssl verify -CAfile /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 446s /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 446s + echo 'Certificates generation completed!' 446s Certificates generation completed! 446s + [[ -v NO_SSSD_TESTS ]] 446s + invalid_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /dev/null 446s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /dev/null 446s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 446s + local key_ring=/dev/null 446s + local verify_option= 446s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 446s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 446s + local key_cn 446s + local key_name 446s + local tokens_dir 446s + local output_cert_file 446s + token_name= 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem .pem 446s + key_name=test-root-CA-trusted-certificate-0001 446s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s ++ sed -n 's/ *commonName *= //p' 446s + key_cn='Test Organization Root Trusted Certificate 0001' 446s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 446s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 446s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 446s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 446s + token_name='Test Organization Root Tr Token' 446s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 446s + local key_file 446s + local decrypted_key 446s + mkdir -p /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 446s + key_file=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001-key.pem 446s + decrypted_key=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001-key-decrypted.pem 446s + cat 446s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 446s Slot 0 has a free/uninitialized token. 446s The token has been initialized and is reassigned to slot 1844632934 446s + softhsm2-util --show-slots 446s Available slots: 446s Slot 1844632934 446s Slot info: 446s Description: SoftHSM slot ID 0x6df2dd66 446s Manufacturer ID: SoftHSM project 446s Hardware version: 2.6 446s Firmware version: 2.6 446s Token present: yes 446s Token info: 446s Manufacturer ID: SoftHSM project 446s Model: SoftHSM v2 446s Hardware version: 2.6 446s Firmware version: 2.6 446s Serial number: 64a7b6346df2dd66 446s Initialized: yes 446s User PIN init.: yes 446s Label: Test Organization Root Tr Token 446s Slot 1 446s Slot info: 446s Description: SoftHSM slot ID 0x1 446s Manufacturer ID: SoftHSM project 446s Hardware version: 2.6 446s Firmware version: 2.6 446s Token present: yes 446s Token info: 446s Manufacturer ID: SoftHSM project 446s Model: SoftHSM v2 446s Hardware version: 2.6 446s Firmware version: 2.6 446s Serial number: 446s Initialized: no 446s User PIN init.: no 446s Label: 446s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 446s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-23884 -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001-key-decrypted.pem 446s writing RSA key 446s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 446s + rm /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001-key-decrypted.pem 446s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 446s Object 0: 446s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64a7b6346df2dd66;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 446s Type: X.509 Certificate (RSA-1024) 446s Expires: Fri Jun 13 18:36:36 2025 446s Label: Test Organization Root Trusted Certificate 0001 446s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 446s 446s Test Organization Root Tr Token 446s + echo 'Test Organization Root Tr Token' 446s + '[' -n '' ']' 446s + local output_base_name=SSSD-child-26561 446s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-26561.output 446s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-26561.pem 446s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 446s [p11_child[2220]] [main] (0x0400): p11_child started. 446s [p11_child[2220]] [main] (0x2000): Running in [pre-auth] mode. 446s [p11_child[2220]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2220]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2220]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 446s [p11_child[2220]] [do_work] (0x0040): init_verification failed. 446s [p11_child[2220]] [main] (0x0020): p11_child failed (5) 446s + return 2 446s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /dev/null no_verification 446s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /dev/null no_verification 446s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 446s + local key_ring=/dev/null 446s + local verify_option=no_verification 446s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 446s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 446s + local key_cn 446s + local key_name 446s + local tokens_dir 446s + local output_cert_file 446s + token_name= 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem .pem 446s + key_name=test-root-CA-trusted-certificate-0001 446s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s ++ sed -n 's/ *commonName *= //p' 446s + key_cn='Test Organization Root Trusted Certificate 0001' 446s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 446s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 446s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 446s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 446s + token_name='Test Organization Root Tr Token' 446s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 446s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 446s + echo 'Test Organization Root Tr Token' 446s Test Organization Root Tr Token 446s + '[' -n no_verification ']' 446s + local verify_arg=--verify=no_verification 446s + local output_base_name=SSSD-child-11338 446s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338.output 446s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338.pem 446s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 446s [p11_child[2226]] [main] (0x0400): p11_child started. 446s [p11_child[2226]] [main] (0x2000): Running in [pre-auth] mode. 446s [p11_child[2226]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2226]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2226]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 446s [p11_child[2226]] [do_card] (0x4000): Module List: 446s [p11_child[2226]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2226]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2226]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2226]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 446s [p11_child[2226]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2226]] [do_card] (0x4000): Login NOT required. 446s [p11_child[2226]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 446s [p11_child[2226]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2226]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6df2dd66;slot-manufacturer=SoftHSM%20project;slot-id=1844632934;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64a7b6346df2dd66;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2226]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338.pem 446s Certificate: 446s Data: 446s Version: 3 (0x2) 446s Serial Number: 3 (0x3) 446s Signature Algorithm: sha256WithRSAEncryption 446s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 446s Validity 446s Not Before: Jun 13 18:36:36 2024 GMT 446s Not After : Jun 13 18:36:36 2025 GMT 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:e7:5e:55:69:87:b2:02:a9:e0:78:6e:4b:1d:1a: 446s 8d:8a:3f:86:e8:0a:af:d8:62:4b:ab:e7:6f:39:3a: 446s 54:1c:82:62:c8:0b:31:d3:fb:8d:bc:b0:19:ed:36: 446s 9d:3f:1e:45:ab:28:c2:21:c6:48:90:f1:0e:b8:f8: 446s ec:c7:de:68:5e:0a:40:71:39:f5:75:1a:c8:b2:00: 446s df:dc:b2:11:91:15:e0:06:94:ca:a0:ef:66:1c:d8: 446s 95:f4:f0:bb:f9:c0:4d:8a:cf:49:5b:d7:14:d0:7a: 446s 9c:07:de:7b:87:f8:41:a0:dc:b0:64:35:6e:00:0d: 446s cc:8e:e0:6e:b4:a2:d0:86:61 446s Exponent: 65537 (0x10001) 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Root CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s 64:ce:65:c2:02:d9:e9:57:35:ff:a9:37:f5:b8:27:eb:0e:8b: 446s 98:91:e6:6d:d9:f1:06:48:8d:89:17:3c:0b:22:6c:af:58:0c: 446s 74:52:cd:1b:f4:38:09:98:fa:5a:5f:42:dd:d3:9a:57:a1:49: 446s 48:71:6f:c9:0d:0d:e4:69:4f:e3:57:d9:72:18:9d:51:0c:c7: 446s 3f:fd:cb:21:75:47:2f:fe:e0:d3:e2:68:5e:16:1f:94:ad:8a: 446s 15:9b:26:4c:48:46:f4:47:b4:42:89:f1:af:36:6f:db:b9:af: 446s af:29:9c:e2:d4:86:eb:c4:91:54:f5:ad:dd:50:bb:ad:9d:d5: 446s 59:77 446s + local found_md5 expected_md5 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + expected_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338.pem 446s + found_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 446s + '[' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 '!=' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 ']' 446s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338-auth.output 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338-auth.output .output 446s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338-auth.pem 446s + echo -n 053350 446s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 446s [p11_child[2234]] [main] (0x0400): p11_child started. 446s [p11_child[2234]] [main] (0x2000): Running in [auth] mode. 446s [p11_child[2234]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2234]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2234]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 446s [p11_child[2234]] [do_card] (0x4000): Module List: 446s [p11_child[2234]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2234]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2234]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2234]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 446s [p11_child[2234]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2234]] [do_card] (0x4000): Login required. 446s [p11_child[2234]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 446s [p11_child[2234]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2234]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6df2dd66;slot-manufacturer=SoftHSM%20project;slot-id=1844632934;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64a7b6346df2dd66;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 446s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 446s [p11_child[2234]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 446s [p11_child[2234]] [do_card] (0x4000): Certificate verified and validated. 446s [p11_child[2234]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338-auth.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338-auth.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338-auth.pem 446s Certificate: 446s Data: 446s Version: 3 (0x2) 446s Serial Number: 3 (0x3) 446s Signature Algorithm: sha256WithRSAEncryption 446s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 446s Validity 446s Not Before: Jun 13 18:36:36 2024 GMT 446s Not After : Jun 13 18:36:36 2025 GMT 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:e7:5e:55:69:87:b2:02:a9:e0:78:6e:4b:1d:1a: 446s 8d:8a:3f:86:e8:0a:af:d8:62:4b:ab:e7:6f:39:3a: 446s 54:1c:82:62:c8:0b:31:d3:fb:8d:bc:b0:19:ed:36: 446s 9d:3f:1e:45:ab:28:c2:21:c6:48:90:f1:0e:b8:f8: 446s ec:c7:de:68:5e:0a:40:71:39:f5:75:1a:c8:b2:00: 446s df:dc:b2:11:91:15:e0:06:94:ca:a0:ef:66:1c:d8: 446s 95:f4:f0:bb:f9:c0:4d:8a:cf:49:5b:d7:14:d0:7a: 446s 9c:07:de:7b:87:f8:41:a0:dc:b0:64:35:6e:00:0d: 446s cc:8e:e0:6e:b4:a2:d0:86:61 446s Exponent: 65537 (0x10001) 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Root CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s 64:ce:65:c2:02:d9:e9:57:35:ff:a9:37:f5:b8:27:eb:0e:8b: 446s 98:91:e6:6d:d9:f1:06:48:8d:89:17:3c:0b:22:6c:af:58:0c: 446s 74:52:cd:1b:f4:38:09:98:fa:5a:5f:42:dd:d3:9a:57:a1:49: 446s 48:71:6f:c9:0d:0d:e4:69:4f:e3:57:d9:72:18:9d:51:0c:c7: 446s 3f:fd:cb:21:75:47:2f:fe:e0:d3:e2:68:5e:16:1f:94:ad:8a: 446s 15:9b:26:4c:48:46:f4:47:b4:42:89:f1:af:36:6f:db:b9:af: 446s af:29:9c:e2:d4:86:eb:c4:91:54:f5:ad:dd:50:bb:ad:9d:d5: 446s 59:77 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11338-auth.pem 446s + found_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 446s + '[' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 '!=' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 ']' 446s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 446s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 446s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 446s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 446s + local verify_option= 446s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 446s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 446s + local key_cn 446s + local key_name 446s + local tokens_dir 446s + local output_cert_file 446s + token_name= 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem .pem 446s + key_name=test-root-CA-trusted-certificate-0001 446s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s ++ sed -n 's/ *commonName *= //p' 446s + key_cn='Test Organization Root Trusted Certificate 0001' 446s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 446s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 446s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 446s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 446s + token_name='Test Organization Root Tr Token' 446s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 446s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 446s + echo 'Test Organization Root Tr Token' 446s + '[' -n '' ']' 446s + local output_base_name=SSSD-child-22688 446s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688.output 446s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688.pem 446s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 446s Test Organization Root Tr Token 446s [p11_child[2244]] [main] (0x0400): p11_child started. 446s [p11_child[2244]] [main] (0x2000): Running in [pre-auth] mode. 446s [p11_child[2244]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2244]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2244]] [do_card] (0x4000): Module List: 446s [p11_child[2244]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2244]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2244]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2244]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 446s [p11_child[2244]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2244]] [do_card] (0x4000): Login NOT required. 446s [p11_child[2244]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 446s [p11_child[2244]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 446s [p11_child[2244]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2244]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6df2dd66;slot-manufacturer=SoftHSM%20project;slot-id=1844632934;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64a7b6346df2dd66;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2244]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688.pem 446s Certificate: 446s Data: 446s Version: 3 (0x2) 446s Serial Number: 3 (0x3) 446s Signature Algorithm: sha256WithRSAEncryption 446s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 446s Validity 446s Not Before: Jun 13 18:36:36 2024 GMT 446s Not After : Jun 13 18:36:36 2025 GMT 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:e7:5e:55:69:87:b2:02:a9:e0:78:6e:4b:1d:1a: 446s 8d:8a:3f:86:e8:0a:af:d8:62:4b:ab:e7:6f:39:3a: 446s 54:1c:82:62:c8:0b:31:d3:fb:8d:bc:b0:19:ed:36: 446s 9d:3f:1e:45:ab:28:c2:21:c6:48:90:f1:0e:b8:f8: 446s ec:c7:de:68:5e:0a:40:71:39:f5:75:1a:c8:b2:00: 446s df:dc:b2:11:91:15:e0:06:94:ca:a0:ef:66:1c:d8: 446s 95:f4:f0:bb:f9:c0:4d:8a:cf:49:5b:d7:14:d0:7a: 446s 9c:07:de:7b:87:f8:41:a0:dc:b0:64:35:6e:00:0d: 446s cc:8e:e0:6e:b4:a2:d0:86:61 446s Exponent: 65537 (0x10001) 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Root CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s 64:ce:65:c2:02:d9:e9:57:35:ff:a9:37:f5:b8:27:eb:0e:8b: 446s 98:91:e6:6d:d9:f1:06:48:8d:89:17:3c:0b:22:6c:af:58:0c: 446s 74:52:cd:1b:f4:38:09:98:fa:5a:5f:42:dd:d3:9a:57:a1:49: 446s 48:71:6f:c9:0d:0d:e4:69:4f:e3:57:d9:72:18:9d:51:0c:c7: 446s 3f:fd:cb:21:75:47:2f:fe:e0:d3:e2:68:5e:16:1f:94:ad:8a: 446s 15:9b:26:4c:48:46:f4:47:b4:42:89:f1:af:36:6f:db:b9:af: 446s af:29:9c:e2:d4:86:eb:c4:91:54:f5:ad:dd:50:bb:ad:9d:d5: 446s 59:77 446s + local found_md5 expected_md5 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + expected_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688.pem 446s + found_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 446s + '[' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 '!=' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 ']' 446s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688-auth.output 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688-auth.output .output 446s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688-auth.pem 446s + echo -n 053350 446s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 446s [p11_child[2252]] [main] (0x0400): p11_child started. 446s [p11_child[2252]] [main] (0x2000): Running in [auth] mode. 446s [p11_child[2252]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2252]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2252]] [do_card] (0x4000): Module List: 446s [p11_child[2252]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2252]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2252]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2252]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 446s [p11_child[2252]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2252]] [do_card] (0x4000): Login required. 446s [p11_child[2252]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 446s [p11_child[2252]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 446s [p11_child[2252]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2252]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6df2dd66;slot-manufacturer=SoftHSM%20project;slot-id=1844632934;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64a7b6346df2dd66;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 446s [p11_child[2252]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 446s [p11_child[2252]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 446s [p11_child[2252]] [do_card] (0x4000): Certificate verified and validated. 446s [p11_child[2252]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688-auth.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688-auth.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688-auth.pem 446s Certificate: 446s Data: 446s Version: 3 (0x2) 446s Serial Number: 3 (0x3) 446s Signature Algorithm: sha256WithRSAEncryption 446s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 446s Validity 446s Not Before: Jun 13 18:36:36 2024 GMT 446s Not After : Jun 13 18:36:36 2025 GMT 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:e7:5e:55:69:87:b2:02:a9:e0:78:6e:4b:1d:1a: 446s 8d:8a:3f:86:e8:0a:af:d8:62:4b:ab:e7:6f:39:3a: 446s 54:1c:82:62:c8:0b:31:d3:fb:8d:bc:b0:19:ed:36: 446s 9d:3f:1e:45:ab:28:c2:21:c6:48:90:f1:0e:b8:f8: 446s ec:c7:de:68:5e:0a:40:71:39:f5:75:1a:c8:b2:00: 446s df:dc:b2:11:91:15:e0:06:94:ca:a0:ef:66:1c:d8: 446s 95:f4:f0:bb:f9:c0:4d:8a:cf:49:5b:d7:14:d0:7a: 446s 9c:07:de:7b:87:f8:41:a0:dc:b0:64:35:6e:00:0d: 446s cc:8e:e0:6e:b4:a2:d0:86:61 446s Exponent: 65537 (0x10001) 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Root CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s 64:ce:65:c2:02:d9:e9:57:35:ff:a9:37:f5:b8:27:eb:0e:8b: 446s 98:91:e6:6d:d9:f1:06:48:8d:89:17:3c:0b:22:6c:af:58:0c: 446s 74:52:cd:1b:f4:38:09:98:fa:5a:5f:42:dd:d3:9a:57:a1:49: 446s 48:71:6f:c9:0d:0d:e4:69:4f:e3:57:d9:72:18:9d:51:0c:c7: 446s 3f:fd:cb:21:75:47:2f:fe:e0:d3:e2:68:5e:16:1f:94:ad:8a: 446s 15:9b:26:4c:48:46:f4:47:b4:42:89:f1:af:36:6f:db:b9:af: 446s af:29:9c:e2:d4:86:eb:c4:91:54:f5:ad:dd:50:bb:ad:9d:d5: 446s 59:77 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22688-auth.pem 446s + found_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 446s + '[' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 '!=' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 ']' 446s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem partial_chain 446s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem partial_chain 446s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 446s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 446s + local verify_option=partial_chain 446s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 446s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 446s + local key_cn 446s + local key_name 446s + local tokens_dir 446s + local output_cert_file 446s + token_name= 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem .pem 446s + key_name=test-root-CA-trusted-certificate-0001 446s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s ++ sed -n 's/ *commonName *= //p' 446s + key_cn='Test Organization Root Trusted Certificate 0001' 446s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 446s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 446s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 446s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 446s + token_name='Test Organization Root Tr Token' 446s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 446s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 446s + echo 'Test Organization Root Tr Token' 446s Test Organization Root Tr Token 446s + '[' -n partial_chain ']' 446s + local verify_arg=--verify=partial_chain 446s + local output_base_name=SSSD-child-10821 446s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821.output 446s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821.pem 446s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 446s [p11_child[2262]] [main] (0x0400): p11_child started. 446s [p11_child[2262]] [main] (0x2000): Running in [pre-auth] mode. 446s [p11_child[2262]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2262]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2262]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 446s [p11_child[2262]] [do_card] (0x4000): Module List: 446s [p11_child[2262]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2262]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2262]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2262]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 446s [p11_child[2262]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2262]] [do_card] (0x4000): Login NOT required. 446s [p11_child[2262]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 446s [p11_child[2262]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 446s [p11_child[2262]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2262]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6df2dd66;slot-manufacturer=SoftHSM%20project;slot-id=1844632934;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64a7b6346df2dd66;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2262]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821.pem 446s Certificate: 446s Data: 446s Version: 3 (0x2) 446s Serial Number: 3 (0x3) 446s Signature Algorithm: sha256WithRSAEncryption 446s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 446s Validity 446s Not Before: Jun 13 18:36:36 2024 GMT 446s Not After : Jun 13 18:36:36 2025 GMT 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:e7:5e:55:69:87:b2:02:a9:e0:78:6e:4b:1d:1a: 446s 8d:8a:3f:86:e8:0a:af:d8:62:4b:ab:e7:6f:39:3a: 446s 54:1c:82:62:c8:0b:31:d3:fb:8d:bc:b0:19:ed:36: 446s 9d:3f:1e:45:ab:28:c2:21:c6:48:90:f1:0e:b8:f8: 446s ec:c7:de:68:5e:0a:40:71:39:f5:75:1a:c8:b2:00: 446s df:dc:b2:11:91:15:e0:06:94:ca:a0:ef:66:1c:d8: 446s 95:f4:f0:bb:f9:c0:4d:8a:cf:49:5b:d7:14:d0:7a: 446s 9c:07:de:7b:87:f8:41:a0:dc:b0:64:35:6e:00:0d: 446s cc:8e:e0:6e:b4:a2:d0:86:61 446s Exponent: 65537 (0x10001) 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Root CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s 64:ce:65:c2:02:d9:e9:57:35:ff:a9:37:f5:b8:27:eb:0e:8b: 446s 98:91:e6:6d:d9:f1:06:48:8d:89:17:3c:0b:22:6c:af:58:0c: 446s 74:52:cd:1b:f4:38:09:98:fa:5a:5f:42:dd:d3:9a:57:a1:49: 446s 48:71:6f:c9:0d:0d:e4:69:4f:e3:57:d9:72:18:9d:51:0c:c7: 446s 3f:fd:cb:21:75:47:2f:fe:e0:d3:e2:68:5e:16:1f:94:ad:8a: 446s 15:9b:26:4c:48:46:f4:47:b4:42:89:f1:af:36:6f:db:b9:af: 446s af:29:9c:e2:d4:86:eb:c4:91:54:f5:ad:dd:50:bb:ad:9d:d5: 446s 59:77 446s + local found_md5 expected_md5 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + expected_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821.pem 446s + found_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 446s + '[' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 '!=' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 ']' 446s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821-auth.output 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821-auth.output .output 446s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821-auth.pem 446s + echo -n 053350 446s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 446s [p11_child[2270]] [main] (0x0400): p11_child started. 446s [p11_child[2270]] [main] (0x2000): Running in [auth] mode. 446s [p11_child[2270]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2270]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2270]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 446s [p11_child[2270]] [do_card] (0x4000): Module List: 446s [p11_child[2270]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2270]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2270]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2270]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 446s [p11_child[2270]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2270]] [do_card] (0x4000): Login required. 446s [p11_child[2270]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 446s [p11_child[2270]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 446s [p11_child[2270]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2270]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6df2dd66;slot-manufacturer=SoftHSM%20project;slot-id=1844632934;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64a7b6346df2dd66;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 446s [p11_child[2270]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 446s [p11_child[2270]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 446s [p11_child[2270]] [do_card] (0x4000): Certificate verified and validated. 446s [p11_child[2270]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821-auth.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821-auth.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821-auth.pem 446s Certificate: 446s Data: 446s Version: 3 (0x2) 446s Serial Number: 3 (0x3) 446s Signature Algorithm: sha256WithRSAEncryption 446s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 446s Validity 446s Not Before: Jun 13 18:36:36 2024 GMT 446s Not After : Jun 13 18:36:36 2025 GMT 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:e7:5e:55:69:87:b2:02:a9:e0:78:6e:4b:1d:1a: 446s 8d:8a:3f:86:e8:0a:af:d8:62:4b:ab:e7:6f:39:3a: 446s 54:1c:82:62:c8:0b:31:d3:fb:8d:bc:b0:19:ed:36: 446s 9d:3f:1e:45:ab:28:c2:21:c6:48:90:f1:0e:b8:f8: 446s ec:c7:de:68:5e:0a:40:71:39:f5:75:1a:c8:b2:00: 446s df:dc:b2:11:91:15:e0:06:94:ca:a0:ef:66:1c:d8: 446s 95:f4:f0:bb:f9:c0:4d:8a:cf:49:5b:d7:14:d0:7a: 446s 9c:07:de:7b:87:f8:41:a0:dc:b0:64:35:6e:00:0d: 446s cc:8e:e0:6e:b4:a2:d0:86:61 446s Exponent: 65537 (0x10001) 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Root CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s 64:ce:65:c2:02:d9:e9:57:35:ff:a9:37:f5:b8:27:eb:0e:8b: 446s 98:91:e6:6d:d9:f1:06:48:8d:89:17:3c:0b:22:6c:af:58:0c: 446s 74:52:cd:1b:f4:38:09:98:fa:5a:5f:42:dd:d3:9a:57:a1:49: 446s 48:71:6f:c9:0d:0d:e4:69:4f:e3:57:d9:72:18:9d:51:0c:c7: 446s 3f:fd:cb:21:75:47:2f:fe:e0:d3:e2:68:5e:16:1f:94:ad:8a: 446s 15:9b:26:4c:48:46:f4:47:b4:42:89:f1:af:36:6f:db:b9:af: 446s af:29:9c:e2:d4:86:eb:c4:91:54:f5:ad:dd:50:bb:ad:9d:d5: 446s 59:77 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10821-auth.pem 446s + found_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 446s + '[' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 '!=' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 ']' 446s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 446s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 446s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 446s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 446s + local verify_option= 446s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 446s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 446s + local key_cn 446s + local key_name 446s + local tokens_dir 446s + local output_cert_file 446s + token_name= 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem .pem 446s + key_name=test-root-CA-trusted-certificate-0001 446s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 446s ++ sed -n 's/ *commonName *= //p' 446s + key_cn='Test Organization Root Trusted Certificate 0001' 446s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 446s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 446s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 446s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 446s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 446s Test Organization Root Tr Token 446s + token_name='Test Organization Root Tr Token' 446s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 446s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 446s + echo 'Test Organization Root Tr Token' 446s + '[' -n '' ']' 446s + local output_base_name=SSSD-child-15635 446s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635.output 446s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635.pem 446s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 446s [p11_child[2280]] [main] (0x0400): p11_child started. 446s [p11_child[2280]] [main] (0x2000): Running in [pre-auth] mode. 446s [p11_child[2280]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2280]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2280]] [do_card] (0x4000): Module List: 446s [p11_child[2280]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2280]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2280]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2280]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 446s [p11_child[2280]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2280]] [do_card] (0x4000): Login NOT required. 446s [p11_child[2280]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 446s [p11_child[2280]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 446s [p11_child[2280]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2280]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6df2dd66;slot-manufacturer=SoftHSM%20project;slot-id=1844632934;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64a7b6346df2dd66;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2280]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635.pem 447s Certificate: 447s Data: 447s Version: 3 (0x2) 447s Serial Number: 3 (0x3) 447s Signature Algorithm: sha256WithRSAEncryption 447s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 447s Validity 447s Not Before: Jun 13 18:36:36 2024 GMT 447s Not After : Jun 13 18:36:36 2025 GMT 447s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 447s Subject Public Key Info: 447s Public Key Algorithm: rsaEncryption 447s Public-Key: (1024 bit) 447s Modulus: 447s 00:e7:5e:55:69:87:b2:02:a9:e0:78:6e:4b:1d:1a: 447s 8d:8a:3f:86:e8:0a:af:d8:62:4b:ab:e7:6f:39:3a: 447s 54:1c:82:62:c8:0b:31:d3:fb:8d:bc:b0:19:ed:36: 447s 9d:3f:1e:45:ab:28:c2:21:c6:48:90:f1:0e:b8:f8: 447s ec:c7:de:68:5e:0a:40:71:39:f5:75:1a:c8:b2:00: 447s df:dc:b2:11:91:15:e0:06:94:ca:a0:ef:66:1c:d8: 447s 95:f4:f0:bb:f9:c0:4d:8a:cf:49:5b:d7:14:d0:7a: 447s 9c:07:de:7b:87:f8:41:a0:dc:b0:64:35:6e:00:0d: 447s cc:8e:e0:6e:b4:a2:d0:86:61 447s Exponent: 65537 (0x10001) 447s X509v3 extensions: 447s X509v3 Authority Key Identifier: 447s B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 447s X509v3 Basic Constraints: 447s CA:FALSE 447s Netscape Cert Type: 447s SSL Client, S/MIME 447s Netscape Comment: 447s Test Organization Root CA trusted Certificate 447s X509v3 Subject Key Identifier: 447s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 447s X509v3 Key Usage: critical 447s Digital Signature, Non Repudiation, Key Encipherment 447s X509v3 Extended Key Usage: 447s TLS Web Client Authentication, E-mail Protection 447s X509v3 Subject Alternative Name: 447s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 447s Signature Algorithm: sha256WithRSAEncryption 447s Signature Value: 447s 64:ce:65:c2:02:d9:e9:57:35:ff:a9:37:f5:b8:27:eb:0e:8b: 447s 98:91:e6:6d:d9:f1:06:48:8d:89:17:3c:0b:22:6c:af:58:0c: 447s 74:52:cd:1b:f4:38:09:98:fa:5a:5f:42:dd:d3:9a:57:a1:49: 447s 48:71:6f:c9:0d:0d:e4:69:4f:e3:57:d9:72:18:9d:51:0c:c7: 447s 3f:fd:cb:21:75:47:2f:fe:e0:d3:e2:68:5e:16:1f:94:ad:8a: 447s 15:9b:26:4c:48:46:f4:47:b4:42:89:f1:af:36:6f:db:b9:af: 447s af:29:9c:e2:d4:86:eb:c4:91:54:f5:ad:dd:50:bb:ad:9d:d5: 447s 59:77 447s + local found_md5 expected_md5 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 447s + expected_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635.pem 447s + found_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 447s + '[' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 '!=' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 ']' 447s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635-auth.output 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635-auth.output .output 447s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635-auth.pem 447s + echo -n 053350 447s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 447s [p11_child[2288]] [main] (0x0400): p11_child started. 447s [p11_child[2288]] [main] (0x2000): Running in [auth] mode. 447s [p11_child[2288]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2288]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2288]] [do_card] (0x4000): Module List: 447s [p11_child[2288]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2288]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2288]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2288]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 447s [p11_child[2288]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2288]] [do_card] (0x4000): Login required. 447s [p11_child[2288]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 447s [p11_child[2288]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 447s [p11_child[2288]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 447s [p11_child[2288]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6df2dd66;slot-manufacturer=SoftHSM%20project;slot-id=1844632934;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64a7b6346df2dd66;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 447s [p11_child[2288]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 447s [p11_child[2288]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 447s [p11_child[2288]] [do_card] (0x4000): Certificate verified and validated. 447s [p11_child[2288]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635-auth.output 447s + echo '-----BEGIN CERTIFICATE-----' 447s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635-auth.output 447s + echo '-----END CERTIFICATE-----' 447s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635-auth.pem 447s Certificate: 447s Data: 447s Version: 3 (0x2) 447s Serial Number: 3 (0x3) 447s Signature Algorithm: sha256WithRSAEncryption 447s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 447s Validity 447s Not Before: Jun 13 18:36:36 2024 GMT 447s Not After : Jun 13 18:36:36 2025 GMT 447s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 447s Subject Public Key Info: 447s Public Key Algorithm: rsaEncryption 447s Public-Key: (1024 bit) 447s Modulus: 447s 00:e7:5e:55:69:87:b2:02:a9:e0:78:6e:4b:1d:1a: 447s 8d:8a:3f:86:e8:0a:af:d8:62:4b:ab:e7:6f:39:3a: 447s 54:1c:82:62:c8:0b:31:d3:fb:8d:bc:b0:19:ed:36: 447s 9d:3f:1e:45:ab:28:c2:21:c6:48:90:f1:0e:b8:f8: 447s ec:c7:de:68:5e:0a:40:71:39:f5:75:1a:c8:b2:00: 447s df:dc:b2:11:91:15:e0:06:94:ca:a0:ef:66:1c:d8: 447s 95:f4:f0:bb:f9:c0:4d:8a:cf:49:5b:d7:14:d0:7a: 447s 9c:07:de:7b:87:f8:41:a0:dc:b0:64:35:6e:00:0d: 447s cc:8e:e0:6e:b4:a2:d0:86:61 447s Exponent: 65537 (0x10001) 447s X509v3 extensions: 447s X509v3 Authority Key Identifier: 447s B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 447s X509v3 Basic Constraints: 447s CA:FALSE 447s Netscape Cert Type: 447s SSL Client, S/MIME 447s Netscape Comment: 447s Test Organization Root CA trusted Certificate 447s X509v3 Subject Key Identifier: 447s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 447s X509v3 Key Usage: critical 447s Digital Signature, Non Repudiation, Key Encipherment 447s X509v3 Extended Key Usage: 447s TLS Web Client Authentication, E-mail Protection 447s X509v3 Subject Alternative Name: 447s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 447s Signature Algorithm: sha256WithRSAEncryption 447s Signature Value: 447s 64:ce:65:c2:02:d9:e9:57:35:ff:a9:37:f5:b8:27:eb:0e:8b: 447s 98:91:e6:6d:d9:f1:06:48:8d:89:17:3c:0b:22:6c:af:58:0c: 447s 74:52:cd:1b:f4:38:09:98:fa:5a:5f:42:dd:d3:9a:57:a1:49: 447s 48:71:6f:c9:0d:0d:e4:69:4f:e3:57:d9:72:18:9d:51:0c:c7: 447s 3f:fd:cb:21:75:47:2f:fe:e0:d3:e2:68:5e:16:1f:94:ad:8a: 447s 15:9b:26:4c:48:46:f4:47:b4:42:89:f1:af:36:6f:db:b9:af: 447s af:29:9c:e2:d4:86:eb:c4:91:54:f5:ad:dd:50:bb:ad:9d:d5: 447s 59:77 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-15635-auth.pem 447s + found_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 447s + '[' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 '!=' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 ']' 447s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem partial_chain 447s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem partial_chain 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 447s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 447s + local verify_option=partial_chain 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-root-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Root Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 447s + token_name='Test Organization Root Tr Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 447s Test Organization Root Tr Token 447s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 447s + echo 'Test Organization Root Tr Token' 447s + '[' -n partial_chain ']' 447s + local verify_arg=--verify=partial_chain 447s + local output_base_name=SSSD-child-25116 447s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116.output 447s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 447s [p11_child[2298]] [main] (0x0400): p11_child started. 447s [p11_child[2298]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2298]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2298]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2298]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 447s [p11_child[2298]] [do_card] (0x4000): Module List: 447s [p11_child[2298]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2298]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2298]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2298]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 447s [p11_child[2298]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2298]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2298]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 447s [p11_child[2298]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 447s [p11_child[2298]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 447s [p11_child[2298]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6df2dd66;slot-manufacturer=SoftHSM%20project;slot-id=1844632934;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64a7b6346df2dd66;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 447s [p11_child[2298]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116.output 447s + echo '-----BEGIN CERTIFICATE-----' 447s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116.output 447s + echo '-----END CERTIFICATE-----' 447s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116.pem 447s + local found_md5 expected_md5 447s Certificate: 447s Data: 447s Version: 3 (0x2) 447s Serial Number: 3 (0x3) 447s Signature Algorithm: sha256WithRSAEncryption 447s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 447s Validity 447s Not Before: Jun 13 18:36:36 2024 GMT 447s Not After : Jun 13 18:36:36 2025 GMT 447s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 447s Subject Public Key Info: 447s Public Key Algorithm: rsaEncryption 447s Public-Key: (1024 bit) 447s Modulus: 447s 00:e7:5e:55:69:87:b2:02:a9:e0:78:6e:4b:1d:1a: 447s 8d:8a:3f:86:e8:0a:af:d8:62:4b:ab:e7:6f:39:3a: 447s 54:1c:82:62:c8:0b:31:d3:fb:8d:bc:b0:19:ed:36: 447s 9d:3f:1e:45:ab:28:c2:21:c6:48:90:f1:0e:b8:f8: 447s ec:c7:de:68:5e:0a:40:71:39:f5:75:1a:c8:b2:00: 447s df:dc:b2:11:91:15:e0:06:94:ca:a0:ef:66:1c:d8: 447s 95:f4:f0:bb:f9:c0:4d:8a:cf:49:5b:d7:14:d0:7a: 447s 9c:07:de:7b:87:f8:41:a0:dc:b0:64:35:6e:00:0d: 447s cc:8e:e0:6e:b4:a2:d0:86:61 447s Exponent: 65537 (0x10001) 447s X509v3 extensions: 447s X509v3 Authority Key Identifier: 447s B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 447s X509v3 Basic Constraints: 447s CA:FALSE 447s Netscape Cert Type: 447s SSL Client, S/MIME 447s Netscape Comment: 447s Test Organization Root CA trusted Certificate 447s X509v3 Subject Key Identifier: 447s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 447s X509v3 Key Usage: critical 447s Digital Signature, Non Repudiation, Key Encipherment 447s X509v3 Extended Key Usage: 447s TLS Web Client Authentication, E-mail Protection 447s X509v3 Subject Alternative Name: 447s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 447s Signature Algorithm: sha256WithRSAEncryption 447s Signature Value: 447s 64:ce:65:c2:02:d9:e9:57:35:ff:a9:37:f5:b8:27:eb:0e:8b: 447s 98:91:e6:6d:d9:f1:06:48:8d:89:17:3c:0b:22:6c:af:58:0c: 447s 74:52:cd:1b:f4:38:09:98:fa:5a:5f:42:dd:d3:9a:57:a1:49: 447s 48:71:6f:c9:0d:0d:e4:69:4f:e3:57:d9:72:18:9d:51:0c:c7: 447s 3f:fd:cb:21:75:47:2f:fe:e0:d3:e2:68:5e:16:1f:94:ad:8a: 447s 15:9b:26:4c:48:46:f4:47:b4:42:89:f1:af:36:6f:db:b9:af: 447s af:29:9c:e2:d4:86:eb:c4:91:54:f5:ad:dd:50:bb:ad:9d:d5: 447s 59:77 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 447s + expected_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116.pem 447s + found_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 447s + '[' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 '!=' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 ']' 447s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116-auth.output 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116-auth.output .output 447s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116-auth.pem 447s + echo -n 053350 447s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 447s [p11_child[2306]] [main] (0x0400): p11_child started. 447s [p11_child[2306]] [main] (0x2000): Running in [auth] mode. 447s [p11_child[2306]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2306]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2306]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 447s [p11_child[2306]] [do_card] (0x4000): Module List: 447s [p11_child[2306]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2306]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2306]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2306]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 447s [p11_child[2306]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2306]] [do_card] (0x4000): Login required. 447s [p11_child[2306]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 447s [p11_child[2306]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 447s [p11_child[2306]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 447s [p11_child[2306]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6df2dd66;slot-manufacturer=SoftHSM%20project;slot-id=1844632934;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64a7b6346df2dd66;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 447s [p11_child[2306]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 447s [p11_child[2306]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 447s [p11_child[2306]] [do_card] (0x4000): Certificate verified and validated. 447s [p11_child[2306]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116-auth.output 447s + echo '-----BEGIN CERTIFICATE-----' 447s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116-auth.output 447s + echo '-----END CERTIFICATE-----' 447s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116-auth.pem 447s Certificate: 447s Data: 447s Version: 3 (0x2) 447s Serial Number: 3 (0x3) 447s Signature Algorithm: sha256WithRSAEncryption 447s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 447s Validity 447s Not Before: Jun 13 18:36:36 2024 GMT 447s Not After : Jun 13 18:36:36 2025 GMT 447s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 447s Subject Public Key Info: 447s Public Key Algorithm: rsaEncryption 447s Public-Key: (1024 bit) 447s Modulus: 447s 00:e7:5e:55:69:87:b2:02:a9:e0:78:6e:4b:1d:1a: 447s 8d:8a:3f:86:e8:0a:af:d8:62:4b:ab:e7:6f:39:3a: 447s 54:1c:82:62:c8:0b:31:d3:fb:8d:bc:b0:19:ed:36: 447s 9d:3f:1e:45:ab:28:c2:21:c6:48:90:f1:0e:b8:f8: 447s ec:c7:de:68:5e:0a:40:71:39:f5:75:1a:c8:b2:00: 447s df:dc:b2:11:91:15:e0:06:94:ca:a0:ef:66:1c:d8: 447s 95:f4:f0:bb:f9:c0:4d:8a:cf:49:5b:d7:14:d0:7a: 447s 9c:07:de:7b:87:f8:41:a0:dc:b0:64:35:6e:00:0d: 447s cc:8e:e0:6e:b4:a2:d0:86:61 447s Exponent: 65537 (0x10001) 447s X509v3 extensions: 447s X509v3 Authority Key Identifier: 447s B0:CE:0F:EF:9A:DE:98:B9:E5:96:17:7A:F5:AA:84:71:BE:B3:CD:66 447s X509v3 Basic Constraints: 447s CA:FALSE 447s Netscape Cert Type: 447s SSL Client, S/MIME 447s Netscape Comment: 447s Test Organization Root CA trusted Certificate 447s X509v3 Subject Key Identifier: 447s D7:EB:95:34:9B:03:8B:16:B7:87:A3:93:E4:2E:A3:5D:6B:36:18:36 447s X509v3 Key Usage: critical 447s Digital Signature, Non Repudiation, Key Encipherment 447s X509v3 Extended Key Usage: 447s TLS Web Client Authentication, E-mail Protection 447s X509v3 Subject Alternative Name: 447s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 447s Signature Algorithm: sha256WithRSAEncryption 447s Signature Value: 447s 64:ce:65:c2:02:d9:e9:57:35:ff:a9:37:f5:b8:27:eb:0e:8b: 447s 98:91:e6:6d:d9:f1:06:48:8d:89:17:3c:0b:22:6c:af:58:0c: 447s 74:52:cd:1b:f4:38:09:98:fa:5a:5f:42:dd:d3:9a:57:a1:49: 447s 48:71:6f:c9:0d:0d:e4:69:4f:e3:57:d9:72:18:9d:51:0c:c7: 447s 3f:fd:cb:21:75:47:2f:fe:e0:d3:e2:68:5e:16:1f:94:ad:8a: 447s 15:9b:26:4c:48:46:f4:47:b4:42:89:f1:af:36:6f:db:b9:af: 447s af:29:9c:e2:d4:86:eb:c4:91:54:f5:ad:dd:50:bb:ad:9d:d5: 447s 59:77 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-25116-auth.pem 447s + found_md5=Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 447s + '[' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 '!=' Modulus=E75E556987B202A9E0786E4B1D1A8D8A3F86E80AAFD8624BABE76F393A541C8262C80B31D3FB8DBCB019ED369D3F1E45AB28C221C64890F10EB8F8ECC7DE685E0A407139F5751AC8B200DFDCB2119115E00694CAA0EF661CD895F4F0BBF9C04D8ACF495BD714D07A9C07DE7B87F841A0DCB064356E000DCC8EE06EB4A2D08661 ']' 447s + invalid_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 447s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 447s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 447s + local verify_option= 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-root-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Root Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 447s + token_name='Test Organization Root Tr Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 447s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 447s + echo 'Test Organization Root Tr Token' 447s + '[' -n '' ']' 447s + local output_base_name=SSSD-child-7273 447s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-7273.output 447s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-7273.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 447s Test Organization Root Tr Token 447s [p11_child[2316]] [main] (0x0400): p11_child started. 447s [p11_child[2316]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2316]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2316]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2316]] [do_card] (0x4000): Module List: 447s [p11_child[2316]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2316]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2316]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2316]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 447s [p11_child[2316]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2316]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2316]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 447s [p11_child[2316]] [do_verification] (0x0040): X509_verify_cert failed [0]. 447s [p11_child[2316]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 447s [p11_child[2316]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 447s [p11_child[2316]] [do_card] (0x4000): No certificate found. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-7273.output 447s + return 2 447s + invalid_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem partial_chain 447s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem partial_chain 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 447s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 447s + local verify_option=partial_chain 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23884 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-root-ca-trusted-cert-0001-23884 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-root-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-root-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Root Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 447s + token_name='Test Organization Root Tr Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 447s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 447s + echo 'Test Organization Root Tr Token' 447s + '[' -n partial_chain ']' 447s + local verify_arg=--verify=partial_chain 447s + local output_base_name=SSSD-child-20811 447s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-20811.output 447s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-20811.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 447s Test Organization Root Tr Token 447s [p11_child[2323]] [main] (0x0400): p11_child started. 447s [p11_child[2323]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2323]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2323]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2323]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 447s [p11_child[2323]] [do_card] (0x4000): Module List: 447s [p11_child[2323]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2323]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2323]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6df2dd66] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2323]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 447s [p11_child[2323]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6df2dd66][1844632934] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2323]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2323]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 447s [p11_child[2323]] [do_verification] (0x0040): X509_verify_cert failed [0]. 447s [p11_child[2323]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 447s [p11_child[2323]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 447s [p11_child[2323]] [do_card] (0x4000): No certificate found. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-20811.output 447s + return 2 447s + invalid_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /dev/null 447s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /dev/null 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local key_ring=/dev/null 447s + local verify_option= 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-intermediate-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 447s + token_name='Test Organization Interme Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 447s + local key_file 447s + local decrypted_key 447s + mkdir -p /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 447s + key_file=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001-key.pem 447s + decrypted_key=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 447s + cat 447s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 447s Slot 0 has a free/uninitialized token. 447s The token has been initialized and is reassigned to slot 332171110 447s + softhsm2-util --show-slots 447s Available slots: 447s Slot 332171110 447s Slot info: 447s Description: SoftHSM slot ID 0x13cc8766 447s Manufacturer ID: SoftHSM project 447s Hardware version: 2.6 447s Firmware version: 2.6 447s Token present: yes 447s Token info: 447s Manufacturer ID: SoftHSM project 447s Model: SoftHSM v2 447s Hardware version: 2.6 447s Firmware version: 2.6 447s Serial number: 69101e7513cc8766 447s Initialized: yes 447s User PIN init.: yes 447s Label: Test Organization Interme Token 447s Slot 1 447s Slot info: 447s Description: SoftHSM slot ID 0x1 447s Manufacturer ID: SoftHSM project 447s Hardware version: 2.6 447s Firmware version: 2.6 447s Token present: yes 447s Token info: 447s Manufacturer ID: SoftHSM project 447s Model: SoftHSM v2 447s Hardware version: 2.6 447s Firmware version: 2.6 447s Serial number: 447s Initialized: no 447s User PIN init.: no 447s Label: 447s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 447s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-19388 -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 447s writing RSA key 447s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 447s + rm /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 447s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 447s Object 0: 447s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=69101e7513cc8766;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 447s Type: X.509 Certificate (RSA-1024) 447s Expires: Fri Jun 13 18:36:36 2025 447s Label: Test Organization Intermediate Trusted Certificate 0001 447s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 447s 447s + echo 'Test Organization Interme Token' 447s + '[' -n '' ']' 447s + local output_base_name=SSSD-child-1459 447s Test Organization Interme Token 447s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-1459.output 447s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-1459.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 447s [p11_child[2339]] [main] (0x0400): p11_child started. 