0s autopkgtest [14:54:01]: starting date and time: 2024-06-14 14:54:01+0000 0s autopkgtest [14:54:01]: git checkout: 433ed4c Merge branch 'skia/nova_flock' into 'ubuntu/5.34+prod' 0s autopkgtest [14:54:01]: host juju-7f2275-prod-proposed-migration-environment-9; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.kiwo0heq/out --timeout-copy=6000 --setup-commands 'ln -s /dev/null /etc/systemd/system/bluetooth.service; printf "http_proxy=http://squid.internal:3128\nhttps_proxy=http://squid.internal:3128\nno_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com\n" >> /etc/environment' --apt-pocket=proposed=src:systemd --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=systemd/256-1ubuntu1 -- lxd -r lxd-armhf-10.145.243.252 lxd-armhf-10.145.243.252:autopkgtest/ubuntu/oracular/armhf 30s autopkgtest [14:54:31]: testbed dpkg architecture: armhf 32s autopkgtest [14:54:33]: testbed apt version: 2.9.3 32s autopkgtest [14:54:33]: @@@@@@@@@@@@@@@@@@@@ test bed setup 41s Get:1 http://ftpmaster.internal/ubuntu oracular-proposed InRelease [110 kB] 42s Get:2 http://ftpmaster.internal/ubuntu oracular-proposed/universe Sources [342 kB] 42s Get:3 http://ftpmaster.internal/ubuntu oracular-proposed/restricted Sources [7052 B] 42s Get:4 http://ftpmaster.internal/ubuntu oracular-proposed/main Sources [38.8 kB] 42s Get:5 http://ftpmaster.internal/ubuntu oracular-proposed/multiverse Sources [2576 B] 42s Get:6 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf Packages [47.1 kB] 42s Get:7 http://ftpmaster.internal/ubuntu oracular-proposed/restricted armhf Packages [1860 B] 42s Get:8 http://ftpmaster.internal/ubuntu oracular-proposed/universe armhf Packages [283 kB] 42s Get:9 http://ftpmaster.internal/ubuntu oracular-proposed/multiverse armhf Packages [2528 B] 43s Fetched 835 kB in 2s (407 kB/s) 43s Reading package lists... 63s tee: /proc/self/fd/2: Permission denied 97s Hit:1 http://ftpmaster.internal/ubuntu oracular-proposed InRelease 97s Hit:2 http://ftpmaster.internal/ubuntu oracular InRelease 97s Hit:3 http://ftpmaster.internal/ubuntu oracular-updates InRelease 97s Hit:4 http://ftpmaster.internal/ubuntu oracular-security InRelease 100s Reading package lists... 100s Reading package lists... 101s Building dependency tree... 101s Reading state information... 101s Calculating upgrade... 102s The following package was automatically installed and is no longer required: 102s systemd-dev 102s Use 'apt autoremove' to remove it. 102s The following packages will be upgraded: 102s fwupd libdrm-common libdrm2 libfwupd2 libnss-systemd libpam-systemd 102s libsystemd-shared libsystemd0 libudev1 systemd systemd-dev systemd-resolved 102s systemd-sysv systemd-timesyncd udev 102s 15 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 102s Need to get 13.7 MB of archives. 102s After this operation, 1444 kB of additional disk space will be used. 102s Get:1 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf systemd-dev all 256-1ubuntu1 [111 kB] 102s Get:2 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf systemd-timesyncd armhf 256-1ubuntu1 [36.3 kB] 102s Get:3 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf systemd-resolved armhf 256-1ubuntu1 [306 kB] 103s Get:4 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf libsystemd-shared armhf 256-1ubuntu1 [2114 kB] 103s Get:5 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf libsystemd0 armhf 256-1ubuntu1 [420 kB] 103s Get:6 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf systemd-sysv armhf 256-1ubuntu1 [11.8 kB] 103s Get:7 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf libnss-systemd armhf 256-1ubuntu1 [153 kB] 103s Get:8 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf libpam-systemd armhf 256-1ubuntu1 [224 kB] 103s Get:9 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf systemd armhf 256-1ubuntu1 [3681 kB] 103s Get:10 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf udev armhf 256-1ubuntu1 [1941 kB] 103s Get:11 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf libudev1 armhf 256-1ubuntu1 [185 kB] 103s Get:12 http://ftpmaster.internal/ubuntu oracular/main armhf libdrm-common all 2.4.121-2 [8330 B] 103s Get:13 http://ftpmaster.internal/ubuntu oracular/main armhf libdrm2 armhf 2.4.121-2 [36.6 kB] 103s Get:14 http://ftpmaster.internal/ubuntu oracular/main armhf libfwupd2 armhf 1.9.21-1 [125 kB] 103s Get:15 http://ftpmaster.internal/ubuntu oracular/main armhf fwupd armhf 1.9.21-1 [4374 kB] 106s Fetched 13.7 MB in 1s (12.4 MB/s) 106s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58401 files and directories currently installed.) 106s Preparing to unpack .../systemd-dev_256-1ubuntu1_all.deb ... 106s Unpacking systemd-dev (256-1ubuntu1) over (255.4-1ubuntu8) ... 107s Preparing to unpack .../systemd-timesyncd_256-1ubuntu1_armhf.deb ... 107s Unpacking systemd-timesyncd (256-1ubuntu1) over (255.4-1ubuntu8) ... 107s Preparing to unpack .../systemd-resolved_256-1ubuntu1_armhf.deb ... 107s Unpacking systemd-resolved (256-1ubuntu1) over (255.4-1ubuntu8) ... 107s Preparing to unpack .../libsystemd-shared_256-1ubuntu1_armhf.deb ... 107s Unpacking libsystemd-shared:armhf (256-1ubuntu1) over (255.4-1ubuntu8) ... 107s Preparing to unpack .../libsystemd0_256-1ubuntu1_armhf.deb ... 107s Unpacking libsystemd0:armhf (256-1ubuntu1) over (255.4-1ubuntu8) ... 108s Setting up libsystemd0:armhf (256-1ubuntu1) ... 108s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58403 files and directories currently installed.) 108s Preparing to unpack .../0-systemd-sysv_256-1ubuntu1_armhf.deb ... 108s Unpacking systemd-sysv (256-1ubuntu1) over (255.4-1ubuntu8) ... 108s Preparing to unpack .../1-libnss-systemd_256-1ubuntu1_armhf.deb ... 108s Unpacking libnss-systemd:armhf (256-1ubuntu1) over (255.4-1ubuntu8) ... 109s Preparing to unpack .../2-libpam-systemd_256-1ubuntu1_armhf.deb ... 109s Unpacking libpam-systemd:armhf (256-1ubuntu1) over (255.4-1ubuntu8) ... 109s Preparing to unpack .../3-systemd_256-1ubuntu1_armhf.deb ... 110s Unpacking systemd (256-1ubuntu1) over (255.4-1ubuntu8) ... 110s Preparing to unpack .../4-udev_256-1ubuntu1_armhf.deb ... 110s Unpacking udev (256-1ubuntu1) over (255.4-1ubuntu8) ... 111s Preparing to unpack .../5-libudev1_256-1ubuntu1_armhf.deb ... 111s Unpacking libudev1:armhf (256-1ubuntu1) over (255.4-1ubuntu8) ... 111s Setting up libudev1:armhf (256-1ubuntu1) ... 111s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58465 files and directories currently installed.) 111s Preparing to unpack .../libdrm-common_2.4.121-2_all.deb ... 111s Unpacking libdrm-common (2.4.121-2) over (2.4.120-2build1) ... 111s Preparing to unpack .../libdrm2_2.4.121-2_armhf.deb ... 111s Unpacking libdrm2:armhf (2.4.121-2) over (2.4.120-2build1) ... 111s Preparing to unpack .../libfwupd2_1.9.21-1_armhf.deb ... 111s Unpacking libfwupd2:armhf (1.9.21-1) over (1.9.20-1) ... 111s Preparing to unpack .../fwupd_1.9.21-1_armhf.deb ... 112s Unpacking fwupd (1.9.21-1) over (1.9.20-1) ... 112s Setting up libfwupd2:armhf (1.9.21-1) ... 112s Setting up systemd-dev (256-1ubuntu1) ... 112s Setting up libsystemd-shared:armhf (256-1ubuntu1) ... 112s Setting up libdrm-common (2.4.121-2) ... 112s Setting up systemd (256-1ubuntu1) ... 112s Installing new version of config file /etc/systemd/journald.conf ... 112s Installing new version of config file /etc/systemd/logind.conf ... 112s Installing new version of config file /etc/systemd/networkd.conf ... 112s Installing new version of config file /etc/systemd/sleep.conf ... 112s Installing new version of config file /etc/systemd/system.conf ... 112s /usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring. 113s Created symlink '/run/systemd/system/tmp.mount' → '/dev/null'. 115s /usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring. 118s Setting up systemd-timesyncd (256-1ubuntu1) ... 119s Setting up udev (256-1ubuntu1) ... 121s Setting up libdrm2:armhf (2.4.121-2) ... 121s Setting up fwupd (1.9.21-1) ... 122s fwupd-offline-update.service is a disabled or a static unit not running, not starting it. 122s fwupd-refresh.service is a disabled or a static unit not running, not starting it. 122s fwupd.service is a disabled or a static unit not running, not starting it. 122s Setting up systemd-resolved (256-1ubuntu1) ... 122s Installing new version of config file /etc/systemd/resolved.conf ... 123s Setting up systemd-sysv (256-1ubuntu1) ... 123s Setting up libnss-systemd:armhf (256-1ubuntu1) ... 123s Setting up libpam-systemd:armhf (256-1ubuntu1) ... 124s Processing triggers for libc-bin (2.39-0ubuntu8.1) ... 124s Processing triggers for man-db (2.12.1-2) ... 125s Processing triggers for dbus (1.14.10-4ubuntu4) ... 125s Processing triggers for shared-mime-info (2.4-5) ... 125s Warning: program compiled against libxml 212 using older 209 125s Processing triggers for initramfs-tools (0.142ubuntu28) ... 126s Reading package lists... 126s Building dependency tree... 126s Reading state information... 127s The following packages will be REMOVED: 127s systemd-dev* 127s 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. 127s After this operation, 760 kB disk space will be freed. 127s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58465 files and directories currently installed.) 127s Removing systemd-dev (256-1ubuntu1) ... 130s autopkgtest [14:56:11]: rebooting testbed after setup commands that affected boot 205s autopkgtest [14:57:26]: testbed running kernel: Linux 6.5.0-35-generic #35~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue May 7 11:19:33 UTC 2 236s autopkgtest [14:57:57]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 373s Get:1 http://ftpmaster.internal/ubuntu oracular/main sssd 2.9.4-1.1ubuntu6 (dsc) [5056 B] 373s Get:2 http://ftpmaster.internal/ubuntu oracular/main sssd 2.9.4-1.1ubuntu6 (tar) [7983 kB] 373s Get:3 http://ftpmaster.internal/ubuntu oracular/main sssd 2.9.4-1.1ubuntu6 (diff) [49.2 kB] 373s gpgv: Signature made Tue Apr 16 09:55:57 2024 UTC 373s gpgv: using RSA key 568BF22A66337CBFC9A6B9B72C83DBC8E9BD0E37 373s gpgv: Can't check signature: No public key 373s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.dsc: no acceptable signature found 374s autopkgtest [15:00:15]: testing package sssd version 2.9.4-1.1ubuntu6 377s autopkgtest [15:00:18]: build not needed 381s autopkgtest [15:00:22]: test ldap-user-group-ldap-auth: preparing testbed 396s Reading package lists... 396s Building dependency tree... 396s Reading state information... 396s Starting pkgProblemResolver with broken count: 0 396s Starting 2 pkgProblemResolver with broken count: 0 396s Done 397s The following additional packages will be installed: 397s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 397s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 397s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 397s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 397s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 397s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 397s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 397s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 397s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 397s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 397s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 397s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 397s tcl8.6 397s Suggested packages: 397s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 397s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 397s Recommended packages: 397s cracklib-runtime libsasl2-modules-gssapi-mit 397s | libsasl2-modules-gssapi-heimdal 397s The following NEW packages will be installed: 397s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 397s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 397s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 397s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 397s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 397s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 397s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 397s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 397s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 397s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 397s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 397s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 397s tcl-expect tcl8.6 397s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 397s Need to get 11.9 MB/11.9 MB of archives. 397s After this operation, 35.9 MB of additional disk space will be used. 397s Get:1 /tmp/autopkgtest.IeyOLF/1-autopkgtest-satdep.deb autopkgtest-satdep armhf 0 [868 B] 397s Get:2 http://ftpmaster.internal/ubuntu oracular/main armhf libltdl7 armhf 2.4.7-7build1 [37.6 kB] 398s Get:3 http://ftpmaster.internal/ubuntu oracular/main armhf libodbc2 armhf 2.3.12-1ubuntu1 [144 kB] 398s Get:4 http://ftpmaster.internal/ubuntu oracular/main armhf slapd armhf 2.6.7+dfsg-1~exp1ubuntu8 [1434 kB] 398s Get:5 http://ftpmaster.internal/ubuntu oracular/main armhf libtcl8.6 armhf 8.6.14+dfsg-1build1 [903 kB] 398s Get:6 http://ftpmaster.internal/ubuntu oracular/main armhf tcl8.6 armhf 8.6.14+dfsg-1build1 [14.6 kB] 398s Get:7 http://ftpmaster.internal/ubuntu oracular/universe armhf tcl-expect armhf 5.45.4-3 [99.5 kB] 398s Get:8 http://ftpmaster.internal/ubuntu oracular/universe armhf expect armhf 5.45.4-3 [136 kB] 398s Get:9 http://ftpmaster.internal/ubuntu oracular/main armhf ldap-utils armhf 2.6.7+dfsg-1~exp1ubuntu8 [132 kB] 398s Get:10 http://ftpmaster.internal/ubuntu oracular/main armhf libavahi-common-data armhf 0.8-13ubuntu6 [29.7 kB] 398s Get:11 http://ftpmaster.internal/ubuntu oracular/main armhf libavahi-common3 armhf 0.8-13ubuntu6 [20.2 kB] 398s Get:12 http://ftpmaster.internal/ubuntu oracular/main armhf libavahi-client3 armhf 0.8-13ubuntu6 [24.2 kB] 398s Get:13 http://ftpmaster.internal/ubuntu oracular/main armhf libbasicobjects0t64 armhf 0.6.2-2.1build1 [5410 B] 398s Get:14 http://ftpmaster.internal/ubuntu oracular/main armhf libcares2 armhf 1.27.0-1.0ubuntu1 [62.7 kB] 398s Get:15 http://ftpmaster.internal/ubuntu oracular/main armhf libcollection4t64 armhf 0.6.2-2.1build1 [18.7 kB] 398s Get:16 http://ftpmaster.internal/ubuntu oracular/main armhf libcrack2 armhf 2.9.6-5.1build2 [27.4 kB] 398s Get:17 http://ftpmaster.internal/ubuntu oracular/main armhf libdhash1t64 armhf 0.6.2-2.1build1 [7880 B] 398s Get:18 http://ftpmaster.internal/ubuntu oracular/main armhf libevent-2.1-7t64 armhf 2.1.12-stable-10 [127 kB] 398s Get:19 http://ftpmaster.internal/ubuntu oracular/main armhf libpath-utils1t64 armhf 0.6.2-2.1build1 [7766 B] 398s Get:20 http://ftpmaster.internal/ubuntu oracular/main armhf libref-array1t64 armhf 0.6.2-2.1build1 [6330 B] 398s Get:21 http://ftpmaster.internal/ubuntu oracular/main armhf libini-config5t64 armhf 0.6.2-2.1build1 [37.2 kB] 398s Get:22 http://ftpmaster.internal/ubuntu oracular/main armhf libipa-hbac0t64 armhf 2.9.4-1.1ubuntu6 [16.9 kB] 398s Get:23 http://ftpmaster.internal/ubuntu oracular/universe armhf libjose0 armhf 13-1 [39.4 kB] 398s Get:24 http://ftpmaster.internal/ubuntu oracular/main armhf libverto-libevent1t64 armhf 0.3.1-1.2ubuntu3 [6324 B] 398s Get:25 http://ftpmaster.internal/ubuntu oracular/main armhf libverto1t64 armhf 0.3.1-1.2ubuntu3 [9364 B] 398s Get:26 http://ftpmaster.internal/ubuntu oracular/main armhf libkrad0 armhf 1.20.1-6ubuntu2 [20.1 kB] 398s Get:27 http://ftpmaster.internal/ubuntu oracular/main armhf libtalloc2 armhf 2.4.2-1build2 [25.9 kB] 398s Get:28 http://ftpmaster.internal/ubuntu oracular/main armhf libtdb1 armhf 1.4.10-1build1 [43.1 kB] 398s Get:29 http://ftpmaster.internal/ubuntu oracular/main armhf libtevent0t64 armhf 0.16.1-2build1 [38.1 kB] 398s Get:30 http://ftpmaster.internal/ubuntu oracular/main armhf libldb2 armhf 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [163 kB] 398s Get:31 http://ftpmaster.internal/ubuntu oracular/main armhf libnfsidmap1 armhf 1:2.6.4-4ubuntu1 [54.8 kB] 398s Get:32 http://ftpmaster.internal/ubuntu oracular/universe armhf libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 398s Get:33 http://ftpmaster.internal/ubuntu oracular/main armhf libpwquality-common all 1.4.5-3build1 [7748 B] 398s Get:34 http://ftpmaster.internal/ubuntu oracular/main armhf libpwquality1 armhf 1.4.5-3build1 [12.2 kB] 398s Get:35 http://ftpmaster.internal/ubuntu oracular/main armhf libpam-pwquality armhf 1.4.5-3build1 [11.4 kB] 398s Get:36 http://ftpmaster.internal/ubuntu oracular/main armhf libwbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [67.5 kB] 398s Get:37 http://ftpmaster.internal/ubuntu oracular/main armhf samba-libs armhf 2:4.19.5+dfsg-4ubuntu9 [5693 kB] 398s Get:38 http://ftpmaster.internal/ubuntu oracular/main armhf libsmbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [57.4 kB] 398s Get:39 http://ftpmaster.internal/ubuntu oracular/main armhf libnss-sss armhf 2.9.4-1.1ubuntu6 [29.2 kB] 398s Get:40 http://ftpmaster.internal/ubuntu oracular/main armhf libpam-sss armhf 2.9.4-1.1ubuntu6 [45.2 kB] 398s Get:41 http://ftpmaster.internal/ubuntu oracular/main armhf python3-sss armhf 2.9.4-1.1ubuntu6 [45.9 kB] 398s Get:42 http://ftpmaster.internal/ubuntu oracular/main armhf libsss-certmap0 armhf 2.9.4-1.1ubuntu6 [42.6 kB] 398s Get:43 http://ftpmaster.internal/ubuntu oracular/main armhf libsss-idmap0 armhf 2.9.4-1.1ubuntu6 [20.1 kB] 398s Get:44 http://ftpmaster.internal/ubuntu oracular/main armhf libsss-nss-idmap0 armhf 2.9.4-1.1ubuntu6 [27.6 kB] 398s Get:45 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-common armhf 2.9.4-1.1ubuntu6 [1068 kB] 399s Get:46 http://ftpmaster.internal/ubuntu oracular/universe armhf sssd-idp armhf 2.9.4-1.1ubuntu6 [24.8 kB] 399s Get:47 http://ftpmaster.internal/ubuntu oracular/universe armhf sssd-passkey armhf 2.9.4-1.1ubuntu6 [29.2 kB] 399s Get:48 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-ad-common armhf 2.9.4-1.1ubuntu6 [69.2 kB] 399s Get:49 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-krb5-common armhf 2.9.4-1.1ubuntu6 [81.2 kB] 399s Get:50 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-ad armhf 2.9.4-1.1ubuntu6 [129 kB] 399s Get:51 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-ipa armhf 2.9.4-1.1ubuntu6 [212 kB] 399s Get:52 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-krb5 armhf 2.9.4-1.1ubuntu6 [14.1 kB] 399s Get:53 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-ldap armhf 2.9.4-1.1ubuntu6 [31.1 kB] 399s Get:54 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-proxy armhf 2.9.4-1.1ubuntu6 [43.5 kB] 399s Get:55 http://ftpmaster.internal/ubuntu oracular/main armhf sssd armhf 2.9.4-1.1ubuntu6 [4118 B] 399s Get:56 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-dbus armhf 2.9.4-1.1ubuntu6 [94.2 kB] 399s Get:57 http://ftpmaster.internal/ubuntu oracular/universe armhf sssd-kcm armhf 2.9.4-1.1ubuntu6 [129 kB] 399s Get:58 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-tools armhf 2.9.4-1.1ubuntu6 [94.8 kB] 399s Get:59 http://ftpmaster.internal/ubuntu oracular/main armhf libipa-hbac-dev armhf 2.9.4-1.1ubuntu6 [6672 B] 399s Get:60 http://ftpmaster.internal/ubuntu oracular/main armhf libsss-certmap-dev armhf 2.9.4-1.1ubuntu6 [5736 B] 399s Get:61 http://ftpmaster.internal/ubuntu oracular/main armhf libsss-idmap-dev armhf 2.9.4-1.1ubuntu6 [8386 B] 399s Get:62 http://ftpmaster.internal/ubuntu oracular/main armhf libsss-nss-idmap-dev armhf 2.9.4-1.1ubuntu6 [6718 B] 399s Get:63 http://ftpmaster.internal/ubuntu oracular/universe armhf libsss-sudo armhf 2.9.4-1.1ubuntu6 [19.5 kB] 399s Get:64 http://ftpmaster.internal/ubuntu oracular/universe armhf python3-libipa-hbac armhf 2.9.4-1.1ubuntu6 [14.6 kB] 399s Get:65 http://ftpmaster.internal/ubuntu oracular/universe armhf python3-libsss-nss-idmap armhf 2.9.4-1.1ubuntu6 [8406 B] 401s Preconfiguring packages ... 401s Fetched 11.9 MB in 2s (7524 kB/s) 401s Selecting previously unselected package libltdl7:armhf. 401s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58418 files and directories currently installed.) 401s Preparing to unpack .../00-libltdl7_2.4.7-7build1_armhf.deb ... 401s Unpacking libltdl7:armhf (2.4.7-7build1) ... 401s Selecting previously unselected package libodbc2:armhf. 401s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu1_armhf.deb ... 401s Unpacking libodbc2:armhf (2.3.12-1ubuntu1) ... 401s Selecting previously unselected package slapd. 402s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8_armhf.deb ... 402s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 402s Selecting previously unselected package libtcl8.6:armhf. 402s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_armhf.deb ... 402s Unpacking libtcl8.6:armhf (8.6.14+dfsg-1build1) ... 402s Selecting previously unselected package tcl8.6. 403s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_armhf.deb ... 403s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 403s Selecting previously unselected package tcl-expect:armhf. 403s Preparing to unpack .../05-tcl-expect_5.45.4-3_armhf.deb ... 403s Unpacking tcl-expect:armhf (5.45.4-3) ... 403s Selecting previously unselected package expect. 404s Preparing to unpack .../06-expect_5.45.4-3_armhf.deb ... 404s Unpacking expect (5.45.4-3) ... 404s Selecting previously unselected package ldap-utils. 404s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8_armhf.deb ... 404s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 404s Selecting previously unselected package libavahi-common-data:armhf. 404s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_armhf.deb ... 404s Unpacking libavahi-common-data:armhf (0.8-13ubuntu6) ... 404s Selecting previously unselected package libavahi-common3:armhf. 404s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_armhf.deb ... 404s Unpacking libavahi-common3:armhf (0.8-13ubuntu6) ... 404s Selecting previously unselected package libavahi-client3:armhf. 404s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_armhf.deb ... 404s Unpacking libavahi-client3:armhf (0.8-13ubuntu6) ... 405s Selecting previously unselected package libbasicobjects0t64:armhf. 405s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_armhf.deb ... 405s Unpacking libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 405s Selecting previously unselected package libcares2:armhf. 405s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_armhf.deb ... 405s Unpacking libcares2:armhf (1.27.0-1.0ubuntu1) ... 405s Selecting previously unselected package libcollection4t64:armhf. 405s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_armhf.deb ... 405s Unpacking libcollection4t64:armhf (0.6.2-2.1build1) ... 405s Selecting previously unselected package libcrack2:armhf. 405s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_armhf.deb ... 405s Unpacking libcrack2:armhf (2.9.6-5.1build2) ... 405s Selecting previously unselected package libdhash1t64:armhf. 406s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_armhf.deb ... 406s Unpacking libdhash1t64:armhf (0.6.2-2.1build1) ... 406s Selecting previously unselected package libevent-2.1-7t64:armhf. 406s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-10_armhf.deb ... 406s Unpacking libevent-2.1-7t64:armhf (2.1.12-stable-10) ... 406s Selecting previously unselected package libpath-utils1t64:armhf. 406s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_armhf.deb ... 406s Unpacking libpath-utils1t64:armhf (0.6.2-2.1build1) ... 406s Selecting previously unselected package libref-array1t64:armhf. 406s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_armhf.deb ... 406s Unpacking libref-array1t64:armhf (0.6.2-2.1build1) ... 406s Selecting previously unselected package libini-config5t64:armhf. 406s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_armhf.deb ... 406s Unpacking libini-config5t64:armhf (0.6.2-2.1build1) ... 406s Selecting previously unselected package libipa-hbac0t64. 406s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6_armhf.deb ... 406s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 406s Selecting previously unselected package libjose0:armhf. 406s Preparing to unpack .../21-libjose0_13-1_armhf.deb ... 406s Unpacking libjose0:armhf (13-1) ... 406s Selecting previously unselected package libverto-libevent1t64:armhf. 406s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_armhf.deb ... 406s Unpacking libverto-libevent1t64:armhf (0.3.1-1.2ubuntu3) ... 406s Selecting previously unselected package libverto1t64:armhf. 406s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_armhf.deb ... 406s Unpacking libverto1t64:armhf (0.3.1-1.2ubuntu3) ... 407s Selecting previously unselected package libkrad0:armhf. 407s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2_armhf.deb ... 407s Unpacking libkrad0:armhf (1.20.1-6ubuntu2) ... 407s Selecting previously unselected package libtalloc2:armhf. 407s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_armhf.deb ... 407s Unpacking libtalloc2:armhf (2.4.2-1build2) ... 407s Selecting previously unselected package libtdb1:armhf. 407s Preparing to unpack .../26-libtdb1_1.4.10-1build1_armhf.deb ... 407s Unpacking libtdb1:armhf (1.4.10-1build1) ... 407s Selecting previously unselected package libtevent0t64:armhf. 407s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_armhf.deb ... 407s Unpacking libtevent0t64:armhf (0.16.1-2build1) ... 407s Selecting previously unselected package libldb2:armhf. 