447s [p11_child[2339]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2339]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2339]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2339]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 447s [p11_child[2339]] [do_work] (0x0040): init_verification failed. 447s [p11_child[2339]] [main] (0x0020): p11_child failed (5) 447s + return 2 447s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /dev/null no_verification 447s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /dev/null no_verification 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local key_ring=/dev/null 447s + local verify_option=no_verification 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-intermediate-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s Test Organization Interme Token 447s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 447s + token_name='Test Organization Interme Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 447s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 447s + echo 'Test Organization Interme Token' 447s + '[' -n no_verification ']' 447s + local verify_arg=--verify=no_verification 447s + local output_base_name=SSSD-child-31543 447s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543.output 447s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 447s [p11_child[2345]] [main] (0x0400): p11_child started. 447s [p11_child[2345]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2345]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2345]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2345]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 447s [p11_child[2345]] [do_card] (0x4000): Module List: 447s [p11_child[2345]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2345]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2345]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13cc8766] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2345]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 447s [p11_child[2345]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x13cc8766][332171110] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2345]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2345]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 447s [p11_child[2345]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 447s [p11_child[2345]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13cc8766;slot-manufacturer=SoftHSM%20project;slot-id=332171110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=69101e7513cc8766;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 447s [p11_child[2345]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543.output 447s + echo '-----BEGIN CERTIFICATE-----' 447s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543.output 447s + echo '-----END CERTIFICATE-----' 447s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543.pem 447s Certificate: 447s Data: 447s Version: 3 (0x2) 447s Serial Number: 4 (0x4) 447s Signature Algorithm: sha256WithRSAEncryption 447s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 447s Validity 447s Not Before: Jun 13 18:36:36 2024 GMT 447s Not After : Jun 13 18:36:36 2025 GMT 447s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 447s Subject Public Key Info: 447s Public Key Algorithm: rsaEncryption 447s Public-Key: (1024 bit) 447s Modulus: 447s 00:d2:49:bf:95:8c:a2:c2:8a:e8:69:66:d0:f1:65: 447s 42:93:61:ba:45:93:3e:94:1c:ff:aa:75:1e:95:2d: 447s 80:43:71:0f:af:3d:23:21:16:ce:c5:e6:00:b2:b3: 447s fd:d6:e0:d4:01:05:10:99:57:19:3c:d1:53:02:78: 447s 39:b7:49:fc:ac:ed:be:35:12:4f:48:a0:91:2b:da: 447s ba:95:36:3e:0c:04:b0:ce:66:39:98:6a:2b:bd:0d: 447s 58:1e:49:24:16:02:38:ac:99:ed:d3:64:97:04:63: 447s 57:39:23:9b:e1:5b:a7:21:27:43:82:02:a3:b7:0b: 447s a4:7b:c2:9a:6f:3b:a5:86:c3 447s Exponent: 65537 (0x10001) 447s X509v3 extensions: 447s X509v3 Authority Key Identifier: 447s B4:68:70:B8:6B:F6:86:1D:0E:E1:B4:E8:30:1E:75:25:07:20:7F:8A 447s X509v3 Basic Constraints: 447s CA:FALSE 447s Netscape Cert Type: 447s SSL Client, S/MIME 447s Netscape Comment: 447s Test Organization Intermediate CA trusted Certificate 447s X509v3 Subject Key Identifier: 447s 86:BA:0B:08:D6:1A:A4:2A:F1:D1:8C:46:70:13:D7:FF:8B:73:E9:91 447s X509v3 Key Usage: critical 447s Digital Signature, Non Repudiation, Key Encipherment 447s X509v3 Extended Key Usage: 447s TLS Web Client Authentication, E-mail Protection 447s X509v3 Subject Alternative Name: 447s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 447s Signature Algorithm: sha256WithRSAEncryption 447s Signature Value: 447s 6f:e1:1c:0e:ea:8d:36:d9:0a:fc:aa:7d:3c:c7:36:7e:f7:4c: 447s 64:aa:bb:d0:2d:22:8c:b8:79:a6:b1:11:ad:f5:a6:6f:db:cd: 447s 17:ff:d6:21:a7:44:6c:71:83:3d:f4:24:80:2c:1d:e2:18:13: 447s 84:2f:5b:ea:bc:18:85:b8:71:ea:97:cb:56:20:eb:5e:4b:1a: 447s ea:25:6d:0a:fc:cc:90:cc:25:ee:46:16:e6:1c:ab:12:11:66: 447s cd:92:af:e7:34:34:5f:7a:7d:75:f0:e5:47:d8:a2:5f:9c:38: 447s e7:6e:62:b9:c2:dc:8a:e6:3e:de:f8:3a:59:e2:25:ae:d6:3b: 447s e3:a0 447s + local found_md5 expected_md5 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + expected_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543.pem 447s + found_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 447s + '[' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 '!=' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 ']' 447s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543-auth.output 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543-auth.output .output 447s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543-auth.pem 447s + echo -n 053350 447s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 447s [p11_child[2353]] [main] (0x0400): p11_child started. 447s [p11_child[2353]] [main] (0x2000): Running in [auth] mode. 447s [p11_child[2353]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2353]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2353]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 447s [p11_child[2353]] [do_card] (0x4000): Module List: 447s [p11_child[2353]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2353]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2353]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13cc8766] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2353]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 447s [p11_child[2353]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x13cc8766][332171110] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2353]] [do_card] (0x4000): Login required. 447s [p11_child[2353]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 447s [p11_child[2353]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 447s [p11_child[2353]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13cc8766;slot-manufacturer=SoftHSM%20project;slot-id=332171110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=69101e7513cc8766;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 447s [p11_child[2353]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 447s [p11_child[2353]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 447s [p11_child[2353]] [do_card] (0x4000): Certificate verified and validated. 447s [p11_child[2353]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543-auth.output 447s + echo '-----BEGIN CERTIFICATE-----' 447s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543-auth.output 447s + echo '-----END CERTIFICATE-----' 447s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543-auth.pem 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-31543-auth.pem 447s Certificate: 447s Data: 447s Version: 3 (0x2) 447s Serial Number: 4 (0x4) 447s Signature Algorithm: sha256WithRSAEncryption 447s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 447s Validity 447s Not Before: Jun 13 18:36:36 2024 GMT 447s Not After : Jun 13 18:36:36 2025 GMT 447s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 447s Subject Public Key Info: 447s Public Key Algorithm: rsaEncryption 447s Public-Key: (1024 bit) 447s Modulus: 447s 00:d2:49:bf:95:8c:a2:c2:8a:e8:69:66:d0:f1:65: 447s 42:93:61:ba:45:93:3e:94:1c:ff:aa:75:1e:95:2d: 447s 80:43:71:0f:af:3d:23:21:16:ce:c5:e6:00:b2:b3: 447s fd:d6:e0:d4:01:05:10:99:57:19:3c:d1:53:02:78: 447s 39:b7:49:fc:ac:ed:be:35:12:4f:48:a0:91:2b:da: 447s ba:95:36:3e:0c:04:b0:ce:66:39:98:6a:2b:bd:0d: 447s 58:1e:49:24:16:02:38:ac:99:ed:d3:64:97:04:63: 447s 57:39:23:9b:e1:5b:a7:21:27:43:82:02:a3:b7:0b: 447s a4:7b:c2:9a:6f:3b:a5:86:c3 447s Exponent: 65537 (0x10001) 447s X509v3 extensions: 447s X509v3 Authority Key Identifier: 447s B4:68:70:B8:6B:F6:86:1D:0E:E1:B4:E8:30:1E:75:25:07:20:7F:8A 447s X509v3 Basic Constraints: 447s CA:FALSE 447s Netscape Cert Type: 447s SSL Client, S/MIME 447s Netscape Comment: 447s Test Organization Intermediate CA trusted Certificate 447s X509v3 Subject Key Identifier: 447s 86:BA:0B:08:D6:1A:A4:2A:F1:D1:8C:46:70:13:D7:FF:8B:73:E9:91 447s X509v3 Key Usage: critical 447s Digital Signature, Non Repudiation, Key Encipherment 447s X509v3 Extended Key Usage: 447s TLS Web Client Authentication, E-mail Protection 447s X509v3 Subject Alternative Name: 447s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 447s Signature Algorithm: sha256WithRSAEncryption 447s Signature Value: 447s 6f:e1:1c:0e:ea:8d:36:d9:0a:fc:aa:7d:3c:c7:36:7e:f7:4c: 447s 64:aa:bb:d0:2d:22:8c:b8:79:a6:b1:11:ad:f5:a6:6f:db:cd: 447s 17:ff:d6:21:a7:44:6c:71:83:3d:f4:24:80:2c:1d:e2:18:13: 447s 84:2f:5b:ea:bc:18:85:b8:71:ea:97:cb:56:20:eb:5e:4b:1a: 447s ea:25:6d:0a:fc:cc:90:cc:25:ee:46:16:e6:1c:ab:12:11:66: 447s cd:92:af:e7:34:34:5f:7a:7d:75:f0:e5:47:d8:a2:5f:9c:38: 447s e7:6e:62:b9:c2:dc:8a:e6:3e:de:f8:3a:59:e2:25:ae:d6:3b: 447s e3:a0 447s + found_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 447s + '[' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 '!=' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 ']' 447s + invalid_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 447s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 447s + local verify_option= 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-intermediate-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 447s + token_name='Test Organization Interme Token' 447s Test Organization Interme Token 447s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 447s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 447s + echo 'Test Organization Interme Token' 447s + '[' -n '' ']' 447s + local output_base_name=SSSD-child-11687 447s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-11687.output 447s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-11687.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 447s [p11_child[2363]] [main] (0x0400): p11_child started. 447s [p11_child[2363]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2363]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2363]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2363]] [do_card] (0x4000): Module List: 447s [p11_child[2363]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2363]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2363]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13cc8766] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2363]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 447s [p11_child[2363]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x13cc8766][332171110] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2363]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2363]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 447s [p11_child[2363]] [do_verification] (0x0040): X509_verify_cert failed [0]. 447s [p11_child[2363]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 447s [p11_child[2363]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 447s [p11_child[2363]] [do_card] (0x4000): No certificate found. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11687.output 447s + return 2 447s + invalid_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem partial_chain 447s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem partial_chain 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 447s + local verify_option=partial_chain 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-intermediate-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 447s + token_name='Test Organization Interme Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 447s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 447s + echo 'Test Organization Interme Token' 447s + '[' -n partial_chain ']' 447s + local verify_arg=--verify=partial_chain 447s + local output_base_name=SSSD-child-20480 447s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-20480.output 447s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-20480.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 447s Test Organization Interme Token 447s [p11_child[2370]] [main] (0x0400): p11_child started. 447s [p11_child[2370]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2370]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2370]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2370]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 447s [p11_child[2370]] [do_card] (0x4000): Module List: 447s [p11_child[2370]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2370]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2370]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13cc8766] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2370]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 447s [p11_child[2370]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x13cc8766][332171110] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2370]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2370]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 447s [p11_child[2370]] [do_verification] (0x0040): X509_verify_cert failed [0]. 447s [p11_child[2370]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 447s [p11_child[2370]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 447s [p11_child[2370]] [do_card] (0x4000): No certificate found. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-20480.output 447s + return 2 447s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 447s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 447s + local verify_option= 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-intermediate-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 447s + token_name='Test Organization Interme Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 447s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 447s + echo 'Test Organization Interme Token' 447s Test Organization Interme Token 447s + '[' -n '' ']' 447s + local output_base_name=SSSD-child-8844 447s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844.output 447s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 447s [p11_child[2377]] [main] (0x0400): p11_child started. 447s [p11_child[2377]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2377]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2377]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2377]] [do_card] (0x4000): Module List: 447s [p11_child[2377]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2377]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2377]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13cc8766] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2377]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 447s [p11_child[2377]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x13cc8766][332171110] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2377]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2377]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 447s [p11_child[2377]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 447s [p11_child[2377]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 447s [p11_child[2377]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13cc8766;slot-manufacturer=SoftHSM%20project;slot-id=332171110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=69101e7513cc8766;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 447s [p11_child[2377]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844.output 447s + echo '-----BEGIN CERTIFICATE-----' 447s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844.output 447s + echo '-----END CERTIFICATE-----' 447s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844.pem 447s Certificate: 447s Data: 447s Version: 3 (0x2) 447s Serial Number: 4 (0x4) 447s Signature Algorithm: sha256WithRSAEncryption 447s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 447s Validity 447s Not Before: Jun 13 18:36:36 2024 GMT 447s Not After : Jun 13 18:36:36 2025 GMT 447s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 447s Subject Public Key Info: 447s Public Key Algorithm: rsaEncryption 447s Public-Key: (1024 bit) 447s Modulus: 447s 00:d2:49:bf:95:8c:a2:c2:8a:e8:69:66:d0:f1:65: 447s 42:93:61:ba:45:93:3e:94:1c:ff:aa:75:1e:95:2d: 447s 80:43:71:0f:af:3d:23:21:16:ce:c5:e6:00:b2:b3: 447s fd:d6:e0:d4:01:05:10:99:57:19:3c:d1:53:02:78: 447s 39:b7:49:fc:ac:ed:be:35:12:4f:48:a0:91:2b:da: 447s ba:95:36:3e:0c:04:b0:ce:66:39:98:6a:2b:bd:0d: 447s 58:1e:49:24:16:02:38:ac:99:ed:d3:64:97:04:63: 447s 57:39:23:9b:e1:5b:a7:21:27:43:82:02:a3:b7:0b: 447s a4:7b:c2:9a:6f:3b:a5:86:c3 447s Exponent: 65537 (0x10001) 447s X509v3 extensions: 447s X509v3 Authority Key Identifier: 447s B4:68:70:B8:6B:F6:86:1D:0E:E1:B4:E8:30:1E:75:25:07:20:7F:8A 447s X509v3 Basic Constraints: 447s CA:FALSE 447s Netscape Cert Type: 447s SSL Client, S/MIME 447s Netscape Comment: 447s Test Organization Intermediate CA trusted Certificate 447s X509v3 Subject Key Identifier: 447s 86:BA:0B:08:D6:1A:A4:2A:F1:D1:8C:46:70:13:D7:FF:8B:73:E9:91 447s X509v3 Key Usage: critical 447s Digital Signature, Non Repudiation, Key Encipherment 447s X509v3 Extended Key Usage: 447s TLS Web Client Authentication, E-mail Protection 447s X509v3 Subject Alternative Name: 447s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 447s Signature Algorithm: sha256WithRSAEncryption 447s Signature Value: 447s 6f:e1:1c:0e:ea:8d:36:d9:0a:fc:aa:7d:3c:c7:36:7e:f7:4c: 447s 64:aa:bb:d0:2d:22:8c:b8:79:a6:b1:11:ad:f5:a6:6f:db:cd: 447s 17:ff:d6:21:a7:44:6c:71:83:3d:f4:24:80:2c:1d:e2:18:13: 447s 84:2f:5b:ea:bc:18:85:b8:71:ea:97:cb:56:20:eb:5e:4b:1a: 447s ea:25:6d:0a:fc:cc:90:cc:25:ee:46:16:e6:1c:ab:12:11:66: 447s cd:92:af:e7:34:34:5f:7a:7d:75:f0:e5:47:d8:a2:5f:9c:38: 447s e7:6e:62:b9:c2:dc:8a:e6:3e:de:f8:3a:59:e2:25:ae:d6:3b: 447s e3:a0 447s + local found_md5 expected_md5 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 447s + expected_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844.pem 448s + found_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 448s + '[' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 '!=' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 ']' 448s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844-auth.output 448s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844-auth.output .output 448s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844-auth.pem 448s + echo -n 053350 448s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 448s [p11_child[2385]] [main] (0x0400): p11_child started. 448s [p11_child[2385]] [main] (0x2000): Running in [auth] mode. 448s [p11_child[2385]] [main] (0x2000): Running with effective IDs: [0][0]. 448s [p11_child[2385]] [main] (0x2000): Running with real IDs [0][0]. 448s [p11_child[2385]] [do_card] (0x4000): Module List: 448s [p11_child[2385]] [do_card] (0x4000): common name: [softhsm2]. 448s [p11_child[2385]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2385]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13cc8766] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 448s [p11_child[2385]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 448s [p11_child[2385]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x13cc8766][332171110] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2385]] [do_card] (0x4000): Login required. 448s [p11_child[2385]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 448s [p11_child[2385]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 448s [p11_child[2385]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 448s [p11_child[2385]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13cc8766;slot-manufacturer=SoftHSM%20project;slot-id=332171110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=69101e7513cc8766;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 448s [p11_child[2385]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 448s [p11_child[2385]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 448s [p11_child[2385]] [do_card] (0x4000): Certificate verified and validated. 448s [p11_child[2385]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 448s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844-auth.output 448s + echo '-----BEGIN CERTIFICATE-----' 448s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844-auth.output 448s + echo '-----END CERTIFICATE-----' 448s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844-auth.pem 448s Certificate: 448s Data: 448s Version: 3 (0x2) 448s Serial Number: 4 (0x4) 448s Signature Algorithm: sha256WithRSAEncryption 448s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 448s Validity 448s Not Before: Jun 13 18:36:36 2024 GMT 448s Not After : Jun 13 18:36:36 2025 GMT 448s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 448s Subject Public Key Info: 448s Public Key Algorithm: rsaEncryption 448s Public-Key: (1024 bit) 448s Modulus: 448s 00:d2:49:bf:95:8c:a2:c2:8a:e8:69:66:d0:f1:65: 448s 42:93:61:ba:45:93:3e:94:1c:ff:aa:75:1e:95:2d: 448s 80:43:71:0f:af:3d:23:21:16:ce:c5:e6:00:b2:b3: 448s fd:d6:e0:d4:01:05:10:99:57:19:3c:d1:53:02:78: 448s 39:b7:49:fc:ac:ed:be:35:12:4f:48:a0:91:2b:da: 448s ba:95:36:3e:0c:04:b0:ce:66:39:98:6a:2b:bd:0d: 448s 58:1e:49:24:16:02:38:ac:99:ed:d3:64:97:04:63: 448s 57:39:23:9b:e1:5b:a7:21:27:43:82:02:a3:b7:0b: 448s a4:7b:c2:9a:6f:3b:a5:86:c3 448s Exponent: 65537 (0x10001) 448s X509v3 extensions: 448s X509v3 Authority Key Identifier: 448s B4:68:70:B8:6B:F6:86:1D:0E:E1:B4:E8:30:1E:75:25:07:20:7F:8A 448s X509v3 Basic Constraints: 448s CA:FALSE 448s Netscape Cert Type: 448s SSL Client, S/MIME 448s Netscape Comment: 448s Test Organization Intermediate CA trusted Certificate 448s X509v3 Subject Key Identifier: 448s 86:BA:0B:08:D6:1A:A4:2A:F1:D1:8C:46:70:13:D7:FF:8B:73:E9:91 448s X509v3 Key Usage: critical 448s Digital Signature, Non Repudiation, Key Encipherment 448s X509v3 Extended Key Usage: 448s TLS Web Client Authentication, E-mail Protection 448s X509v3 Subject Alternative Name: 448s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 448s Signature Algorithm: sha256WithRSAEncryption 448s Signature Value: 448s 6f:e1:1c:0e:ea:8d:36:d9:0a:fc:aa:7d:3c:c7:36:7e:f7:4c: 448s 64:aa:bb:d0:2d:22:8c:b8:79:a6:b1:11:ad:f5:a6:6f:db:cd: 448s 17:ff:d6:21:a7:44:6c:71:83:3d:f4:24:80:2c:1d:e2:18:13: 448s 84:2f:5b:ea:bc:18:85:b8:71:ea:97:cb:56:20:eb:5e:4b:1a: 448s ea:25:6d:0a:fc:cc:90:cc:25:ee:46:16:e6:1c:ab:12:11:66: 448s cd:92:af:e7:34:34:5f:7a:7d:75:f0:e5:47:d8:a2:5f:9c:38: 448s e7:6e:62:b9:c2:dc:8a:e6:3e:de:f8:3a:59:e2:25:ae:d6:3b: 448s e3:a0 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-8844-auth.pem 448s + found_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 448s + '[' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 '!=' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 ']' 448s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem partial_chain 448s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem partial_chain 448s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 448s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 448s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 448s + local verify_option=partial_chain 448s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 448s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 448s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 448s + local key_cn 448s + local key_name 448s + local tokens_dir 448s + local output_cert_file 448s + token_name= 448s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem .pem 448s + key_name=test-intermediate-CA-trusted-certificate-0001 448s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 448s ++ sed -n 's/ *commonName *= //p' 448s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 448s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 448s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 448s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 448s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 448s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 448s + token_name='Test Organization Interme Token' 448s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 448s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 448s + echo 'Test Organization Interme Token' 448s + '[' -n partial_chain ']' 448s + local verify_arg=--verify=partial_chain 448s + local output_base_name=SSSD-child-11369 448s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369.output 448s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369.pem 448s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 448s Test Organization Interme Token 448s [p11_child[2395]] [main] (0x0400): p11_child started. 448s [p11_child[2395]] [main] (0x2000): Running in [pre-auth] mode. 448s [p11_child[2395]] [main] (0x2000): Running with effective IDs: [0][0]. 448s [p11_child[2395]] [main] (0x2000): Running with real IDs [0][0]. 448s [p11_child[2395]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 448s [p11_child[2395]] [do_card] (0x4000): Module List: 448s [p11_child[2395]] [do_card] (0x4000): common name: [softhsm2]. 448s [p11_child[2395]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2395]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13cc8766] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 448s [p11_child[2395]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 448s [p11_child[2395]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x13cc8766][332171110] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2395]] [do_card] (0x4000): Login NOT required. 