407s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_armhf.deb ... 407s Unpacking libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 407s Selecting previously unselected package libnfsidmap1:armhf. 407s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-4ubuntu1_armhf.deb ... 407s Unpacking libnfsidmap1:armhf (1:2.6.4-4ubuntu1) ... 407s Selecting previously unselected package libnss-sudo. 407s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 407s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 407s Selecting previously unselected package libpwquality-common. 407s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 407s Unpacking libpwquality-common (1.4.5-3build1) ... 407s Selecting previously unselected package libpwquality1:armhf. 407s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_armhf.deb ... 407s Unpacking libpwquality1:armhf (1.4.5-3build1) ... 407s Selecting previously unselected package libpam-pwquality:armhf. 407s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_armhf.deb ... 407s Unpacking libpam-pwquality:armhf (1.4.5-3build1) ... 407s Selecting previously unselected package libwbclient0:armhf. 408s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 408s Unpacking libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 408s Selecting previously unselected package samba-libs:armhf. 408s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 408s Unpacking samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 408s Selecting previously unselected package libsmbclient0:armhf. 408s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 408s Unpacking libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 408s Selecting previously unselected package libnss-sss:armhf. 409s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6_armhf.deb ... 409s Unpacking libnss-sss:armhf (2.9.4-1.1ubuntu6) ... 409s Selecting previously unselected package libpam-sss:armhf. 409s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6_armhf.deb ... 409s Unpacking libpam-sss:armhf (2.9.4-1.1ubuntu6) ... 409s Selecting previously unselected package python3-sss. 409s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6_armhf.deb ... 409s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 409s Selecting previously unselected package libsss-certmap0. 409s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6_armhf.deb ... 409s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 409s Selecting previously unselected package libsss-idmap0. 409s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6_armhf.deb ... 409s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 409s Selecting previously unselected package libsss-nss-idmap0. 409s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6_armhf.deb ... 409s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 409s Selecting previously unselected package sssd-common. 409s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6_armhf.deb ... 409s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 409s Selecting previously unselected package sssd-idp. 409s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6_armhf.deb ... 409s Unpacking sssd-idp (2.9.4-1.1ubuntu6) ... 409s Selecting previously unselected package sssd-passkey. 409s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6_armhf.deb ... 409s Unpacking sssd-passkey (2.9.4-1.1ubuntu6) ... 409s Selecting previously unselected package sssd-ad-common. 410s Preparing to unpack .../46-sssd-ad-common_2.9.4-1.1ubuntu6_armhf.deb ... 410s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 410s Selecting previously unselected package sssd-krb5-common. 410s Preparing to unpack .../47-sssd-krb5-common_2.9.4-1.1ubuntu6_armhf.deb ... 410s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 410s Selecting previously unselected package sssd-ad. 410s Preparing to unpack .../48-sssd-ad_2.9.4-1.1ubuntu6_armhf.deb ... 410s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 410s Selecting previously unselected package sssd-ipa. 410s Preparing to unpack .../49-sssd-ipa_2.9.4-1.1ubuntu6_armhf.deb ... 410s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 410s Selecting previously unselected package sssd-krb5. 410s Preparing to unpack .../50-sssd-krb5_2.9.4-1.1ubuntu6_armhf.deb ... 410s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 410s Selecting previously unselected package sssd-ldap. 411s Preparing to unpack .../51-sssd-ldap_2.9.4-1.1ubuntu6_armhf.deb ... 411s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 411s Selecting previously unselected package sssd-proxy. 411s Preparing to unpack .../52-sssd-proxy_2.9.4-1.1ubuntu6_armhf.deb ... 411s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 411s Selecting previously unselected package sssd. 411s Preparing to unpack .../53-sssd_2.9.4-1.1ubuntu6_armhf.deb ... 411s Unpacking sssd (2.9.4-1.1ubuntu6) ... 411s Selecting previously unselected package sssd-dbus. 411s Preparing to unpack .../54-sssd-dbus_2.9.4-1.1ubuntu6_armhf.deb ... 411s Unpacking sssd-dbus (2.9.4-1.1ubuntu6) ... 411s Selecting previously unselected package sssd-kcm. 411s Preparing to unpack .../55-sssd-kcm_2.9.4-1.1ubuntu6_armhf.deb ... 411s Unpacking sssd-kcm (2.9.4-1.1ubuntu6) ... 411s Selecting previously unselected package sssd-tools. 411s Preparing to unpack .../56-sssd-tools_2.9.4-1.1ubuntu6_armhf.deb ... 411s Unpacking sssd-tools (2.9.4-1.1ubuntu6) ... 411s Selecting previously unselected package libipa-hbac-dev. 411s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1.1ubuntu6_armhf.deb ... 411s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 411s Selecting previously unselected package libsss-certmap-dev. 411s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1.1ubuntu6_armhf.deb ... 411s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 411s Selecting previously unselected package libsss-idmap-dev. 411s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1.1ubuntu6_armhf.deb ... 411s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 411s Selecting previously unselected package libsss-nss-idmap-dev. 411s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6_armhf.deb ... 411s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 411s Selecting previously unselected package libsss-sudo. 411s Preparing to unpack .../61-libsss-sudo_2.9.4-1.1ubuntu6_armhf.deb ... 411s Unpacking libsss-sudo (2.9.4-1.1ubuntu6) ... 411s Selecting previously unselected package python3-libipa-hbac. 412s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1.1ubuntu6_armhf.deb ... 412s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 412s Selecting previously unselected package python3-libsss-nss-idmap. 412s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6_armhf.deb ... 412s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 412s Selecting previously unselected package autopkgtest-satdep. 412s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 412s Unpacking autopkgtest-satdep (0) ... 413s Setting up libpwquality-common (1.4.5-3build1) ... 413s Setting up libnfsidmap1:armhf (1:2.6.4-4ubuntu1) ... 413s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 413s Setting up libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 413s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 413s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6) ... 413s Setting up libref-array1t64:armhf (0.6.2-2.1build1) ... 413s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6) ... 413s Setting up libtdb1:armhf (1.4.10-1build1) ... 413s Setting up libcollection4t64:armhf (0.6.2-2.1build1) ... 413s Setting up libevent-2.1-7t64:armhf (2.1.12-stable-10) ... 413s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 413s Setting up libjose0:armhf (13-1) ... 413s Setting up libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 413s Setting up libtalloc2:armhf (2.4.2-1build2) ... 413s Setting up libpath-utils1t64:armhf (0.6.2-2.1build1) ... 413s Setting up libavahi-common-data:armhf (0.8-13ubuntu6) ... 413s Setting up libcares2:armhf (1.27.0-1.0ubuntu1) ... 413s Setting up libdhash1t64:armhf (0.6.2-2.1build1) ... 413s Setting up libtcl8.6:armhf (8.6.14+dfsg-1build1) ... 413s Setting up libltdl7:armhf (2.4.7-7build1) ... 413s Setting up libcrack2:armhf (2.9.6-5.1build2) ... 413s Setting up libodbc2:armhf (2.3.12-1ubuntu1) ... 413s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6) ... 413s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 413s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 413s Setting up libini-config5t64:armhf (0.6.2-2.1build1) ... 413s Setting up libtevent0t64:armhf (0.16.1-2build1) ... 413s Setting up libnss-sss:armhf (2.9.4-1.1ubuntu6) ... 413s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 415s Creating new user openldap... done. 415s Creating initial configuration... done. 415s Creating LDAP directory... done. 415s apparmor_parser: Unable to replace "/usr/sbin/slapd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 415s 416s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 416s Setting up libsss-sudo (2.9.4-1.1ubuntu6) ... 416s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6) ... 416s Setting up libavahi-common3:armhf (0.8-13ubuntu6) ... 416s Setting up tcl-expect:armhf (5.45.4-3) ... 416s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 416s Setting up libpwquality1:armhf (1.4.5-3build1) ... 416s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6) ... 416s Setting up libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 416s Setting up libavahi-client3:armhf (0.8-13ubuntu6) ... 416s Setting up expect (5.45.4-3) ... 416s Setting up libpam-pwquality:armhf (1.4.5-3build1) ... 417s Setting up samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 417s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6) ... 417s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 417s Setting up libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 417s Setting up libpam-sss:armhf (2.9.4-1.1ubuntu6) ... 418s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 418s Creating SSSD system user & group... 419s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 419s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 419s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 419s apparmor_parser: Unable to replace "/usr/sbin/sssd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 419s 420s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 420s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 421s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 421s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 421s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 422s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 422s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 423s sssd-autofs.service is a disabled or a static unit, not starting it. 423s sssd-nss.service is a disabled or a static unit, not starting it. 423s sssd-pam.service is a disabled or a static unit, not starting it. 423s sssd-ssh.service is a disabled or a static unit, not starting it. 424s sssd-sudo.service is a disabled or a static unit, not starting it. 424s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 424s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 424s Setting up sssd-kcm (2.9.4-1.1ubuntu6) ... 424s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 426s sssd-kcm.service is a disabled or a static unit, not starting it. 426s Setting up sssd-dbus (2.9.4-1.1ubuntu6) ... 427s sssd-ifp.service is a disabled or a static unit, not starting it. 427s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 428s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 429s sssd-pac.service is a disabled or a static unit, not starting it. 429s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 429s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 429s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 429s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 429s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 429s Setting up sssd-tools (2.9.4-1.1ubuntu6) ... 429s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 429s Setting up sssd (2.9.4-1.1ubuntu6) ... 429s Setting up libverto-libevent1t64:armhf (0.3.1-1.2ubuntu3) ... 429s Setting up libverto1t64:armhf (0.3.1-1.2ubuntu3) ... 429s Setting up libkrad0:armhf (1.20.1-6ubuntu2) ... 429s Setting up sssd-passkey (2.9.4-1.1ubuntu6) ... 429s Setting up sssd-idp (2.9.4-1.1ubuntu6) ... 429s Setting up autopkgtest-satdep (0) ... 429s Processing triggers for libc-bin (2.39-0ubuntu8.1) ... 429s Processing triggers for ufw (0.36.2-6) ... 429s Processing triggers for man-db (2.12.1-2) ... 430s Processing triggers for dbus (1.14.10-4ubuntu4) ... 502s (Reading database ... 59708 files and directories currently installed.) 502s Removing autopkgtest-satdep (0) ... 507s autopkgtest [15:02:28]: test ldap-user-group-ldap-auth: [----------------------- 511s + . debian/tests/util 511s + . debian/tests/common-tests 511s + mydomain=example.com 511s + myhostname=ldap.example.com 511s + mysuffix=dc=example,dc=com 511s + admin_dn=cn=admin,dc=example,dc=com 511s + admin_pw=secret 511s + ldap_user=testuser1 511s + ldap_user_pw=testuser1secret 511s + ldap_group=ldapusers 511s + adjust_hostname ldap.example.com 511s + local myhostname=ldap.example.com 511s + echo ldap.example.com 511s + hostname ldap.example.com 511s + grep -qE ldap.example.com /etc/hosts 511s + echo 127.0.1.10 ldap.example.com 511s + reconfigure_slapd 511s + debconf-set-selections 511s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 511s + dpkg-reconfigure -fnoninteractive -pcritical slapd 514s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 514s Moving old database directory to /var/backups: 514s - directory unknown... done. 514s Creating initial configuration... done. 514s Creating LDAP directory... done. 514s apparmor_parser: Unable to replace "/usr/sbin/slapd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 514s 516s + generate_certs ldap.example.com 516s + local cn=ldap.example.com 516s + local cert=/etc/ldap/server.pem 516s + local key=/etc/ldap/server.key 516s + local cnf=/etc/ldap/openssl.cnf 516s + cat 516s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 516s .....++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 516s .............................................................................................................++++++++++++++++++++++++++++++++++++++++++modifying entry "cn=config" 516s 516s ++++++++++++++++++++++ 516s ----- 516s + chmod 0640 /etc/ldap/server.key 516s + chgrp openldap /etc/ldap/server.key 516s + [ ! -f /etc/ldap/server.pem ] 516s + [ ! -f /etc/ldap/server.key ] 516s + enable_ldap_ssl 516s + cat 516s + cat 516s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 516s + populate_ldap_rfc2307 516s + cat 516s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 516s adding new entry "ou=People,dc=example,dc=com" 516s 516s adding new entry "ou=Group,dc=example,dc=com" 516s 516s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 516s 516s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 516s 516s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 516s 516s + configure_sssd_ldap_rfc2307 516s + cat 516s + chmod 0600 /etc/sssd/sssd.conf 516s + systemctl restart sssd 516s + enable_pam_mkhomedir 516s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 516s Assert local user databases do not have our LDAP test data 516s + echo session optional pam_mkhomedir.so 516s + run_common_tests 516s + echo Assert local user databases do not have our LDAP test data 516s + check_local_user testuser1 516s + local local_user=testuser1 516s + grep -q ^testuser1 /etc/passwd 516s + check_local_group testuser1 516s + local local_group=testuser1 516s + grep -q ^testuser1 /etc/group 516s + check_local_group ldapusers 516s + local local_group=ldapusers 516s + grep -q ^ldapusers /etc/group 516s + echo The LDAP user is known to the system via getent 516s + check_getent_user testuser1 516s + local getent_user=testuser1 516s + local output 516s The LDAP user is known to the system via getent 516s + getent passwd testuser1 517s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 517s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 517s + echo The LDAP user's private group is known to the system via getent 517s + check_getent_group testuser1 517s + local getent_group=testuser1 517s + local output 517s The LDAP user's private group is known to the system via getent 517s + getent group testuser1 517s + output=testuser1:*:10001:testuser1 517s + [ -z testuser1:*:10001:testuser1 ] 517s The LDAP group ldapusers is known to the system via getent 517s + echo The LDAP group ldapusers is known to the system via getent 517s + check_getent_group ldapusers 517s + local getent_group=ldapusers 517s + local output 517s + getent group ldapusers 517s + output=ldapusers:*:10100:testuser1 517s + [ -z ldapusers:*:10100:testuser1 ] 517s + echo The id(1) command can resolve the group membership of the LDAP user 517s The id(1) command can resolve the group membership of the LDAP user 517s + id -Gn testuser1 517s + output=testuser1 ldapusers 517s + [ testuser1 ldapusers != testuser1 ldapusers ] 517s + echo The LDAP user can login on a terminal 517s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 517s The LDAP user can login on a terminal 517s spawn login 517s ldap.example.com login: testuser1 517s Password: 517s Welcome to Ubuntu Oracular Oriole (development branch) (GNU/Linux 6.5.0-35-generic armv7l) 517s 517s * Documentation: https://help.ubuntu.com 517s * Management: https://landscape.canonical.com 517s * Support: https://ubuntu.com/pro 517s 517s The programs included with the Ubuntu system are free software; 517s the exact distribution terms for each program are described in the 517s individual files in /usr/share/doc/*/copyright. 517s 517s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 517s applicable law. 517s 517s 517s The programs included with the Ubuntu system are free software; 517s the exact distribution terms for each program are described in the 517s individual files in /usr/share/doc/*/copyright. 517s 517s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 517s applicable law. 517s 517s Creating directory '/home/testuser1'. 517s testuser1@ldap:~$ id -un 517s testuser1 518s testuser1@ldap:~$ autopkgtest [15:02:39]: test ldap-user-group-ldap-auth: -----------------------] 522s autopkgtest [15:02:43]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 522s ldap-user-group-ldap-auth PASS 525s autopkgtest [15:02:46]: test ldap-user-group-krb5-auth: preparing testbed 536s Reading package lists... 536s Building dependency tree... 536s Reading state information... 537s Starting pkgProblemResolver with broken count: 0 537s Starting 2 pkgProblemResolver with broken count: 0 537s Done 538s The following additional packages will be installed: 538s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 538s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 538s Suggested packages: 538s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 538s The following NEW packages will be installed: 538s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 538s libgssrpc4t64 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 539s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 539s Need to get 561 kB/561 kB of archives. 539s After this operation, 1649 kB of additional disk space will be used. 539s Get:1 /tmp/autopkgtest.IeyOLF/2-autopkgtest-satdep.deb autopkgtest-satdep armhf 0 [888 B] 540s Get:2 http://ftpmaster.internal/ubuntu oracular/main armhf krb5-config all 2.7 [22.0 kB] 540s Get:3 http://ftpmaster.internal/ubuntu oracular/main armhf libgssrpc4t64 armhf 1.20.1-6ubuntu2 [51.5 kB] 541s Get:4 http://ftpmaster.internal/ubuntu oracular/main armhf libkadm5clnt-mit12 armhf 1.20.1-6ubuntu2 [35.3 kB] 541s Get:5 http://ftpmaster.internal/ubuntu oracular/main armhf libkdb5-10t64 armhf 1.20.1-6ubuntu2 [35.0 kB] 541s Get:6 http://ftpmaster.internal/ubuntu oracular/main armhf libkadm5srv-mit12 armhf 1.20.1-6ubuntu2 [45.7 kB] 541s Get:7 http://ftpmaster.internal/ubuntu oracular/universe armhf krb5-user armhf 1.20.1-6ubuntu2 [110 kB] 541s Get:8 http://ftpmaster.internal/ubuntu oracular/universe armhf krb5-kdc armhf 1.20.1-6ubuntu2 [170 kB] 541s Get:9 http://ftpmaster.internal/ubuntu oracular/universe armhf krb5-admin-server armhf 1.20.1-6ubuntu2 [91.1 kB] 543s Preconfiguring packages ... 545s Fetched 561 kB in 3s (221 kB/s) 545s Selecting previously unselected package krb5-config. 545s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 59708 files and directories currently installed.) 545s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 545s Unpacking krb5-config (2.7) ... 545s Selecting previously unselected package libgssrpc4t64:armhf. 545s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2_armhf.deb ... 545s Unpacking libgssrpc4t64:armhf (1.20.1-6ubuntu2) ... 545s Selecting previously unselected package libkadm5clnt-mit12:armhf. 545s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2_armhf.deb ... 545s Unpacking libkadm5clnt-mit12:armhf (1.20.1-6ubuntu2) ... 545s Selecting previously unselected package libkdb5-10t64:armhf. 545s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2_armhf.deb ... 545s Unpacking libkdb5-10t64:armhf (1.20.1-6ubuntu2) ... 545s Selecting previously unselected package libkadm5srv-mit12:armhf. 545s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2_armhf.deb ... 545s Unpacking libkadm5srv-mit12:armhf (1.20.1-6ubuntu2) ... 545s Selecting previously unselected package krb5-user. 545s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2_armhf.deb ... 545s Unpacking krb5-user (1.20.1-6ubuntu2) ... 545s Selecting previously unselected package krb5-kdc. 545s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2_armhf.deb ... 545s Unpacking krb5-kdc (1.20.1-6ubuntu2) ... 545s Selecting previously unselected package krb5-admin-server. 545s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2_armhf.deb ... 545s Unpacking krb5-admin-server (1.20.1-6ubuntu2) ... 545s Selecting previously unselected package autopkgtest-satdep. 545s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 545s Unpacking autopkgtest-satdep (0) ... 545s Setting up libgssrpc4t64:armhf (1.20.1-6ubuntu2) ... 545s Setting up krb5-config (2.7) ... 546s Setting up libkadm5clnt-mit12:armhf (1.20.1-6ubuntu2) ... 546s Setting up libkdb5-10t64:armhf (1.20.1-6ubuntu2) ... 546s Setting up libkadm5srv-mit12:armhf (1.20.1-6ubuntu2) ... 546s Setting up krb5-user (1.20.1-6ubuntu2) ... 546s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 546s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 546s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 546s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 546s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 546s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 546s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 546s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 546s Setting up krb5-kdc (1.20.1-6ubuntu2) ... 547s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 548s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 548s Setting up krb5-admin-server (1.20.1-6ubuntu2) ... 548s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 549s Setting up autopkgtest-satdep (0) ... 549s Processing triggers for man-db (2.12.1-2) ... 549s Processing triggers for libc-bin (2.39-0ubuntu8.1) ... 613s (Reading database ... 59803 files and directories currently installed.) 613s Removing autopkgtest-satdep (0) ... 619s autopkgtest [15:04:20]: test ldap-user-group-krb5-auth: [----------------------- 621s + . debian/tests/util 621s + . debian/tests/common-tests 621s + mydomain=example.com 621s + myhostname=ldap.example.com 621s + mysuffix=dc=example,dc=com 621s + myrealm=EXAMPLE.COM 621s + admin_dn=cn=admin,dc=example,dc=com 621s + admin_pw=secret 621s + ldap_user=testuser1 621s + ldap_user_pw=testuser1secret 621s + kerberos_principal_pw=testuser1kerberos 621s + ldap_group=ldapusers 621s + adjust_hostname ldap.example.com 621s + local myhostname=ldap.example.com 621s + echo ldap.example.com 621s + hostname ldap.example.com 621s + grep -qE ldap.example.com /etc/hosts 621s + reconfigure_slapd 621s + debconf-set-selections 621s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8-20240614-150235.ldapdb 621s + dpkg-reconfigure -fnoninteractive -pcritical slapd 622s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 622s Moving old database directory to /var/backups: 622s - directory unknown... done. 622s Creating initial configuration... done. 622s Creating LDAP directory... done. 622s apparmor_parser: Unable to replace "/usr/sbin/slapd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 622s 624s + generate_certs ldap.example.com 624s + local cn=ldap.example.com 624s + local cert=/etc/ldap/server.pem 624s + local key=/etc/ldap/server.key 624s + local cnf=/etc/ldap/openssl.cnf 624s + cat 624s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 624s ..................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 624s ........................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 624s ----- 624s + chmod 0640 /etc/ldap/server.key 624s + chgrp openldap /etc/ldap/server.key 624s + [ ! -f /etc/ldap/server.pem ] 624s + [ ! -f /etc/ldap/server.key ] 624s + enable_ldap_ssl 624s + cat 624s + cat 624s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 624s modifying entry "cn=config" 624s 624s + populate_ldap_rfc2307 624s + cat 624s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 624s adding new entry "ou=People,dc=example,dc=com" 624s 624s adding new entry "ou=Group,dc=example,dc=com" 624s 624s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 624s 624s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 624s 624s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 624s 624s + create_realm EXAMPLE.COM ldap.example.com 624s + local realm_name=EXAMPLE.COM 624s + local kerberos_server=ldap.example.com 624s + rm -rf /var/lib/krb5kdc/* 624s + rm -rf /etc/krb5kdc/kdc.conf 624s + rm -f /etc/krb5.keytab 624s + cat 624s + cat 624s + echo # */admin * 624s + kdb5_util create -s -P secretpassword 624s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 624s master key name 'K/M@EXAMPLE.COM' 624s + systemctl restart krb5-kdc.service krb5-admin-server.service 624s + create_krb_principal testuser1 testuser1kerberos 624s + local principal=testuser1 624s + local password=testuser1kerberos 624s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 624s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 624s Authenticating as principal root/admin@EXAMPLE.COM with password. 624s Principal "testuser1@EXAMPLE.COM" created. 624s + configure_sssd_ldap_rfc2307_krb5_auth 624s + cat 624s + chmod 0600 /etc/sssd/sssd.conf 624s + systemctl restart sssd 625s + enable_pam_mkhomedir 625s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 625s + run_common_tests 625s + echo Assert local user databases do not have our LDAP test data 625s + check_local_user testuser1 625s + local local_user=testuser1 625s + grep -q ^testuser1 /etc/passwd 625s Assert local user databases do not have our LDAP test data 625s + check_local_group testuser1 625s + local local_group=testuser1 625s + grep -q ^testuser1 /etc/group 625s + check_local_group ldapusers 625s + local local_group=ldapusers 625s + grep -q ^ldapusers /etc/group 625s + echo The LDAP user is known to the system via getent 625s + check_getent_user testuser1 625s + local getent_user=testuser1 625s + local output 625s The LDAP user is known to the system via getent 625s + getent passwd testuser1 625s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 625s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 625s + echo The LDAP user's private group is known to the system via getent 625s + check_getent_group testuser1 625s + local getent_group=testuser1 625s + localThe LDAP user's private group is known to the system via getent 625s output 625s + getent group testuser1 625s The LDAP group ldapusers is known to the system via getent 625s The id(1) command can resolve the group membership of the LDAP user 625s The Kerberos principal can login on a terminal 625s spawn login 625s + output=testuser1:*:10001:testuser1 625s + [ -z testuser1:*:10001:testuser1 ] 625s + echo The LDAP group ldapusers is known to the system via getent 625s + check_getent_group ldapusers 625s + local getent_group=ldapusers 625s + local output 625s + getent group ldapusers 625s + output=ldapusers:*:10100:testuser1 625s + [ -z ldapusers:*:10100:testuser1 ] 625s + echo The id(1) command can resolve the group membership of the LDAP user 625s + id -Gn testuser1 625s + output=testuser1 ldapusers 625s + [ testuser1 ldapusers != testuser1 ldapusers ] 625s + echo The Kerberos principal can login on a terminal 625s + kdestroy 625s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 625s ldap.example.com login: testuser1 625s Password: 625s Welcome to Ubuntu Oracular Oriole (development branch) (GNU/Linux 6.5.0-35-generic armv7l) 625s 625s * Documentation: https://help.ubuntu.com 625s * Management: https://landscape.canonical.com 625s * Support: https://ubuntu.com/pro 625s 625s 625s The programs included with the Ubuntu system are free software; 625s the exact distribution terms for each program are described in the 625s individual files in /usr/share/doc/*/copyright. 625s 625s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 625s applicable law. 625s 625s testuser1@ldap:~$ id -un 625s testuser1 625s testuser1@ldap:~$ klist 625s Ticket cache: FILE:/tmp/krb5cc_10001_PxMjFn 625s Default principal: testuser1@EXAMPLE.COM 625s 625s Valid starting Expires Service principal 625s 06/14/24 15:04:26 06/15/24 01:04:26 krbtgt/EXAMPLE.COM@EXAMPLE.COM 625s renew until 06/15/24 15:04:26 625s /tmp/autopkgtest.IeyOLF/wrapper.sh: Killing leaked background processes: 4577 625s PID TTY STAT TIME COMMAND 625s /tmp/autopkgtest.IeyOLF/wrapper.sh: 235: kill: No such process 625s 625s /tmp/autopkgtest.IeyOLF/wrapper.sh: 237: kill: No such process 625s 626s autopkgtest [15:04:27]: test ldap-user-group-krb5-auth: -----------------------] 629s autopkgtest [15:04:30]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 629s ldap-user-group-krb5-auth PASS 633s autopkgtest [15:04:34]: test sssd-softhism2-certificates-tests.sh: preparing testbed 663s autopkgtest [15:05:04]: testbed dpkg architecture: armhf 665s autopkgtest [15:05:06]: testbed apt version: 2.9.3 665s autopkgtest [15:05:06]: @@@@@@@@@@@@@@@@@@@@ test bed setup 673s Get:1 http://ftpmaster.internal/ubuntu oracular-proposed InRelease [110 kB] 674s Get:2 http://ftpmaster.internal/ubuntu oracular-proposed/universe Sources [342 kB] 675s Get:3 http://ftpmaster.internal/ubuntu oracular-proposed/restricted Sources [7052 B] 675s Get:4 http://ftpmaster.internal/ubuntu oracular-proposed/multiverse Sources [2576 B] 675s Get:5 http://ftpmaster.internal/ubuntu oracular-proposed/main Sources [38.8 kB] 675s Get:6 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf Packages [47.1 kB] 675s Get:7 http://ftpmaster.internal/ubuntu oracular-proposed/restricted armhf Packages [1860 B] 675s Get:8 http://ftpmaster.internal/ubuntu oracular-proposed/universe armhf Packages [283 kB] 675s Get:9 http://ftpmaster.internal/ubuntu oracular-proposed/multiverse armhf Packages [2528 B] 675s Fetched 835 kB in 2s (391 kB/s) 675s Reading package lists... 692s tee: /proc/self/fd/2: Permission denied 736s Hit:1 http://ftpmaster.internal/ubuntu oracular-proposed InRelease 736s Hit:2 http://ftpmaster.internal/ubuntu oracular InRelease 736s Hit:3 http://ftpmaster.internal/ubuntu oracular-updates InRelease 736s Hit:4 http://ftpmaster.internal/ubuntu oracular-security InRelease 737s Reading package lists... 738s Reading package lists... 738s Building dependency tree... 738s Reading state information... 738s Calculating upgrade... 739s The following package was automatically installed and is no longer required: 739s systemd-dev 739s Use 'apt autoremove' to remove it. 739s The following packages will be upgraded: 739s fwupd libdrm-common libdrm2 libfwupd2 libnss-systemd libpam-systemd 739s libsystemd-shared libsystemd0 libudev1 systemd systemd-dev systemd-resolved 739s systemd-sysv systemd-timesyncd udev 739s 15 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 739s Need to get 13.7 MB of archives. 739s After this operation, 1444 kB of additional disk space will be used. 739s Get:1 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf systemd-dev all 256-1ubuntu1 [111 kB] 739s Get:2 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf systemd-timesyncd armhf 256-1ubuntu1 [36.3 kB] 739s Get:3 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf systemd-resolved armhf 256-1ubuntu1 [306 kB] 740s Get:4 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf libsystemd-shared armhf 256-1ubuntu1 [2114 kB] 740s Get:5 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf libsystemd0 armhf 256-1ubuntu1 [420 kB] 740s Get:6 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf systemd-sysv armhf 256-1ubuntu1 [11.8 kB] 740s Get:7 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf libnss-systemd armhf 256-1ubuntu1 [153 kB] 740s Get:8 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf libpam-systemd armhf 256-1ubuntu1 [224 kB] 740s Get:9 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf systemd armhf 256-1ubuntu1 [3681 kB] 740s Get:10 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf udev armhf 256-1ubuntu1 [1941 kB] 740s Get:11 http://ftpmaster.internal/ubuntu oracular-proposed/main armhf libudev1 armhf 256-1ubuntu1 [185 kB] 740s Get:12 http://ftpmaster.internal/ubuntu oracular/main armhf libdrm-common all 2.4.121-2 [8330 B] 740s Get:13 http://ftpmaster.internal/ubuntu oracular/main armhf libdrm2 armhf 2.4.121-2 [36.6 kB] 740s Get:14 http://ftpmaster.internal/ubuntu oracular/main armhf libfwupd2 armhf 1.9.21-1 [125 kB] 740s Get:15 http://ftpmaster.internal/ubuntu oracular/main armhf fwupd armhf 1.9.21-1 [4374 kB] 742s Fetched 13.7 MB in 1s (13.3 MB/s) 742s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58401 files and directories currently installed.) 742s Preparing to unpack .../systemd-dev_256-1ubuntu1_all.deb ... 742s Unpacking systemd-dev (256-1ubuntu1) over (255.4-1ubuntu8) ... 742s Preparing to unpack .../systemd-timesyncd_256-1ubuntu1_armhf.deb ... 742s Unpacking systemd-timesyncd (256-1ubuntu1) over (255.4-1ubuntu8) ... 742s Preparing to unpack .../systemd-resolved_256-1ubuntu1_armhf.deb ... 742s Unpacking systemd-resolved (256-1ubuntu1) over (255.4-1ubuntu8) ... 742s Preparing to unpack .../libsystemd-shared_256-1ubuntu1_armhf.deb ... 742s Unpacking libsystemd-shared:armhf (256-1ubuntu1) over (255.4-1ubuntu8) ... 742s Preparing to unpack .../libsystemd0_256-1ubuntu1_armhf.deb ... 742s Unpacking libsystemd0:armhf (256-1ubuntu1) over (255.4-1ubuntu8) ... 743s Setting up libsystemd0:armhf (256-1ubuntu1) ... 743s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58403 files and directories currently installed.) 743s Preparing to unpack .../0-systemd-sysv_256-1ubuntu1_armhf.deb ... 743s Unpacking systemd-sysv (256-1ubuntu1) over (255.4-1ubuntu8) ... 743s Preparing to unpack .../1-libnss-systemd_256-1ubuntu1_armhf.deb ... 743s Unpacking libnss-systemd:armhf (256-1ubuntu1) over (255.4-1ubuntu8) ... 743s Preparing to unpack .../2-libpam-systemd_256-1ubuntu1_armhf.deb ... 743s Unpacking libpam-systemd:armhf (256-1ubuntu1) over (255.4-1ubuntu8) ... 743s Preparing to unpack .../3-systemd_256-1ubuntu1_armhf.deb ... 743s Unpacking systemd (256-1ubuntu1) over (255.4-1ubuntu8) ... 743s Preparing to unpack .../4-udev_256-1ubuntu1_armhf.deb ... 744s Unpacking udev (256-1ubuntu1) over (255.4-1ubuntu8) ... 744s Preparing to unpack .../5-libudev1_256-1ubuntu1_armhf.deb ... 744s Unpacking libudev1:armhf (256-1ubuntu1) over (255.4-1ubuntu8) ... 744s Setting up libudev1:armhf (256-1ubuntu1) ... 744s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58465 files and directories currently installed.) 744s Preparing to unpack .../libdrm-common_2.4.121-2_all.deb ... 744s Unpacking libdrm-common (2.4.121-2) over (2.4.120-2build1) ... 744s Preparing to unpack .../libdrm2_2.4.121-2_armhf.deb ... 744s Unpacking libdrm2:armhf (2.4.121-2) over (2.4.120-2build1) ... 744s Preparing to unpack .../libfwupd2_1.9.21-1_armhf.deb ... 744s Unpacking libfwupd2:armhf (1.9.21-1) over (1.9.20-1) ... 744s Preparing to unpack .../fwupd_1.9.21-1_armhf.deb ... 744s Unpacking fwupd (1.9.21-1) over (1.9.20-1) ... 745s Setting up libfwupd2:armhf (1.9.21-1) ... 745s Setting up systemd-dev (256-1ubuntu1) ... 745s Setting up libsystemd-shared:armhf (256-1ubuntu1) ... 745s Setting up libdrm-common (2.4.121-2) ... 745s Setting up systemd (256-1ubuntu1) ... 745s Installing new version of config file /etc/systemd/journald.conf ... 745s Installing new version of config file /etc/systemd/logind.conf ... 745s Installing new version of config file /etc/systemd/networkd.conf ... 745s Installing new version of config file /etc/systemd/sleep.conf ... 745s Installing new version of config file /etc/systemd/system.conf ... 745s /usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring. 745s Created symlink '/run/systemd/system/tmp.mount' → '/dev/null'. 746s /usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring. 747s Setting up systemd-timesyncd (256-1ubuntu1) ... 748s Setting up udev (256-1ubuntu1) ... 749s Setting up libdrm2:armhf (2.4.121-2) ... 749s Setting up fwupd (1.9.21-1) ... 750s fwupd-offline-update.service is a disabled or a static unit not running, not starting it. 750s fwupd-refresh.service is a disabled or a static unit not running, not starting it. 750s fwupd.service is a disabled or a static unit not running, not starting it. 750s Setting up systemd-resolved (256-1ubuntu1) ... 750s Installing new version of config file /etc/systemd/resolved.conf ... 752s Setting up systemd-sysv (256-1ubuntu1) ... 752s Setting up libnss-systemd:armhf (256-1ubuntu1) ... 752s Setting up libpam-systemd:armhf (256-1ubuntu1) ... 752s Processing triggers for libc-bin (2.39-0ubuntu8.1) ... 752s Processing triggers for man-db (2.12.1-2) ... 753s Processing triggers for dbus (1.14.10-4ubuntu4) ... 753s Processing triggers for shared-mime-info (2.4-5) ... 753s Warning: program compiled against libxml 212 using older 209 754s Processing triggers for initramfs-tools (0.142ubuntu28) ... 754s Reading package lists... 754s Building dependency tree... 754s Reading state information... 755s The following packages will be REMOVED: 755s systemd-dev* 756s 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. 756s After this operation, 760 kB disk space will be freed. 756s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58465 files and directories currently installed.) 756s Removing systemd-dev (256-1ubuntu1) ... 758s autopkgtest [15:06:39]: rebooting testbed after setup commands that affected boot 868s Reading package lists... 869s Building dependency tree... 869s Reading state information... 869s Starting pkgProblemResolver with broken count: 0 869s Starting 2 pkgProblemResolver with broken count: 0 869s Done 870s The following additional packages will be installed: 870s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 870s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 870s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 870s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 870s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 870s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 870s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 870s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 870s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 870s Suggested packages: 870s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 870s Recommended packages: 870s cracklib-runtime libsasl2-modules-gssapi-mit 870s | libsasl2-modules-gssapi-heimdal ldap-utils 870s The following NEW packages will be installed: 870s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 870s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 870s libdhash1t64 libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 870s libipa-hbac0t64 libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 870s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 870s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 870s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 870s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 870s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 870s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 870s Need to get 9537 kB/9538 kB of archives. 870s After this operation, 28.2 MB of additional disk space will be used. 870s Get:1 /tmp/autopkgtest.IeyOLF/3-autopkgtest-satdep.deb autopkgtest-satdep armhf 0 [744 B] 870s Get:2 http://ftpmaster.internal/ubuntu oracular/main armhf libevent-2.1-7t64 armhf 2.1.12-stable-10 [127 kB] 870s Get:3 http://ftpmaster.internal/ubuntu oracular/main armhf libunbound8 armhf 1.19.2-1ubuntu3 [408 kB] 871s Get:4 http://ftpmaster.internal/ubuntu oracular/main armhf libgnutls-dane0t64 armhf 3.8.5-4ubuntu1 [33.5 kB] 871s Get:5 http://ftpmaster.internal/ubuntu oracular/universe armhf gnutls-bin armhf 3.8.5-4ubuntu1 [277 kB] 871s Get:6 http://ftpmaster.internal/ubuntu oracular/main armhf libavahi-common-data armhf 0.8-13ubuntu6 [29.7 kB] 871s Get:7 http://ftpmaster.internal/ubuntu oracular/main armhf libavahi-common3 armhf 0.8-13ubuntu6 [20.2 kB] 871s Get:8 http://ftpmaster.internal/ubuntu oracular/main armhf libavahi-client3 armhf 0.8-13ubuntu6 [24.2 kB] 871s Get:9 http://ftpmaster.internal/ubuntu oracular/main armhf libbasicobjects0t64 armhf 0.6.2-2.1build1 [5410 B] 871s Get:10 http://ftpmaster.internal/ubuntu oracular/main armhf libcares2 armhf 1.27.0-1.0ubuntu1 [62.7 kB] 871s Get:11 http://ftpmaster.internal/ubuntu oracular/main armhf libcollection4t64 armhf 0.6.2-2.1build1 [18.7 kB] 871s Get:12 http://ftpmaster.internal/ubuntu oracular/main armhf libcrack2 armhf 2.9.6-5.1build2 [27.4 kB] 871s Get:13 http://ftpmaster.internal/ubuntu oracular/main armhf libdhash1t64 armhf 0.6.2-2.1build1 [7880 B] 871s Get:14 http://ftpmaster.internal/ubuntu oracular/main armhf libpath-utils1t64 armhf 0.6.2-2.1build1 [7766 B] 871s Get:15 http://ftpmaster.internal/ubuntu oracular/main armhf libref-array1t64 armhf 0.6.2-2.1build1 [6330 B] 871s Get:16 http://ftpmaster.internal/ubuntu oracular/main armhf libini-config5t64 armhf 0.6.2-2.1build1 [37.2 kB] 871s Get:17 http://ftpmaster.internal/ubuntu oracular/main armhf libipa-hbac0t64 armhf 2.9.4-1.1ubuntu6 [16.9 kB] 871s Get:18 http://ftpmaster.internal/ubuntu oracular/main armhf libtalloc2 armhf 2.4.2-1build2 [25.9 kB] 871s Get:19 http://ftpmaster.internal/ubuntu oracular/main armhf libtdb1 armhf 1.4.10-1build1 [43.1 kB] 871s Get:20 http://ftpmaster.internal/ubuntu oracular/main armhf libtevent0t64 armhf 0.16.1-2build1 [38.1 kB] 871s Get:21 http://ftpmaster.internal/ubuntu oracular/main armhf libldb2 armhf 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [163 kB] 871s Get:22 http://ftpmaster.internal/ubuntu oracular/main armhf libnfsidmap1 armhf 1:2.6.4-4ubuntu1 [54.8 kB] 871s Get:23 http://ftpmaster.internal/ubuntu oracular/main armhf libpwquality-common all 1.4.5-3build1 [7748 B] 871s Get:24 http://ftpmaster.internal/ubuntu oracular/main armhf libpwquality1 armhf 1.4.5-3build1 [12.2 kB] 871s Get:25 http://ftpmaster.internal/ubuntu oracular/main armhf libpam-pwquality armhf 1.4.5-3build1 [11.4 kB] 871s Get:26 http://ftpmaster.internal/ubuntu oracular/main armhf libwbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [67.5 kB] 871s Get:27 http://ftpmaster.internal/ubuntu oracular/main armhf samba-libs armhf 2:4.19.5+dfsg-4ubuntu9 [5693 kB] 871s Get:28 http://ftpmaster.internal/ubuntu oracular/main armhf libsmbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [57.4 kB] 871s Get:29 http://ftpmaster.internal/ubuntu oracular/universe armhf softhsm2-common armhf 2.6.1-2.2ubuntu3 [6194 B] 871s Get:30 http://ftpmaster.internal/ubuntu oracular/universe armhf libsofthsm2 armhf 2.6.1-2.2ubuntu3 [230 kB] 871s Get:31 http://ftpmaster.internal/ubuntu oracular/universe armhf softhsm2 armhf 2.6.1-2.2ubuntu3 [155 kB] 871s Get:32 http://ftpmaster.internal/ubuntu oracular/main armhf python3-sss armhf 2.9.4-1.1ubuntu6 [45.9 kB] 871s Get:33 http://ftpmaster.internal/ubuntu oracular/main armhf libsss-idmap0 armhf 2.9.4-1.1ubuntu6 [20.1 kB] 871s Get:34 http://ftpmaster.internal/ubuntu oracular/main armhf libnss-sss armhf 2.9.4-1.1ubuntu6 [29.2 kB] 871s Get:35 http://ftpmaster.internal/ubuntu oracular/main armhf libpam-sss armhf 2.9.4-1.1ubuntu6 [45.2 kB] 871s Get:36 http://ftpmaster.internal/ubuntu oracular/main armhf libsss-certmap0 armhf 2.9.4-1.1ubuntu6 [42.6 kB] 871s Get:37 http://ftpmaster.internal/ubuntu oracular/main armhf libsss-nss-idmap0 armhf 2.9.4-1.1ubuntu6 [27.6 kB] 871s Get:38 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-common armhf 2.9.4-1.1ubuntu6 [1068 kB] 871s Get:39 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-ad-common armhf 2.9.4-1.1ubuntu6 [69.2 kB] 871s Get:40 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-krb5-common armhf 2.9.4-1.1ubuntu6 [81.2 kB] 871s Get:41 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-ad armhf 2.9.4-1.1ubuntu6 [129 kB] 871s Get:42 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-ipa armhf 2.9.4-1.1ubuntu6 [212 kB] 871s Get:43 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-krb5 armhf 2.9.4-1.1ubuntu6 [14.1 kB] 871s Get:44 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-ldap armhf 2.9.4-1.1ubuntu6 [31.1 kB] 871s Get:45 http://ftpmaster.internal/ubuntu oracular/main armhf sssd-proxy armhf 2.9.4-1.1ubuntu6 [43.5 kB] 871s Get:46 http://ftpmaster.internal/ubuntu oracular/main armhf sssd armhf 2.9.4-1.1ubuntu6 [4118 B] 872s Fetched 9537 kB in 2s (6358 kB/s) 872s Selecting previously unselected package libevent-2.1-7t64:armhf. 873s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58418 files and directories currently installed.) 873s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10_armhf.deb ... 873s Unpacking libevent-2.1-7t64:armhf (2.1.12-stable-10) ... 873s Selecting previously unselected package libunbound8:armhf. 873s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3_armhf.deb ... 873s Unpacking libunbound8:armhf (1.19.2-1ubuntu3) ... 873s Selecting previously unselected package libgnutls-dane0t64:armhf. 874s Preparing to unpack .../02-libgnutls-dane0t64_3.8.5-4ubuntu1_armhf.deb ... 874s Unpacking libgnutls-dane0t64:armhf (3.8.5-4ubuntu1) ... 874s Selecting previously unselected package gnutls-bin. 874s Preparing to unpack .../03-gnutls-bin_3.8.5-4ubuntu1_armhf.deb ... 874s Unpacking gnutls-bin (3.8.5-4ubuntu1) ... 874s Selecting previously unselected package libavahi-common-data:armhf. 874s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_armhf.deb ... 874s Unpacking libavahi-common-data:armhf (0.8-13ubuntu6) ... 874s Selecting previously unselected package libavahi-common3:armhf. 875s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_armhf.deb ... 875s Unpacking libavahi-common3:armhf (0.8-13ubuntu6) ... 875s Selecting previously unselected package libavahi-client3:armhf. 875s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_armhf.deb ... 875s Unpacking libavahi-client3:armhf (0.8-13ubuntu6) ... 875s Selecting previously unselected package libbasicobjects0t64:armhf. 875s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_armhf.deb ... 875s Unpacking libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 875s Selecting previously unselected package libcares2:armhf. 875s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_armhf.deb ... 875s Unpacking libcares2:armhf (1.27.0-1.0ubuntu1) ... 875s Selecting previously unselected package libcollection4t64:armhf. 875s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_armhf.deb ... 875s Unpacking libcollection4t64:armhf (0.6.2-2.1build1) ... 875s Selecting previously unselected package libcrack2:armhf. 875s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_armhf.deb ... 875s Unpacking libcrack2:armhf (2.9.6-5.1build2) ... 875s Selecting previously unselected package libdhash1t64:armhf. 876s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_armhf.deb ... 876s Unpacking libdhash1t64:armhf (0.6.2-2.1build1) ... 876s Selecting previously unselected package libpath-utils1t64:armhf. 876s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_armhf.deb ... 876s Unpacking libpath-utils1t64:armhf (0.6.2-2.1build1) ... 876s Selecting previously unselected package libref-array1t64:armhf. 876s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_armhf.deb ... 876s Unpacking libref-array1t64:armhf (0.6.2-2.1build1) ... 876s Selecting previously unselected package libini-config5t64:armhf. 876s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_armhf.deb ... 876s Unpacking libini-config5t64:armhf (0.6.2-2.1build1) ... 876s Selecting previously unselected package libipa-hbac0t64. 877s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6_armhf.deb ... 877s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 877s Selecting previously unselected package libtalloc2:armhf. 877s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_armhf.deb ... 877s Unpacking libtalloc2:armhf (2.4.2-1build2) ... 877s Selecting previously unselected package libtdb1:armhf. 877s Preparing to unpack .../17-libtdb1_1.4.10-1build1_armhf.deb ... 877s Unpacking libtdb1:armhf (1.4.10-1build1) ... 877s Selecting previously unselected package libtevent0t64:armhf. 877s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_armhf.deb ... 877s Unpacking libtevent0t64:armhf (0.16.1-2build1) ... 877s Selecting previously unselected package libldb2:armhf. 877s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_armhf.deb ... 877s Unpacking libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 877s Selecting previously unselected package libnfsidmap1:armhf. 877s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-4ubuntu1_armhf.deb ... 877s Unpacking libnfsidmap1:armhf (1:2.6.4-4ubuntu1) ... 877s Selecting previously unselected package libpwquality-common. 877s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 877s Unpacking libpwquality-common (1.4.5-3build1) ... 877s Selecting previously unselected package libpwquality1:armhf. 877s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_armhf.deb ... 877s Unpacking libpwquality1:armhf (1.4.5-3build1) ... 877s Selecting previously unselected package libpam-pwquality:armhf. 