448s [p11_child[2395]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 448s [p11_child[2395]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 448s [p11_child[2395]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 448s [p11_child[2395]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13cc8766;slot-manufacturer=SoftHSM%20project;slot-id=332171110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=69101e7513cc8766;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 448s [p11_child[2395]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 448s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369.output 448s + echo '-----BEGIN CERTIFICATE-----' 448s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369.output 448s + echo '-----END CERTIFICATE-----' 448s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369.pem 448s Certificate: 448s Data: 448s Version: 3 (0x2) 448s Serial Number: 4 (0x4) 448s Signature Algorithm: sha256WithRSAEncryption 448s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 448s Validity 448s Not Before: Jun 13 18:36:36 2024 GMT 448s Not After : Jun 13 18:36:36 2025 GMT 448s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 448s Subject Public Key Info: 448s Public Key Algorithm: rsaEncryption 448s Public-Key: (1024 bit) 448s Modulus: 448s 00:d2:49:bf:95:8c:a2:c2:8a:e8:69:66:d0:f1:65: 448s 42:93:61:ba:45:93:3e:94:1c:ff:aa:75:1e:95:2d: 448s 80:43:71:0f:af:3d:23:21:16:ce:c5:e6:00:b2:b3: 448s fd:d6:e0:d4:01:05:10:99:57:19:3c:d1:53:02:78: 448s 39:b7:49:fc:ac:ed:be:35:12:4f:48:a0:91:2b:da: 448s ba:95:36:3e:0c:04:b0:ce:66:39:98:6a:2b:bd:0d: 448s 58:1e:49:24:16:02:38:ac:99:ed:d3:64:97:04:63: 448s 57:39:23:9b:e1:5b:a7:21:27:43:82:02:a3:b7:0b: 448s a4:7b:c2:9a:6f:3b:a5:86:c3 448s Exponent: 65537 (0x10001) 448s X509v3 extensions: 448s X509v3 Authority Key Identifier: 448s B4:68:70:B8:6B:F6:86:1D:0E:E1:B4:E8:30:1E:75:25:07:20:7F:8A 448s X509v3 Basic Constraints: 448s CA:FALSE 448s Netscape Cert Type: 448s SSL Client, S/MIME 448s Netscape Comment: 448s Test Organization Intermediate CA trusted Certificate 448s X509v3 Subject Key Identifier: 448s 86:BA:0B:08:D6:1A:A4:2A:F1:D1:8C:46:70:13:D7:FF:8B:73:E9:91 448s X509v3 Key Usage: critical 448s Digital Signature, Non Repudiation, Key Encipherment 448s X509v3 Extended Key Usage: 448s TLS Web Client Authentication, E-mail Protection 448s X509v3 Subject Alternative Name: 448s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 448s Signature Algorithm: sha256WithRSAEncryption 448s Signature Value: 448s 6f:e1:1c:0e:ea:8d:36:d9:0a:fc:aa:7d:3c:c7:36:7e:f7:4c: 448s 64:aa:bb:d0:2d:22:8c:b8:79:a6:b1:11:ad:f5:a6:6f:db:cd: 448s 17:ff:d6:21:a7:44:6c:71:83:3d:f4:24:80:2c:1d:e2:18:13: 448s 84:2f:5b:ea:bc:18:85:b8:71:ea:97:cb:56:20:eb:5e:4b:1a: 448s ea:25:6d:0a:fc:cc:90:cc:25:ee:46:16:e6:1c:ab:12:11:66: 448s cd:92:af:e7:34:34:5f:7a:7d:75:f0:e5:47:d8:a2:5f:9c:38: 448s e7:6e:62:b9:c2:dc:8a:e6:3e:de:f8:3a:59:e2:25:ae:d6:3b: 448s e3:a0 448s + local found_md5 expected_md5 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 448s + expected_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369.pem 448s + found_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 448s + '[' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 '!=' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 ']' 448s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369-auth.output 448s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369-auth.output .output 448s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369-auth.pem 448s + echo -n 053350 448s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 448s [p11_child[2403]] [main] (0x0400): p11_child started. 448s [p11_child[2403]] [main] (0x2000): Running in [auth] mode. 448s [p11_child[2403]] [main] (0x2000): Running with effective IDs: [0][0]. 448s [p11_child[2403]] [main] (0x2000): Running with real IDs [0][0]. 448s [p11_child[2403]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 448s [p11_child[2403]] [do_card] (0x4000): Module List: 448s [p11_child[2403]] [do_card] (0x4000): common name: [softhsm2]. 448s [p11_child[2403]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2403]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13cc8766] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 448s [p11_child[2403]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 448s [p11_child[2403]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x13cc8766][332171110] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2403]] [do_card] (0x4000): Login required. 448s [p11_child[2403]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 448s [p11_child[2403]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 448s [p11_child[2403]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 448s [p11_child[2403]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13cc8766;slot-manufacturer=SoftHSM%20project;slot-id=332171110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=69101e7513cc8766;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 454s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 454s [p11_child[2403]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 454s [p11_child[2403]] [do_card] (0x4000): Certificate verified and validated. 454s [p11_child[2403]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 454s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369-auth.output 454s + echo '-----BEGIN CERTIFICATE-----' 454s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369-auth.output 454s + echo '-----END CERTIFICATE-----' 454s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369-auth.pem 454s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-11369-auth.pem 454s + found_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 454s + '[' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 '!=' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 ']' 454s + invalid_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 454s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 454s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 454s + local verify_option= 454s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 454s + local key_cn 454s + local key_name 454s + local tokens_dir 454s + local output_cert_file 454s + token_name= 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem .pem 454s + key_name=test-intermediate-CA-trusted-certificate-0001 454s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 454s ++ sed -n 's/ *commonName *= //p' 454s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 454s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 454s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 454s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 454s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 454s + token_name='Test Organization Interme Token' 454s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 454s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 454s + echo 'Test Organization Interme Token' 454s + '[' -n '' ']' 454s + local output_base_name=SSSD-child-22768 454s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-22768.output 454s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-22768.pem 454s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 454s [p11_child[2413]] [main] (0x0400): p11_child started. 454s [p11_child[2413]] [main] (0x2000): Running in [pre-auth] mode. 454s [p11_child[2413]] [main] (0x2000): Running with effective IDs: [0][0]. 454s [p11_child[2413]] [main] (0x2000): Running with real IDs [0][0]. 454s [p11_child[2413]] [do_card] (0x4000): Module List: 454s [p11_child[2413]] [do_card] (0x4000): common name: [softhsm2]. 454s [p11_child[2413]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2413]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13cc8766] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 454s [p11_child[2413]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 454s [p11_child[2413]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x13cc8766][332171110] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2413]] [do_card] (0x4000): Login NOT required. 454s [p11_child[2413]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 454s [p11_child[2413]] [do_verification] (0x0040): X509_verify_cert failed [0]. 454s [p11_child[2413]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 454s [p11_child[2413]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 454s [p11_child[2413]] [do_card] (0x4000): No certificate found. 454s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22768.output 454s + return 2 454s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem partial_chain 454s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem partial_chain 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 454s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 454s + local verify_option=partial_chain 454s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-19388 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-19388 454s + local key_cn 454s + local key_name 454s + local tokens_dir 454s + local output_cert_file 454s + token_name= 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem .pem 454s + key_name=test-intermediate-CA-trusted-certificate-0001 454s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 454s ++ sed -n 's/ *commonName *= //p' 454s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 454s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 454s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 454s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 454s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 454s + token_name='Test Organization Interme Token' 454s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 454s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 454s + echo 'Test Organization Interme Token' 454s + '[' -n partial_chain ']' 454s + local verify_arg=--verify=partial_chain 454s + local output_base_name=SSSD-child-10979 454s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979.output 454s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979.pem 454s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem 454s [p11_child[2420]] [main] (0x0400): p11_child started. 454s [p11_child[2420]] [main] (0x2000): Running in [pre-auth] mode. 454s [p11_child[2420]] [main] (0x2000): Running with effective IDs: [0][0]. 454s [p11_child[2420]] [main] (0x2000): Running with real IDs [0][0]. 454s [p11_child[2420]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 454s [p11_child[2420]] [do_card] (0x4000): Module List: 454s [p11_child[2420]] [do_card] (0x4000): common name: [softhsm2]. 454s [p11_child[2420]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2420]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13cc8766] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 454s [p11_child[2420]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 454s [p11_child[2420]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x13cc8766][332171110] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2420]] [do_card] (0x4000): Login NOT required. 454s [p11_child[2420]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 454s [p11_child[2420]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 454s [p11_child[2420]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 454s [p11_child[2420]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13cc8766;slot-manufacturer=SoftHSM%20project;slot-id=332171110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=69101e7513cc8766;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 454s [p11_child[2420]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 454s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979.output 454s + echo '-----BEGIN CERTIFICATE-----' 454s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979.output 454s + echo '-----END CERTIFICATE-----' 454s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979.pem 454s + local found_md5 expected_md5 454s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA-trusted-certificate-0001.pem 454s + expected_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 454s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979.pem 454s + found_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 454s + '[' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 '!=' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 ']' 454s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979-auth.output 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979-auth.output .output 454s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979-auth.pem 454s + echo -n 053350 454s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 454s [p11_child[2428]] [main] (0x0400): p11_child started. 454s [p11_child[2428]] [main] (0x2000): Running in [auth] mode. 454s [p11_child[2428]] [main] (0x2000): Running with effective IDs: [0][0]. 454s [p11_child[2428]] [main] (0x2000): Running with real IDs [0][0]. 454s [p11_child[2428]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 454s [p11_child[2428]] [do_card] (0x4000): Module List: 454s [p11_child[2428]] [do_card] (0x4000): common name: [softhsm2]. 454s [p11_child[2428]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2428]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13cc8766] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 454s [p11_child[2428]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 454s [p11_child[2428]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x13cc8766][332171110] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2428]] [do_card] (0x4000): Login required. 454s [p11_child[2428]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 454s [p11_child[2428]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 454s [p11_child[2428]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 454s [p11_child[2428]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13cc8766;slot-manufacturer=SoftHSM%20project;slot-id=332171110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=69101e7513cc8766;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 454s [p11_child[2428]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 454s [p11_child[2428]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 454s [p11_child[2428]] [do_card] (0x4000): Certificate verified and validated. 454s [p11_child[2428]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 454s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979-auth.output 454s + echo '-----BEGIN CERTIFICATE-----' 454s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979-auth.output 454s + echo '-----END CERTIFICATE-----' 454s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979-auth.pem 454s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-10979-auth.pem 454s + found_md5=Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 454s + '[' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 '!=' Modulus=D249BF958CA2C28AE86966D0F165429361BA45933E941CFFAA751E952D8043710FAF3D232116CEC5E600B2B3FDD6E0D40105109957193CD153027839B749FCACEDBE35124F48A0912BDABA95363E0C04B0CE6639986A2BBD0D581E4924160238AC99EDD3649704635739239BE15BA72127438202A3B70BA47BC29A6F3BA586C3 ']' 454s + invalid_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 454s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 454s + local verify_option= 454s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local key_cn 454s + local key_name 454s + local tokens_dir 454s + local output_cert_file 454s + token_name= 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 454s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 454s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s ++ sed -n 's/ *commonName *= //p' 454s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 454s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 454s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 454s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 454s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 454s + token_name='Test Organization Sub Int Token' 454s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 454s + local key_file 454s + local decrypted_key 454s + mkdir -p /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 454s + key_file=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 454s + decrypted_key=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 454s + cat 454s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 454s + softhsm2-util --show-slots 454s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 454s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-23034 -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 454s writing RSA key 454s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 454s + rm /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 454s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 454s + echo 'Test Organization Sub Int Token' 454s + '[' -n '' ']' 454s + local output_base_name=SSSD-child-5846 454s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-5846.output 454s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-5846.pem 454s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 454s [p11_child[2447]] [main] (0x0400): p11_child started. 454s [p11_child[2447]] [main] (0x2000): Running in [pre-auth] mode. 454s [p11_child[2447]] [main] (0x2000): Running with effective IDs: [0][0]. 454s [p11_child[2447]] [main] (0x2000): Running with real IDs [0][0]. 454s [p11_child[2447]] [do_card] (0x4000): Module List: 454s [p11_child[2447]] [do_card] (0x4000): common name: [softhsm2]. 454s [p11_child[2447]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2447]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 454s [p11_child[2447]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 454s [p11_child[2447]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2447]] [do_card] (0x4000): Login NOT required. 454s [p11_child[2447]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 454s [p11_child[2447]] [do_verification] (0x0040): X509_verify_cert failed [0]. 454s [p11_child[2447]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 454s [p11_child[2447]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 454s [p11_child[2447]] [do_card] (0x4000): No certificate found. 454s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-5846.output 454s + return 2 454s + invalid_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem partial_chain 454s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem partial_chain 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 454s + local verify_option=partial_chain 454s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local key_cn 454s + local key_name 454s + local tokens_dir 454s + local output_cert_file 454s + token_name= 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 454s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 454s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s ++ sed -n 's/ *commonName *= //p' 454s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 454s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 454s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 454s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 454s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 454s + token_name='Test Organization Sub Int Token' 454s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 454s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 454s + echo 'Test Organization Sub Int Token' 454s + '[' -n partial_chain ']' 454s + local verify_arg=--verify=partial_chain 454s + local output_base_name=SSSD-child-13244 454s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-13244.output 454s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-13244.pem 454s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-root-CA.pem 454s [p11_child[2454]] [main] (0x0400): p11_child started. 454s [p11_child[2454]] [main] (0x2000): Running in [pre-auth] mode. 454s [p11_child[2454]] [main] (0x2000): Running with effective IDs: [0][0]. 454s [p11_child[2454]] [main] (0x2000): Running with real IDs [0][0]. 454s [p11_child[2454]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 454s [p11_child[2454]] [do_card] (0x4000): Module List: 454s [p11_child[2454]] [do_card] (0x4000): common name: [softhsm2]. 454s [p11_child[2454]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2454]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 454s [p11_child[2454]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 454s [p11_child[2454]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2454]] [do_card] (0x4000): Login NOT required. 454s [p11_child[2454]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 454s [p11_child[2454]] [do_verification] (0x0040): X509_verify_cert failed [0]. 454s [p11_child[2454]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 454s [p11_child[2454]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 454s [p11_child[2454]] [do_card] (0x4000): No certificate found. 454s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-13244.output 454s + return 2 454s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 454s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 454s + local verify_option= 454s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local key_cn 454s + local key_name 454s + local tokens_dir 454s + local output_cert_file 454s + token_name= 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 454s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 454s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s ++ sed -n 's/ *commonName *= //p' 454s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 454s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 454s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 454s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 454s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 454s + token_name='Test Organization Sub Int Token' 454s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 454s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 454s + echo 'Test Organization Sub Int Token' 454s + '[' -n '' ']' 454s + local output_base_name=SSSD-child-6724 454s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724.output 454s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724.pem 454s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 454s [p11_child[2461]] [main] (0x0400): p11_child started. 454s [p11_child[2461]] [main] (0x2000): Running in [pre-auth] mode. 454s [p11_child[2461]] [main] (0x2000): Running with effective IDs: [0][0]. 454s [p11_child[2461]] [main] (0x2000): Running with real IDs [0][0]. 454s [p11_child[2461]] [do_card] (0x4000): Module List: 454s [p11_child[2461]] [do_card] (0x4000): common name: [softhsm2]. 454s [p11_child[2461]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2461]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 454s [p11_child[2461]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 454s [p11_child[2461]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2461]] [do_card] (0x4000): Login NOT required. 454s [p11_child[2461]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 454s [p11_child[2461]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 454s [p11_child[2461]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 454s [p11_child[2461]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x559886f;slot-manufacturer=SoftHSM%20project;slot-id=89753711;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bdf67c3f0559886f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 454s [p11_child[2461]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 454s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724.output 454s + echo '-----BEGIN CERTIFICATE-----' 454s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724.output 454s + echo '-----END CERTIFICATE-----' 454s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724.pem 454s Certificate: 454s Data: 454s Version: 3 (0x2) 454s Serial Number: 4 (0x4) 454s Signature Algorithm: sha256WithRSAEncryption 454s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 454s Validity 454s Not Before: Jun 13 18:36:36 2024 GMT 454s Not After : Jun 13 18:36:36 2025 GMT 454s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 454s Subject Public Key Info: 454s Public Key Algorithm: rsaEncryption 454s Public-Key: (1024 bit) 454s Modulus: 454s 00:d2:49:bf:95:8c:a2:c2:8a:e8:69:66:d0:f1:65: 454s 42:93:61:ba:45:93:3e:94:1c:ff:aa:75:1e:95:2d: 454s 80:43:71:0f:af:3d:23:21:16:ce:c5:e6:00:b2:b3: 454s fd:d6:e0:d4:01:05:10:99:57:19:3c:d1:53:02:78: 454s 39:b7:49:fc:ac:ed:be:35:12:4f:48:a0:91:2b:da: 454s ba:95:36:3e:0c:04:b0:ce:66:39:98:6a:2b:bd:0d: 454s 58:1e:49:24:16:02:38:ac:99:ed:d3:64:97:04:63: 454s 57:39:23:9b:e1:5b:a7:21:27:43:82:02:a3:b7:0b: 454s a4:7b:c2:9a:6f:3b:a5:86:c3 454s Exponent: 65537 (0x10001) 454s X509v3 extensions: 454s X509v3 Authority Key Identifier: 454s B4:68:70:B8:6B:F6:86:1D:0E:E1:B4:E8:30:1E:75:25:07:20:7F:8A 454s X509v3 Basic Constraints: 454s CA:FALSE 454s Netscape Cert Type: 454s SSL Client, S/MIME 454s Netscape Comment: 454s Test Organization Intermediate CA trusted Certificate 454s X509v3 Subject Key Identifier: 454s 86:BA:0B:08:D6:1A:A4:2A:F1:D1:8C:46:70:13:D7:FF:8B:73:E9:91 454s X509v3 Key Usage: critical 454s Digital Signature, Non Repudiation, Key Encipherment 454s X509v3 Extended Key Usage: 454s TLS Web Client Authentication, E-mail Protection 454s X509v3 Subject Alternative Name: 454s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 454s Signature Algorithm: sha256WithRSAEncryption 454s Signature Value: 454s 6f:e1:1c:0e:ea:8d:36:d9:0a:fc:aa:7d:3c:c7:36:7e:f7:4c: 454s 64:aa:bb:d0:2d:22:8c:b8:79:a6:b1:11:ad:f5:a6:6f:db:cd: 454s 17:ff:d6:21:a7:44:6c:71:83:3d:f4:24:80:2c:1d:e2:18:13: 454s 84:2f:5b:ea:bc:18:85:b8:71:ea:97:cb:56:20:eb:5e:4b:1a: 454s ea:25:6d:0a:fc:cc:90:cc:25:ee:46:16:e6:1c:ab:12:11:66: 454s cd:92:af:e7:34:34:5f:7a:7d:75:f0:e5:47:d8:a2:5f:9c:38: 454s e7:6e:62:b9:c2:dc:8a:e6:3e:de:f8:3a:59:e2:25:ae:d6:3b: 454s e3:a0 454s Test Organization Interme Token 454s Test Organization Interme Token 454s Certificate: 454s Data: 454s Version: 3 (0x2) 454s Serial Number: 4 (0x4) 454s Signature Algorithm: sha256WithRSAEncryption 454s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 454s Validity 454s Not Before: Jun 13 18:36:36 2024 GMT 454s Not After : Jun 13 18:36:36 2025 GMT 454s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 454s Subject Public Key Info: 454s Public Key Algorithm: rsaEncryption 454s Public-Key: (1024 bit) 454s Modulus: 454s 00:d2:49:bf:95:8c:a2:c2:8a:e8:69:66:d0:f1:65: 454s 42:93:61:ba:45:93:3e:94:1c:ff:aa:75:1e:95:2d: 454s 80:43:71:0f:af:3d:23:21:16:ce:c5:e6:00:b2:b3: 454s fd:d6:e0:d4:01:05:10:99:57:19:3c:d1:53:02:78: 454s 39:b7:49:fc:ac:ed:be:35:12:4f:48:a0:91:2b:da: 454s ba:95:36:3e:0c:04:b0:ce:66:39:98:6a:2b:bd:0d: 454s 58:1e:49:24:16:02:38:ac:99:ed:d3:64:97:04:63: 454s 57:39:23:9b:e1:5b:a7:21:27:43:82:02:a3:b7:0b: 454s a4:7b:c2:9a:6f:3b:a5:86:c3 454s Exponent: 65537 (0x10001) 454s X509v3 extensions: 454s X509v3 Authority Key Identifier: 454s B4:68:70:B8:6B:F6:86:1D:0E:E1:B4:E8:30:1E:75:25:07:20:7F:8A 454s X509v3 Basic Constraints: 454s CA:FALSE 454s Netscape Cert Type: 454s SSL Client, S/MIME 454s Netscape Comment: 454s Test Organization Intermediate CA trusted Certificate 454s X509v3 Subject Key Identifier: 454s 86:BA:0B:08:D6:1A:A4:2A:F1:D1:8C:46:70:13:D7:FF:8B:73:E9:91 454s X509v3 Key Usage: critical 454s Digital Signature, Non Repudiation, Key Encipherment 454s X509v3 Extended Key Usage: 454s TLS Web Client Authentication, E-mail Protection 454s X509v3 Subject Alternative Name: 454s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 454s Signature Algorithm: sha256WithRSAEncryption 454s Signature Value: 454s 6f:e1:1c:0e:ea:8d:36:d9:0a:fc:aa:7d:3c:c7:36:7e:f7:4c: 454s 64:aa:bb:d0:2d:22:8c:b8:79:a6:b1:11:ad:f5:a6:6f:db:cd: 454s 17:ff:d6:21:a7:44:6c:71:83:3d:f4:24:80:2c:1d:e2:18:13: 454s 84:2f:5b:ea:bc:18:85:b8:71:ea:97:cb:56:20:eb:5e:4b:1a: 454s ea:25:6d:0a:fc:cc:90:cc:25:ee:46:16:e6:1c:ab:12:11:66: 454s cd:92:af:e7:34:34:5f:7a:7d:75:f0:e5:47:d8:a2:5f:9c:38: 454s e7:6e:62:b9:c2:dc:8a:e6:3e:de:f8:3a:59:e2:25:ae:d6:3b: 454s e3:a0 454s Certificate: 454s Data: 454s Version: 3 (0x2) 454s Serial Number: 4 (0x4) 454s Signature Algorithm: sha256WithRSAEncryption 454s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 454s Validity 454s Not Before: Jun 13 18:36:36 2024 GMT 454s Not After : Jun 13 18:36:36 2025 GMT 454s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 454s Subject Public Key Info: 454s Public Key Algorithm: rsaEncryption 454s Public-Key: (1024 bit) 454s Modulus: 454s 00:d2:49:bf:95:8c:a2:c2:8a:e8:69:66:d0:f1:65: 454s 42:93:61:ba:45:93:3e:94:1c:ff:aa:75:1e:95:2d: 454s 80:43:71:0f:af:3d:23:21:16:ce:c5:e6:00:b2:b3: 454s fd:d6:e0:d4:01:05:10:99:57:19:3c:d1:53:02:78: 454s 39:b7:49:fc:ac:ed:be:35:12:4f:48:a0:91:2b:da: 454s ba:95:36:3e:0c:04:b0:ce:66:39:98:6a:2b:bd:0d: 454s 58:1e:49:24:16:02:38:ac:99:ed:d3:64:97:04:63: 454s 57:39:23:9b:e1:5b:a7:21:27:43:82:02:a3:b7:0b: 454s a4:7b:c2:9a:6f:3b:a5:86:c3 454s Exponent: 65537 (0x10001) 454s X509v3 extensions: 454s X509v3 Authority Key Identifier: 454s B4:68:70:B8:6B:F6:86:1D:0E:E1:B4:E8:30:1E:75:25:07:20:7F:8A 454s X509v3 Basic Constraints: 454s CA:FALSE 454s Netscape Cert Type: 454s SSL Client, S/MIME 454s Netscape Comment: 454s Test Organization Intermediate CA trusted Certificate 454s X509v3 Subject Key Identifier: 454s 86:BA:0B:08:D6:1A:A4:2A:F1:D1:8C:46:70:13:D7:FF:8B:73:E9:91 454s X509v3 Key Usage: critical 454s Digital Signature, Non Repudiation, Key Encipherment 454s X509v3 Extended Key Usage: 454s TLS Web Client Authentication, E-mail Protection 454s X509v3 Subject Alternative Name: 454s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 454s Signature Algorithm: sha256WithRSAEncryption 454s Signature Value: 454s 6f:e1:1c:0e:ea:8d:36:d9:0a:fc:aa:7d:3c:c7:36:7e:f7:4c: 454s 64:aa:bb:d0:2d:22:8c:b8:79:a6:b1:11:ad:f5:a6:6f:db:cd: 454s 17:ff:d6:21:a7:44:6c:71:83:3d:f4:24:80:2c:1d:e2:18:13: 454s 84:2f:5b:ea:bc:18:85:b8:71:ea:97:cb:56:20:eb:5e:4b:1a: 454s ea:25:6d:0a:fc:cc:90:cc:25:ee:46:16:e6:1c:ab:12:11:66: 454s cd:92:af:e7:34:34:5f:7a:7d:75:f0:e5:47:d8:a2:5f:9c:38: 454s e7:6e:62:b9:c2:dc:8a:e6:3e:de:f8:3a:59:e2:25:ae:d6:3b: 454s e3:a0 454s Slot 0 has a free/uninitialized token. 