877s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_armhf.deb ... 877s Unpacking libpam-pwquality:armhf (1.4.5-3build1) ... 877s Selecting previously unselected package libwbclient0:armhf. 877s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 877s Unpacking libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 877s Selecting previously unselected package samba-libs:armhf. 877s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 877s Unpacking samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 877s Selecting previously unselected package libsmbclient0:armhf. 878s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 878s Unpacking libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 878s Selecting previously unselected package softhsm2-common. 878s Preparing to unpack .../27-softhsm2-common_2.6.1-2.2ubuntu3_armhf.deb ... 878s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 878s Selecting previously unselected package libsofthsm2. 878s Preparing to unpack .../28-libsofthsm2_2.6.1-2.2ubuntu3_armhf.deb ... 878s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 878s Selecting previously unselected package softhsm2. 878s Preparing to unpack .../29-softhsm2_2.6.1-2.2ubuntu3_armhf.deb ... 878s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 878s Selecting previously unselected package python3-sss. 878s Preparing to unpack .../30-python3-sss_2.9.4-1.1ubuntu6_armhf.deb ... 878s Unpacking python3-sss (2.9.4-1.1ubuntu6) ... 878s Selecting previously unselected package libsss-idmap0. 878s Preparing to unpack .../31-libsss-idmap0_2.9.4-1.1ubuntu6_armhf.deb ... 878s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6) ... 878s Selecting previously unselected package libnss-sss:armhf. 878s Preparing to unpack .../32-libnss-sss_2.9.4-1.1ubuntu6_armhf.deb ... 878s Unpacking libnss-sss:armhf (2.9.4-1.1ubuntu6) ... 878s Selecting previously unselected package libpam-sss:armhf. 878s Preparing to unpack .../33-libpam-sss_2.9.4-1.1ubuntu6_armhf.deb ... 878s Unpacking libpam-sss:armhf (2.9.4-1.1ubuntu6) ... 878s Selecting previously unselected package libsss-certmap0. 878s Preparing to unpack .../34-libsss-certmap0_2.9.4-1.1ubuntu6_armhf.deb ... 878s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6) ... 878s Selecting previously unselected package libsss-nss-idmap0. 878s Preparing to unpack .../35-libsss-nss-idmap0_2.9.4-1.1ubuntu6_armhf.deb ... 878s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 878s Selecting previously unselected package sssd-common. 878s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6_armhf.deb ... 878s Unpacking sssd-common (2.9.4-1.1ubuntu6) ... 878s Selecting previously unselected package sssd-ad-common. 878s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6_armhf.deb ... 878s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6) ... 878s Selecting previously unselected package sssd-krb5-common. 879s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6_armhf.deb ... 879s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6) ... 879s Selecting previously unselected package sssd-ad. 879s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6_armhf.deb ... 879s Unpacking sssd-ad (2.9.4-1.1ubuntu6) ... 879s Selecting previously unselected package sssd-ipa. 879s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6_armhf.deb ... 879s Unpacking sssd-ipa (2.9.4-1.1ubuntu6) ... 879s Selecting previously unselected package sssd-krb5. 879s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6_armhf.deb ... 879s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6) ... 879s Selecting previously unselected package sssd-ldap. 879s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6_armhf.deb ... 879s Unpacking sssd-ldap (2.9.4-1.1ubuntu6) ... 879s Selecting previously unselected package sssd-proxy. 879s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6_armhf.deb ... 879s Unpacking sssd-proxy (2.9.4-1.1ubuntu6) ... 879s Selecting previously unselected package sssd. 879s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6_armhf.deb ... 879s Unpacking sssd (2.9.4-1.1ubuntu6) ... 879s Selecting previously unselected package autopkgtest-satdep. 879s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 879s Unpacking autopkgtest-satdep (0) ... 879s Setting up libpwquality-common (1.4.5-3build1) ... 879s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 880s 880s Creating config file /etc/softhsm/softhsm2.conf with new version 880s Setting up libnfsidmap1:armhf (1:2.6.4-4ubuntu1) ... 880s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6) ... 880s Setting up libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 880s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6) ... 880s Setting up libref-array1t64:armhf (0.6.2-2.1build1) ... 880s Setting up libtdb1:armhf (1.4.10-1build1) ... 880s Setting up libcollection4t64:armhf (0.6.2-2.1build1) ... 880s Setting up libevent-2.1-7t64:armhf (2.1.12-stable-10) ... 880s Setting up libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 880s Setting up libtalloc2:armhf (2.4.2-1build2) ... 880s Setting up libpath-utils1t64:armhf (0.6.2-2.1build1) ... 880s Setting up libunbound8:armhf (1.19.2-1ubuntu3) ... 880s Setting up libgnutls-dane0t64:armhf (3.8.5-4ubuntu1) ... 880s Setting up libavahi-common-data:armhf (0.8-13ubuntu6) ... 880s Setting up libcares2:armhf (1.27.0-1.0ubuntu1) ... 880s Setting up libdhash1t64:armhf (0.6.2-2.1build1) ... 880s Setting up libcrack2:armhf (2.9.6-5.1build2) ... 880s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6) ... 880s Setting up libini-config5t64:armhf (0.6.2-2.1build1) ... 880s Setting up libtevent0t64:armhf (0.16.1-2build1) ... 880s Setting up libnss-sss:armhf (2.9.4-1.1ubuntu6) ... 880s Setting up gnutls-bin (3.8.5-4ubuntu1) ... 880s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 880s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 880s Setting up libavahi-common3:armhf (0.8-13ubuntu6) ... 880s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6) ... 880s Setting up libpwquality1:armhf (1.4.5-3build1) ... 880s Setting up libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 880s Setting up libavahi-client3:armhf (0.8-13ubuntu6) ... 880s Setting up libpam-pwquality:armhf (1.4.5-3build1) ... 880s Setting up samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 880s Setting up python3-sss (2.9.4-1.1ubuntu6) ... 880s Setting up libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 880s Setting up libpam-sss:armhf (2.9.4-1.1ubuntu6) ... 881s Setting up sssd-common (2.9.4-1.1ubuntu6) ... 881s Creating SSSD system user & group... 882s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 882s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 882s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 882s apparmor_parser: Unable to replace "/usr/sbin/sssd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 882s 882s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 883s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 883s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 883s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 883s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 884s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 884s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 884s sssd-autofs.service is a disabled or a static unit, not starting it. 884s sssd-nss.service is a disabled or a static unit, not starting it. 885s sssd-pam.service is a disabled or a static unit, not starting it. 885s sssd-ssh.service is a disabled or a static unit, not starting it. 885s sssd-sudo.service is a disabled or a static unit, not starting it. 885s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 885s Setting up sssd-proxy (2.9.4-1.1ubuntu6) ... 885s Setting up sssd-ad-common (2.9.4-1.1ubuntu6) ... 885s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 885s sssd-pac.service is a disabled or a static unit, not starting it. 886s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 886s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6) ... 886s Setting up sssd-krb5 (2.9.4-1.1ubuntu6) ... 886s Setting up sssd-ldap (2.9.4-1.1ubuntu6) ... 886s Setting up sssd-ad (2.9.4-1.1ubuntu6) ... 886s Setting up sssd-ipa (2.9.4-1.1ubuntu6) ... 886s Setting up sssd (2.9.4-1.1ubuntu6) ... 886s Setting up autopkgtest-satdep (0) ... 886s Processing triggers for man-db (2.12.1-2) ... 886s Processing triggers for libc-bin (2.39-0ubuntu8.1) ... 903s (Reading database ... 59012 files and directories currently installed.) 903s Removing autopkgtest-satdep (0) ... 915s autopkgtest [15:09:16]: test sssd-softhism2-certificates-tests.sh: [----------------------- 918s + '[' -z ubuntu ']' 918s + required_tools=(p11tool openssl softhsm2-util) 918s + for cmd in "${required_tools[@]}" 918s + command -v p11tool 918s + for cmd in "${required_tools[@]}" 918s + command -v openssl 918s + for cmd in "${required_tools[@]}" 918s + command -v softhsm2-util 918s + PIN=053350 918s +++ find /usr/lib/softhsm/libsofthsm2.so 918s +++ head -n 1 918s ++ realpath /usr/lib/softhsm/libsofthsm2.so 918s + SOFTHSM2_MODULE=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 918s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 918s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 918s + '[' '!' -v NO_SSSD_TESTS ']' 918s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 918s + ca_db_arg=ca_db 918s ++ /usr/libexec/sssd/p11_child --help 918s + p11_child_help='Usage: p11_child [OPTION...] 918s -d, --debug-level=INT Debug level 918s --debug-timestamps=INT Add debug timestamps 918s --debug-microseconds=INT Show timestamps with microseconds 918s --dumpable=INT Allow core dumps 918s --debug-fd=INT An open file descriptor for the debug 918s logs 918s --logger=stderr|files|journald Set logger 918s --auth Run in auth mode 918s --pre Run in pre-auth mode 918s --wait_for_card Wait until card is available 918s --verification Run in verification mode 918s --pin Expect PIN on stdin 918s --keypad Expect PIN on keypad 918s --verify=STRING Tune validation 918s --ca_db=STRING CA DB to use 918s --module_name=STRING Module name for authentication 918s --token_name=STRING Token name for authentication 918s --key_id=STRING Key ID for authentication 918s --label=STRING Label for authentication 918s --certificate=STRING certificate to verify, base64 encoded 918s --uri=STRING PKCS#11 URI to restrict selection 918s --chain-id=LONG Tevent chain ID used for logging 918s purposes 918s 918s Help options: 918s -?, --help Show this help message 918s --usage Display brief usage message' 918s + grep nssdb -qs 918s + echo 'Usage: p11_child [OPTION...] 918s -d, --debug-level=INT Debug level 918s --debug-timestamps=INT Add debug timestamps 918s --debug-microseconds=INT Show timestamps with microseconds 918s --dumpable=INT Allow core dumps 918s --debug-fd=INT An open file descriptor for the debug 918s logs 918s --logger=stderr|files|journald Set logger 918s --auth Run in auth mode 918s --pre Run in pre-auth mode 918s --wait_for_card Wait until card is available 918s --verification Run in verification mode 918s --pin Expect PIN on stdin 918s --keypad Expect PIN on keypad 918s --verify=STRING Tune validation 918s --ca_db=STRING CA DB to use 918s --module_name=STRING Module name for authentication 918s --token_name=STRING Token name for authentication 918s --key_id=STRING Key ID for authentication 918s --label=STRING Label for authentication 918s --certificate=STRING certificate to verify, base64 encoded 918s --uri=STRING PKCS#11 URI to restrict selection 918s --chain-id=LONG Tevent chain ID used for logging 918s purposes 918s 918s Help options: 918s -?, --help Show this help message 918s --usage Display brief usage message' 918s + echo 'Usage: p11_child [OPTION...] 918s -d, --debug-level=INT Debug level 918s --debug-timestamps=INT Add debug timestamps 918s --debug-microseconds=INT Show timestamps with microseconds 918s --dumpable=INT Allow core dumps 918s --debug-fd=INT An open file descriptor for the debug 918s logs 918s --logger=stderr|files|journald Set logger 918s --auth Run in auth mode 918s --pre Run in pre-auth mode 918s --wait_for_card Wait until card is available 918s --verification Run in verification mode 918s --pin Expect PIN on stdin 918s --keypad Expect PIN on keypad 918s --verify=STRING Tune validation 918s --ca_db=STRING CA DB to use 918s --module_name=STRING Module name for authentication 918s --token_name=STRING Token name for authentication 918s --key_id=STRING Key ID for authentication 918s --label=STRING Label for authentication 918s --certificate=STRING certificate to verify, base64 encoded 918s --uri=STRING PKCS#11 URI to restrict selection 918s --chain-id=LONG Tevent chain ID used for logging 918s purposes 918s 918s Help options: 918s -?, --help Show this help message 918s --usage Display brief usage message' 918s + grep -qs -- --ca_db 918s + '[' '!' -e /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so ']' 918s ++ mktemp -d -t sssd-softhsm2-XXXXXX 918s + tmpdir=/tmp/sssd-softhsm2-MqbIl9 918s + keys_size=1024 918s + [[ ! -v KEEP_TEMPORARY_FILES ]] 918s + trap 'rm -rf "$tmpdir"' EXIT 918s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 918s + echo -n 01 918s + touch /tmp/sssd-softhsm2-MqbIl9/index.txt 918s + mkdir -p /tmp/sssd-softhsm2-MqbIl9/new_certs 918s + cat 918s + root_ca_key_pass=pass:random-root-CA-password-13188 918s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MqbIl9/test-root-CA-key.pem -passout pass:random-root-CA-password-13188 1024 918s + openssl req -passin pass:random-root-CA-password-13188 -batch -config /tmp/sssd-softhsm2-MqbIl9/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-MqbIl9/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 918s + openssl x509 -noout -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 918s + cat 918s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-4720 918s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-4720 1024 918s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-4720 -config /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.config -key /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-13188 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-certificate-request.pem 918s + openssl req -text -noout -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-certificate-request.pem 918s Certificate Request: 918s Data: 918s Version: 1 (0x0) 918s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 918s Subject Public Key Info: 918s Public Key Algorithm: rsaEncryption 918s Public-Key: (1024 bit) 918s Modulus: 918s 00:cf:1f:35:c9:e3:85:43:d3:c4:0b:06:a2:fc:96: 918s 58:f5:19:47:61:e2:cf:d5:08:1e:f6:fb:86:01:77: 918s c7:70:5c:63:82:8b:4d:07:f5:84:c1:42:d0:b2:26: 918s fd:fc:29:a5:36:aa:e6:28:35:9b:06:05:4f:56:ec: 918s f5:27:8f:ac:23:29:9f:c7:c1:00:5b:26:63:ef:47: 918s fb:a8:84:78:3a:48:73:4d:6f:b4:ee:83:30:69:e4: 918s 6f:38:dc:af:13:05:33:1d:fd:d3:ca:13:ec:0f:84: 918s fe:17:88:bc:bc:34:e4:d9:be:6b:3c:d4:c0:0a:24: 918s a2:b5:90:0d:84:ce:b9:8d:d7 918s Exponent: 65537 (0x10001) 918s Attributes: 918s (none) 918s Requested Extensions: 918s Signature Algorithm: sha256WithRSAEncryption 918s Signature Value: 918s 9d:b9:2c:47:f3:30:d2:f5:1a:24:95:42:7f:3a:28:93:84:1a: 918s 9f:e9:c6:ec:51:aa:c8:62:2f:75:a9:a8:72:a7:8e:31:83:f4: 918s f2:cb:ce:b9:79:ce:27:99:07:de:da:b1:a9:f8:70:cc:9c:aa: 918s 9d:04:93:ab:39:57:5a:df:d2:ad:c3:a2:45:38:f1:26:c4:29: 918s 4e:eb:90:c1:5e:54:41:8d:62:56:05:37:ce:9f:7d:00:08:d2: 918s 7d:2a:22:6f:d1:0d:41:8e:76:c0:66:f1:02:08:65:6f:78:2d: 918s d7:82:f6:7a:9c:c1:5d:e6:00:c6:62:5b:45:a1:f9:2e:8b:70: 918s ac:d9 918s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-MqbIl9/test-root-CA.config -passin pass:random-root-CA-password-13188 -keyfile /tmp/sssd-softhsm2-MqbIl9/test-root-CA-key.pem -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 918s Using configuration from /tmp/sssd-softhsm2-MqbIl9/test-root-CA.config 918s Check that the request matches the signature 918s Signature ok 918s Certificate Details: 918s Serial Number: 1 (0x1) 918s Validity 918s Not Before: Jun 14 15:09:19 2024 GMT 918s Not After : Jun 14 15:09:19 2025 GMT 918s Subject: 918s organizationName = Test Organization 918s organizationalUnitName = Test Organization Unit 918s commonName = Test Organization Intermediate CA 918s X509v3 extensions: 918s X509v3 Subject Key Identifier: 918s E4:F6:48:0E:FB:99:03:3E:12:02:9D:A4:BE:13:8A:9C:C9:8F:F8:E5 918s X509v3 Authority Key Identifier: 918s keyid:70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 918s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 918s serial:00 918s X509v3 Basic Constraints: 918s CA:TRUE 918s X509v3 Key Usage: critical 918s Digital Signature, Certificate Sign, CRL Sign 918s Certificate is to be certified until Jun 14 15:09:19 2025 GMT (365 days) 918s 918s Write out database with 1 new entries 918s Database updated 918s + openssl x509 -noout -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 918s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 918s /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem: OK 918s + cat 918s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-11966 918s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-11966 1024 918s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-11966 -config /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-4720 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-certificate-request.pem 918s + openssl req -text -noout -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-certificate-request.pem 918s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-4720 -keyfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 918s Certificate Request: 918s Data: 918s Version: 1 (0x0) 918s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 918s Subject Public Key Info: 918s Public Key Algorithm: rsaEncryption 918s Public-Key: (1024 bit) 918s Modulus: 918s 00:a9:9c:cd:6d:dc:e4:a5:8d:78:4e:1c:30:22:e3: 918s 2d:c3:67:6a:30:35:12:14:2c:e5:52:e7:fc:9e:13: 918s 97:6d:a9:47:8a:18:ff:05:2b:a1:d0:d6:9c:d6:16: 918s 47:f1:4d:35:2d:0a:d3:95:1d:5e:5c:8f:e6:ff:57: 918s e1:7f:25:d1:cd:8c:2f:e4:0b:07:b8:8b:90:ad:7e: 918s 49:80:6c:19:2c:f2:28:c7:a9:95:dc:bf:89:2f:d2: 918s 61:97:fd:d0:f0:bb:84:42:9a:63:e3:1b:4b:9e:3f: 918s 76:dc:6b:52:e5:0c:f7:98:a0:6d:93:70:3b:5f:ef: 918s e6:fb:4e:40:a8:3b:c7:ea:ab 918s Exponent: 65537 (0x10001) 918s Attributes: 918s (none) 918s Requested Extensions: 918s Signature Algorithm: sha256WithRSAEncryption 918s Signature Value: 918s 8f:a0:c2:6e:f1:d1:26:c9:fe:ee:d2:0f:05:0e:56:bd:4b:d2: 918s f6:9a:89:a0:5e:db:d9:47:39:ec:28:6b:f0:28:47:de:a8:7e: 918s 9a:ac:a1:ce:56:e9:20:2c:41:cb:e8:fb:40:f6:06:ed:88:ac: 918s 6c:1d:0a:97:cd:4e:fd:a9:c8:4e:56:69:5b:cf:d1:b0:08:3b: 918s 65:24:e5:7f:83:d4:33:34:61:b4:02:a2:40:18:22:0d:f6:0d: 918s 9a:52:d7:8d:6f:db:57:bc:30:c6:a3:0d:d5:28:1a:90:7e:15: 918s 5f:d7:7f:e9:f3:4a:d1:a5:fd:d7:6e:fa:8b:61:d7:20:64:fa: 918s 05:af 918s Using configuration from /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.config 918s Check that the request matches the signature 918s Signature ok 918s Certificate Details: 918s Serial Number: 2 (0x2) 918s Validity 918s Not Before: Jun 14 15:09:19 2024 GMT 918s Not After : Jun 14 15:09:19 2025 GMT 918s Subject: 918s organizationName = Test Organization 918s organizationalUnitName = Test Organization Unit 918s commonName = Test Organization Sub Intermediate CA 918s X509v3 extensions: 918s X509v3 Subject Key Identifier: 918s ED:43:D2:0D:7E:70:58:EF:BD:95:F5:E4:DE:FC:81:53:54:93:BB:1D 918s X509v3 Authority Key Identifier: 918s keyid:E4:F6:48:0E:FB:99:03:3E:12:02:9D:A4:BE:13:8A:9C:C9:8F:F8:E5 918s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 918s serial:01 918s X509v3 Basic Constraints: 918s CA:TRUE 918s X509v3 Key Usage: critical 918s Digital Signature, Certificate Sign, CRL Sign 918s Certificate is to be certified until Jun 14 15:09:19 2025 GMT (365 days) 918s 918s Write out database with 1 new entries 918s Database updated 918s + openssl x509 -noout -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 919s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 919s /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem: OK 919s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 919s + local cmd=openssl 919s + shift 919s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 919s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 919s error 20 at 0 depth lookup: unable to get local issuer certificate 919s error /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem: verification failed 919s + cat 919s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-17454 919s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-17454 1024 919s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-17454 -key /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001-request.pem 919s + openssl req -text -noout -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001-request.pem 919s Certificate Request: 919s Data: 919s Version: 1 (0x0) 919s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 919s Subject Public Key Info: 919s Public Key Algorithm: rsaEncryption 919s Public-Key: (1024 bit) 919s Modulus: 919s 00:c7:6e:e0:5f:09:49:c5:57:90:cc:c3:7a:b7:15: 919s be:68:a7:b9:bb:60:35:1e:f8:5d:ab:19:55:aa:ed: 919s af:ee:e7:11:42:f6:b9:7a:69:39:0f:d0:55:7d:37: 919s a5:7a:8b:8c:48:ff:b6:23:38:ae:e1:f1:c7:0e:33: 919s 79:9d:52:63:0d:62:f2:d8:97:3a:96:08:62:33:85: 919s d4:44:7f:a7:ad:6e:f8:b6:d2:ae:d6:4c:44:7c:3d: 919s 2c:e5:c0:90:7a:fe:89:26:9c:b7:64:76:82:86:d6: 919s f8:e8:8f:d4:f6:48:d5:11:53:22:be:21:91:e8:f7: 919s 90:69:ed:b4:06:18:2f:ac:33 919s Exponent: 65537 (0x10001) 919s Attributes: 919s Requested Extensions: 919s X509v3 Basic Constraints: 919s CA:FALSE 919s Netscape Cert Type: 919s SSL Client, S/MIME 919s Netscape Comment: 919s Test Organization Root CA trusted Certificate 919s X509v3 Subject Key Identifier: 919s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 919s X509v3 Key Usage: critical 919s Digital Signature, Non Repudiation, Key Encipherment 919s X509v3 Extended Key Usage: 919s TLS Web Client Authentication, E-mail Protection 919s X509v3 Subject Alternative Name: 919s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 919s Signature Algorithm: sha256WithRSAEncryption 919s Signature Value: 919s 81:f0:5e:14:ab:d4:3a:00:6d:4a:80:3e:aa:7f:15:1a:b9:11: 919s e9:6b:7d:bc:a0:49:e0:cb:37:e4:a6:44:d4:3c:fe:5f:9d:a6: 919s 7d:1b:63:5f:74:e0:06:36:af:a6:4e:a1:11:da:b6:3e:6b:24: 919s 3a:0f:61:ea:bf:d6:dd:c6:16:07:08:ae:3e:94:8e:93:bc:fd: 919s f1:ee:95:01:f3:8e:53:cf:fd:54:f9:44:eb:8a:31:63:74:d0: 919s 00:f3:c4:7f:70:7b:77:3b:6e:7a:a4:29:ba:84:7c:8e:0a:ca: 919s d0:79:b0:80:7d:73:d7:8f:61:16:c9:64:18:32:9c:4e:18:93: 919s 2e:5d 919s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-MqbIl9/test-root-CA.config -passin pass:random-root-CA-password-13188 -keyfile /tmp/sssd-softhsm2-MqbIl9/test-root-CA-key.pem -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 919s Using configuration from /tmp/sssd-softhsm2-MqbIl9/test-root-CA.config 919s Check that the request matches the signature 919s Signature ok 919s Certificate Details: 919s Serial Number: 3 (0x3) 919s Validity 919s Not Before: Jun 14 15:09:20 2024 GMT 919s Not After : Jun 14 15:09:20 2025 GMT 919s Subject: 919s organizationName = Test Organization 919s organizationalUnitName = Test Organization Unit 919s commonName = Test Organization Root Trusted Certificate 0001 919s X509v3 extensions: 919s X509v3 Authority Key Identifier: 919s 70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 919s X509v3 Basic Constraints: 919s CA:FALSE 919s Netscape Cert Type: 919s SSL Client, S/MIME 919s Netscape Comment: 919s Test Organization Root CA trusted Certificate 919s X509v3 Subject Key Identifier: 919s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 919s X509v3 Key Usage: critical 919s Digital Signature, Non Repudiation, Key Encipherment 919s X509v3 Extended Key Usage: 919s TLS Web Client Authentication, E-mail Protection 919s X509v3 Subject Alternative Name: 919s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 919s Certificate is to be certified until Jun 14 15:09:20 2025 GMT (365 days) 919s 919s Write out database with 1 new entries 919s Database updated 919s + openssl x509 -noout -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 919s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 919s /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem: OK 919s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 919s + local cmd=openssl 919s + shift 919s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 919s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 919s error 20 at 0 depth lookup: unable to get local issuer certificate 919s error /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem: verification failed 919s + cat 919s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 919s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-31429 1024 919s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-31429 -key /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001-request.pem 919s + openssl req -text -noout -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001-request.pem 919s Certificate Request: 919s Data: 919s Version: 1 (0x0) 919s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 919s Subject Public Key Info: 919s Public Key Algorithm: rsaEncryption 919s Public-Key: (1024 bit) 919s Modulus: 919s 00:d0:46:fb:1a:b3:12:e9:fa:49:b1:94:be:a3:3d: 919s b4:ba:fd:65:1a:94:6b:76:51:04:96:2a:d6:fc:ae: 919s 12:3d:67:f2:4d:9c:ae:51:56:da:fd:d2:41:cc:6d: 919s f1:d1:c6:46:85:1b:e5:97:ec:bb:47:42:a5:33:91: 919s e4:56:e5:23:06:db:f7:af:3b:c6:3e:67:c3:e6:f5: 919s 06:80:af:62:77:98:3c:02:a6:c8:a0:85:a6:57:1d: 919s 7b:ff:57:ca:0d:ea:fe:69:ad:ee:76:20:79:a6:1b: 919s d6:ab:f9:10:c6:4d:42:9f:59:4d:96:3b:21:b4:14: 919s ae:92:3e:f4:6a:02:e7:4d:fd 919s Exponent: 65537 (0x10001) 919s Attributes: 919s Requested Extensions: 919s X509v3 Basic Constraints: 919s CA:FALSE 919s Netscape Cert Type: 919s SSL Client, S/MIME 919s Netscape Comment: 919s Test Organization Intermediate CA trusted Certificate 919s X509v3 Subject Key Identifier: 919s F4:50:43:57:C0:70:32:9A:AB:96:DD:79:45:6B:D6:34:64:08:74:49 919s X509v3 Key Usage: critical 919s Digital Signature, Non Repudiation, Key Encipherment 919s X509v3 Extended Key Usage: 919s TLS Web Client Authentication, E-mail Protection 919s X509v3 Subject Alternative Name: 919s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 919s Signature Algorithm: sha256WithRSAEncryption 919s Signature Value: 919s 04:19:ff:eb:9d:a0:4a:74:93:75:27:b2:dc:d9:fc:ad:fb:6a: 919s 4f:a6:ec:fe:b4:74:d2:be:d8:9f:ef:51:2c:4b:39:07:e8:54: 919s dc:ed:8e:e2:e9:07:16:c7:95:56:09:f1:2d:aa:18:64:1d:3e: 919s 39:54:53:4d:4b:16:cb:b1:34:15:77:db:99:01:e2:c5:61:12: 919s 6a:0e:5a:5f:eb:3c:6f:f3:ed:d9:8c:5e:5c:3d:65:cf:cb:da: 919s ec:dd:6c:b8:b5:58:b2:50:a4:65:f0:a6:f8:15:e6:ef:a3:0c: 919s 8c:74:c3:ce:d7:f9:8d:3a:71:4c:c8:cb:31:c9:ca:55:19:27: 919s 03:92 919s + openssl ca -passin pass:random-intermediate-CA-password-4720 -config /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 919s Using configuration from /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.config 919s Check that the request matches the signature 919s Signature ok 919s Certificate Details: 919s Serial Number: 4 (0x4) 919s Validity 919s Not Before: Jun 14 15:09:20 2024 GMT 919s Not After : Jun 14 15:09:20 2025 GMT 919s Subject: 919s organizationName = Test Organization 919s organizationalUnitName = Test Organization Unit 919s commonName = Test Organization Intermediate Trusted Certificate 0001 919s X509v3 extensions: 919s X509v3 Authority Key Identifier: 919s E4:F6:48:0E:FB:99:03:3E:12:02:9D:A4:BE:13:8A:9C:C9:8F:F8:E5 919s X509v3 Basic Constraints: 919s CA:FALSE 919s Netscape Cert Type: 919s SSL Client, S/MIME 919s Netscape Comment: 919s Test Organization Intermediate CA trusted Certificate 919s X509v3 Subject Key Identifier: 919s F4:50:43:57:C0:70:32:9A:AB:96:DD:79:45:6B:D6:34:64:08:74:49 919s X509v3 Key Usage: critical 919s Digital Signature, Non Repudiation, Key Encipherment 919s X509v3 Extended Key Usage: 919s TLS Web Client Authentication, E-mail Protection 919s X509v3 Subject Alternative Name: 919s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 919s Certificate is to be certified until Jun 14 15:09:20 2025 GMT (365 days) 919s 919s Write out database with 1 new entries 919s Database updated 919s + openssl x509 -noout -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 919s This certificate should not be trusted fully 919s + echo 'This certificate should not be trusted fully' 919s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 919s + local cmd=openssl 919s + shift 919s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 919s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 919s error 2 at 1 depth lookup: unable to get issuer certificate 919s error /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 919s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 919s /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem: OK 919s + cat 919s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 919s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-12927 1024 919s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-12927 -key /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 919s + openssl req -text -noout -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 919s Certificate Request: 919s Data: 919s Version: 1 (0x0) 919s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 919s Subject Public Key Info: 919s Public Key Algorithm: rsaEncryption 919s Public-Key: (1024 bit) 919s Modulus: 919s 00:cc:d4:f6:6b:2f:d4:55:d9:02:12:a7:ad:05:a7: 919s 77:01:d2:d2:ca:64:0c:1d:67:bc:45:3d:97:ce:34: 919s ef:a7:33:0b:2d:20:5b:77:f5:9b:e8:06:67:21:eb: 919s 54:63:f3:9e:6d:c9:03:49:ce:be:a8:32:9f:19:1c: 919s d2:47:27:a2:60:53:88:2d:e3:5a:eb:3a:25:e4:74: 919s 39:aa:5e:02:eb:69:95:42:d9:90:d2:30:d8:0b:47: 919s 4a:6f:68:d0:f2:f2:ed:ec:18:d7:7b:84:de:12:e3: 919s 9b:1a:1c:cc:40:59:0a:26:a9:ca:c1:e1:13:11:9d: 919s c9:43:47:fa:f1:6e:37:68:c7 919s Exponent: 65537 (0x10001) 919s Attributes: 919s Requested Extensions: 919s X509v3 Basic Constraints: 919s CA:FALSE 919s Netscape Cert Type: 919s SSL Client, S/MIME 919s Netscape Comment: 919s Test Organization Sub Intermediate CA trusted Certificate 919s X509v3 Subject Key Identifier: 919s 10:30:E6:69:72:F8:DA:19:C5:D4:86:75:35:6E:70:EE:C2:65:7D:E3 919s X509v3 Key Usage: critical 919s Digital Signature, Non Repudiation, Key Encipherment 919s X509v3 Extended Key Usage: 919s TLS Web Client Authentication, E-mail Protection 919s X509v3 Subject Alternative Name: 919s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 919s Signature Algorithm: sha256WithRSAEncryption 919s Signature Value: 919s bd:85:d8:f3:d0:3c:f3:d1:d9:cf:9f:75:b0:e6:2b:a9:a1:f9: 919s 12:53:88:09:b1:01:50:e5:5a:e8:d4:16:1a:56:21:8d:b1:1a: 919s 03:84:35:12:48:f7:4b:6d:c2:00:ec:cf:7c:34:d2:24:a5:64: 919s d9:13:d5:a7:be:2b:f5:97:4c:59:28:5e:11:64:a8:a6:67:7a: 919s 3a:5b:4e:b7:3a:3a:2f:35:f4:4e:22:2d:9f:2e:8e:ea:da:7c: 919s 1c:5e:10:31:26:75:16:29:3d:14:ff:7a:1a:3f:21:37:cd:2d: 919s db:f0:59:84:2f:7e:08:a7:57:cc:2c:28:cf:4c:30:a5:b8:52: 919s 5c:91 919s + openssl ca -passin pass:random-sub-intermediate-CA-password-11966 -config /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 919s Using configuration from /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.config 919s Check that the request matches the signature 919s Signature ok 919s Certificate Details: 919s Serial Number: 5 (0x5) 919s Validity 919s Not Before: Jun 14 15:09:20 2024 GMT 919s Not After : Jun 14 15:09:20 2025 GMT 919s Subject: 919s organizationName = Test Organization 919s organizationalUnitName = Test Organization Unit 919s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 919s X509v3 extensions: 919s X509v3 Authority Key Identifier: 919s ED:43:D2:0D:7E:70:58:EF:BD:95:F5:E4:DE:FC:81:53:54:93:BB:1D 919s X509v3 Basic Constraints: 919s CA:FALSE 919s Netscape Cert Type: 919s SSL Client, S/MIME 919s Netscape Comment: 919s Test Organization Sub Intermediate CA trusted Certificate 919s X509v3 Subject Key Identifier: 919s 10:30:E6:69:72:F8:DA:19:C5:D4:86:75:35:6E:70:EE:C2:65:7D:E3 919s X509v3 Key Usage: critical 919s Digital Signature, Non Repudiation, Key Encipherment 919s X509v3 Extended Key Usage: 919s TLS Web Client Authentication, E-mail Protection 919s X509v3 Subject Alternative Name: 919s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 919s Certificate is to be certified until Jun 14 15:09:20 2025 GMT (365 days) 919s 919s Write out database with 1 new entries 919s Database updated 919s + openssl x509 -noout -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 919s + echo 'This certificate should not be trusted fully' 919s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 919s + local cmd=openssl 919s + shift 919s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 919s This certificate should not be trusted fully 919s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 919s error 2 at 1 depth lookup: unable to get issuer certificate 919s error /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 919s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 919s + local cmd=openssl 919s + shift 919s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 919s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 919s error 20 at 0 depth lookup: unable to get local issuer certificate 919s error /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 919s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 919s /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 919s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 919s + local cmd=openssl 919s + shift 919s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 919s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 919s error 20 at 0 depth lookup: unable to get local issuer certificate 919s error /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 919s + echo 'Building a the full-chain CA file...' 919s + cat /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 919s Building a the full-chain CA file... 919s + cat /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 919s + cat /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 919s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 919s + openssl pkcs7 -print_certs -noout 919s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 919s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 919s 919s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 919s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 919s 919s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 919s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 919s 919s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 919s /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem: OK 919s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 919s /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem: OK 919s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 919s /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem: OK 919s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-root-intermediate-chain-CA.pem 919s /tmp/sssd-softhsm2-MqbIl9/test-root-intermediate-chain-CA.pem: OK 919s + openssl verify -CAfile /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 919s /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 919s Certificates generation completed! 919s + echo 'Certificates generation completed!' 919s + [[ -v NO_SSSD_TESTS ]] 919s + invalid_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /dev/null 919s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /dev/null 919s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 919s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 919s + local key_ring=/dev/null 919s + local verify_option= 919s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 919s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 919s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 919s + local key_cn 919s + local key_name 919s + local tokens_dir 919s + local output_cert_file 919s + token_name= 919s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem .pem 919s + key_name=test-root-CA-trusted-certificate-0001 919s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 919s ++ sed -n 's/ *commonName *= //p' 919s + key_cn='Test Organization Root Trusted Certificate 0001' 919s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 919s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 919s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 919s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 919s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 919s + token_name='Test Organization Root Tr Token' 919s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 919s + local key_file 919s + local decrypted_key 919s + mkdir -p /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 919s + key_file=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001-key.pem 919s + decrypted_key=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001-key-decrypted.pem 919s + cat 919s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 919s Slot 0 has a free/uninitialized token. 919s The token has been initialized and is reassigned to slot 694012246 919s + softhsm2-util --show-slots 919s Available slots: 919s Slot 694012246 919s Slot info: 919s Description: SoftHSM slot ID 0x295dc956 919s Manufacturer ID: SoftHSM project 919s Hardware version: 2.6 919s Firmware version: 2.6 919s Token present: yes 919s Token info: 919s Manufacturer ID: SoftHSM project 919s Model: SoftHSM v2 919s Hardware version: 2.6 919s Firmware version: 2.6 919s Serial number: 9fff5867a95dc956 919s Initialized: yes 919s User PIN init.: yes 919s Label: Test Organization Root Tr Token 919s Slot 1 919s Slot info: 919s Description: SoftHSM slot ID 0x1 919s Manufacturer ID: SoftHSM project 919s Hardware version: 2.6 919s Firmware version: 2.6 919s Token present: yes 919s Token info: 919s Manufacturer ID: SoftHSM project 919s Model: SoftHSM v2 919s Hardware version: 2.6 919s Firmware version: 2.6 919s Serial number: 919s Initialized: no 919s User PIN init.: no 919s Label: 919s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 920s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-17454 -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001-key-decrypted.pem 920s writing RSA key 920s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 920s + rm /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001-key-decrypted.pem 920s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 920s Object 0: 920s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9fff5867a95dc956;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 920s Type: X.509 Certificate (RSA-1024) 920s Expires: Sat Jun 14 15:09:20 2025 920s Label: Test Organization Root Trusted Certificate 0001 920s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 920s 920s Test Organization Root Tr Token 920s + echo 'Test Organization Root Tr Token' 920s + '[' -n '' ']' 920s + local output_base_name=SSSD-child-324 920s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-324.output 920s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-324.pem 920s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/dev/null 920s [p11_child[1709]] [main] (0x0400): p11_child started. 920s [p11_child[1709]] [main] (0x2000): Running in [pre-auth] mode. 920s [p11_child[1709]] [main] (0x2000): Running with effective IDs: [0][0]. 920s [p11_child[1709]] [main] (0x2000): Running with real IDs [0][0]. 920s [p11_child[1709]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 920s [p11_child[1709]] [do_work] (0x0040): init_verification failed. 920s [p11_child[1709]] [main] (0x0020): p11_child failed (5) 920s + return 2 920s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /dev/null no_verification 920s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /dev/null no_verification 920s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 920s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 920s + local key_ring=/dev/null 920s + local verify_option=no_verification 920s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 920s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 920s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 920s + local key_cn 920s + local key_name 920s + local tokens_dir 920s + local output_cert_file 920s + token_name= 920s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem .pem 920s + key_name=test-root-CA-trusted-certificate-0001 920s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 920s ++ sed -n 's/ *commonName *= //p' 920s + key_cn='Test Organization Root Trusted Certificate 0001' 920s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 920s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 920s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 920s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 920s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 920s + token_name='Test Organization Root Tr Token' 920s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 920s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 ']' 920s + echo 'Test Organization Root Tr Token' 920s + '[' -n no_verification ']' 920s + local verify_arg=--verify=no_verification 920s + local output_base_name=SSSD-child-17369 920s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369.output 920s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369.pem 920s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 920s Test Organization Root Tr Token 920s [p11_child[1715]] [main] (0x0400): p11_child started. 920s [p11_child[1715]] [main] (0x2000): Running in [pre-auth] mode. 920s [p11_child[1715]] [main] (0x2000): Running with effective IDs: [0][0]. 920s [p11_child[1715]] [main] (0x2000): Running with real IDs [0][0]. 920s [p11_child[1715]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 920s [p11_child[1715]] [do_card] (0x4000): Module List: 920s [p11_child[1715]] [do_card] (0x4000): common name: [softhsm2]. 920s [p11_child[1715]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 920s [p11_child[1715]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 920s [p11_child[1715]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 920s [p11_child[1715]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 920s [p11_child[1715]] [do_card] (0x4000): Login NOT required. 920s [p11_child[1715]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 920s [p11_child[1715]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 920s [p11_child[1715]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x295dc956;slot-manufacturer=SoftHSM%20project;slot-id=694012246;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9fff5867a95dc956;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 920s [p11_child[1715]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 920s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369.output 920s + echo '-----BEGIN CERTIFICATE-----' 920s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369.output 920s + echo '-----END CERTIFICATE-----' 920s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369.pem 920s Certificate: 920s Data: 920s Version: 3 (0x2) 920s Serial Number: 3 (0x3) 920s Signature Algorithm: sha256WithRSAEncryption 920s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 920s Validity 920s Not Before: Jun 14 15:09:20 2024 GMT 920s Not After : Jun 14 15:09:20 2025 GMT 920s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 920s Subject Public Key Info: 920s Public Key Algorithm: rsaEncryption 920s Public-Key: (1024 bit) 920s Modulus: 920s 00:c7:6e:e0:5f:09:49:c5:57:90:cc:c3:7a:b7:15: 920s be:68:a7:b9:bb:60:35:1e:f8:5d:ab:19:55:aa:ed: 920s af:ee:e7:11:42:f6:b9:7a:69:39:0f:d0:55:7d:37: 920s a5:7a:8b:8c:48:ff:b6:23:38:ae:e1:f1:c7:0e:33: 920s 79:9d:52:63:0d:62:f2:d8:97:3a:96:08:62:33:85: 920s d4:44:7f:a7:ad:6e:f8:b6:d2:ae:d6:4c:44:7c:3d: 920s 2c:e5:c0:90:7a:fe:89:26:9c:b7:64:76:82:86:d6: 920s f8:e8:8f:d4:f6:48:d5:11:53:22:be:21:91:e8:f7: 920s 90:69:ed:b4:06:18:2f:ac:33 920s Exponent: 65537 (0x10001) 920s X509v3 extensions: 920s X509v3 Authority Key Identifier: 920s 70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 920s X509v3 Basic Constraints: 920s CA:FALSE 920s Netscape Cert Type: 920s SSL Client, S/MIME 920s Netscape Comment: 920s Test Organization Root CA trusted Certificate 920s X509v3 Subject Key Identifier: 920s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 920s X509v3 Key Usage: critical 920s Digital Signature, Non Repudiation, Key Encipherment 920s X509v3 Extended Key Usage: 920s TLS Web Client Authentication, E-mail Protection 920s X509v3 Subject Alternative Name: 920s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 920s Signature Algorithm: sha256WithRSAEncryption 920s Signature Value: 920s 75:ff:36:0f:bc:bf:61:9b:15:a4:c6:5d:a1:8c:fb:2f:8d:bc: 920s 88:aa:32:bd:f1:9b:8a:1d:29:3c:d8:f6:50:60:30:e0:ab:4f: 920s 48:65:b1:a4:34:a7:4f:e1:f7:28:c9:33:c1:c9:5d:17:0b:f8: 920s 67:9d:ed:42:d3:b1:f3:98:39:e1:43:ca:e3:35:c4:dc:65:45: 920s 6c:7f:f1:67:04:03:26:81:aa:4f:8c:cc:fc:1c:eb:42:86:65: 920s 76:13:cb:87:60:31:d2:65:d9:f8:fa:1e:ad:40:31:14:a3:c8: 920s fa:fa:68:ae:94:c1:03:e3:2c:3a:e1:67:81:ed:4b:01:14:73: 920s b3:c2 920s + local found_md5 expected_md5 920s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 920s + expected_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 920s Certificate: 920s Data: 920s Version: 3 (0x2) 920s Serial Number: 3 (0x3) 920s Signature Algorithm: sha256WithRSAEncryption 920s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 920s Validity 920s Not Before: Jun 14 15:09:20 2024 GMT 920s Not After : Jun 14 15:09:20 2025 GMT 920s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 920s Subject Public Key Info: 920s Public Key Algorithm: rsaEncryption 920s Public-Key: (1024 bit) 920s Modulus: 920s 00:c7:6e:e0:5f:09:49:c5:57:90:cc:c3:7a:b7:15: 920s be:68:a7:b9:bb:60:35:1e:f8:5d:ab:19:55:aa:ed: 920s af:ee:e7:11:42:f6:b9:7a:69:39:0f:d0:55:7d:37: 920s a5:7a:8b:8c:48:ff:b6:23:38:ae:e1:f1:c7:0e:33: 920s 79:9d:52:63:0d:62:f2:d8:97:3a:96:08:62:33:85: 920s d4:44:7f:a7:ad:6e:f8:b6:d2:ae:d6:4c:44:7c:3d: 920s 2c:e5:c0:90:7a:fe:89:26:9c:b7:64:76:82:86:d6: 920s f8:e8:8f:d4:f6:48:d5:11:53:22:be:21:91:e8:f7: 920s 90:69:ed:b4:06:18:2f:ac:33 920s Exponent: 65537 (0x10001) 920s X509v3 extensions: 920s X509v3 Authority Key Identifier: 920s 70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 920s X509v3 Basic Constraints: 920s CA:FALSE 920s Netscape Cert Type: 920s SSL Client, S/MIME 920s Netscape Comment: 920s Test Organization Root CA trusted Certificate 920s X509v3 Subject Key Identifier: 920s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 920s X509v3 Key Usage: critical 920s Digital Signature, Non Repudiation, Key Encipherment 920s X509v3 Extended Key Usage: 920s TLS Web Client Authentication, E-mail Protection 920s X509v3 Subject Alternative Name: 920s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 920s Signature Algorithm: sha256WithRSAEncryption 920s Signature Value: 920s 75:ff:36:0f:bc:bf:61:9b:15:a4:c6:5d:a1:8c:fb:2f:8d:bc: 920s 88:aa:32:bd:f1:9b:8a:1d:29:3c:d8:f6:50:60:30:e0:ab:4f: 920s 48:65:b1:a4:34:a7:4f:e1:f7:28:c9:33:c1:c9:5d:17:0b:f8: 920s 67:9d:ed:42:d3:b1:f3:98:39:e1:43:ca:e3:35:c4:dc:65:45: 920s 6c:7f:f1:67:04:03:26:81:aa:4f:8c:cc:fc:1c:eb:42:86:65: 920s 76:13:cb:87:60:31:d2:65:d9:f8:fa:1e:ad:40:31:14:a3:c8: 920s fa:fa:68:ae:94:c1:03:e3:2c:3a:e1:67:81:ed:4b:01:14:73: 920s b3:c2 920s Test Organization Root Tr Token 920s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369.pem 920s + found_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 920s + '[' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 '!=' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 ']' 920s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369-auth.output 920s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369-auth.output .output 920s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369-auth.pem 920s + echo -n 053350 920s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 920s [p11_child[1723]] [main] (0x0400): p11_child started. 920s [p11_child[1723]] [main] (0x2000): Running in [auth] mode. 920s [p11_child[1723]] [main] (0x2000): Running with effective IDs: [0][0]. 920s [p11_child[1723]] [main] (0x2000): Running with real IDs [0][0]. 920s [p11_child[1723]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 920s [p11_child[1723]] [do_card] (0x4000): Module List: 920s [p11_child[1723]] [do_card] (0x4000): common name: [softhsm2]. 920s [p11_child[1723]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 920s [p11_child[1723]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 920s [p11_child[1723]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 920s [p11_child[1723]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 920s [p11_child[1723]] [do_card] (0x4000): Login required. 920s [p11_child[1723]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 920s [p11_child[1723]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 920s [p11_child[1723]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x295dc956;slot-manufacturer=SoftHSM%20project;slot-id=694012246;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9fff5867a95dc956;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 920s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 920s [p11_child[1723]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 920s [p11_child[1723]] [do_card] (0x4000): Certificate verified and validated. 920s [p11_child[1723]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 920s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369-auth.output 920s + echo '-----BEGIN CERTIFICATE-----' 920s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369-auth.output 920s + echo '-----END CERTIFICATE-----' 920s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369-auth.pem 920s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-17369-auth.pem 920s + found_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 920s + '[' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 '!=' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 ']' 920s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 920s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 920s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 920s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 920s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 920s + local verify_option= 920s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 920s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 920s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 920s + local key_cn 920s + local key_name 920s + local tokens_dir 920s + local output_cert_file 920s + token_name= 920s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem .pem 920s + key_name=test-root-CA-trusted-certificate-0001 920s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 920s ++ sed -n 's/ *commonName *= //p' 920s + key_cn='Test Organization Root Trusted Certificate 0001' 920s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 920s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 920s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 920s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 920s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 920s + token_name='Test Organization Root Tr Token' 920s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 920s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 ']' 920s + echo 'Test Organization Root Tr Token' 920s + '[' -n '' ']' 920s + local output_base_name=SSSD-child-24036 920s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036.output 920s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036.pem 920s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 920s [p11_child[1733]] [main] (0x0400): p11_child started. 920s [p11_child[1733]] [main] (0x2000): Running in [pre-auth] mode. 920s [p11_child[1733]] [main] (0x2000): Running with effective IDs: [0][0]. 920s [p11_child[1733]] [main] (0x2000): Running with real IDs [0][0]. 920s [p11_child[1733]] [do_card] (0x4000): Module List: 920s [p11_child[1733]] [do_card] (0x4000): common name: [softhsm2]. 920s [p11_child[1733]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 920s [p11_child[1733]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 920s [p11_child[1733]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 920s [p11_child[1733]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 920s [p11_child[1733]] [do_card] (0x4000): Login NOT required. 920s [p11_child[1733]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 920s [p11_child[1733]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 920s [p11_child[1733]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 920s [p11_child[1733]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x295dc956;slot-manufacturer=SoftHSM%20project;slot-id=694012246;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9fff5867a95dc956;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 920s [p11_child[1733]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 920s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036.output 920s + echo '-----BEGIN CERTIFICATE-----' 920s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036.output 920s + echo '-----END CERTIFICATE-----' 920s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036.pem 920s Certificate: 920s Data: 920s Version: 3 (0x2) 920s Serial Number: 3 (0x3) 920s Signature Algorithm: sha256WithRSAEncryption 920s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 920s Validity 920s Not Before: Jun 14 15:09:20 2024 GMT 920s Not After : Jun 14 15:09:20 2025 GMT 920s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 920s Subject Public Key Info: 920s Public Key Algorithm: rsaEncryption 920s Public-Key: (1024 bit) 920s Modulus: 920s 00:c7:6e:e0:5f:09:49:c5:57:90:cc:c3:7a:b7:15: 920s be:68:a7:b9:bb:60:35:1e:f8:5d:ab:19:55:aa:ed: 920s af:ee:e7:11:42:f6:b9:7a:69:39:0f:d0:55:7d:37: 920s a5:7a:8b:8c:48:ff:b6:23:38:ae:e1:f1:c7:0e:33: 920s 79:9d:52:63:0d:62:f2:d8:97:3a:96:08:62:33:85: 920s d4:44:7f:a7:ad:6e:f8:b6:d2:ae:d6:4c:44:7c:3d: 920s 2c:e5:c0:90:7a:fe:89:26:9c:b7:64:76:82:86:d6: 920s f8:e8:8f:d4:f6:48:d5:11:53:22:be:21:91:e8:f7: 920s 90:69:ed:b4:06:18:2f:ac:33 920s Exponent: 65537 (0x10001) 920s X509v3 extensions: 920s X509v3 Authority Key Identifier: 920s 70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 920s X509v3 Basic Constraints: 920s CA:FALSE 920s Netscape Cert Type: 920s SSL Client, S/MIME 920s Netscape Comment: 920s Test Organization Root CA trusted Certificate 920s X509v3 Subject Key Identifier: 920s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 920s X509v3 Key Usage: critical 920s Digital Signature, Non Repudiation, Key Encipherment 920s X509v3 Extended Key Usage: 920s TLS Web Client Authentication, E-mail Protection 920s X509v3 Subject Alternative Name: 920s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 920s Signature Algorithm: sha256WithRSAEncryption 920s Signature Value: 920s 75:ff:36:0f:bc:bf:61:9b:15:a4:c6:5d:a1:8c:fb:2f:8d:bc: 920s 88:aa:32:bd:f1:9b:8a:1d:29:3c:d8:f6:50:60:30:e0:ab:4f: 920s 48:65:b1:a4:34:a7:4f:e1:f7:28:c9:33:c1:c9:5d:17:0b:f8: 920s 67:9d:ed:42:d3:b1:f3:98:39:e1:43:ca:e3:35:c4:dc:65:45: 920s 6c:7f:f1:67:04:03:26:81:aa:4f:8c:cc:fc:1c:eb:42:86:65: 920s 76:13:cb:87:60:31:d2:65:d9:f8:fa:1e:ad:40:31:14:a3:c8: 920s fa:fa:68:ae:94:c1:03:e3:2c:3a:e1:67:81:ed:4b:01:14:73: 920s b3:c2 920s + local found_md5 expected_md5 920s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 920s + expected_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 920s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036.pem 921s + found_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 921s + '[' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 '!=' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 ']' 921s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036-auth.output 921s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036-auth.output .output 921s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036-auth.pem 921s + echo -n 053350 921s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 921s [p11_child[1741]] [main] (0x0400): p11_child started. 921s [p11_child[1741]] [main] (0x2000): Running in [auth] mode. 921s [p11_child[1741]] [main] (0x2000): Running with effective IDs: [0][0]. 921s [p11_child[1741]] [main] (0x2000): Running with real IDs [0][0]. 921s [p11_child[1741]] [do_card] (0x4000): Module List: 921s [p11_child[1741]] [do_card] (0x4000): common name: [softhsm2]. 921s [p11_child[1741]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 921s [p11_child[1741]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 921s [p11_child[1741]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 921s [p11_child[1741]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 921s [p11_child[1741]] [do_card] (0x4000): Login required. 921s [p11_child[1741]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 921s [p11_child[1741]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 921s [p11_child[1741]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 921s [p11_child[1741]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x295dc956;slot-manufacturer=SoftHSM%20project;slot-id=694012246;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9fff5867a95dc956;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 921s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 921s [p11_child[1741]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 921s [p11_child[1741]] [do_card] (0x4000): Certificate verified and validated. 921s [p11_child[1741]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 921s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036-auth.output 921s + echo '-----BEGIN CERTIFICATE-----' 921s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036-auth.output 921s + echo '-----END CERTIFICATE-----' 921s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036-auth.pem 921s Certificate: 921s Data: 921s Version: 3 (0x2) 921s Serial Number: 3 (0x3) 921s Signature Algorithm: sha256WithRSAEncryption 921s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 921s Validity 921s Not Before: Jun 14 15:09:20 2024 GMT 921s Not After : Jun 14 15:09:20 2025 GMT 921s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 921s Subject Public Key Info: 921s Public Key Algorithm: rsaEncryption 921s Public-Key: (1024 bit) 921s Modulus: 921s 00:c7:6e:e0:5f:09:49:c5:57:90:cc:c3:7a:b7:15: 921s be:68:a7:b9:bb:60:35:1e:f8:5d:ab:19:55:aa:ed: 921s af:ee:e7:11:42:f6:b9:7a:69:39:0f:d0:55:7d:37: 921s a5:7a:8b:8c:48:ff:b6:23:38:ae:e1:f1:c7:0e:33: 921s 79:9d:52:63:0d:62:f2:d8:97:3a:96:08:62:33:85: 921s d4:44:7f:a7:ad:6e:f8:b6:d2:ae:d6:4c:44:7c:3d: 921s 2c:e5:c0:90:7a:fe:89:26:9c:b7:64:76:82:86:d6: 921s f8:e8:8f:d4:f6:48:d5:11:53:22:be:21:91:e8:f7: 921s 90:69:ed:b4:06:18:2f:ac:33 921s Exponent: 65537 (0x10001) 921s X509v3 extensions: 921s X509v3 Authority Key Identifier: 921s 70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 921s X509v3 Basic Constraints: 921s CA:FALSE 921s Netscape Cert Type: 921s SSL Client, S/MIME 921s Netscape Comment: 921s Test Organization Root CA trusted Certificate 921s X509v3 Subject Key Identifier: 921s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 921s X509v3 Key Usage: critical 921s Digital Signature, Non Repudiation, Key Encipherment 921s X509v3 Extended Key Usage: 921s TLS Web Client Authentication, E-mail Protection 921s X509v3 Subject Alternative Name: 921s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 921s Signature Algorithm: sha256WithRSAEncryption 921s Signature Value: 921s 75:ff:36:0f:bc:bf:61:9b:15:a4:c6:5d:a1:8c:fb:2f:8d:bc: 921s 88:aa:32:bd:f1:9b:8a:1d:29:3c:d8:f6:50:60:30:e0:ab:4f: 921s 48:65:b1:a4:34:a7:4f:e1:f7:28:c9:33:c1:c9:5d:17:0b:f8: 921s 67:9d:ed:42:d3:b1:f3:98:39:e1:43:ca:e3:35:c4:dc:65:45: 921s 6c:7f:f1:67:04:03:26:81:aa:4f:8c:cc:fc:1c:eb:42:86:65: 921s 76:13:cb:87:60:31:d2:65:d9:f8:fa:1e:ad:40:31:14:a3:c8: 921s fa:fa:68:ae:94:c1:03:e3:2c:3a:e1:67:81:ed:4b:01:14:73: 921s b3:c2 921s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-24036-auth.pem 921s + found_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 921s + '[' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 '!=' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 ']' 921s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem partial_chain 921s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem partial_chain 921s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 921s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 921s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 921s + local verify_option=partial_chain 921s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 921s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 921s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 921s + local key_cn 921s + local key_name 921s + local tokens_dir 921s + local output_cert_file 921s + token_name= 921s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem .pem 921s + key_name=test-root-CA-trusted-certificate-0001 921s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 921s ++ sed -n 's/ *commonName *= //p' 921s + key_cn='Test Organization Root Trusted Certificate 0001' 921s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 921s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 921s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 921s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 921s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 921s + token_name='Test Organization Root Tr Token' 921s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 921s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 ']' 921s + echo 'Test Organization Root Tr Token' 921s Test Organization Root Tr Token 921s + '[' -n partial_chain ']' 921s + local verify_arg=--verify=partial_chain 921s + local output_base_name=SSSD-child-30416 921s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416.output 921s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416.pem 921s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 921s [p11_child[1751]] [main] (0x0400): p11_child started. 921s [p11_child[1751]] [main] (0x2000): Running in [pre-auth] mode. 921s [p11_child[1751]] [main] (0x2000): Running with effective IDs: [0][0]. 921s [p11_child[1751]] [main] (0x2000): Running with real IDs [0][0]. 921s [p11_child[1751]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 921s [p11_child[1751]] [do_card] (0x4000): Module List: 921s [p11_child[1751]] [do_card] (0x4000): common name: [softhsm2]. 921s [p11_child[1751]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 921s [p11_child[1751]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 921s [p11_child[1751]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 921s [p11_child[1751]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 921s [p11_child[1751]] [do_card] (0x4000): Login NOT required. 921s [p11_child[1751]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 921s [p11_child[1751]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 921s [p11_child[1751]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 921s [p11_child[1751]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x295dc956;slot-manufacturer=SoftHSM%20project;slot-id=694012246;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9fff5867a95dc956;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 921s [p11_child[1751]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 921s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416.output 921s + echo '-----BEGIN CERTIFICATE-----' 921s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416.output 921s + echo '-----END CERTIFICATE-----' 921s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416.pem 921s + local found_md5 expected_md5 921s Certificate: 921s Data: 921s Version: 3 (0x2) 921s Serial Number: 3 (0x3) 921s Signature Algorithm: sha256WithRSAEncryption 921s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 921s Validity 921s Not Before: Jun 14 15:09:20 2024 GMT 921s Not After : Jun 14 15:09:20 2025 GMT 921s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 921s Subject Public Key Info: 921s Public Key Algorithm: rsaEncryption 921s Public-Key: (1024 bit) 921s Modulus: 921s 00:c7:6e:e0:5f:09:49:c5:57:90:cc:c3:7a:b7:15: 921s be:68:a7:b9:bb:60:35:1e:f8:5d:ab:19:55:aa:ed: 921s af:ee:e7:11:42:f6:b9:7a:69:39:0f:d0:55:7d:37: 921s a5:7a:8b:8c:48:ff:b6:23:38:ae:e1:f1:c7:0e:33: 921s 79:9d:52:63:0d:62:f2:d8:97:3a:96:08:62:33:85: 921s d4:44:7f:a7:ad:6e:f8:b6:d2:ae:d6:4c:44:7c:3d: 921s 2c:e5:c0:90:7a:fe:89:26:9c:b7:64:76:82:86:d6: 921s f8:e8:8f:d4:f6:48:d5:11:53:22:be:21:91:e8:f7: 921s 90:69:ed:b4:06:18:2f:ac:33 921s Exponent: 65537 (0x10001) 921s X509v3 extensions: 921s X509v3 Authority Key Identifier: 921s 70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 921s X509v3 Basic Constraints: 921s CA:FALSE 921s Netscape Cert Type: 921s SSL Client, S/MIME 921s Netscape Comment: 921s Test Organization Root CA trusted Certificate 921s X509v3 Subject Key Identifier: 921s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 921s X509v3 Key Usage: critical 921s Digital Signature, Non Repudiation, Key Encipherment 921s X509v3 Extended Key Usage: 921s TLS Web Client Authentication, E-mail Protection 921s X509v3 Subject Alternative Name: 921s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 921s Signature Algorithm: sha256WithRSAEncryption 921s Signature Value: 921s 75:ff:36:0f:bc:bf:61:9b:15:a4:c6:5d:a1:8c:fb:2f:8d:bc: 921s 88:aa:32:bd:f1:9b:8a:1d:29:3c:d8:f6:50:60:30:e0:ab:4f: 921s 48:65:b1:a4:34:a7:4f:e1:f7:28:c9:33:c1:c9:5d:17:0b:f8: 921s 67:9d:ed:42:d3:b1:f3:98:39:e1:43:ca:e3:35:c4:dc:65:45: 921s 6c:7f:f1:67:04:03:26:81:aa:4f:8c:cc:fc:1c:eb:42:86:65: 921s 76:13:cb:87:60:31:d2:65:d9:f8:fa:1e:ad:40:31:14:a3:c8: 921s fa:fa:68:ae:94:c1:03:e3:2c:3a:e1:67:81:ed:4b:01:14:73: 921s b3:c2 921s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 921s + expected_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 921s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416.pem 921s + found_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 921s + '[' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 '!=' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 ']' 921s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416-auth.output 921s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416-auth.output .output 921s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416-auth.pem 921s + echo -n 053350 921s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 921s [p11_child[1759]] [main] (0x0400): p11_child started. 921s [p11_child[1759]] [main] (0x2000): Running in [auth] mode. 921s [p11_child[1759]] [main] (0x2000): Running with effective IDs: [0][0]. 921s [p11_child[1759]] [main] (0x2000): Running with real IDs [0][0]. 921s [p11_child[1759]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 921s [p11_child[1759]] [do_card] (0x4000): Module List: 921s [p11_child[1759]] [do_card] (0x4000): common name: [softhsm2]. 921s [p11_child[1759]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 921s [p11_child[1759]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 921s [p11_child[1759]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 921s [p11_child[1759]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 921s [p11_child[1759]] [do_card] (0x4000): Login required. 921s [p11_child[1759]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 921s [p11_child[1759]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 921s [p11_child[1759]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 921s [p11_child[1759]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x295dc956;slot-manufacturer=SoftHSM%20project;slot-id=694012246;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9fff5867a95dc956;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 921s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 921s [p11_child[1759]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 921s [p11_child[1759]] [do_card] (0x4000): Certificate verified and validated. 921s [p11_child[1759]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 921s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416-auth.output 921s + echo '-----BEGIN CERTIFICATE-----' 921s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416-auth.output 921s + echo '-----END CERTIFICATE-----' 921s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416-auth.pem 921s Certificate: 921s Data: 921s Version: 3 (0x2) 921s Serial Number: 3 (0x3) 921s Signature Algorithm: sha256WithRSAEncryption 921s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 921s Validity 921s Not Before: Jun 14 15:09:20 2024 GMT 921s Not After : Jun 14 15:09:20 2025 GMT 921s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 921s Subject Public Key Info: 921s Public Key Algorithm: rsaEncryption 921s Public-Key: (1024 bit) 921s Modulus: 921s 00:c7:6e:e0:5f:09:49:c5:57:90:cc:c3:7a:b7:15: 921s be:68:a7:b9:bb:60:35:1e:f8:5d:ab:19:55:aa:ed: 921s af:ee:e7:11:42:f6:b9:7a:69:39:0f:d0:55:7d:37: 921s a5:7a:8b:8c:48:ff:b6:23:38:ae:e1:f1:c7:0e:33: 921s 79:9d:52:63:0d:62:f2:d8:97:3a:96:08:62:33:85: 921s d4:44:7f:a7:ad:6e:f8:b6:d2:ae:d6:4c:44:7c:3d: 921s 2c:e5:c0:90:7a:fe:89:26:9c:b7:64:76:82:86:d6: 921s f8:e8:8f:d4:f6:48:d5:11:53:22:be:21:91:e8:f7: 921s 90:69:ed:b4:06:18:2f:ac:33 921s Exponent: 65537 (0x10001) 921s X509v3 extensions: 921s X509v3 Authority Key Identifier: 921s 70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 921s X509v3 Basic Constraints: 921s CA:FALSE 921s Netscape Cert Type: 921s SSL Client, S/MIME 921s Netscape Comment: 921s Test Organization Root CA trusted Certificate 921s X509v3 Subject Key Identifier: 921s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 921s X509v3 Key Usage: critical 921s Digital Signature, Non Repudiation, Key Encipherment 921s X509v3 Extended Key Usage: 921s TLS Web Client Authentication, E-mail Protection 921s X509v3 Subject Alternative Name: 921s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 921s Signature Algorithm: sha256WithRSAEncryption 921s Signature Value: 921s 75:ff:36:0f:bc:bf:61:9b:15:a4:c6:5d:a1:8c:fb:2f:8d:bc: 921s 88:aa:32:bd:f1:9b:8a:1d:29:3c:d8:f6:50:60:30:e0:ab:4f: 921s 48:65:b1:a4:34:a7:4f:e1:f7:28:c9:33:c1:c9:5d:17:0b:f8: 921s 67:9d:ed:42:d3:b1:f3:98:39:e1:43:ca:e3:35:c4:dc:65:45: 921s 6c:7f:f1:67:04:03:26:81:aa:4f:8c:cc:fc:1c:eb:42:86:65: 921s 76:13:cb:87:60:31:d2:65:d9:f8:fa:1e:ad:40:31:14:a3:c8: 921s fa:fa:68:ae:94:c1:03:e3:2c:3a:e1:67:81:ed:4b:01:14:73: 921s b3:c2 921s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-30416-auth.pem 921s + found_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 921s + '[' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 '!=' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 ']' 921s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 921s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 921s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 921s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 921s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 921s + local verify_option= 921s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 921s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 921s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 921s + local key_cn 921s + local key_name 921s + local tokens_dir 921s + local output_cert_file 921s + token_name= 921s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem .pem 921s + key_name=test-root-CA-trusted-certificate-0001 921s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 921s ++ sed -n 's/ *commonName *= //p' 921s + key_cn='Test Organization Root Trusted Certificate 0001' 921s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 921s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 921s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 921s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 921s Test Organization Root Tr Token 921s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 921s + token_name='Test Organization Root Tr Token' 921s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 921s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 ']' 921s + echo 'Test Organization Root Tr Token' 921s + '[' -n '' ']' 921s + local output_base_name=SSSD-child-8258 921s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258.output 921s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258.pem 921s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 921s [p11_child[1769]] [main] (0x0400): p11_child started. 921s [p11_child[1769]] [main] (0x2000): Running in [pre-auth] mode. 921s [p11_child[1769]] [main] (0x2000): Running with effective IDs: [0][0]. 921s [p11_child[1769]] [main] (0x2000): Running with real IDs [0][0]. 921s [p11_child[1769]] [do_card] (0x4000): Module List: 921s [p11_child[1769]] [do_card] (0x4000): common name: [softhsm2]. 921s [p11_child[1769]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 921s [p11_child[1769]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 921s [p11_child[1769]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 921s [p11_child[1769]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 921s [p11_child[1769]] [do_card] (0x4000): Login NOT required. 921s [p11_child[1769]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 921s [p11_child[1769]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 921s [p11_child[1769]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 921s [p11_child[1769]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x295dc956;slot-manufacturer=SoftHSM%20project;slot-id=694012246;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9fff5867a95dc956;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 921s [p11_child[1769]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 921s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258.output 921s + echo '-----BEGIN CERTIFICATE-----' 921s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258.output 921s + echo '-----END CERTIFICATE-----' 921s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258.pem 921s Certificate: 921s Data: 921s Version: 3 (0x2) 921s Serial Number: 3 (0x3) 921s Signature Algorithm: sha256WithRSAEncryption 921s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 921s Validity 921s Not Before: Jun 14 15:09:20 2024 GMT 921s Not After : Jun 14 15:09:20 2025 GMT 921s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 921s Subject Public Key Info: 921s Public Key Algorithm: rsaEncryption 921s Public-Key: (1024 bit) 921s Modulus: 921s 00:c7:6e:e0:5f:09:49:c5:57:90:cc:c3:7a:b7:15: 921s be:68:a7:b9:bb:60:35:1e:f8:5d:ab:19:55:aa:ed: 921s af:ee:e7:11:42:f6:b9:7a:69:39:0f:d0:55:7d:37: 921s a5:7a:8b:8c:48:ff:b6:23:38:ae:e1:f1:c7:0e:33: 921s 79:9d:52:63:0d:62:f2:d8:97:3a:96:08:62:33:85: 921s d4:44:7f:a7:ad:6e:f8:b6:d2:ae:d6:4c:44:7c:3d: 921s 2c:e5:c0:90:7a:fe:89:26:9c:b7:64:76:82:86:d6: 921s f8:e8:8f:d4:f6:48:d5:11:53:22:be:21:91:e8:f7: 921s 90:69:ed:b4:06:18:2f:ac:33 921s Exponent: 65537 (0x10001) 921s X509v3 extensions: 921s X509v3 Authority Key Identifier: 921s 70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 921s X509v3 Basic Constraints: 921s CA:FALSE 921s Netscape Cert Type: 921s SSL Client, S/MIME 921s Netscape Comment: 921s Test Organization Root CA trusted Certificate 921s X509v3 Subject Key Identifier: 921s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 921s X509v3 Key Usage: critical 921s Digital Signature, Non Repudiation, Key Encipherment 921s X509v3 Extended Key Usage: 921s TLS Web Client Authentication, E-mail Protection 921s X509v3 Subject Alternative Name: 921s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 921s Signature Algorithm: sha256WithRSAEncryption 921s Signature Value: 921s 75:ff:36:0f:bc:bf:61:9b:15:a4:c6:5d:a1:8c:fb:2f:8d:bc: 921s 88:aa:32:bd:f1:9b:8a:1d:29:3c:d8:f6:50:60:30:e0:ab:4f: 921s 48:65:b1:a4:34:a7:4f:e1:f7:28:c9:33:c1:c9:5d:17:0b:f8: 921s 67:9d:ed:42:d3:b1:f3:98:39:e1:43:ca:e3:35:c4:dc:65:45: 921s 6c:7f:f1:67:04:03:26:81:aa:4f:8c:cc:fc:1c:eb:42:86:65: 921s 76:13:cb:87:60:31:d2:65:d9:f8:fa:1e:ad:40:31:14:a3:c8: 921s fa:fa:68:ae:94:c1:03:e3:2c:3a:e1:67:81:ed:4b:01:14:73: 921s b3:c2 921s + local found_md5 expected_md5 921s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 921s + expected_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 921s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258.pem 921s + found_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 921s + '[' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 '!=' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 ']' 921s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258-auth.output 921s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258-auth.output .output 921s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258-auth.pem 921s + echo -n 053350 921s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 921s [p11_child[1777]] [main] (0x0400): p11_child started. 921s [p11_child[1777]] [main] (0x2000): Running in [auth] mode. 921s [p11_child[1777]] [main] (0x2000): Running with effective IDs: [0][0]. 921s [p11_child[1777]] [main] (0x2000): Running with real IDs [0][0]. 921s [p11_child[1777]] [do_card] (0x4000): Module List: 921s [p11_child[1777]] [do_card] (0x4000): common name: [softhsm2]. 921s [p11_child[1777]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 921s [p11_child[1777]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 921s [p11_child[1777]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 921s [p11_child[1777]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 921s [p11_child[1777]] [do_card] (0x4000): Login required. 921s [p11_child[1777]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 921s [p11_child[1777]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 921s [p11_child[1777]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 921s [p11_child[1777]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x295dc956;slot-manufacturer=SoftHSM%20project;slot-id=694012246;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9fff5867a95dc956;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 921s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 921s [p11_child[1777]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 921s [p11_child[1777]] [do_card] (0x4000): Certificate verified and validated. 921s [p11_child[1777]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 921s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258-auth.output 922s + echo '-----BEGIN CERTIFICATE-----' 922s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258-auth.output 922s + echo '-----END CERTIFICATE-----' 922s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258-auth.pem 922s Certificate: 922s Data: 922s Version: 3 (0x2) 922s Serial Number: 3 (0x3) 922s Signature Algorithm: sha256WithRSAEncryption 922s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 922s Validity 922s Not Before: Jun 14 15:09:20 2024 GMT 922s Not After : Jun 14 15:09:20 2025 GMT 922s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 922s Subject Public Key Info: 922s Public Key Algorithm: rsaEncryption 922s Public-Key: (1024 bit) 922s Modulus: 922s 00:c7:6e:e0:5f:09:49:c5:57:90:cc:c3:7a:b7:15: 922s be:68:a7:b9:bb:60:35:1e:f8:5d:ab:19:55:aa:ed: 922s af:ee:e7:11:42:f6:b9:7a:69:39:0f:d0:55:7d:37: 922s a5:7a:8b:8c:48:ff:b6:23:38:ae:e1:f1:c7:0e:33: 922s 79:9d:52:63:0d:62:f2:d8:97:3a:96:08:62:33:85: 922s d4:44:7f:a7:ad:6e:f8:b6:d2:ae:d6:4c:44:7c:3d: 922s 2c:e5:c0:90:7a:fe:89:26:9c:b7:64:76:82:86:d6: 922s f8:e8:8f:d4:f6:48:d5:11:53:22:be:21:91:e8:f7: 922s 90:69:ed:b4:06:18:2f:ac:33 922s Exponent: 65537 (0x10001) 922s X509v3 extensions: 922s X509v3 Authority Key Identifier: 922s 70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 922s X509v3 Basic Constraints: 922s CA:FALSE 922s Netscape Cert Type: 922s SSL Client, S/MIME 922s Netscape Comment: 922s Test Organization Root CA trusted Certificate 922s X509v3 Subject Key Identifier: 922s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 922s X509v3 Key Usage: critical 922s Digital Signature, Non Repudiation, Key Encipherment 922s X509v3 Extended Key Usage: 922s TLS Web Client Authentication, E-mail Protection 922s X509v3 Subject Alternative Name: 922s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 922s Signature Algorithm: sha256WithRSAEncryption 922s Signature Value: 922s 75:ff:36:0f:bc:bf:61:9b:15:a4:c6:5d:a1:8c:fb:2f:8d:bc: 922s 88:aa:32:bd:f1:9b:8a:1d:29:3c:d8:f6:50:60:30:e0:ab:4f: 922s 48:65:b1:a4:34:a7:4f:e1:f7:28:c9:33:c1:c9:5d:17:0b:f8: 922s 67:9d:ed:42:d3:b1:f3:98:39:e1:43:ca:e3:35:c4:dc:65:45: 922s 6c:7f:f1:67:04:03:26:81:aa:4f:8c:cc:fc:1c:eb:42:86:65: 922s 76:13:cb:87:60:31:d2:65:d9:f8:fa:1e:ad:40:31:14:a3:c8: 922s fa:fa:68:ae:94:c1:03:e3:2c:3a:e1:67:81:ed:4b:01:14:73: 922s b3:c2 922s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-8258-auth.pem 922s + found_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 922s + '[' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 '!=' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 ']' 922s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem partial_chain 922s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem partial_chain 922s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 922s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 922s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 922s + local verify_option=partial_chain 922s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 922s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 922s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 922s + local key_cn 922s + local key_name 922s + local tokens_dir 922s + local output_cert_file 922s + token_name= 922s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem .pem 922s + key_name=test-root-CA-trusted-certificate-0001 922s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 922s ++ sed -n 's/ *commonName *= //p' 922s + key_cn='Test Organization Root Trusted Certificate 0001' 922s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 922s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 922s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 922s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 922s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 922s + token_name='Test Organization Root Tr Token' 922s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 922s Test Organization Root Tr Token 922s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 ']' 922s + echo 'Test Organization Root Tr Token' 922s + '[' -n partial_chain ']' 922s + local verify_arg=--verify=partial_chain 922s + local output_base_name=SSSD-child-867 922s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-867.output 922s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-867.pem 922s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 922s [p11_child[1787]] [main] (0x0400): p11_child started. 922s [p11_child[1787]] [main] (0x2000): Running in [pre-auth] mode. 922s [p11_child[1787]] [main] (0x2000): Running with effective IDs: [0][0]. 922s [p11_child[1787]] [main] (0x2000): Running with real IDs [0][0]. 922s [p11_child[1787]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 922s [p11_child[1787]] [do_card] (0x4000): Module List: 922s [p11_child[1787]] [do_card] (0x4000): common name: [softhsm2]. 922s [p11_child[1787]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 922s [p11_child[1787]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 922s [p11_child[1787]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 922s [p11_child[1787]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 922s [p11_child[1787]] [do_card] (0x4000): Login NOT required. 922s [p11_child[1787]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 922s [p11_child[1787]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 922s [p11_child[1787]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 922s [p11_child[1787]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x295dc956;slot-manufacturer=SoftHSM%20project;slot-id=694012246;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9fff5867a95dc956;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 922s [p11_child[1787]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 922s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-867.output 922s + echo '-----BEGIN CERTIFICATE-----' 922s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-867.output 922s + echo '-----END CERTIFICATE-----' 922s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-867.pem 922s Certificate: 922s Data: 922s Version: 3 (0x2) 922s Serial Number: 3 (0x3) 922s Signature Algorithm: sha256WithRSAEncryption 922s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 922s Validity 922s Not Before: Jun 14 15:09:20 2024 GMT 922s Not After : Jun 14 15:09:20 2025 GMT 922s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 922s Subject Public Key Info: 922s Public Key Algorithm: rsaEncryption 922s Public-Key: (1024 bit) 922s Modulus: 922s 00:c7:6e:e0:5f:09:49:c5:57:90:cc:c3:7a:b7:15: 922s be:68:a7:b9:bb:60:35:1e:f8:5d:ab:19:55:aa:ed: 922s af:ee:e7:11:42:f6:b9:7a:69:39:0f:d0:55:7d:37: 922s a5:7a:8b:8c:48:ff:b6:23:38:ae:e1:f1:c7:0e:33: 922s 79:9d:52:63:0d:62:f2:d8:97:3a:96:08:62:33:85: 922s d4:44:7f:a7:ad:6e:f8:b6:d2:ae:d6:4c:44:7c:3d: 922s 2c:e5:c0:90:7a:fe:89:26:9c:b7:64:76:82:86:d6: 922s f8:e8:8f:d4:f6:48:d5:11:53:22:be:21:91:e8:f7: 922s 90:69:ed:b4:06:18:2f:ac:33 922s Exponent: 65537 (0x10001) 922s X509v3 extensions: 922s X509v3 Authority Key Identifier: 922s 70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 922s X509v3 Basic Constraints: 922s CA:FALSE 922s Netscape Cert Type: 922s SSL Client, S/MIME 922s Netscape Comment: 922s Test Organization Root CA trusted Certificate 922s X509v3 Subject Key Identifier: 922s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 922s X509v3 Key Usage: critical 922s Digital Signature, Non Repudiation, Key Encipherment 922s X509v3 Extended Key Usage: 922s TLS Web Client Authentication, E-mail Protection 922s X509v3 Subject Alternative Name: 922s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 922s Signature Algorithm: sha256WithRSAEncryption 922s Signature Value: 922s 75:ff:36:0f:bc:bf:61:9b:15:a4:c6:5d:a1:8c:fb:2f:8d:bc: 922s 88:aa:32:bd:f1:9b:8a:1d:29:3c:d8:f6:50:60:30:e0:ab:4f: 922s 48:65:b1:a4:34:a7:4f:e1:f7:28:c9:33:c1:c9:5d:17:0b:f8: 922s 67:9d:ed:42:d3:b1:f3:98:39:e1:43:ca:e3:35:c4:dc:65:45: 922s 6c:7f:f1:67:04:03:26:81:aa:4f:8c:cc:fc:1c:eb:42:86:65: 922s 76:13:cb:87:60:31:d2:65:d9:f8:fa:1e:ad:40:31:14:a3:c8: 922s fa:fa:68:ae:94:c1:03:e3:2c:3a:e1:67:81:ed:4b:01:14:73: 922s b3:c2 922s + local found_md5 expected_md5 922s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 922s + expected_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 922s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-867.pem 922s + found_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 922s + '[' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 '!=' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 ']' 922s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-867-auth.output 922s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-867-auth.output .output 922s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-867-auth.pem 922s + echo -n 053350 922s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 922s [p11_child[1795]] [main] (0x0400): p11_child started. 922s [p11_child[1795]] [main] (0x2000): Running in [auth] mode. 922s [p11_child[1795]] [main] (0x2000): Running with effective IDs: [0][0]. 922s [p11_child[1795]] [main] (0x2000): Running with real IDs [0][0]. 922s [p11_child[1795]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 922s [p11_child[1795]] [do_card] (0x4000): Module List: 922s [p11_child[1795]] [do_card] (0x4000): common name: [softhsm2]. 922s [p11_child[1795]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 922s [p11_child[1795]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 922s [p11_child[1795]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 922s [p11_child[1795]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 922s [p11_child[1795]] [do_card] (0x4000): Login required. 922s [p11_child[1795]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 922s [p11_child[1795]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 922s [p11_child[1795]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 922s [p11_child[1795]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x295dc956;slot-manufacturer=SoftHSM%20project;slot-id=694012246;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9fff5867a95dc956;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 922s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 922s [p11_child[1795]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 922s [p11_child[1795]] [do_card] (0x4000): Certificate verified and validated. 922s [p11_child[1795]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 922s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-867-auth.output 922s + echo '-----BEGIN CERTIFICATE-----' 922s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-867-auth.output 922s + echo '-----END CERTIFICATE-----' 922s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-867-auth.pem 922s Certificate: 922s Data: 922s Version: 3 (0x2) 922s Serial Number: 3 (0x3) 922s Signature Algorithm: sha256WithRSAEncryption 922s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 922s Validity 922s Not Before: Jun 14 15:09:20 2024 GMT 922s Not After : Jun 14 15:09:20 2025 GMT 922s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 922s Subject Public Key Info: 922s Public Key Algorithm: rsaEncryption 922s Public-Key: (1024 bit) 922s Modulus: 922s 00:c7:6e:e0:5f:09:49:c5:57:90:cc:c3:7a:b7:15: 922s be:68:a7:b9:bb:60:35:1e:f8:5d:ab:19:55:aa:ed: 922s af:ee:e7:11:42:f6:b9:7a:69:39:0f:d0:55:7d:37: 922s a5:7a:8b:8c:48:ff:b6:23:38:ae:e1:f1:c7:0e:33: 922s 79:9d:52:63:0d:62:f2:d8:97:3a:96:08:62:33:85: 922s d4:44:7f:a7:ad:6e:f8:b6:d2:ae:d6:4c:44:7c:3d: 922s 2c:e5:c0:90:7a:fe:89:26:9c:b7:64:76:82:86:d6: 922s f8:e8:8f:d4:f6:48:d5:11:53:22:be:21:91:e8:f7: 922s 90:69:ed:b4:06:18:2f:ac:33 922s Exponent: 65537 (0x10001) 922s X509v3 extensions: 922s X509v3 Authority Key Identifier: 922s 70:3E:43:75:CF:9E:33:EB:20:54:2D:BB:6B:CE:78:1E:B9:77:25:CD 922s X509v3 Basic Constraints: 922s CA:FALSE 922s Netscape Cert Type: 922s SSL Client, S/MIME 922s Netscape Comment: 922s Test Organization Root CA trusted Certificate 922s X509v3 Subject Key Identifier: 922s 03:D9:59:A6:17:DB:8B:0D:FA:CE:3A:A0:7D:A6:3A:FD:16:9F:D3:3A 922s X509v3 Key Usage: critical 922s Digital Signature, Non Repudiation, Key Encipherment 922s X509v3 Extended Key Usage: 922s TLS Web Client Authentication, E-mail Protection 922s X509v3 Subject Alternative Name: 922s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 922s Signature Algorithm: sha256WithRSAEncryption 922s Signature Value: 922s 75:ff:36:0f:bc:bf:61:9b:15:a4:c6:5d:a1:8c:fb:2f:8d:bc: 922s 88:aa:32:bd:f1:9b:8a:1d:29:3c:d8:f6:50:60:30:e0:ab:4f: 922s 48:65:b1:a4:34:a7:4f:e1:f7:28:c9:33:c1:c9:5d:17:0b:f8: 922s 67:9d:ed:42:d3:b1:f3:98:39:e1:43:ca:e3:35:c4:dc:65:45: 922s 6c:7f:f1:67:04:03:26:81:aa:4f:8c:cc:fc:1c:eb:42:86:65: 922s 76:13:cb:87:60:31:d2:65:d9:f8:fa:1e:ad:40:31:14:a3:c8: 922s fa:fa:68:ae:94:c1:03:e3:2c:3a:e1:67:81:ed:4b:01:14:73: 922s b3:c2 922s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-867-auth.pem 922s + found_md5=Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 922s + '[' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 '!=' Modulus=C76EE05F0949C55790CCC37AB715BE68A7B9BB60351EF85DAB1955AAEDAFEEE71142F6B97A69390FD0557D37A57A8B8C48FFB62338AEE1F1C70E33799D52630D62F2D8973A9608623385D4447FA7AD6EF8B6D2AED64C447C3D2CE5C0907AFE89269CB764768286D6F8E88FD4F648D5115322BE2191E8F79069EDB406182FAC33 ']' 922s + invalid_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 922s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 922s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 922s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 922s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 922s + local verify_option= 922s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 922s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 922s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 922s + local key_cn 922s + local key_name 922s + local tokens_dir 922s + local output_cert_file 922s + token_name= 922s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem .pem 922s + key_name=test-root-CA-trusted-certificate-0001 922s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 922s ++ sed -n 's/ *commonName *= //p' 922s + key_cn='Test Organization Root Trusted Certificate 0001' 922s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 922s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 922s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 922s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 922s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 922s + token_name='Test Organization Root Tr Token' 922s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 922s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 ']' 922s + echo 'Test Organization Root Tr Token' 922s + '[' -n '' ']' 922s + local output_base_name=SSSD-child-23004 922s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-23004.output 922s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-23004.pem 922s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 922s Test Organization Root Tr Token 922s [p11_child[1805]] [main] (0x0400): p11_child started. 922s [p11_child[1805]] [main] (0x2000): Running in [pre-auth] mode. 922s [p11_child[1805]] [main] (0x2000): Running with effective IDs: [0][0]. 922s [p11_child[1805]] [main] (0x2000): Running with real IDs [0][0]. 922s [p11_child[1805]] [do_card] (0x4000): Module List: 922s [p11_child[1805]] [do_card] (0x4000): common name: [softhsm2]. 922s [p11_child[1805]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 922s [p11_child[1805]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 922s [p11_child[1805]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 922s [p11_child[1805]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 922s [p11_child[1805]] [do_card] (0x4000): Login NOT required. 922s [p11_child[1805]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 922s [p11_child[1805]] [do_verification] (0x0040): X509_verify_cert failed [0]. 922s [p11_child[1805]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 922s [p11_child[1805]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 922s [p11_child[1805]] [do_card] (0x4000): No certificate found. 922s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-23004.output 922s + return 2 922s + invalid_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem partial_chain 922s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem partial_chain 922s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 922s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 922s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 922s + local verify_option=partial_chain 922s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17454 922s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 922s + local key_pass=pass:random-root-ca-trusted-cert-0001-17454 922s + local key_cn 922s + local key_name 922s + local tokens_dir 922s + local output_cert_file 922s + token_name= 922s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem .pem 922s + key_name=test-root-CA-trusted-certificate-0001 922s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-root-CA-trusted-certificate-0001.pem 922s ++ sed -n 's/ *commonName *= //p' 922s + key_cn='Test Organization Root Trusted Certificate 0001' 922s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 922s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 922s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf 922s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 922s Test Organization Root Tr Token 922s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 922s + token_name='Test Organization Root Tr Token' 922s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 922s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-root-CA-trusted-certificate-0001 ']' 922s + echo 'Test Organization Root Tr Token' 922s + '[' -n partial_chain ']' 922s + local verify_arg=--verify=partial_chain 922s + local output_base_name=SSSD-child-25832 922s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-25832.output 922s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-25832.pem 922s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 922s [p11_child[1812]] [main] (0x0400): p11_child started. 922s [p11_child[1812]] [main] (0x2000): Running in [pre-auth] mode. 922s [p11_child[1812]] [main] (0x2000): Running with effective IDs: [0][0]. 922s [p11_child[1812]] [main] (0x2000): Running with real IDs [0][0]. 922s [p11_child[1812]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 922s [p11_child[1812]] [do_card] (0x4000): Module List: 922s [p11_child[1812]] [do_card] (0x4000): common name: [softhsm2]. 922s [p11_child[1812]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 922s [p11_child[1812]] [do_card] (0x4000): Description [SoftHSM slot ID 0x295dc956] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 922s [p11_child[1812]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 922s [p11_child[1812]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x295dc956][694012246] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 922s [p11_child[1812]] [do_card] (0x4000): Login NOT required. 922s [p11_child[1812]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 922s [p11_child[1812]] [do_verification] (0x0040): X509_verify_cert failed [0]. 922s [p11_child[1812]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 922s [p11_child[1812]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 922s [p11_child[1812]] [do_card] (0x4000): No certificate found. 922s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-25832.output 922s + return 2 922s + invalid_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /dev/null 922s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /dev/null 922s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 922s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 922s + local key_ring=/dev/null 922s + local verify_option= 922s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 922s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 922s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 922s + local key_cn 922s + local key_name 922s + local tokens_dir 922s + local output_cert_file 922s + token_name= 922s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem .pem 922s + key_name=test-intermediate-CA-trusted-certificate-0001 922s ++ sed -n 's/ *commonName *= //p' 922s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 922s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 922s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 922s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 922s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 922s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 922s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 922s + token_name='Test Organization Interme Token' 922s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 922s + local key_file 922s + local decrypted_key 922s + mkdir -p /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 922s + key_file=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001-key.pem 922s + decrypted_key=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 922s + cat 922s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 923s Slot 0 has a free/uninitialized token. 923s The token has been initialized and is reassigned to slot 419814970 923s + softhsm2-util --show-slots 923s Available slots: 923s Slot 419814970 923s Slot info: 923s Description: SoftHSM slot ID 0x1905de3a 923s Manufacturer ID: SoftHSM project 923s Hardware version: 2.6 923s Firmware version: 2.6 923s Token present: yes 923s Token info: 923s Manufacturer ID: SoftHSM project 923s Model: SoftHSM v2 923s Hardware version: 2.6 923s Firmware version: 2.6 923s Serial number: e2aa29601905de3a 923s Initialized: yes 923s User PIN init.: yes 923s Label: Test Organization Interme Token 923s Slot 1 923s Slot info: 923s Description: SoftHSM slot ID 0x1 923s Manufacturer ID: SoftHSM project 923s Hardware version: 2.6 923s Firmware version: 2.6 923s Token present: yes 923s Token info: 923s Manufacturer ID: SoftHSM project 923s Model: SoftHSM v2 923s Hardware version: 2.6 923s Firmware version: 2.6 923s Serial number: 923s Initialized: no 923s User PIN init.: no 923s Label: 923s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 923s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-31429 -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 923s writing RSA key 923s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 923s + rm /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 923s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 923s Object 0: 923s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e2aa29601905de3a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 923s Type: X.509 Certificate (RSA-1024) 923s Expires: Sat Jun 14 15:09:20 2025 923s Label: Test Organization Intermediate Trusted Certificate 0001 923s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 923s 923s Test Organization Interme Token 923s + echo 'Test Organization Interme Token' 923s + '[' -n '' ']' 923s + local output_base_name=SSSD-child-24840 923s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-24840.output 923s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-24840.pem 923s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/dev/null 923s [p11_child[1828]] [main] (0x0400): p11_child started. 