454s The token has been initialized and is reassigned to slot 89753711 454s Available slots: 454s Slot 89753711 454s Slot info: 454s Description: SoftHSM slot ID 0x559886f 454s Manufacturer ID: SoftHSM project 454s Hardware version: 2.6 454s Firmware version: 2.6 454s Token present: yes 454s Token info: 454s Manufacturer ID: SoftHSM project 454s Model: SoftHSM v2 454s Hardware version: 2.6 454s Firmware version: 2.6 454s Serial number: bdf67c3f0559886f 454s Initialized: yes 454s User PIN init.: yes 454s Label: Test Organization Sub Int Token 454s Slot 1 454s Slot info: 454s Description: SoftHSM slot ID 0x1 454s Manufacturer ID: SoftHSM project 454s Hardware version: 2.6 454s Firmware version: 2.6 454s Token present: yes 454s Token info: 454s Manufacturer ID: SoftHSM project 454s Model: SoftHSM v2 454s Hardware version: 2.6 454s Firmware version: 2.6 454s Serial number: 454s Initialized: no 454s User PIN init.: no 454s Label: 454s Object 0: 454s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bdf67c3f0559886f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 454s Type: X.509 Certificate (RSA-1024) 454s Expires: Fri Jun 13 18:36:37 2025 454s Label: Test Organization Sub Intermediate Trusted Certificate 0001 454s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 454s 454s Test Organization Sub Int Token 454s Test Organization Sub Int Token 454s Test Organization Sub Int Token 454s Certificate: 454s Data: 454s Version: 3 (0x2) 454s Serial Number: 5 (0x5) 454s Signature Algorithm: sha256WithRSAEncryption 454s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 454s Validity 454s Not Before: Jun 13 18:36:37 2024 GMT 454s Not After : Jun 13 18:36:37 2025 GMT 454s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 454s Subject Public Key Info: 454s Public Key Algorithm: rsaEncryption 454s Public-Key: (1024 bit) 454s Modulus: 454s 00:c9:5e:8c:50:f1:19:b2:cb:18:6d:01:8a:bb:b7: 454s 17:6a:a5:f4:f2:ec:1b:cd:8d:46:fb:64:bc:8f:10: 454s 31:48:9b:87:10:a9:76:71:0c:36:24:cb:92:f1:9d: 454s cd:84:b3:4e:1b:ca:02:16:fe:28:cd:9b:ae:d0:a9: 454s 12:67:38:3e:aa:ea:d7:6a:7e:d6:b1:dd:e8:a6:c0: 454s b6:92:7c:2f:31:0b:cf:93:6a:b2:ac:fe:47:33:d6: 454s f2:11:ec:cc:40:3e:e5:8a:04:bd:14:00:51:54:7f: 454s 3b:a2:a5:d1:91:3d:8c:d5:6d:65:d4:99:65:b7:09: 454s 48:ef:c3:19:c1:2c:4f:c1:e1 454s Exponent: 65537 (0x10001) 454s X509v3 extensions: 454s X509v3 Authority Key Identifier: 454s C2:2B:2B:CA:33:8C:A3:FF:A3:04:DF:35:55:2E:A5:7B:0B:D8:85:91 454s X509v3 Basic Constraints: 454s CA:FALSE 454s Netscape Cert Type: 454s SSL Client, S/MIME 454s Netscape Comment: 454s Test Organization Sub Intermediate CA trusted Certificate 454s X509v3 Subject Key Identifier: 454s F9:7D:DD:04:C6:43:D5:B9:B5:49:A5:92:3E:19:74:2C:B6:58:33:89 454s X509v3 Key Usage: critical 454s Digital Signature, Non Repudiation, Key Encipherment 454s X509v3 Extended Key Usage: 454s TLS Web Client Authentication, E-mail Protection 454s X509v3 Subject Alternative Name: 454s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 454s Signature Algorithm: sha256WithRSAEncryption 454s Signature Value: 454s c3:93:b1:17:67:92:f0:b6:02:2b:7c:53:c9:b4:8b:25:80:14: 454s e6:59:fc:81:bf:81:30:b2:51:8a:ff:69:28:4c:db:f7:8f:d7: 454s 6d:d6:7c:43:04:e1:32:9e:9b:8b:17:57:6e:b4:89:40:12:03: 454s 5f:c3:dd:28:81:33:ff:f9:0a:60:71:31:f0:22:4f:86:9f:11: 454s 89:65:26:98:03:e0:f2:2c:7a:7e:36:da:ae:7c:2f:6e:f3:c8: 454s 42:50:c3:f9:03:4a:78:a4:4d:87:9f:76:6f:f7:d0:2b:c8:78: 454s 50:e1:de:fc:ae:3a:07:9f:58:2f:ce:d6:c0:93:4f:44:06:68: 454s 8e:33 454s Certificate: 454s Data: 454s Version: 3 (0x2) 454s Serial Number: 5 (0x5) 454s Signature Algorithm: sha256WithRSAEncryption 454s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 454s Validity 454s Not Before: Jun 13 18:36:37 2024 GMT 454s Not After : Jun 13 18:36:37 2025 GMT 454s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 454s Subject Public Key Info: 454s Public Key Algorithm: rsaEncryption 454s Public-Key: (1024 bit) 454s Modulus: 454s 00:c9:5e:8c:50:f1:19:b2:cb:18:6d:01:8a:bb:b7: 454s 17:6a:a5:f4:f2:ec:1b:cd:8d:46:fb:64:bc:8f:10: 454s 31:48:9b:87:10:a9:76:71:0c:36:24:cb:92:f1:9d: 454s cd:84:b3:4e:1b:ca:02:16:fe:28:cd:9b:ae:d0:a9: 454s 12:67:38:3e:aa:ea:d7:6a:7e:d6:b1:dd:e8:a6:c0: 454s b6:92:7c:2f:31:0b:cf:93:6a:b2:ac:fe:47:33:d6: 454s f2:11:ec:cc:40:3e:e5:8a:04:bd:14:00:51:54:7f: 454s 3b:a2:a5:d1:91:3d:8c:d5:6d:65:d4:99:65:b7:09: 454s 48:ef:c3:19:c1:2c:4f:c1:e1 454s Exponent: 65537 (0x10001) 454s X509v3 extensions: 454s X509v3 Authority Key Identifier: 454s C2:2B:2B:CA:33:8C:A3:FF:A3:04:DF:35:55:2E:A5:7B:0B:D8:85:91 454s X509v3 Basic Constraints: 454s CA:FALSE 454s Netscape Cert Type: 454s SSL Client, S/MIME 454s Netscape Comment: 454s Test Organization Sub Intermediate CA trusted Certificate 454s X509v3 Subject Key Identifier: 454s F9:7D:DD:04:C6:43:D5:B9:B5:49:A5:92:3E:19:74:2C:B6:58:33:89 454s X509v3 Key Usage: critical 454s Digital Signature, Non Repudiation, Key Encipherment 454s X509v3 Extended Key Usage: 454s TLS Web Client Authentication, E-mail Protection 454s X509v3 Subject Alternative Name: 454s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 454s Signature Algorithm: sha256WithRSAEncryption 454s Signature Value: 454s c3:93:b1:17:67:92:f0:b6:02:2b:7c:53:c9:b4:8b:25:80:14: 454s e6:59:fc:81:bf:81:30:b2:51:8a:ff:69:28:4c:db:f7:8f:d7: 454s 6d:d6:7c:43:04:e1:32:9e:9b:8b:17:57:6e:b4:89:40:12:03: 454s 5f:c3:dd:28:81:33:ff:f9:0a:60:71:31:f0:22:4f:86:9f:11: 454s 89:65:26:98:03:e0:f2:2c:7a:7e:36:da:ae:7c:2f:6e:f3:c8: 454s 42:50:c3:f9:03:4a:78:a4:4d:87:9f:76:6f:f7:d0:2b:c8:78: 454s 50:e1:de:fc:ae:3a:07:9f:58:2f:ce:d6:c0:93:4f:44:06:68: 454s 8e:33 454s Test Organization Sub Int Token 454s + local found_md5 expected_md5 454s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s + expected_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 454s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724.pem 454s + found_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 454s + '[' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 '!=' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 ']' 454s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724-auth.output 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724-auth.output .output 454s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724-auth.pem 454s + echo -n 053350 454s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 454s [p11_child[2469]] [main] (0x0400): p11_child started. 454s [p11_child[2469]] [main] (0x2000): Running in [auth] mode. 454s [p11_child[2469]] [main] (0x2000): Running with effective IDs: [0][0]. 454s [p11_child[2469]] [main] (0x2000): Running with real IDs [0][0]. 454s [p11_child[2469]] [do_card] (0x4000): Module List: 454s [p11_child[2469]] [do_card] (0x4000): common name: [softhsm2]. 454s [p11_child[2469]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2469]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 454s [p11_child[2469]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 454s [p11_child[2469]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2469]] [do_card] (0x4000): Login required. 454s [p11_child[2469]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 454s [p11_child[2469]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 454s [p11_child[2469]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 454s [p11_child[2469]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x559886f;slot-manufacturer=SoftHSM%20project;slot-id=89753711;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bdf67c3f0559886f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 454s [p11_child[2469]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 454s [p11_child[2469]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 454s [p11_child[2469]] [do_card] (0x4000): Certificate verified and validated. 454s [p11_child[2469]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 454s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724-auth.output 454s + echo '-----BEGIN CERTIFICATE-----' 454s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724-auth.output 454s + echo '-----END CERTIFICATE-----' 454s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724-auth.pem 454s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-6724-auth.pem 454s + found_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 454s + '[' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 '!=' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 ']' 454s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem partial_chain 454s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem partial_chain 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 454s + local verify_option=partial_chain 454s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 454s + local key_cn 454s + local key_name 454s + local tokens_dir 454s + local output_cert_file 454s + token_name= 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 454s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 454s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s ++ sed -n 's/ *commonName *= //p' 454s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 454s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 454s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 454s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 454s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 454s + token_name='Test Organization Sub Int Token' 454s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 454s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 454s + echo 'Test Organization Sub Int Token' 454s + '[' -n partial_chain ']' 454s + local verify_arg=--verify=partial_chain 454s + local output_base_name=SSSD-child-26712 454s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712.output 454s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712.pem 454s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem 454s [p11_child[2479]] [main] (0x0400): p11_child started. 454s [p11_child[2479]] [main] (0x2000): Running in [pre-auth] mode. 454s [p11_child[2479]] [main] (0x2000): Running with effective IDs: [0][0]. 454s [p11_child[2479]] [main] (0x2000): Running with real IDs [0][0]. 454s [p11_child[2479]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 454s [p11_child[2479]] [do_card] (0x4000): Module List: 454s [p11_child[2479]] [do_card] (0x4000): common name: [softhsm2]. 454s [p11_child[2479]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2479]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 454s [p11_child[2479]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 454s [p11_child[2479]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2479]] [do_card] (0x4000): Login NOT required. 454s [p11_child[2479]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 454s [p11_child[2479]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 454s [p11_child[2479]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 454s [p11_child[2479]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x559886f;slot-manufacturer=SoftHSM%20project;slot-id=89753711;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bdf67c3f0559886f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 454s [p11_child[2479]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 454s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712.output 454s + echo '-----BEGIN CERTIFICATE-----' 454s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712.output 454s + echo '-----END CERTIFICATE-----' 454s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712.pem 454s Certificate: 454s Data: 454s Version: 3 (0x2) 454s Serial Number: 5 (0x5) 454s Signature Algorithm: sha256WithRSAEncryption 454s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 454s Validity 454s Not Before: Jun 13 18:36:37 2024 GMT 454s Not After : Jun 13 18:36:37 2025 GMT 454s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 454s Subject Public Key Info: 454s Public Key Algorithm: rsaEncryption 454s Public-Key: (1024 bit) 454s Modulus: 454s 00:c9:5e:8c:50:f1:19:b2:cb:18:6d:01:8a:bb:b7: 454s 17:6a:a5:f4:f2:ec:1b:cd:8d:46:fb:64:bc:8f:10: 454s 31:48:9b:87:10:a9:76:71:0c:36:24:cb:92:f1:9d: 454s cd:84:b3:4e:1b:ca:02:16:fe:28:cd:9b:ae:d0:a9: 454s 12:67:38:3e:aa:ea:d7:6a:7e:d6:b1:dd:e8:a6:c0: 454s b6:92:7c:2f:31:0b:cf:93:6a:b2:ac:fe:47:33:d6: 454s f2:11:ec:cc:40:3e:e5:8a:04:bd:14:00:51:54:7f: 454s 3b:a2:a5:d1:91:3d:8c:d5:6d:65:d4:99:65:b7:09: 454s 48:ef:c3:19:c1:2c:4f:c1:e1 454s Exponent: 65537 (0x10001) 454s X509v3 extensions: 454s X509v3 Authority Key Identifier: 454s C2:2B:2B:CA:33:8C:A3:FF:A3:04:DF:35:55:2E:A5:7B:0B:D8:85:91 454s X509v3 Basic Constraints: 454s CA:FALSE 454s Netscape Cert Type: 454s SSL Client, S/MIME 454s Netscape Comment: 454s Test Organization Sub Intermediate CA trusted Certificate 454s X509v3 Subject Key Identifier: 454s F9:7D:DD:04:C6:43:D5:B9:B5:49:A5:92:3E:19:74:2C:B6:58:33:89 454s X509v3 Key Usage: critical 454s Digital Signature, Non Repudiation, Key Encipherment 454s X509v3 Extended Key Usage: 454s TLS Web Client Authentication, E-mail Protection 454s X509v3 Subject Alternative Name: 454s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 454s Signature Algorithm: sha256WithRSAEncryption 454s Signature Value: 454s c3:93:b1:17:67:92:f0:b6:02:2b:7c:53:c9:b4:8b:25:80:14: 454s e6:59:fc:81:bf:81:30:b2:51:8a:ff:69:28:4c:db:f7:8f:d7: 454s 6d:d6:7c:43:04:e1:32:9e:9b:8b:17:57:6e:b4:89:40:12:03: 454s 5f:c3:dd:28:81:33:ff:f9:0a:60:71:31:f0:22:4f:86:9f:11: 454s 89:65:26:98:03:e0:f2:2c:7a:7e:36:da:ae:7c:2f:6e:f3:c8: 454s 42:50:c3:f9:03:4a:78:a4:4d:87:9f:76:6f:f7:d0:2b:c8:78: 454s 50:e1:de:fc:ae:3a:07:9f:58:2f:ce:d6:c0:93:4f:44:06:68: 454s 8e:33 454s Certificate: 454s Data: 454s Version: 3 (0x2) 454s Serial Number: 5 (0x5) 454s Signature Algorithm: sha256WithRSAEncryption 454s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 454s Validity 454s Not Before: Jun 13 18:36:37 2024 GMT 454s Not After : Jun 13 18:36:37 2025 GMT 454s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 454s Subject Public Key Info: 454s Public Key Algorithm: rsaEncryption 454s Public-Key: (1024 bit) 454s Modulus: 454s 00:c9:5e:8c:50:f1:19:b2:cb:18:6d:01:8a:bb:b7: 454s 17:6a:a5:f4:f2:ec:1b:cd:8d:46:fb:64:bc:8f:10: 454s 31:48:9b:87:10:a9:76:71:0c:36:24:cb:92:f1:9d: 454s cd:84:b3:4e:1b:ca:02:16:fe:28:cd:9b:ae:d0:a9: 454s 12:67:38:3e:aa:ea:d7:6a:7e:d6:b1:dd:e8:a6:c0: 454s b6:92:7c:2f:31:0b:cf:93:6a:b2:ac:fe:47:33:d6: 454s f2:11:ec:cc:40:3e:e5:8a:04:bd:14:00:51:54:7f: 454s 3b:a2:a5:d1:91:3d:8c:d5:6d:65:d4:99:65:b7:09: 454s 48:ef:c3:19:c1:2c:4f:c1:e1 454s Exponent: 65537 (0x10001) 454s X509v3 extensions: 454s X509v3 Authority Key Identifier: 454s C2:2B:2B:CA:33:8C:A3:FF:A3:04:DF:35:55:2E:A5:7B:0B:D8:85:91 454s X509v3 Basic Constraints: 454s CA:FALSE 454s Netscape Cert Type: 454s SSL Client, S/MIME 454s Netscape Comment: 454s Test Organization Sub Intermediate CA trusted Certificate 454s X509v3 Subject Key Identifier: 454s F9:7D:DD:04:C6:43:D5:B9:B5:49:A5:92:3E:19:74:2C:B6:58:33:89 454s X509v3 Key Usage: critical 454s Digital Signature, Non Repudiation, Key Encipherment 454s X509v3 Extended Key Usage: 454s TLS Web Client Authentication, E-mail Protection 454s X509v3 Subject Alternative Name: 454s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 454s Signature Algorithm: sha256WithRSAEncryption 454s Signature Value: 454s c3:93:b1:17:67:92:f0:b6:02:2b:7c:53:c9:b4:8b:25:80:14: 454s e6:59:fc:81:bf:81:30:b2:51:8a:ff:69:28:4c:db:f7:8f:d7: 454s 6d:d6:7c:43:04:e1:32:9e:9b:8b:17:57:6e:b4:89:40:12:03: 454s 5f:c3:dd:28:81:33:ff:f9:0a:60:71:31:f0:22:4f:86:9f:11: 454s 89:65:26:98:03:e0:f2:2c:7a:7e:36:da:ae:7c:2f:6e:f3:c8: 454s 42:50:c3:f9:03:4a:78:a4:4d:87:9f:76:6f:f7:d0:2b:c8:78: 454s 50:e1:de:fc:ae:3a:07:9f:58:2f:ce:d6:c0:93:4f:44:06:68: 454s 8e:33 454s Test Organization Sub Int Token 454s Test Organization Sub Int Token 454s Test Organization Sub Int Token 454s Certificate: 454s Data: 454s Version: 3 (0x2) 454s Serial Number: 5 (0x5) 454s Signature Algorithm: sha256WithRSAEncryption 454s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 454s Validity 454s Not Before: Jun 13 18:36:37 2024 GMT 454s Not After : Jun 13 18:36:37 2025 GMT 454s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 454s Subject Public Key Info: 454s Public Key Algorithm: rsaEncryption 454s Public-Key: (1024 bit) 454s Modulus: 454s 00:c9:5e:8c:50:f1:19:b2:cb:18:6d:01:8a:bb:b7: 454s 17:6a:a5:f4:f2:ec:1b:cd:8d:46:fb:64:bc:8f:10: 454s 31:48:9b:87:10:a9:76:71:0c:36:24:cb:92:f1:9d: 454s cd:84:b3:4e:1b:ca:02:16:fe:28:cd:9b:ae:d0:a9: 454s 12:67:38:3e:aa:ea:d7:6a:7e:d6:b1:dd:e8:a6:c0: 454s b6:92:7c:2f:31:0b:cf:93:6a:b2:ac:fe:47:33:d6: 454s f2:11:ec:cc:40:3e:e5:8a:04:bd:14:00:51:54:7f: 454s 3b:a2:a5:d1:91:3d:8c:d5:6d:65:d4:99:65:b7:09: 454s 48:ef:c3:19:c1:2c:4f:c1:e1 454s Exponent: 65537 (0x10001) 454s X509v3 extensions: 454s X509v3 Authority Key Identifier: 454s C2:2B:2B:CA:33:8C:A3:FF:A3:04:DF:35:55:2E:A5:7B:0B:D8:85:91 454s X509v3 Basic Constraints: 454s CA:FALSE 454s Netscape Cert Type: 454s SSL Client, S/MIME 454s Netscape Comment: 454s Test Organization Sub Intermediate CA trusted Certificate 454s X509v3 Subject Key Identifier: 454s F9:7D:DD:04:C6:43:D5:B9:B5:49:A5:92:3E:19:74:2C:B6:58:33:89 454s X509v3 Key Usage: critical 454s Digital Signature, Non Repudiation, Key Encipherment 454s X509v3 Extended Key Usage: 454s TLS Web Client Authentication, E-mail Protection 454s X509v3 Subject Alternative Name: 454s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 454s Signature Algorithm: sha256WithRSAEncryption 454s Signature Value: 454s c3:93:b1:17:67:92:f0:b6:02:2b:7c:53:c9:b4:8b:25:80:14: 454s e6:59:fc:81:bf:81:30:b2:51:8a:ff:69:28:4c:db:f7:8f:d7: 454s 6d:d6:7c:43:04:e1:32:9e:9b:8b:17:57:6e:b4:89:40:12:03: 454s 5f:c3:dd:28:81:33:ff:f9:0a:60:71:31:f0:22:4f:86:9f:11: 454s 89:65:26:98:03:e0:f2:2c:7a:7e:36:da:ae:7c:2f:6e:f3:c8: 454s 42:50:c3:f9:03:4a:78:a4:4d:87:9f:76:6f:f7:d0:2b:c8:78: 454s 50:e1:de:fc:ae:3a:07:9f:58:2f:ce:d6:c0:93:4f:44:06:68: 454s 8e:33 454s Certificate: 454s Data: 454s Version: 3 (0x2) 454s Serial Number: 5 (0x5) 454s Signature Algorithm: sha256WithRSAEncryption 454s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 454s Validity 454s Not Before: Jun 13 18:36:37 2024 GMT 454s Not After : Jun 13 18:36:37 2025 GMT 454s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 454s Subject Public Key Info: 454s Public Key Algorithm: rsaEncryption 454s Public-Key: (1024 bit) 454s Modulus: 454s 00:c9:5e:8c:50:f1:19:b2:cb:18:6d:01:8a:bb:b7: 454s 17:6a:a5:f4:f2:ec:1b:cd:8d:46:fb:64:bc:8f:10: 454s 31:48:9b:87:10:a9:76:71:0c:36:24:cb:92:f1:9d: 454s cd:84:b3:4e:1b:ca:02:16:fe:28:cd:9b:ae:d0:a9: 454s 12:67:38:3e:aa:ea:d7:6a:7e:d6:b1:dd:e8:a6:c0: 454s b6:92:7c:2f:31:0b:cf:93:6a:b2:ac:fe:47:33:d6: 454s f2:11:ec:cc:40:3e:e5:8a:04:bd:14:00:51:54:7f: 454s 3b:a2:a5:d1:91:3d:8c:d5:6d:65:d4:99:65:b7:09: 454s 48:ef:c3:19:c1:2c:4f:c1:e1 454s Exponent: 65537 (0x10001) 454s X509v3 extensions: 454s X509v3 Authority Key Identifier: 454s C2:2B:2B:CA:33:8C:A3:FF:A3:04:DF:35:55:2E:A5:7B:0B:D8:85:91 454s X509v3 Basic Constraints: 454s CA:FALSE 454s Netscape Cert Type: 454s SSL Client, S/MIME 454s Netscape Comment: 454s Test Organization Sub Intermediate CA trusted Certificate 454s X509v3 Subject Key Identifier: 454s F9:7D:DD:04:C6:43:D5:B9:B5:49:A5:92:3E:19:74:2C:B6:58:33:89 454s X509v3 Key Usage: critical 454s Digital Signature, Non Repudiation, Key Encipherment 454s X509v3 Extended Key Usage: 454s TLS Web Client Authentication, E-mail Protection 454s X509v3 Subject Alternative Name: 454s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 454s Signature Algorithm: sha256WithRSAEncryption 454s Signature Value: 454s c3:93:b1:17:67:92:f0:b6:02:2b:7c:53:c9:b4:8b:25:80:14: 454s e6:59:fc:81:bf:81:30:b2:51:8a:ff:69:28:4c:db:f7:8f:d7: 454s 6d:d6:7c:43:04:e1:32:9e:9b:8b:17:57:6e:b4:89:40:12:03: 454s 5f:c3:dd:28:81:33:ff:f9:0a:60:71:31:f0:22:4f:86:9f:11: 454s 89:65:26:98:03:e0:f2:2c:7a:7e:36:da:ae:7c:2f:6e:f3:c8: 454s 42:50:c3:f9:03:4a:78:a4:4d:87:9f:76:6f:f7:d0:2b:c8:78: 454s 50:e1:de:fc:ae:3a:07:9f:58:2f:ce:d6:c0:93:4f:44:06:68: 454s 8e:33 454s Test Organization Sub Int Token 454s Certificate: 454s Data: 454s Version: 3 (0x2) 454s Serial Number: 5 (0x5) 454s Signature Algorithm: sha256WithRSAEncryption 454s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 454s Validity 454s Not Before: Jun 13 18:36:37 2024 GMT 454s Not After : Jun 13 18:36:37 2025 GMT 454s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 454s Subject Public Key Info: 454s Public Key Algorithm: rsaEncryption 454s Public-Key: (1024 bit) 454s Modulus: 454s 00:c9:5e:8c:50:f1:19:b2:cb:18:6d:01:8a:bb:b7: 454s 17:6a:a5:f4:f2:ec:1b:cd:8d:46:fb:64:bc:8f:10: 454s 31:48:9b:87:10:a9:76:71:0c:36:24:cb:92:f1:9d: 454s cd:84:b3:4e:1b:ca:02:16:fe:28:cd:9b:ae:d0:a9: 454s 12:67:38:3e:aa:ea:d7:6a:7e:d6:b1:dd:e8:a6:c0: 454s b6:92:7c:2f:31:0b:cf:93:6a:b2:ac:fe:47:33:d6: 454s f2:11:ec:cc:40:3e:e5:8a:04:bd:14:00:51:54:7f: 454s 3b:a2:a5:d1:91:3d:8c:d5:6d:65:d4:99:65:b7:09: 454s 48:ef:c3:19:c1:2c:4f:c1:e1 454s Exponent: 65537 (0x10001) 454s X509v3 extensions: 454s X509v3 Authority Key Identifier: 454s C2:2B:2B:CA:33:8C:A3:FF:A3:04:DF:35:55:2E:A5:7B:0B:D8:85:91 454s X509v3 Basic Constraints: 454s CA:FALSE 454s Netscape Cert Type: 454s SSL Client, S/MIME 454s Netscape Comment: 454s Test Organization Sub Intermediate CA trusted Certificate 454s X509v3 Subject Key Identifier: 454s F9:7D:DD:04:C6:43:D5:B9:B5:49:A5:92:3E:19:74:2C:B6:58:33:89 454s X509v3 Key Usage: critical 454s Digital Signature, Non Repudiation, Key Encipherment 454s X509v3 Extended Key Usage: 454s TLS Web Client Authentication, E-mail Protection 454s X509v3 Subject Alternative Name: 454s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 454s Signature Algorithm: sha256WithRSAEncryption 454s Signature Value: 454s c3:93:b1:17:67:92:f0:b6:02:2b:7c:53:c9:b4:8b:25:80:14: 454s e6:59:fc:81:bf:81:30:b2:51:8a:ff:69:28:4c:db:f7:8f:d7: 454s 6d:d6:7c:43:04:e1:32:9e:9b:8b:17:57:6e:b4:89:40:12:03: 454s 5f:c3:dd:28:81:33:ff:f9:0a:60:71:31:f0:22:4f:86:9f:11: 454s 89:65:26:98:03:e0:f2:2c:7a:7e:36:da:ae:7c:2f:6e:f3:c8: 454s 42:50:c3:f9:03:4a:78:a4:4d:87:9f:76:6f:f7:d0:2b:c8:78: 454s 50:e1:de:fc:ae:3a:07:9f:58:2f:ce:d6:c0:93:4f:44:06:68: 454s 8e:33 454s Certificate: 454s Data: 454s Version: 3 (0x2) 454s Serial Number: 5 (0x5) 454s Signature Algorithm: sha256WithRSAEncryption 454s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 454s Validity 454s Not Before: Jun 13 18:36:37 2024 GMT 454s Not After : Jun 13 18:36:37 2025 GMT 454s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 454s Subject Public Key Info: 454s Public Key Algorithm: rsaEncryption 454s Public-Key: (1024 bit) 454s Modulus: 454s 00:c9:5e:8c:50:f1:19:b2:cb:18:6d:01:8a:bb:b7: 454s 17:6a:a5:f4:f2:ec:1b:cd:8d:46:fb:64:bc:8f:10: 454s 31:48:9b:87:10:a9:76:71:0c:36:24:cb:92:f1:9d: 454s cd:84:b3:4e:1b:ca:02:16:fe:28:cd:9b:ae:d0:a9: 454s 12:67:38:3e:aa:ea:d7:6a:7e:d6:b1:dd:e8:a6:c0: 454s b6:92:7c:2f:31:0b:cf:93:6a:b2:ac:fe:47:33:d6: 454s f2:11:ec:cc:40:3e:e5:8a:04:bd:14:00:51:54:7f: 454s 3b:a2:a5:d1:91:3d:8c:d5:6d:65:d4:99:65:b7:09: 454s 48:ef:c3:19:c1:2c:4f:c1:e1 454s Exponent: 65537 (0x10001) 454s X509v3 extensions: 454s X509v3 Authority Key Identifier: 454s C2:2B:2B:CA:33:8C:A3:FF:A3:04:DF:35:55:2E:A5:7B:0B:D8:85:91 454s X509v3 Basic Constraints: 454s CA:FALSE 454s Netscape Cert Type: 454s SSL Client, S/MIME 454s Netscape Comment: 454s Test Organization Sub Intermediate CA trusted Certificate 454s X509v3 Subject Key Identifier: 454s F9:7D:DD:04:C6:43:D5:B9:B5:49:A5:92:3E:19:74:2C:B6:58:33:89 454s X509v3 Key Usage: critical 454s Digital Signature, Non Repudiation, Key Encipherment 454s X509v3 Extended Key Usage: 454s TLS Web Client Authentication, E-mail Protection 454s X509v3 Subject Alternative Name: 454s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 454s Signature Algorithm: sha256WithRSAEncryption 454s Signature Value: 454s c3:93:b1:17:67:92:f0:b6:02:2b:7c:53:c9:b4:8b:25:80:14: 454s e6:59:fc:81:bf:81:30:b2:51:8a:ff:69:28:4c:db:f7:8f:d7: 454s 6d:d6:7c:43:04:e1:32:9e:9b:8b:17:57:6e:b4:89:40:12:03: 454s 5f:c3:dd:28:81:33:ff:f9:0a:60:71:31:f0:22:4f:86:9f:11: 454s 89:65:26:98:03:e0:f2:2c:7a:7e:36:da:ae:7c:2f:6e:f3:c8: 454s 42:50:c3:f9:03:4a:78:a4:4d:87:9f:76:6f:f7:d0:2b:c8:78: 454s 50:e1:de:fc:ae:3a:07:9f:58:2f:ce:d6:c0:93:4f:44:06:68: 454s 8e:33 454s 454s Test completed, Root CA and intermediate issued certificates verified! 454s + local found_md5 expected_md5 454s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 454s + expected_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 454s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712.pem 454s + found_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 454s + '[' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 '!=' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 ']' 454s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712-auth.output 454s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712-auth.output .output 454s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712-auth.pem 454s + echo -n 053350 454s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 454s [p11_child[2487]] [main] (0x0400): p11_child started. 454s [p11_child[2487]] [main] (0x2000): Running in [auth] mode. 454s [p11_child[2487]] [main] (0x2000): Running with effective IDs: [0][0]. 454s [p11_child[2487]] [main] (0x2000): Running with real IDs [0][0]. 454s [p11_child[2487]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 454s [p11_child[2487]] [do_card] (0x4000): Module List: 454s [p11_child[2487]] [do_card] (0x4000): common name: [softhsm2]. 454s [p11_child[2487]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 454s [p11_child[2487]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 455s [p11_child[2487]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 455s [p11_child[2487]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2487]] [do_card] (0x4000): Login required. 455s [p11_child[2487]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 455s [p11_child[2487]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 455s [p11_child[2487]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 455s [p11_child[2487]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x559886f;slot-manufacturer=SoftHSM%20project;slot-id=89753711;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bdf67c3f0559886f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 455s [p11_child[2487]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 455s [p11_child[2487]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 455s [p11_child[2487]] [do_card] (0x4000): Certificate verified and validated. 455s [p11_child[2487]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 455s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712-auth.output 455s + echo '-----BEGIN CERTIFICATE-----' 455s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712-auth.output 455s + echo '-----END CERTIFICATE-----' 455s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712-auth.pem 455s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-26712-auth.pem 455s + found_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 455s + '[' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 '!=' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 ']' 455s + invalid_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 455s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 455s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 455s + local verify_option= 455s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local key_cn 455s + local key_name 455s + local tokens_dir 455s + local output_cert_file 455s + token_name= 455s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 455s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 455s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s ++ sed -n 's/ *commonName *= //p' 455s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 455s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 455s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 455s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 455s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 455s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 455s + token_name='Test Organization Sub Int Token' 455s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 455s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 455s + echo 'Test Organization Sub Int Token' 455s + '[' -n '' ']' 455s + local output_base_name=SSSD-child-20290 455s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-20290.output 455s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-20290.pem 455s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 455s [p11_child[2497]] [main] (0x0400): p11_child started. 455s [p11_child[2497]] [main] (0x2000): Running in [pre-auth] mode. 455s [p11_child[2497]] [main] (0x2000): Running with effective IDs: [0][0]. 455s [p11_child[2497]] [main] (0x2000): Running with real IDs [0][0]. 455s [p11_child[2497]] [do_card] (0x4000): Module List: 455s [p11_child[2497]] [do_card] (0x4000): common name: [softhsm2]. 455s [p11_child[2497]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2497]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 455s [p11_child[2497]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 455s [p11_child[2497]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2497]] [do_card] (0x4000): Login NOT required. 455s [p11_child[2497]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 455s [p11_child[2497]] [do_verification] (0x0040): X509_verify_cert failed [0]. 455s [p11_child[2497]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 455s [p11_child[2497]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 455s [p11_child[2497]] [do_card] (0x4000): No certificate found. 455s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-20290.output 455s + return 2 455s + invalid_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-root-intermediate-chain-CA.pem partial_chain 455s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-root-intermediate-chain-CA.pem partial_chain 455s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-root-intermediate-chain-CA.pem 455s + local verify_option=partial_chain 455s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local key_cn 455s + local key_name 455s + local tokens_dir 455s + local output_cert_file 455s + token_name= 455s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 455s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 455s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s ++ sed -n 's/ *commonName *= //p' 455s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 455s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 455s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 455s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 455s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 455s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 455s + token_name='Test Organization Sub Int Token' 455s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 455s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 455s + echo 'Test Organization Sub Int Token' 455s + '[' -n partial_chain ']' 455s + local verify_arg=--verify=partial_chain 455s + local output_base_name=SSSD-child-14529 455s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-14529.output 455s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-14529.pem 455s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-root-intermediate-chain-CA.pem 455s [p11_child[2504]] [main] (0x0400): p11_child started. 455s [p11_child[2504]] [main] (0x2000): Running in [pre-auth] mode. 455s [p11_child[2504]] [main] (0x2000): Running with effective IDs: [0][0]. 455s [p11_child[2504]] [main] (0x2000): Running with real IDs [0][0]. 455s [p11_child[2504]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 455s [p11_child[2504]] [do_card] (0x4000): Module List: 455s [p11_child[2504]] [do_card] (0x4000): common name: [softhsm2]. 455s [p11_child[2504]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2504]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 455s [p11_child[2504]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 455s [p11_child[2504]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2504]] [do_card] (0x4000): Login NOT required. 455s [p11_child[2504]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 455s [p11_child[2504]] [do_verification] (0x0040): X509_verify_cert failed [0]. 455s [p11_child[2504]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 455s [p11_child[2504]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 455s [p11_child[2504]] [do_card] (0x4000): No certificate found. 455s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-14529.output 455s + return 2 455s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem partial_chain 455s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem partial_chain 455s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 455s + local verify_option=partial_chain 455s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local key_cn 455s + local key_name 455s + local tokens_dir 455s + local output_cert_file 455s + token_name= 455s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 455s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 455s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s ++ sed -n 's/ *commonName *= //p' 455s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 455s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 455s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 455s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 455s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 455s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 455s + token_name='Test Organization Sub Int Token' 455s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 455s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 455s + echo 'Test Organization Sub Int Token' 455s + '[' -n partial_chain ']' 455s + local verify_arg=--verify=partial_chain 455s + local output_base_name=SSSD-child-22639 455s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639.output 455s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639.pem 455s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem 455s [p11_child[2511]] [main] (0x0400): p11_child started. 455s [p11_child[2511]] [main] (0x2000): Running in [pre-auth] mode. 455s [p11_child[2511]] [main] (0x2000): Running with effective IDs: [0][0]. 455s [p11_child[2511]] [main] (0x2000): Running with real IDs [0][0]. 455s [p11_child[2511]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 455s [p11_child[2511]] [do_card] (0x4000): Module List: 455s [p11_child[2511]] [do_card] (0x4000): common name: [softhsm2]. 455s [p11_child[2511]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2511]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 455s [p11_child[2511]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 455s [p11_child[2511]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2511]] [do_card] (0x4000): Login NOT required. 455s [p11_child[2511]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 455s [p11_child[2511]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 455s [p11_child[2511]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 455s [p11_child[2511]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x559886f;slot-manufacturer=SoftHSM%20project;slot-id=89753711;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bdf67c3f0559886f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 455s [p11_child[2511]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 455s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639.output 455s + echo '-----BEGIN CERTIFICATE-----' 455s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639.output 455s + echo '-----END CERTIFICATE-----' 455s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639.pem 455s + local found_md5 expected_md5 455s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s + expected_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 455s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639.pem 455s + found_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 455s + '[' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 '!=' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 ']' 455s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639-auth.output 455s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639-auth.output .output 455s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639-auth.pem 455s + echo -n 053350 455s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 455s [p11_child[2519]] [main] (0x0400): p11_child started. 455s [p11_child[2519]] [main] (0x2000): Running in [auth] mode. 455s [p11_child[2519]] [main] (0x2000): Running with effective IDs: [0][0]. 455s [p11_child[2519]] [main] (0x2000): Running with real IDs [0][0]. 455s [p11_child[2519]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 455s [p11_child[2519]] [do_card] (0x4000): Module List: 455s [p11_child[2519]] [do_card] (0x4000): common name: [softhsm2]. 455s [p11_child[2519]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2519]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 455s [p11_child[2519]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 455s [p11_child[2519]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2519]] [do_card] (0x4000): Login required. 455s [p11_child[2519]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 455s [p11_child[2519]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 455s [p11_child[2519]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 455s [p11_child[2519]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x559886f;slot-manufacturer=SoftHSM%20project;slot-id=89753711;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bdf67c3f0559886f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 455s [p11_child[2519]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 455s [p11_child[2519]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 455s [p11_child[2519]] [do_card] (0x4000): Certificate verified and validated. 455s [p11_child[2519]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 455s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639-auth.output 455s + echo '-----BEGIN CERTIFICATE-----' 455s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639-auth.output 455s + echo '-----END CERTIFICATE-----' 455s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639-auth.pem 455s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-22639-auth.pem 455s + found_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 455s + '[' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 '!=' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 ']' 455s + valid_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-intermediate-sub-chain-CA.pem partial_chain 455s + check_certificate /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 /tmp/sssd-softhsm2-YAH4lk/test-intermediate-sub-chain-CA.pem partial_chain 455s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local key_ring=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-sub-chain-CA.pem 455s + local verify_option=partial_chain 455s + prepare_softhsm2_card /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local certificate=/tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23034 455s + local key_cn 455s + local key_name 455s + local tokens_dir 455s + local output_cert_file 455s + token_name= 455s ++ basename /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 455s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 455s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s ++ sed -n 's/ *commonName *= //p' 455s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 455s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 455s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 455s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 455s ++ basename /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 455s + tokens_dir=/tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 455s + token_name='Test Organization Sub Int Token' 455s + '[' '!' -e /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 455s + '[' '!' -d /tmp/sssd-softhsm2-YAH4lk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 455s + echo 'Test Organization Sub Int Token' 455s + '[' -n partial_chain ']' 455s + local verify_arg=--verify=partial_chain 455s + local output_base_name=SSSD-child-32754 455s + local output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754.output 455s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754.pem 455s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-sub-chain-CA.pem 455s [p11_child[2529]] [main] (0x0400): p11_child started. 455s [p11_child[2529]] [main] (0x2000): Running in [pre-auth] mode. 455s [p11_child[2529]] [main] (0x2000): Running with effective IDs: [0][0]. 455s [p11_child[2529]] [main] (0x2000): Running with real IDs [0][0]. 455s [p11_child[2529]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 455s [p11_child[2529]] [do_card] (0x4000): Module List: 455s [p11_child[2529]] [do_card] (0x4000): common name: [softhsm2]. 455s [p11_child[2529]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2529]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 455s [p11_child[2529]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 455s [p11_child[2529]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2529]] [do_card] (0x4000): Login NOT required. 455s [p11_child[2529]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 455s [p11_child[2529]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 455s [p11_child[2529]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 455s [p11_child[2529]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x559886f;slot-manufacturer=SoftHSM%20project;slot-id=89753711;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bdf67c3f0559886f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 455s [p11_child[2529]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 455s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754.output 455s + echo '-----BEGIN CERTIFICATE-----' 455s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754.output 455s + echo '-----END CERTIFICATE-----' 455s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754.pem 455s + local found_md5 expected_md5 455s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/test-sub-intermediate-CA-trusted-certificate-0001.pem 455s + expected_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 455s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754.pem 455s + found_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 455s + '[' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 '!=' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 ']' 455s + output_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754-auth.output 455s ++ basename /tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754-auth.output .output 455s + output_cert_file=/tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754-auth.pem 455s + echo -n 053350 455s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-YAH4lk/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 455s [p11_child[2537]] [main] (0x0400): p11_child started. 455s [p11_child[2537]] [main] (0x2000): Running in [auth] mode. 455s [p11_child[2537]] [main] (0x2000): Running with effective IDs: [0][0]. 455s [p11_child[2537]] [main] (0x2000): Running with real IDs [0][0]. 455s [p11_child[2537]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 455s [p11_child[2537]] [do_card] (0x4000): Module List: 455s [p11_child[2537]] [do_card] (0x4000): common name: [softhsm2]. 455s [p11_child[2537]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2537]] [do_card] (0x4000): Description [SoftHSM slot ID 0x559886f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 455s [p11_child[2537]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 455s [p11_child[2537]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x559886f][89753711] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 455s [p11_child[2537]] [do_card] (0x4000): Login required. 455s [p11_child[2537]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 455s [p11_child[2537]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 455s [p11_child[2537]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 455s [p11_child[2537]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x559886f;slot-manufacturer=SoftHSM%20project;slot-id=89753711;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bdf67c3f0559886f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 455s [p11_child[2537]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 455s [p11_child[2537]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 455s [p11_child[2537]] [do_card] (0x4000): Certificate verified and validated. 455s [p11_child[2537]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 455s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754-auth.output 455s + echo '-----BEGIN CERTIFICATE-----' 455s + tail -n1 /tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754-auth.output 455s + echo '-----END CERTIFICATE-----' 455s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754-auth.pem 455s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-YAH4lk/SSSD-child-32754-auth.pem 455s + found_md5=Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 455s + '[' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 '!=' Modulus=C95E8C50F119B2CB186D018ABBB7176AA5F4F2EC1BCD8D46FB64BC8F1031489B8710A976710C3624CB92F19DCD84B34E1BCA0216FE28CD9BAED0A91267383EAAEAD76A7ED6B1DDE8A6C0B6927C2F310BCF936AB2ACFE4733D6F211ECCC403EE58A04BD140051547F3BA2A5D1913D8CD56D65D49965B70948EFC319C12C4FC1E1 ']' 455s + set +x 455s autopkgtest [18:36:46]: test sssd-softhism2-certificates-tests.sh: -----------------------] 457s autopkgtest [18:36:48]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 457s sssd-softhism2-certificates-tests.sh PASS 457s autopkgtest [18:36:48]: test sssd-smart-card-pam-auth-configs: preparing testbed 461s Reading package lists... 461s Building dependency tree... 461s Reading state information... 461s Starting pkgProblemResolver with broken count: 0 461s Starting 2 pkgProblemResolver with broken count: 0 461s Done 462s The following additional packages will be installed: 462s pamtester 462s The following NEW packages will be installed: 462s autopkgtest-satdep pamtester 462s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 462s Need to get 12.7 kB/13.5 kB of archives. 462s After this operation, 36.9 kB of additional disk space will be used. 462s Get:1 /tmp/autopkgtest.blXj30/4-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [760 B] 462s Get:2 http://ftpmaster.internal/ubuntu oracular/universe amd64 pamtester amd64 0.1.2-4 [12.7 kB] 462s Fetched 12.7 kB in 0s (296 kB/s) 462s Selecting previously unselected package pamtester. 462s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75042 files and directories currently installed.) 462s Preparing to unpack .../pamtester_0.1.2-4_amd64.deb ... 462s Unpacking pamtester (0.1.2-4) ... 462s Selecting previously unselected package autopkgtest-satdep. 462s Preparing to unpack .../4-autopkgtest-satdep.deb ... 462s Unpacking autopkgtest-satdep (0) ... 463s Setting up pamtester (0.1.2-4) ... 463s Setting up autopkgtest-satdep (0) ... 463s Processing triggers for man-db (2.12.1-2) ... 489s (Reading database ... 75048 files and directories currently installed.) 489s Removing autopkgtest-satdep (0) ... 495s autopkgtest [18:37:26]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 495s autopkgtest [18:37:26]: test sssd-smart-card-pam-auth-configs: [----------------------- 496s + '[' -z ubuntu ']' 496s + export DEBIAN_FRONTEND=noninteractive 496s + DEBIAN_FRONTEND=noninteractive 496s + required_tools=(pamtester softhsm2-util sssd) 496s + [[ ! -v OFFLINE_MODE ]] 496s + for cmd in "${required_tools[@]}" 496s + command -v pamtester 496s + for cmd in "${required_tools[@]}" 496s + command -v softhsm2-util 496s + for cmd in "${required_tools[@]}" 496s + command -v sssd 496s + PIN=123456 496s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 496s + tmpdir=/tmp/sssd-softhsm2-certs-OJdQvH 496s + backupsdir= 496s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 496s + declare -a restore_paths 496s + declare -a delete_paths 496s + trap handle_exit EXIT 496s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 496s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 496s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 496s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 496s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-OJdQvH GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 496s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-OJdQvH 496s + GENERATE_SMART_CARDS=1 496s + KEEP_TEMPORARY_FILES=1 496s + NO_SSSD_TESTS=1 496s + bash debian/tests/sssd-softhism2-certificates-tests.sh 496s + '[' -z ubuntu ']' 496s + required_tools=(p11tool openssl softhsm2-util) 496s + for cmd in "${required_tools[@]}" 496s + command -v p11tool 496s + for cmd in "${required_tools[@]}" 496s + command -v openssl 496s + for cmd in "${required_tools[@]}" 496s + command -v softhsm2-util 496s + PIN=123456 496s +++ find /usr/lib/softhsm/libsofthsm2.so 496s +++ head -n 1 496s ++ realpath /usr/lib/softhsm/libsofthsm2.so 496s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 496s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 496s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 496s + '[' '!' -v NO_SSSD_TESTS ']' 496s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 496s + tmpdir=/tmp/sssd-softhsm2-certs-OJdQvH 496s + keys_size=1024 496s + [[ ! -v KEEP_TEMPORARY_FILES ]] 496s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 496s + echo -n 01 496s + touch /tmp/sssd-softhsm2-certs-OJdQvH/index.txt 496s + mkdir -p /tmp/sssd-softhsm2-certs-OJdQvH/new_certs 496s + cat 496s + root_ca_key_pass=pass:random-root-CA-password-19296 496s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-key.pem -passout pass:random-root-CA-password-19296 1024 496s + openssl req -passin pass:random-root-CA-password-19296 -batch -config /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.pem 496s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.pem 496s + cat 496s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-16426 496s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-16426 1024 496s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-16426 -config /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-19296 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-certificate-request.pem 496s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-certificate-request.pem 496s Certificate Request: 496s Data: 496s Version: 1 (0x0) 496s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 496s Subject Public Key Info: 496s Public Key Algorithm: rsaEncryption 496s Public-Key: (1024 bit) 496s Modulus: 496s 00:a4:74:c8:9a:5d:37:0d:c7:2d:83:c6:91:dc:75: 496s 36:ed:a7:3c:b1:28:94:4b:d7:62:2a:fd:20:6e:fc: 496s 09:70:b7:27:24:ce:cb:a1:ef:29:d3:d4:2c:3d:1c: 496s 31:28:e6:a5:6f:bb:1a:37:84:dd:19:85:d8:72:2a: 496s 41:af:3d:e7:b9:36:b4:af:73:a9:a1:b1:d0:93:c9: 496s b4:6f:ee:05:6b:d7:33:73:b6:3f:d1:11:4c:79:6e: 496s 8d:3e:9b:ef:36:5a:66:06:19:a2:24:d2:13:b6:08: 496s 0d:d3:72:36:ce:73:09:16:bd:95:5e:13:05:b7:e8: 496s ed:04:59:d4:93:9a:65:a1:8f 496s Exponent: 65537 (0x10001) 496s Attributes: 496s (none) 496s Requested Extensions: 496s Signature Algorithm: sha256WithRSAEncryption 496s Signature Value: 496s 61:a2:bf:46:f5:5a:c8:df:ca:98:3c:93:73:08:f7:a0:74:ea: 496s 2a:1c:c8:38:ec:41:59:92:c6:00:f1:19:03:a9:53:9d:e8:dc: 496s 3d:5f:22:2b:bc:af:bf:4c:15:63:05:65:89:1f:10:59:d8:be: 496s 35:4a:59:a3:60:1a:69:b5:d9:9f:6d:5c:cd:4b:d3:73:0d:fc: 496s a5:9b:c3:68:5d:a6:80:58:ed:f7:6e:eb:42:e4:ba:45:34:f9: 496s a5:1a:c6:43:e2:49:ef:6f:b9:44:87:0e:cd:16:80:1e:08:24: 496s 1e:6b:f8:79:19:bb:40:9c:4b:34:9a:af:1c:6d:cb:1e:fc:f3: 496s e6:f3 496s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.config -passin pass:random-root-CA-password-19296 -keyfile /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem 496s Using configuration from /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.config 496s Check that the request matches the signature 496s Signature ok 496s Certificate Details: 496s Serial Number: 1 (0x1) 496s Validity 496s Not Before: Jun 13 18:37:27 2024 GMT 496s Not After : Jun 13 18:37:27 2025 GMT 496s Subject: 496s organizationName = Test Organization 496s organizationalUnitName = Test Organization Unit 496s commonName = Test Organization Intermediate CA 496s X509v3 extensions: 496s X509v3 Subject Key Identifier: 496s 92:E4:CB:EB:4E:44:95:9A:62:9A:08:30:4C:8F:F1:E2:37:6C:0D:93 496s X509v3 Authority Key Identifier: 496s keyid:EE:00:DB:B4:55:91:1C:CE:4E:B2:9B:92:B1:9A:B5:0B:DA:E8:39:81 496s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 496s serial:00 496s X509v3 Basic Constraints: 496s CA:TRUE 496s X509v3 Key Usage: critical 496s Digital Signature, Certificate Sign, CRL Sign 496s Certificate is to be certified until Jun 13 18:37:27 2025 GMT (365 days) 496s 496s Write out database with 1 new entries 496s Database updated 496s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem 496s /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem: OK 496s + cat 496s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-30855 496s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-30855 1024 496s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-30855 -config /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-16426 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-certificate-request.pem 496s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-certificate-request.pem 496s Certificate Request: 496s Data: 496s Version: 1 (0x0) 496s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 496s Subject Public Key Info: 496s Public Key Algorithm: rsaEncryption 496s Public-Key: (1024 bit) 496s Modulus: 496s 00:d4:8b:b3:93:af:04:d0:d6:cb:2b:33:a9:d9:1d: 496s 3b:10:de:0c:a2:26:71:c4:fa:e7:b4:e6:9d:8b:d5: 496s be:ac:99:ab:b9:7b:cc:23:84:0a:65:d5:05:e0:40: 496s d3:8a:32:ad:53:66:6d:81:76:f2:34:d6:69:79:92: 496s aa:e9:c7:77:49:36:c1:a9:72:c3:3f:9f:96:22:bc: 496s a7:d9:33:ad:31:6d:b6:34:31:07:a0:95:78:5b:0d: 496s c1:94:e1:d8:6d:80:48:2f:f6:e7:7a:ea:20:4a:a4: 496s f5:08:8b:13:e4:f1:a1:1d:33:4e:c2:37:c5:7b:56: 496s 69:01:1f:bd:44:1f:18:d4:0b 496s Exponent: 65537 (0x10001) 496s Attributes: 496s (none) 496s Requested Extensions: 496s Signature Algorithm: sha256WithRSAEncryption 496s Signature Value: 496s bc:d0:6b:e2:9f:a1:3a:6b:59:2e:24:dc:95:0d:97:7f:39:d2: 496s f1:db:25:7e:d1:af:1a:12:d8:43:91:ee:ce:ef:16:33:b5:a7: 496s d9:b1:b9:6d:b9:c2:90:87:cf:a5:3f:a8:6b:4d:24:00:47:b9: 496s 89:e3:dc:a3:5e:f7:5e:17:4f:58:3e:d9:4a:5b:52:51:d5:be: 496s 95:7b:3f:71:81:87:f3:04:ae:28:48:7d:54:24:fa:03:f4:7c: 496s 6b:2e:d4:65:fd:c2:37:00:a4:dc:c1:30:98:97:2c:af:74:7d: 496s 29:ba:d4:74:52:26:f8:fe:a1:d5:56:0d:48:2a:67:0e:38:62: 496s 49:99 496s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-16426 -keyfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem 496s Using configuration from /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.config 496s Check that the request matches the signature 496s Signature ok 496s Certificate Details: 496s Serial Number: 2 (0x2) 496s Validity 496s Not Before: Jun 13 18:37:27 2024 GMT 496s Not After : Jun 13 18:37:27 2025 GMT 496s Subject: 496s organizationName = Test Organization 496s organizationalUnitName = Test Organization Unit 496s commonName = Test Organization Sub Intermediate CA 496s X509v3 extensions: 496s X509v3 Subject Key Identifier: 496s A4:B8:98:52:3F:41:2E:75:F3:D6:41:8D:AF:08:C0:21:1C:5B:8F:C1 496s X509v3 Authority Key Identifier: 496s keyid:92:E4:CB:EB:4E:44:95:9A:62:9A:08:30:4C:8F:F1:E2:37:6C:0D:93 496s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 496s serial:01 496s X509v3 Basic Constraints: 496s CA:TRUE 496s X509v3 Key Usage: critical 496s Digital Signature, Certificate Sign, CRL Sign 496s Certificate is to be certified until Jun 13 18:37:27 2025 GMT (365 days) 496s 496s Write out database with 1 new entries 496s Database updated 496s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem 496s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem 496s /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem: OK 496s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem 496s + local cmd=openssl 496s + shift 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem 496s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 496s error 20 at 0 depth lookup: unable to get local issuer certificate 496s error /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem: verification failed 496s + cat 496s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-3498 496s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-3498 1024 496s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-3498 -key /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001-request.pem 496s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001-request.pem 496s Certificate Request: 496s Data: 496s Version: 1 (0x0) 496s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 496s Subject Public Key Info: 496s Public Key Algorithm: rsaEncryption 496s Public-Key: (1024 bit) 496s Modulus: 496s 00:c9:7b:b0:85:df:91:85:d8:f5:45:5c:e3:5f:df: 496s 7e:a7:44:a1:12:02:71:e4:e4:28:15:87:1a:ae:28: 496s 1f:c5:94:aa:83:4f:64:6b:66:3e:01:fd:a6:25:43: 496s e8:37:f8:02:55:e7:3f:b7:8a:eb:2d:99:2a:7e:09: 496s 56:1b:f0:62:84:06:a3:9f:ec:43:e9:7d:39:0b:5f: 496s 1f:45:f8:30:e5:be:77:9b:3a:c0:4c:e5:a2:f9:fc: 496s 4e:46:79:df:1b:4a:43:e4:df:d3:b4:59:7c:4c:15: 496s 72:1c:8c:b6:cc:6e:01:71:88:21:f9:53:08:8c:9c: 496s 82:cb:ca:0d:04:95:6b:71:33 496s Exponent: 65537 (0x10001) 496s Attributes: 496s Requested Extensions: 496s X509v3 Basic Constraints: 496s CA:FALSE 496s Netscape Cert Type: 496s SSL Client, S/MIME 496s Netscape Comment: 496s Test Organization Root CA trusted Certificate 496s X509v3 Subject Key Identifier: 496s 24:D0:B8:36:6D:BA:A1:E5:00:67:67:9A:31:B2:BB:EC:90:8B:80:F1 496s X509v3 Key Usage: critical 496s Digital Signature, Non Repudiation, Key Encipherment 496s X509v3 Extended Key Usage: 496s TLS Web Client Authentication, E-mail Protection 496s X509v3 Subject Alternative Name: 496s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 496s Signature Algorithm: sha256WithRSAEncryption 496s Signature Value: 496s 18:20:f4:5c:49:54:2c:f2:6a:10:1b:58:9f:f7:de:ab:22:c8: 496s 96:53:e1:4b:ef:f6:d8:da:3a:82:2a:13:42:6d:38:d8:e4:6d: 496s 43:ba:c7:a3:b9:28:fc:6c:77:2e:bf:42:fa:97:f1:22:a9:2c: 496s 6e:bb:14:0c:5d:55:cb:8a:d5:1a:a1:d4:11:f6:40:78:b1:fc: 496s e9:66:ef:fa:14:dd:b6:94:bb:88:1d:40:72:5c:ec:6a:f0:9d: 496s 0c:04:65:96:50:2c:d5:77:13:73:c1:45:6e:d0:dc:f5:fa:c7: 496s 9c:00:2d:03:29:54:5b:c5:e3:1a:ec:38:d6:32:97:85:92:7f: 496s a8:ff 496s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.config -passin pass:random-root-CA-password-19296 -keyfile /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem 496s Using configuration from /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.config 496s Check that the request matches the signature 496s Signature ok 496s Certificate Details: 496s Serial Number: 3 (0x3) 496s Validity 496s Not Before: Jun 13 18:37:27 2024 GMT 496s Not After : Jun 13 18:37:27 2025 GMT 496s Subject: 496s organizationName = Test Organization 496s organizationalUnitName = Test Organization Unit 496s commonName = Test Organization Root Trusted Certificate 0001 496s X509v3 extensions: 496s X509v3 Authority Key Identifier: 496s EE:00:DB:B4:55:91:1C:CE:4E:B2:9B:92:B1:9A:B5:0B:DA:E8:39:81 496s X509v3 Basic Constraints: 496s CA:FALSE 496s Netscape Cert Type: 496s SSL Client, S/MIME 496s Netscape Comment: 496s Test Organization Root CA trusted Certificate 496s X509v3 Subject Key Identifier: 496s 24:D0:B8:36:6D:BA:A1:E5:00:67:67:9A:31:B2:BB:EC:90:8B:80:F1 496s X509v3 Key Usage: critical 496s Digital Signature, Non Repudiation, Key Encipherment 496s X509v3 Extended Key Usage: 496s TLS Web Client Authentication, E-mail Protection 496s X509v3 Subject Alternative Name: 496s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 496s Certificate is to be certified until Jun 13 18:37:27 2025 GMT (365 days) 496s 496s Write out database with 1 new entries 496s Database updated 496s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem 496s /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem: OK 496s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem 496s + local cmd=openssl 496s + shift 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem 496s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 496s error 20 at 0 depth lookup: unable to get local issuer certificate 496s error /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem: verification failed 496s + cat 496s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-12064 496s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-12064 1024 496s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-12064 -key /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001-request.pem 496s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001-request.pem 496s Certificate Request: 496s Data: 496s Version: 1 (0x0) 496s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 496s Subject Public Key Info: 496s Public Key Algorithm: rsaEncryption 496s Public-Key: (1024 bit) 496s Modulus: 496s 00:a2:13:73:97:41:9f:22:ab:68:74:2c:23:43:91: 496s b3:c8:d5:ec:43:f1:99:07:9b:bd:4d:5f:5f:da:14: 496s c5:24:3a:83:6e:59:79:a1:e3:98:e7:79:b8:ea:b9: 496s 38:5f:45:b6:6e:31:a6:b1:96:71:52:e7:56:af:ba: 496s 45:aa:cf:9c:b1:bf:78:1a:ce:a3:24:e2:2c:ac:bd: 496s 7d:93:2d:9a:55:fb:50:40:f3:02:8e:3f:cb:33:d0: 496s 7e:61:b8:cc:5d:79:00:10:47:69:de:af:1f:e9:93: 496s 79:a0:79:1a:12:6c:f9:8b:2d:e1:05:56:5c:eb:6a: 496s 51:98:84:04:96:11:86:6d:19 496s Exponent: 65537 (0x10001) 496s Attributes: 496s Requested Extensions: 496s X509v3 Basic Constraints: 496s CA:FALSE 496s Netscape Cert Type: 496s SSL Client, S/MIME 496s Netscape Comment: 496s Test Organization Intermediate CA trusted Certificate 496s X509v3 Subject Key Identifier: 496s D2:A2:49:73:D2:65:52:B0:C4:18:41:3A:F0:D6:E7:58:F9:60:85:64 496s X509v3 Key Usage: critical 496s Digital Signature, Non Repudiation, Key Encipherment 496s X509v3 Extended Key Usage: 496s TLS Web Client Authentication, E-mail Protection 496s X509v3 Subject Alternative Name: 496s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 496s Signature Algorithm: sha256WithRSAEncryption 496s Signature Value: 496s 9d:87:c3:7a:f4:01:4b:a5:2a:69:ff:0f:0c:aa:9b:29:55:48: 496s 16:6a:0e:34:06:36:26:e8:fe:c7:ff:c2:f8:08:22:47:5a:64: 496s d1:0e:46:b0:0c:95:7c:16:c4:44:9e:33:0b:b0:e5:53:39:9a: 496s 14:64:15:c6:57:27:ea:c0:29:75:f0:f3:c3:62:ee:33:78:7f: 496s e4:6d:61:ea:d4:bc:24:be:55:86:d1:41:44:62:e2:66:e9:f7: 496s a7:c9:21:cd:9f:15:59:f3:0b:e1:29:f7:7b:fb:b3:a8:41:53: 496s db:04:99:60:9f:55:c5:d0:b9:5e:78:da:6a:cd:d1:5e:4b:31: 496s d3:8b 496s + openssl ca -passin pass:random-intermediate-CA-password-16426 -config /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem 496s Using configuration from /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.config 496s Check that the request matches the signature 496s Signature ok 496s Certificate Details: 496s Serial Number: 4 (0x4) 496s Validity 496s Not Before: Jun 13 18:37:27 2024 GMT 496s Not After : Jun 13 18:37:27 2025 GMT 496s Subject: 496s organizationName = Test Organization 496s organizationalUnitName = Test Organization Unit 496s commonName = Test Organization Intermediate Trusted Certificate 0001 496s X509v3 extensions: 496s X509v3 Authority Key Identifier: 496s 92:E4:CB:EB:4E:44:95:9A:62:9A:08:30:4C:8F:F1:E2:37:6C:0D:93 496s X509v3 Basic Constraints: 496s CA:FALSE 496s Netscape Cert Type: 496s SSL Client, S/MIME 496s Netscape Comment: 496s Test Organization Intermediate CA trusted Certificate 496s X509v3 Subject Key Identifier: 496s D2:A2:49:73:D2:65:52:B0:C4:18:41:3A:F0:D6:E7:58:F9:60:85:64 496s X509v3 Key Usage: critical 496s Digital Signature, Non Repudiation, Key Encipherment 496s X509v3 Extended Key Usage: 496s TLS Web Client Authentication, E-mail Protection 496s X509v3 Subject Alternative Name: 496s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 496s Certificate is to be certified until Jun 13 18:37:27 2025 GMT (365 days) 496s 496s Write out database with 1 new entries 496s Database updated 496s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem 496s This certificate should not be trusted fully 496s + echo 'This certificate should not be trusted fully' 496s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem 496s + local cmd=openssl 496s + shift 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem 496s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 496s error 2 at 1 depth lookup: unable to get issuer certificate 496s error /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 496s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem 496s /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem: OK 496s + cat 496s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8178 496s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-8178 1024 496s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-8178 -key /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 496s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 496s Certificate Request: 496s Data: 496s Version: 1 (0x0) 496s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 496s Subject Public Key Info: 496s Public Key Algorithm: rsaEncryption 496s Public-Key: (1024 bit) 496s Modulus: 496s 00:d3:3f:5e:1d:ad:27:cb:e6:ae:5a:48:1f:2f:f7: 496s f1:ee:d2:02:2f:88:8f:a4:37:88:6d:37:e4:27:64: 496s a3:d2:48:92:16:73:6d:2f:d2:24:c6:ec:db:06:65: 496s 7d:d1:d0:8c:e8:d9:1b:a0:05:e8:86:eb:2a:04:dd: 496s f9:0e:25:5d:02:75:af:10:af:5e:52:c4:ba:98:db: 496s 70:29:3a:d7:d0:c4:9e:ec:e3:97:8e:4b:b3:a7:0f: 496s bb:9d:fc:db:e2:4c:43:b6:b4:9a:d2:a2:dd:9c:70: 496s 11:b2:3d:c1:9e:df:2a:d2:35:7e:c8:e5:1d:66:73: 496s fe:47:8a:63:ff:32:82:8e:b5 496s Exponent: 65537 (0x10001) 496s Attributes: 496s Requested Extensions: 496s X509v3 Basic Constraints: 496s CA:FALSE 496s Netscape Cert Type: 496s SSL Client, S/MIME 496s Netscape Comment: 496s Test Organization Sub Intermediate CA trusted Certificate 496s X509v3 Subject Key Identifier: 496s 8C:C3:AE:53:1F:C6:AF:BD:8A:56:C2:1C:4F:B9:D4:B7:60:72:5A:0F 496s X509v3 Key Usage: critical 496s Digital Signature, Non Repudiation, Key Encipherment 496s X509v3 Extended Key Usage: 496s TLS Web Client Authentication, E-mail Protection 496s X509v3 Subject Alternative Name: 496s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 496s Signature Algorithm: sha256WithRSAEncryption 496s Signature Value: 496s 85:ae:5d:bc:5f:0b:53:76:3e:04:fc:8a:aa:13:3b:38:6f:e0: 496s 64:07:d9:b9:de:85:df:13:f9:19:e6:0f:7c:bd:7b:ae:00:73: 496s 8c:b4:49:b4:ca:74:9b:f9:0f:a8:46:ae:2e:09:c4:e3:99:e9: 496s 2d:03:3a:c5:67:d8:56:97:90:9e:20:3d:f1:c9:16:ed:49:b9: 496s 7a:c5:a2:c2:9f:d5:1b:a6:51:e2:1c:9b:e4:91:10:a1:28:b6: 496s 6c:1f:78:fb:04:f6:5d:33:7a:2b:b1:77:b1:5f:c0:e7:48:a9: 496s 22:d5:ca:ee:72:90:e0:62:38:7e:9c:30:60:8b:ee:4d:b5:63: 496s 49:dc 496s + openssl ca -passin pass:random-sub-intermediate-CA-password-30855 -config /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s Using configuration from /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.config 496s Check that the request matches the signature 496s Signature ok 496s Certificate Details: 496s Serial Number: 5 (0x5) 496s Validity 496s Not Before: Jun 13 18:37:27 2024 GMT 496s Not After : Jun 13 18:37:27 2025 GMT 496s Subject: 496s organizationName = Test Organization 496s organizationalUnitName = Test Organization Unit 496s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 496s X509v3 extensions: 496s X509v3 Authority Key Identifier: 496s A4:B8:98:52:3F:41:2E:75:F3:D6:41:8D:AF:08:C0:21:1C:5B:8F:C1 496s X509v3 Basic Constraints: 496s CA:FALSE 496s Netscape Cert Type: 496s SSL Client, S/MIME 496s Netscape Comment: 496s Test Organization Sub Intermediate CA trusted Certificate 496s X509v3 Subject Key Identifier: 496s 8C:C3:AE:53:1F:C6:AF:BD:8A:56:C2:1C:4F:B9:D4:B7:60:72:5A:0F 496s X509v3 Key Usage: critical 496s Digital Signature, Non Repudiation, Key Encipherment 496s X509v3 Extended Key Usage: 496s TLS Web Client Authentication, E-mail Protection 496s X509v3 Subject Alternative Name: 496s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 496s Certificate is to be certified until Jun 13 18:37:27 2025 GMT (365 days) 496s 496s Write out database with 1 new entries 496s Database updated 496s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s This certificate should not be trusted fully 496s + echo 'This certificate should not be trusted fully' 496s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s + local cmd=openssl 496s + shift 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 496s error 2 at 1 depth lookup: unable to get issuer certificate 496s error /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 496s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s + local cmd=openssl 496s + shift 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 496s error 20 at 0 depth lookup: unable to get local issuer certificate 496s error /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 496s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 496s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s + local cmd=openssl 496s + shift 496s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s O = Test Organization, OU = TesBuilding a the full-chain CA file... 496s t Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 496s error 20 at 0 depth lookup: unable to get local issuer certificate 496s error /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 496s + echo 'Building a the full-chain CA file...' 496s + cat /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem 496s + cat /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem 496s + cat /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem 496s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem 496s + openssl pkcs7 -print_certs -noout 496s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 496s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 496s 496s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 496s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 496s 496s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 496s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 496s 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem 496s /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA.pem: OK 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem 496s /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem: OK 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem 496s /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem: OK 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-root-intermediate-chain-CA.pem 496s /tmp/sssd-softhsm2-certs-OJdQvH/test-root-intermediate-chain-CA.pem: OK 496s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 496s + echo 'Certificates generation completed!' 496s Certificates generation completed! 496s + [[ -v NO_SSSD_TESTS ]] 496s + [[ -v GENERATE_SMART_CARDS ]] 496s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3498 496s + local certificate=/tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem 496s + local key_pass=pass:random-root-ca-trusted-cert-0001-3498 496s + local key_cn 496s + local key_name 496s + local tokens_dir 496s + local output_cert_file 496s + token_name= 496s ++ basename /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem .pem 496s + key_name=test-root-CA-trusted-certificate-0001 496s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem 496s ++ sed -n 's/ *commonName *= //p' 496s + key_cn='Test Organization Root Trusted Certificate 0001' 496s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 496s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-root-CA-trusted-certificate-0001.conf 496s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-root-CA-trusted-certificate-0001.conf 496s ++ basename /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 496s + tokens_dir=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-root-CA-trusted-certificate-0001 496s + token_name='Test Organization Root Tr Token' 496s + '[' '!' -e /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 496s + local key_file 496s + local decrypted_key 496s + mkdir -p /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-root-CA-trusted-certificate-0001 496s + key_file=/tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001-key.pem 496s + decrypted_key=/tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001-key-decrypted.pem 496s + cat 496s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 496s Slot 0 has a free/uninitialized token. 496s The token has been initialized and is reassigned to slot 1302877433 496s + softhsm2-util --show-slots 496s Available slots: 496s Slot 1302877433 496s Slot info: 496s Description: SoftHSM slot ID 0x4da854f9 496s Manufacturer ID: SoftHSM project 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Token present: yes 496s Token info: 496s Manufacturer ID: SoftHSM project 496s Model: SoftHSM v2 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Serial number: 67e383484da854f9 496s Initialized: yes 496s User PIN init.: yes 496s Label: Test Organization Root Tr Token 496s Slot 1 496s Slot info: 496s Description: SoftHSM slot ID 0x1 496s Manufacturer ID: SoftHSM project 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Token present: yes 496s Token info: 496s Manufacturer ID: SoftHSM project 496s Model: SoftHSM v2 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Serial number: 496s Initialized: no 496s User PIN init.: no 496s Label: 496s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 496s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-3498 -in /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001-key-decrypted.pem 496s writing RSA key 496s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 496s + rm /tmp/sssd-softhsm2-certs-OJdQvH/test-root-CA-trusted-certificate-0001-key-decrypted.pem 496s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 496s Object 0: 496s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=67e383484da854f9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 496s Type: X.509 Certificate (RSA-1024) 496s Expires: Fri Jun 13 18:37:27 2025 496s Label: Test Organization Root Trusted Certificate 0001 496s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 496s 496s Test Organization Root Tr Token 496s + echo 'Test Organization Root Tr Token' 496s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-12064 496s + local certificate=/tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem 496s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-12064 496s + local key_cn 496s + local key_name 496s + local tokens_dir 496s + local output_cert_file 496s + token_name= 496s ++ basename /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem .pem 496s + key_name=test-intermediate-CA-trusted-certificate-0001 496s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem 496s ++ sed -n 's/ *commonName *= //p' 496s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 496s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 496s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 496s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 496s ++ basename /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 496s + tokens_dir=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-intermediate-CA-trusted-certificate-0001 496s + token_name='Test Organization Interme Token' 496s + '[' '!' -e /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 496s + local key_file 496s + local decrypted_key 496s + mkdir -p /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-intermediate-CA-trusted-certificate-0001 496s + key_file=/tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001-key.pem 496s + decrypted_key=/tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 496s + cat 496s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 496s Slot 0 has a free/uninitialized token. 496s The token has been initialized and is reassigned to slot 255192001 496s + softhsm2-util --show-slots 496s Available slots: 496s Slot 255192001 496s Slot info: 496s Description: SoftHSM slot ID 0xf35ebc1 496s Manufacturer ID: SoftHSM project 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Token present: yes 496s Token info: 496s Manufacturer ID: SoftHSM project 496s Model: SoftHSM v2 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Serial number: 5acf39788f35ebc1 496s Initialized: yes 496s User PIN init.: yes 496s Label: Test Organization Interme Token 496s Slot 1 496s Slot info: 496s Description: SoftHSM slot ID 0x1 496s Manufacturer ID: SoftHSM project 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Token present: yes 496s Token info: 496s Manufacturer ID: SoftHSM project 496s Model: SoftHSM v2 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Serial number: 496s Initialized: no 496s User PIN init.: no 496s Label: 496s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 496s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-12064 -in /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 496s writing RSA key 496s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 496s + rm /tmp/sssd-softhsm2-certs-OJdQvH/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 496s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 496s Object 0: 496s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5acf39788f35ebc1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 496s Type: X.509 Certificate (RSA-1024) 496s Expires: Fri Jun 13 18:37:27 2025 496s Label: Test Organization Intermediate Trusted Certificate 0001 496s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 496s 496s Test Organization Interme Token 496s + echo 'Test Organization Interme Token' 496s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8178 496s + local certificate=/tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8178 496s + local key_cn 496s + local key_name 496s + local tokens_dir 496s + local output_cert_file 496s + token_name= 496s ++ basename /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 496s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 496s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem 496s ++ sed -n 's/ *commonName *= //p' 496s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 496s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 496s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 496s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 496s ++ basename /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 496s + tokens_dir=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 496s + token_name='Test Organization Sub Int Token' 496s + '[' '!' -e /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 496s + local key_file 496s + local decrypted_key 496s + mkdir -p /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 496s + key_file=/tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 496s + decrypted_key=/tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 496s + cat 496s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 496s Slot 0 has a free/uninitialized token. 496s The token has been initialized and is reassigned to slot 343365601 496s + softhsm2-util --show-slots 496s Available slots: 496s Slot 343365601 496s Slot info: 496s Description: SoftHSM slot ID 0x147757e1 496s Manufacturer ID: SoftHSM project 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Token present: yes 496s Token info: 496s Manufacturer ID: SoftHSM project 496s Model: SoftHSM v2 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Serial number: a73a09d6947757e1 496s Initialized: yes 496s User PIN init.: yes 496s Label: Test Organization Sub Int Token 496s Slot 1 496s Slot info: 496s Description: SoftHSM slot ID 0x1 496s Manufacturer ID: SoftHSM project 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Token present: yes 496s Token info: 496s Manufacturer ID: SoftHSM project 496s Model: SoftHSM v2 496s Hardware version: 2.6 496s Firmware version: 2.6 496s Serial number: 496s Initialized: no 496s User PIN init.: no 496s Label: 496s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 496s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-8178 -in /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 496s writing RSA key 496s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 496s + rm /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 496s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 496s Object 0: 496s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a73a09d6947757e1;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 496s Type: X.509 Certificate (RSA-1024) 496s Expires: Fri Jun 13 18:37:27 2025 496s Label: Test Organization Sub Intermediate Trusted Certificate 0001 496s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 496s 496s Test Organization Sub Int Token 496s Certificates generation completed! 496s + echo 'Test Organization Sub Int Token' 496s + echo 'Certificates generation completed!' 496s + exit 0 496s + find /tmp/sssd-softhsm2-certs-OJdQvH -type d -exec chmod 777 '{}' ';' 496s + find /tmp/sssd-softhsm2-certs-OJdQvH -type f -exec chmod 666 '{}' ';' 497s + backup_file /etc/sssd/sssd.conf 497s + '[' -z '' ']' 497s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 497s + backupsdir=/tmp/sssd-softhsm2-backups-vYzt5E 497s + '[' -e /etc/sssd/sssd.conf ']' 497s + delete_paths+=("$1") 497s + rm -f /etc/sssd/sssd.conf 497s ++ runuser -u ubuntu -- sh -c 'echo ~' 497s + user_home=/home/ubuntu 497s + mkdir -p /home/ubuntu 497s + chown ubuntu:ubuntu /home/ubuntu 497s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 497s + user_config=/home/ubuntu/.config 497s + system_config=/etc 497s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 497s + for path_pair in "${softhsm2_conf_paths[@]}" 497s + IFS=: 497s + read -r -a path 497s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 497s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 497s + '[' -z /tmp/sssd-softhsm2-backups-vYzt5E ']' 497s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 497s + delete_paths+=("$1") 497s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 497s + for path_pair in "${softhsm2_conf_paths[@]}" 497s + IFS=: 497s + read -r -a path 497s + path=/etc/softhsm/softhsm2.conf 497s + backup_file /etc/softhsm/softhsm2.conf 497s + '[' -z /tmp/sssd-softhsm2-backups-vYzt5E ']' 497s + '[' -e /etc/softhsm/softhsm2.conf ']' 497s ++ dirname /etc/softhsm/softhsm2.conf 497s + local back_dir=/tmp/sssd-softhsm2-backups-vYzt5E//etc/softhsm 497s ++ basename /etc/softhsm/softhsm2.conf 497s + local back_path=/tmp/sssd-softhsm2-backups-vYzt5E//etc/softhsm/softhsm2.conf 497s + '[' '!' -e /tmp/sssd-softhsm2-backups-vYzt5E//etc/softhsm/softhsm2.conf ']' 497s + mkdir -p /tmp/sssd-softhsm2-backups-vYzt5E//etc/softhsm 497s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-vYzt5E//etc/softhsm/softhsm2.conf 497s + restore_paths+=("$back_path") 497s + rm -f /etc/softhsm/softhsm2.conf 497s + test_authentication login /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem 497s + pam_service=login 497s + certificate_config=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-root-CA-trusted-certificate-0001.conf 497s + ca_db=/tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem 497s + verification_options= 497s + mkdir -p -m 700 /etc/sssd 497s Using CA DB '/tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem' with verification options: '' 497s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 497s + cat 497s + chmod 600 /etc/sssd/sssd.conf 497s + for path_pair in "${softhsm2_conf_paths[@]}" 497s + IFS=: 497s + read -r -a path 497s + user=ubuntu 497s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 497s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 497s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 497s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 497s + runuser -u ubuntu -- softhsm2-util --show-slots 497s + grep 'Test Organization' 497s Label: Test Organization Root Tr Token 497s + for path_pair in "${softhsm2_conf_paths[@]}" 497s + IFS=: 497s + read -r -a path 497s + user=root 497s + path=/etc/softhsm/softhsm2.conf 497s ++ dirname /etc/softhsm/softhsm2.conf 497s + runuser -u root -- mkdir -p /etc/softhsm 497s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 497s + runuser -u root -- softhsm2-util --show-slots 497s + grep 'Test Organization' 497s Label: Test Organization Root Tr Token 497s + systemctl restart sssd 497s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 497s + for alternative in "${alternative_pam_configs[@]}" 497s + pam-auth-update --enable sss-smart-card-optional 497s + cat /etc/pam.d/common-auth 497s # 497s # /etc/pam.d/common-auth - authentication settings common to all services 497s # 497s # This file is included from other service-specific PAM config files, 497s # and should contain a list of the authentication modules that define 497s # the central authentication scheme for use on the system 497s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 497s # traditional Unix authentication mechanisms. 497s # 497s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 497s # To take advantage of this, it is recommended that you configure any 497s # local modules either before or after the default block, and use 497s # pam-auth-update to manage selection of other modules. See 497s # pam-auth-update(8) for details. 497s 497s # here are the per-package modules (the "Primary" block) 497s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 497s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 497s auth [success=1 default=ignore] pam_sss.so use_first_pass 497s # here's the fallback if no module succeeds 497s auth requisite pam_deny.so 497s # prime the stack with a positive return value if there isn't one already; 497s # this avoids us returning an error just because nothing sets a success code 497s # since the modules above will each just jump around 497s auth required pam_permit.so 497s # and here are more per-package modules (the "Additional" block) 497s auth optional pam_cap.so 497s # end of pam-auth-update config 497s + echo -n -e 123456 497s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 497s pamtester: invoking pam_start(login, ubuntu, ...) 497s pamtester: performing operation - authenticate 497s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 497s + echo -n -e 123456 497s + runuser -u ubuntu -- pamtester -v login '' authenticate 497s pamtester: invoking pam_start(login, , ...) 497s pamtester: performing operation - authenticate 497s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 497s + echo -n -e wrong123456 497s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 497s pamtester: invoking pam_start(login, ubuntu, ...) 497s pamtester: performing operation - authenticate 500s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 500s + echo -n -e wrong123456 500s + runuser -u ubuntu -- pamtester -v login '' authenticate 500s pamtester: invoking pam_start(login, , ...) 500s pamtester: performing operation - authenticate 502s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 502s + echo -n -e 123456 502s + pamtester -v login root authenticate 502s pamtester: invoking pam_start(login, root, ...) 502s pamtester: performing operation - authenticate 505s Password: pamtester: Authentication failure 505s + for alternative in "${alternative_pam_configs[@]}" 505s + pam-auth-update --enable sss-smart-card-required 505s PAM configuration 505s ----------------- 505s 505s Incompatible PAM profiles selected. 505s 505s The following PAM profiles cannot be used together: 505s 505s SSS required smart card authentication, SSS optional smart card 505s authentication 505s 505s Please select a different set of modules to enable. 505s 505s + cat /etc/pam.d/common-auth 505s # 505s # /etc/pam.d/common-auth - authentication settings common to all services 505s # 505s # This file is included from other service-specific PAM config files, 505s # and should contain a list of the authentication modules that define 505s # the central authentication scheme for use on the system 505s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 505s # traditional Unix authentication mechanisms. 505s # 505s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 505s # To take advantage of this, it is recommended that you configure any 505s # local modules either before or after the default block, and use 505s # pam-auth-update to manage selection of other modules. See 505s # pam-auth-update(8) for details. 505s 505s # here are the per-package modules (the "Primary" block) 505s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 505s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 505s auth [success=1 default=ignore] pam_sss.so use_first_pass 505s # here's the fallback if no module succeeds 505s auth requisite pam_deny.so 505s # prime the stack with a positive return value if there isn't one already; 505s # this avoids us returning an error just because nothing sets a success code 505s # since the modules above will each just jump around 505s auth required pam_permit.so 505s # and here are more per-package modules (the "Additional" block) 505s auth optional pam_cap.so 505s # end of pam-auth-update config 505s + echo -n -e 123456 505s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 505s pamtester: invoking pam_start(login, ubuntu, ...) 505s pamtester: performing operation - authenticate 505s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 505s + echo -n -e 123456 505s + runuser -u ubuntu -- pamtester -v login '' authenticate 505s pamtester: invoking pam_start(login, , ...) 505s pamtester: performing operation - authenticate 505s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 505s + echo -n -e wrong123456 505s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 505s pamtester: invoking pam_start(login, ubuntu, ...) 505s pamtester: performing operation - authenticate 509s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 509s + echo -n -e wrong123456 509s + runuser -u ubuntu -- pamtester -v login '' authenticate 509s pamtester: invoking pam_start(login, , ...) 509s pamtester: performing operation - authenticate 511s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 511s + echo -n -e 123456 511s + pamtester -v login root authenticate 511s pamtester: invoking pam_start(login, root, ...) 511s pamtester: performing operation - authenticate 513s pamtester: Authentication service cannot retrieve authentication info 513s + test_authentication login /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem 513s + pam_service=login 513s + certificate_config=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 513s + ca_db=/tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem 513s + verification_options= 513s + mkdir -p -m 700 /etc/sssd 513s Using CA DB '/tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem' with verification options: '' 513s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-OJdQvH/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 513s + cat 513s + chmod 600 /etc/sssd/sssd.conf 513s + for path_pair in "${softhsm2_conf_paths[@]}" 513s + IFS=: 513s + read -r -a path 513s + user=ubuntu 513s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 513s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 513s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 513s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 513s + runuser -u ubuntu -- softhsm2-util --show-slots 513s + grep 'Test Organization' 513s Label: Test Organization Sub Int Token 513s + for path_pair in "${softhsm2_conf_paths[@]}" 513s + IFS=: 513s + read -r -a path 513s + user=root 513s + path=/etc/softhsm/softhsm2.conf 513s ++ dirname /etc/softhsm/softhsm2.conf 513s + runuser -u root -- mkdir -p /etc/softhsm 513s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 513s + runuser -u root -- softhsm2-util --show-slots 513s + grep 'Test Organization' 513s Label: Test Organization Sub Int Token 513s + systemctl restart sssd 514s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 514s + for alternative in "${alternative_pam_configs[@]}" 514s + pam-auth-update --enable sss-smart-card-optional 514s + cat /etc/pam.d/common-auth 514s # 514s # /etc/pam.d/common-auth - authentication settings common to all services 514s # 514s # This file is included from other service-specific PAM config files, 514s # and should contain a list of the authentication modules that define 514s # the central authentication scheme for use on the system 514s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 514s # traditional Unix authentication mechanisms. 514s # 514s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 514s # To take advantage of this, it is recommended that you configure any 514s # local modules either before or after the default block, and use 514s # pam-auth-update to manage selection of other modules. See 514s # pam-auth-update(8) for details. 514s 514s # here are the per-package modules (the "Primary" block) 514s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 514s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 514s auth [success=1 default=ignore] pam_sss.so use_first_pass 514s # here's the fallback if no module succeeds 514s auth requisite pam_deny.so 514s # prime the stack with a positive return value if there isn't one already; 514s # this avoids us returning an error just because nothing sets a success code 514s # since the modules above will each just jump around 514s auth required pam_permit.so 514s # and here are more per-package modules (the "Additional" block) 514s auth optional pam_cap.so 514s # end of pam-auth-update config 514s + echo -n -e 123456 514s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 514s pamtester: invoking pam_start(login, ubuntu, ...) 514s pamtester: performing operation - authenticate 514s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 514s + echo -n -e 123456 514s + runuser -u ubuntu -- pamtester -v login '' authenticate 514s pamtester: invoking pam_start(login, , ...) 514s pamtester: performing operation - authenticate 514s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 514s + echo -n -e wrong123456 514s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 514s pamtester: invoking pam_start(login, ubuntu, ...) 514s pamtester: performing operation - authenticate 517s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 517s + echo -n -e wrong123456 517s + runuser -u ubuntu -- pamtester -v login '' authenticate 517s pamtester: invoking pam_start(login, , ...) 517s pamtester: performing operation - authenticate 521s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 521s + echo -n -e 123456 521s + pamtester -v login root authenticate 521s pamtester: invoking pam_start(login, root, ...) 521s pamtester: performing operation - authenticate 523s Password: pamtester: Authentication failure 523s + for alternative in "${alternative_pam_configs[@]}" 523s + pam-auth-update --enable sss-smart-card-required 523s PAM configuration 523s ----------------- 523s 523s Incompatible PAM profiles selected. 523s 523s The following PAM profiles cannot be used together: 523s 523s SSS required smart card authentication, SSS optional smart card 523s authentication 523s 523s Please select a different set of modules to enable. 523s 523s + cat /etc/pam.d/common-auth 523s # 523s # /etc/pam.d/common-auth - authentication settings common to all services 523s # 523s # This file is included from other service-specific PAM config files, 523s # and should contain a list of the authentication modules that define 523s # the central authentication scheme for use on the system 523s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 523s # traditional Unix authentication mechanisms. 523s # 523s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 523s # To take advantage of this, it is recommended that you configure any 523s # local modules either before or after the default block, and use 523s # pam-auth-update to manage selection of other modules. See 523s # pam-auth-update(8) for details. 523s 523s # here are the per-package modules (the "Primary" block) 523s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 523s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 523s auth [success=1 default=ignore] pam_sss.so use_first_pass 523s # here's the fallback if no module succeeds 523s auth requisite pam_deny.so 523s # prime the stack with a positive return value if there isn't one already; 523s # this avoids us returning an error just because nothing sets a success code 523s # since the modules above will each just jump around 523s auth required pam_permit.so 523s # and here are more per-package modules (the "Additional" block) 523s auth optional pam_cap.so 523s # end of pam-auth-update config 523s + echo -n -e 123456 523s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 523s pamtester: invoking pam_start(login, ubuntu, ...) 523s pamtester: performing operation - authenticate 523s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 523s + echo -n -e 123456 523s + runuser -u ubuntu -- pamtester -v login '' authenticate 523s pamtester: invoking pam_start(login, , ...) 523s pamtester: performing operation - authenticate 523s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 523s + echo -n -e wrong123456 523s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 523s pamtester: invoking pam_start(login, ubuntu, ...) 523s pamtester: performing operation - authenticate 525s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 525s + echo -n -e wrong123456 525s + runuser -u ubuntu -- pamtester -v login '' authenticate 525s pamtester: invoking pam_start(login, , ...) 525s pamtester: performing operation - authenticate 528s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 528s + echo -n -e 123456 528s + pamtester -v login root authenticate 528s pamtester: invoking pam_start(login, root, ...) 528s pamtester: performing operation - authenticate 531s pamtester: Authentication service cannot retrieve authentication info 531s + test_authentication login /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem partial_chain 531s + pam_service=login 531s + certificate_config=/tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 531s + ca_db=/tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem 531s + verification_options=partial_chain 531s + mkdir -p -m 700 /etc/sssd 531s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 531s Using CA DB '/tmp/sssd-softhsm2-certs-OJdQvH/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 531s + cat 531s + chmod 600 /etc/sssd/sssd.conf 531s + for path_pair in "${softhsm2_conf_paths[@]}" 531s + IFS=: 531s + read -r -a path 531s + user=ubuntu 531s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 531s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 531s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 531s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 531s + runuser -u ubuntu -- softhsm2-util --show-slots 531s + grep 'Test Organization' 531s Label: Test Organization Sub Int Token 531s + for path_pair in "${softhsm2_conf_paths[@]}" 531s + IFS=: 531s + read -r -a path 531s + user=root 531s + path=/etc/softhsm/softhsm2.conf 531s ++ dirname /etc/softhsm/softhsm2.conf 531s + runuser -u root -- mkdir -p /etc/softhsm 531s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-OJdQvH/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 531s + runuser -u root -- softhsm2-util --show-slots 531s + grep 'Test Organization' 531s Label: Test Organization Sub Int Token 531s + systemctl restart sssd 531s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 532s + for alternative in "${alternative_pam_configs[@]}" 532s + pam-auth-update --enable sss-smart-card-optional 532s + cat /etc/pam.d/common-auth 532s # 532s # /etc/pam.d/common-auth - authentication settings common to all services 532s # 532s # This file is included from other service-specific PAM config files, 532s # and should contain a list of the authentication modules that define 532s # the central authentication scheme for use on the system 532s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 532s # traditional Unix authentication mechanisms. 532s # 532s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 532s # To take advantage of this, it is recommended that you configure any 532s # local modules either before or after the default block, and use 532s # pam-auth-update to manage selection of other modules. See 532s # pam-auth-update(8) for details. 532s 532s # here are the per-package modules (the "Primary" block) 532s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 532s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 532s auth [success=1 default=ignore] pam_sss.so use_first_pass 532s # here's the fallback if no module succeeds 532s auth requisite pam_deny.so 532s # prime the stack with a positive return value if there isn't one already; 532s # this avoids us returning an error just because nothing sets a success code 532s # since the modules above will each just jump around 532s auth required pam_permit.so 532s # and here are more per-package modules (the "Additional" block) 532s auth optional pam_cap.so 532s # end of pam-auth-update config 532s + echo -n -e 123456 532s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 532s pamtester: invoking pam_start(login, ubuntu, ...) 532s pamtester: performing operation - authenticate 532s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 532s + echo -n -e 123456 532s + runuser -u ubuntu -- pamtester -v login '' authenticate 532s pamtester: invoking pam_start(login, , ...) 532s pamtester: performing operation - authenticate 532s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 532s + echo -n -e wrong123456 532s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 532s pamtester: invoking pam_start(login, ubuntu, ...) 532s pamtester: performing operation - authenticate 536s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 536s + echo -n -e wrong123456 536s + runuser -u ubuntu -- pamtester -v login '' authenticate 536s pamtester: invoking pam_start(login, , ...) 536s pamtester: performing operation - authenticate 538s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 538s + echo -n -e 123456 538s + pamtester -v login root authenticate 538s pamtester: invoking pam_start(login, root, ...) 538s pamtester: performing operation - authenticate 543s Password: pamtester: Authentication failure 543s + for alternative in "${alternative_pam_configs[@]}" 543s + pam-auth-update --enable sss-smart-card-required 543s PAM configuration 543s ----------------- 543s 543s Incompatible PAM profiles selected. 543s 543s The following PAM profiles cannot be used together: 543s 543s SSS required smart card authentication, SSS optional smart card 543s authentication 543s 543s Please select a different set of modules to enable. 543s 543s + cat /etc/pam.d/common-auth 543s # 543s # /etc/pam.d/common-auth - authentication settings common to all services 543s # 543s # This file is included from other service-specific PAM config files, 543s # and should contain a list of the authentication modules that define 543s # the central authentication scheme for use on the system 543s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 543s # traditional Unix authentication mechanisms. 543s # 543s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 543s # To take advantage of this, it is recommended that you configure any 543s # local modules either before or after the default block, and use 543s # pam-auth-update to manage selection of other modules. See 543s # pam-auth-update(8) for details. 543s 543s # here are the per-package modules (the "Primary" block) 543s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 543s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 543s auth [success=1 default=ignore] pam_sss.so use_first_pass 543s # here's the fallback if no module succeeds 543s auth requisite pam_deny.so 543s # prime the stack with a positive return value if there isn't one already; 543s # this avoids us returning an error just because nothing sets a success code 543s # since the modules above will each just jump around 543s auth required pam_permit.so 543s # and here are more per-package modules (the "Additional" block) 543s auth optional pam_cap.so 543s # end of pam-auth-update config 543s + echo -n -e 123456 543s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 543s pamtester: invoking pam_start(login, ubuntu, ...) 543s pamtester: performing operation - authenticate 543s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 543s + echo -n -e 123456 543s + runuser -u ubuntu -- pamtester -v login '' authenticate 543s pamtester: invoking pam_start(login, , ...) 543s pamtester: performing operation - authenticate 543s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 543s + echo -n -e wrong123456 543s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 543s pamtester: invoking pam_start(login, ubuntu, ...) 543s pamtester: performing operation - authenticate 546s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 546s + echo -n -e wrong123456 546s + runuser -u ubuntu -- pamtester -v login '' authenticate 546s pamtester: invoking pam_start(login, , ...) 546s pamtester: performing operation - authenticate 548s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 548s + echo -n -e 123456 548s + pamtester -v login root authenticate 548s pamtester: invoking pam_start(login, root, ...) 548s pamtester: performing operation - authenticate 551s pamtester: Authentication service cannot retrieve authentication info 551s + handle_exit 551s + exit_code=0 551s + restore_changes 551s + for path in "${restore_paths[@]}" 551s + local original_path 551s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-vYzt5E /tmp/sssd-softhsm2-backups-vYzt5E//etc/softhsm/softhsm2.conf 551s + original_path=/etc/softhsm/softhsm2.conf 551s + rm /etc/softhsm/softhsm2.conf 551s + mv /tmp/sssd-softhsm2-backups-vYzt5E//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 551s + for path in "${delete_paths[@]}" 551s + rm -f /etc/sssd/sssd.conf 551s + for path in "${delete_paths[@]}" 551s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 551s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 551s + '[' -e /etc/sssd/sssd.conf ']' 551s + systemctl stop sssd 551s + '[' -e /etc/softhsm/softhsm2.conf ']' 551s + chmod 600 /etc/softhsm/softhsm2.conf 551s + rm -rf /tmp/sssd-softhsm2-certs-OJdQvH 551s + '[' 0 = 0 ']' 551s + rm -rf /tmp/sssd-softhsm2-backups-vYzt5E 551s Script completed successfully! 551s + set +x 552s autopkgtest [18:38:23]: test sssd-smart-card-pam-auth-configs: -----------------------] 552s autopkgtest [18:38:23]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 552s sssd-smart-card-pam-auth-configs PASS 552s autopkgtest [18:38:23]: @@@@@@@@@@@@@@@@@@@@ summary 552s ldap-user-group-ldap-auth PASS 552s ldap-user-group-krb5-auth PASS 552s sssd-softhism2-certificates-tests.sh PASS 552s sssd-smart-card-pam-auth-configs PASS 567s nova [W] Skipping flock for amd64 567s Creating nova instance adt-oracular-amd64-sssd-20240613-182911-juju-7f2275-prod-proposed-migration-environment-3-f36f4265-a422-4817-b9fa-b55ff9bd2b18 from image adt/ubuntu-oracular-amd64-server-20240613.img (UUID 4a003a9e-de89-4e24-8522-c4998d4e4629)... 567s nova [W] Skipping flock for amd64 567s Creating nova instance adt-oracular-amd64-sssd-20240613-182911-juju-7f2275-prod-proposed-migration-environment-3-f36f4265-a422-4817-b9fa-b55ff9bd2b18 from image adt/ubuntu-oracular-amd64-server-20240613.img (UUID 4a003a9e-de89-4e24-8522-c4998d4e4629)...