923s [p11_child[1828]] [main] (0x2000): Running in [pre-auth] mode. 923s [p11_child[1828]] [main] (0x2000): Running with effective IDs: [0][0]. 923s [p11_child[1828]] [main] (0x2000): Running with real IDs [0][0]. 923s [p11_child[1828]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 923s [p11_child[1828]] [do_work] (0x0040): init_verification failed. 923s [p11_child[1828]] [main] (0x0020): p11_child failed (5) 923s + return 2 923s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /dev/null no_verification 923s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /dev/null no_verification 923s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local key_ring=/dev/null 923s + local verify_option=no_verification 923s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local key_cn 923s + local key_name 923s + local tokens_dir 923s + local output_cert_file 923s + token_name= 923s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem .pem 923s + key_name=test-intermediate-CA-trusted-certificate-0001 923s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s ++ sed -n 's/ *commonName *= //p' 923s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 923s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 923s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 923s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 923s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 923s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 923s + token_name='Test Organization Interme Token' 923s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 923s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 923s + echo 'Test Organization Interme Token' 923s + '[' -n no_verification ']' 923s + local verify_arg=--verify=no_verification 923s + local output_base_name=SSSD-child-25784 923s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784.output 923s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784.pem 923s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 923s Test Organization Interme Token 923s [p11_child[1834]] [main] (0x0400): p11_child started. 923s [p11_child[1834]] [main] (0x2000): Running in [pre-auth] mode. 923s [p11_child[1834]] [main] (0x2000): Running with effective IDs: [0][0]. 923s [p11_child[1834]] [main] (0x2000): Running with real IDs [0][0]. 923s [p11_child[1834]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 923s [p11_child[1834]] [do_card] (0x4000): Module List: 923s [p11_child[1834]] [do_card] (0x4000): common name: [softhsm2]. 923s [p11_child[1834]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 923s [p11_child[1834]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1905de3a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 923s [p11_child[1834]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 923s [p11_child[1834]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1905de3a][419814970] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 923s [p11_child[1834]] [do_card] (0x4000): Login NOT required. 923s [p11_child[1834]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 923s [p11_child[1834]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 923s [p11_child[1834]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1905de3a;slot-manufacturer=SoftHSM%20project;slot-id=419814970;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e2aa29601905de3a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 923s [p11_child[1834]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 923s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784.output 923s + echo '-----BEGIN CERTIFICATE-----' 923s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784.output 923s + echo '-----END CERTIFICATE-----' 923s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784.pem 923s Certificate: 923s Data: 923s Version: 3 (0x2) 923s Serial Number: 4 (0x4) 923s Signature Algorithm: sha256WithRSAEncryption 923s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 923s Validity 923s Not Before: Jun 14 15:09:20 2024 GMT 923s Not After : Jun 14 15:09:20 2025 GMT 923s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 923s Subject Public Key Info: 923s Public Key Algorithm: rsaEncryption 923s Public-Key: (1024 bit) 923s Modulus: 923s 00:d0:46:fb:1a:b3:12:e9:fa:49:b1:94:be:a3:3d: 923s b4:ba:fd:65:1a:94:6b:76:51:04:96:2a:d6:fc:ae: 923s 12:3d:67:f2:4d:9c:ae:51:56:da:fd:d2:41:cc:6d: 923s f1:d1:c6:46:85:1b:e5:97:ec:bb:47:42:a5:33:91: 923s e4:56:e5:23:06:db:f7:af:3b:c6:3e:67:c3:e6:f5: 923s 06:80:af:62:77:98:3c:02:a6:c8:a0:85:a6:57:1d: 923s 7b:ff:57:ca:0d:ea:fe:69:ad:ee:76:20:79:a6:1b: 923s d6:ab:f9:10:c6:4d:42:9f:59:4d:96:3b:21:b4:14: 923s ae:92:3e:f4:6a:02:e7:4d:fd 923s Exponent: 65537 (0x10001) 923s X509v3 extensions: 923s X509v3 Authority Key Identifier: 923s E4:F6:48:0E:FB:99:03:3E:12:02:9D:A4:BE:13:8A:9C:C9:8F:F8:E5 923s X509v3 Basic Constraints: 923s CA:FALSE 923s Netscape Cert Type: 923s SSL Client, S/MIME 923s Netscape Comment: 923s Test Organization Intermediate CA trusted Certificate 923s X509v3 Subject Key Identifier: 923s F4:50:43:57:C0:70:32:9A:AB:96:DD:79:45:6B:D6:34:64:08:74:49 923s X509v3 Key Usage: critical 923s Digital Signature, Non Repudiation, Key Encipherment 923s X509v3 Extended Key Usage: 923s TLS Web Client Authentication, E-mail Protection 923s X509v3 Subject Alternative Name: 923s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 923s Signature Algorithm: sha256WithRSAEncryption 923s Signature Value: 923s 7a:b0:32:cf:5d:f5:39:c2:be:9b:32:89:96:68:b9:fe:5e:7c: 923s 8d:07:9a:c3:42:4b:43:e5:08:51:ac:7f:fd:8d:52:c5:61:48: 923s aa:8f:88:93:84:cd:bf:f0:f5:5a:57:bc:4c:0a:41:10:34:a2: 923s 78:87:2d:e6:19:a2:d4:6f:c9:bd:51:b0:a6:67:f7:a3:20:7c: 923s d8:cf:91:e1:50:d6:e5:3d:fa:3b:65:89:63:dd:51:c5:c5:d0: 923s 91:67:c9:d2:39:a7:1c:de:21:e2:6b:f7:cc:98:b2:fa:cc:3f: 923s 9e:a5:49:87:17:1a:ef:3b:bf:fc:c0:a8:6e:49:77:e5:24:0b: 923s 24:1d 923s + local found_md5 expected_md5 923s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s + expected_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 923s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784.pem 923s + found_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 923s + '[' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD '!=' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD ']' 923s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784-auth.output 923s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784-auth.output .output 923s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784-auth.pem 923s + echo -n 053350 923s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 923s [p11_child[1842]] [main] (0x0400): p11_child started. 923s [p11_child[1842]] [main] (0x2000): Running in [auth] mode. 923s [p11_child[1842]] [main] (0x2000): Running with effective IDs: [0][0]. 923s [p11_child[1842]] [main] (0x2000): Running with real IDs [0][0]. 923s [p11_child[1842]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 923s [p11_child[1842]] [do_card] (0x4000): Module List: 923s [p11_child[1842]] [do_card] (0x4000): common name: [softhsm2]. 923s [p11_child[1842]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 923s [p11_child[1842]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1905de3a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 923s [p11_child[1842]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 923s [p11_child[1842]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1905de3a][419814970] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 923s [p11_child[1842]] [do_card] (0x4000): Login required. 923s [p11_child[1842]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 923s [p11_child[1842]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 923s [p11_child[1842]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1905de3a;slot-manufacturer=SoftHSM%20project;slot-id=419814970;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e2aa29601905de3a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 923s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 923s [p11_child[1842]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 923s [p11_child[1842]] [do_card] (0x4000): Certificate verified and validated. 923s [p11_child[1842]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 923s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784-auth.output 923s + echo '-----BEGIN CERTIFICATE-----' 923s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784-auth.output 923s + echo '-----END CERTIFICATE-----' 923s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784-auth.pem 923s Certificate: 923s Data: 923s Version: 3 (0x2) 923s Serial Number: 4 (0x4) 923s Signature Algorithm: sha256WithRSAEncryption 923s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 923s Validity 923s Not Before: Jun 14 15:09:20 2024 GMT 923s Not After : Jun 14 15:09:20 2025 GMT 923s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 923s Subject Public Key Info: 923s Public Key Algorithm: rsaEncryption 923s Public-Key: (1024 bit) 923s Modulus: 923s 00:d0:46:fb:1a:b3:12:e9:fa:49:b1:94:be:a3:3d: 923s b4:ba:fd:65:1a:94:6b:76:51:04:96:2a:d6:fc:ae: 923s 12:3d:67:f2:4d:9c:ae:51:56:da:fd:d2:41:cc:6d: 923s f1:d1:c6:46:85:1b:e5:97:ec:bb:47:42:a5:33:91: 923s e4:56:e5:23:06:db:f7:af:3b:c6:3e:67:c3:e6:f5: 923s 06:80:af:62:77:98:3c:02:a6:c8:a0:85:a6:57:1d: 923s 7b:ff:57:ca:0d:ea:fe:69:ad:ee:76:20:79:a6:1b: 923s d6:ab:f9:10:c6:4d:42:9f:59:4d:96:3b:21:b4:14: 923s ae:92:3e:f4:6a:02:e7:4d:fd 923s Exponent: 65537 (0x10001) 923s X509v3 extensions: 923s X509v3 Authority Key Identifier: 923s E4:F6:48:0E:FB:99:03:3E:12:02:9D:A4:BE:13:8A:9C:C9:8F:F8:E5 923s X509v3 Basic Constraints: 923s CA:FALSE 923s Netscape Cert Type: 923s SSL Client, S/MIME 923s Netscape Comment: 923s Test Organization Intermediate CA trusted Certificate 923s X509v3 Subject Key Identifier: 923s F4:50:43:57:C0:70:32:9A:AB:96:DD:79:45:6B:D6:34:64:08:74:49 923s X509v3 Key Usage: critical 923s Digital Signature, Non Repudiation, Key Encipherment 923s X509v3 Extended Key Usage: 923s TLS Web Client Authentication, E-mail Protection 923s X509v3 Subject Alternative Name: 923s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 923s Signature Algorithm: sha256WithRSAEncryption 923s Signature Value: 923s 7a:b0:32:cf:5d:f5:39:c2:be:9b:32:89:96:68:b9:fe:5e:7c: 923s 8d:07:9a:c3:42:4b:43:e5:08:51:ac:7f:fd:8d:52:c5:61:48: 923s aa:8f:88:93:84:cd:bf:f0:f5:5a:57:bc:4c:0a:41:10:34:a2: 923s 78:87:2d:e6:19:a2:d4:6f:c9:bd:51:b0:a6:67:f7:a3:20:7c: 923s d8:cf:91:e1:50:d6:e5:3d:fa:3b:65:89:63:dd:51:c5:c5:d0: 923s 91:67:c9:d2:39:a7:1c:de:21:e2:6b:f7:cc:98:b2:fa:cc:3f: 923s 9e:a5:49:87:17:1a:ef:3b:bf:fc:c0:a8:6e:49:77:e5:24:0b: 923s 24:1d 923s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-25784-auth.pem 923s + found_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 923s + '[' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD '!=' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD ']' 923s + invalid_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 923s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 923s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 923s + local verify_option= 923s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local key_cn 923s + local key_name 923s + local tokens_dir 923s + local output_cert_file 923s + token_name= 923s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem .pem 923s + key_name=test-intermediate-CA-trusted-certificate-0001 923s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s ++ sed -n 's/ *commonName *= //p' 923s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 923s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 923s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 923s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 923s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 923s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 923s + token_name='Test Organization Interme Token' 923s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 923s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 923s + echo 'Test Organization Interme Token' 923s + '[' -n '' ']' 923s + local output_base_name=SSSD-child-25496 923s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-25496.output 923s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-25496.pem 923s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 923s Test Organization Interme Token 923s [p11_child[1852]] [main] (0x0400): p11_child started. 923s [p11_child[1852]] [main] (0x2000): Running in [pre-auth] mode. 923s [p11_child[1852]] [main] (0x2000): Running with effective IDs: [0][0]. 923s [p11_child[1852]] [main] (0x2000): Running with real IDs [0][0]. 923s [p11_child[1852]] [do_card] (0x4000): Module List: 923s [p11_child[1852]] [do_card] (0x4000): common name: [softhsm2]. 923s [p11_child[1852]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 923s [p11_child[1852]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1905de3a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 923s [p11_child[1852]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 923s [p11_child[1852]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1905de3a][419814970] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 923s [p11_child[1852]] [do_card] (0x4000): Login NOT required. 923s [p11_child[1852]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 923s [p11_child[1852]] [do_verification] (0x0040): X509_verify_cert failed [0]. 923s [p11_child[1852]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 923s [p11_child[1852]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 923s [p11_child[1852]] [do_card] (0x4000): No certificate found. 923s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-25496.output 923s + return 2 923s + invalid_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem partial_chain 923s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem partial_chain 923s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 923s + local verify_option=partial_chain 923s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local key_cn 923s + local key_name 923s + local tokens_dir 923s + local output_cert_file 923s + token_name= 923s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem .pem 923s + key_name=test-intermediate-CA-trusted-certificate-0001 923s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s ++ sed -n 's/ *commonName *= //p' 923s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 923s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 923s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 923s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 923s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 923s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 923s + token_name='Test Organization Interme Token' 923s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 923s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 923s + echo 'Test Organization Interme Token' 923s Test Organization Interme Token 923s + '[' -n partial_chain ']' 923s + local verify_arg=--verify=partial_chain 923s + local output_base_name=SSSD-child-18865 923s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-18865.output 923s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-18865.pem 923s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 923s [p11_child[1859]] [main] (0x0400): p11_child started. 923s [p11_child[1859]] [main] (0x2000): Running in [pre-auth] mode. 923s [p11_child[1859]] [main] (0x2000): Running with effective IDs: [0][0]. 923s [p11_child[1859]] [main] (0x2000): Running with real IDs [0][0]. 923s [p11_child[1859]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 923s [p11_child[1859]] [do_card] (0x4000): Module List: 923s [p11_child[1859]] [do_card] (0x4000): common name: [softhsm2]. 923s [p11_child[1859]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 923s [p11_child[1859]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1905de3a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 923s [p11_child[1859]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 923s [p11_child[1859]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1905de3a][419814970] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 923s [p11_child[1859]] [do_card] (0x4000): Login NOT required. 923s [p11_child[1859]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 923s [p11_child[1859]] [do_verification] (0x0040): X509_verify_cert failed [0]. 923s [p11_child[1859]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 923s [p11_child[1859]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 923s [p11_child[1859]] [do_card] (0x4000): No certificate found. 923s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-18865.output 923s + return 2 923s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 923s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 923s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 923s + local verify_option= 923s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 923s + local key_cn 923s + local key_name 923s + local tokens_dir 923s + local output_cert_file 923s + token_name= 923s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem .pem 923s + key_name=test-intermediate-CA-trusted-certificate-0001 923s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s ++ sed -n 's/ *commonName *= //p' 923s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 923s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 923s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 923s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 923s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 923s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 923s + token_name='Test Organization Interme Token' 923s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 923s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 923s + echo 'Test Organization Interme Token' 923s + '[' -n '' ']' 923s + local output_base_name=SSSD-child-2312 923s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312.output 923s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312.pem 923s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 923s Test Organization Interme Token 923s [p11_child[1866]] [main] (0x0400): p11_child started. 923s [p11_child[1866]] [main] (0x2000): Running in [pre-auth] mode. 923s [p11_child[1866]] [main] (0x2000): Running with effective IDs: [0][0]. 923s [p11_child[1866]] [main] (0x2000): Running with real IDs [0][0]. 923s [p11_child[1866]] [do_card] (0x4000): Module List: 923s [p11_child[1866]] [do_card] (0x4000): common name: [softhsm2]. 923s [p11_child[1866]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 923s [p11_child[1866]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1905de3a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 923s [p11_child[1866]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 923s [p11_child[1866]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1905de3a][419814970] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 923s [p11_child[1866]] [do_card] (0x4000): Login NOT required. 923s [p11_child[1866]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 923s [p11_child[1866]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 923s [p11_child[1866]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 923s [p11_child[1866]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1905de3a;slot-manufacturer=SoftHSM%20project;slot-id=419814970;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e2aa29601905de3a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 923s [p11_child[1866]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 923s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312.output 923s + echo '-----BEGIN CERTIFICATE-----' 923s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312.output 923s + echo '-----END CERTIFICATE-----' 923s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312.pem 923s Certificate: 923s Data: 923s Version: 3 (0x2) 923s Serial Number: 4 (0x4) 923s Signature Algorithm: sha256WithRSAEncryption 923s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 923s Validity 923s Not Before: Jun 14 15:09:20 2024 GMT 923s Not After : Jun 14 15:09:20 2025 GMT 923s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 923s Subject Public Key Info: 923s Public Key Algorithm: rsaEncryption 923s Public-Key: (1024 bit) 923s Modulus: 923s 00:d0:46:fb:1a:b3:12:e9:fa:49:b1:94:be:a3:3d: 923s b4:ba:fd:65:1a:94:6b:76:51:04:96:2a:d6:fc:ae: 923s 12:3d:67:f2:4d:9c:ae:51:56:da:fd:d2:41:cc:6d: 923s f1:d1:c6:46:85:1b:e5:97:ec:bb:47:42:a5:33:91: 923s e4:56:e5:23:06:db:f7:af:3b:c6:3e:67:c3:e6:f5: 923s 06:80:af:62:77:98:3c:02:a6:c8:a0:85:a6:57:1d: 923s 7b:ff:57:ca:0d:ea:fe:69:ad:ee:76:20:79:a6:1b: 923s d6:ab:f9:10:c6:4d:42:9f:59:4d:96:3b:21:b4:14: 923s ae:92:3e:f4:6a:02:e7:4d:fd 923s Exponent: 65537 (0x10001) 923s X509v3 extensions: 923s X509v3 Authority Key Identifier: 923s E4:F6:48:0E:FB:99:03:3E:12:02:9D:A4:BE:13:8A:9C:C9:8F:F8:E5 923s X509v3 Basic Constraints: 923s CA:FALSE 923s Netscape Cert Type: 923s SSL Client, S/MIME 923s Netscape Comment: 923s Test Organization Intermediate CA trusted Certificate 923s X509v3 Subject Key Identifier: 923s F4:50:43:57:C0:70:32:9A:AB:96:DD:79:45:6B:D6:34:64:08:74:49 923s X509v3 Key Usage: critical 923s Digital Signature, Non Repudiation, Key Encipherment 923s X509v3 Extended Key Usage: 923s TLS Web Client Authentication, E-mail Protection 923s X509v3 Subject Alternative Name: 923s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 923s Signature Algorithm: sha256WithRSAEncryption 923s Signature Value: 923s 7a:b0:32:cf:5d:f5:39:c2:be:9b:32:89:96:68:b9:fe:5e:7c: 923s 8d:07:9a:c3:42:4b:43:e5:08:51:ac:7f:fd:8d:52:c5:61:48: 923s aa:8f:88:93:84:cd:bf:f0:f5:5a:57:bc:4c:0a:41:10:34:a2: 923s 78:87:2d:e6:19:a2:d4:6f:c9:bd:51:b0:a6:67:f7:a3:20:7c: 923s d8:cf:91:e1:50:d6:e5:3d:fa:3b:65:89:63:dd:51:c5:c5:d0: 923s 91:67:c9:d2:39:a7:1c:de:21:e2:6b:f7:cc:98:b2:fa:cc:3f: 923s 9e:a5:49:87:17:1a:ef:3b:bf:fc:c0:a8:6e:49:77:e5:24:0b: 923s 24:1d 923s + local found_md5 expected_md5 923s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 923s + expected_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 923s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312.pem 924s + found_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 924s + '[' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD '!=' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD ']' 924s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312-auth.output 924s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312-auth.output .output 924s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312-auth.pem 924s + echo -n 053350 924s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 924s [p11_child[1874]] [main] (0x0400): p11_child started. 924s [p11_child[1874]] [main] (0x2000): Running in [auth] mode. 924s [p11_child[1874]] [main] (0x2000): Running with effective IDs: [0][0]. 924s [p11_child[1874]] [main] (0x2000): Running with real IDs [0][0]. 924s [p11_child[1874]] [do_card] (0x4000): Module List: 924s [p11_child[1874]] [do_card] (0x4000): common name: [softhsm2]. 924s [p11_child[1874]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 924s [p11_child[1874]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1905de3a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 924s [p11_child[1874]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 924s [p11_child[1874]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1905de3a][419814970] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 924s [p11_child[1874]] [do_card] (0x4000): Login required. 924s [p11_child[1874]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 924s [p11_child[1874]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 924s [p11_child[1874]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 924s [p11_child[1874]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1905de3a;slot-manufacturer=SoftHSM%20project;slot-id=419814970;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e2aa29601905de3a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 924s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 924s [p11_child[1874]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 924s [p11_child[1874]] [do_card] (0x4000): Certificate verified and validated. 924s [p11_child[1874]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 924s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312-auth.output 924s + echo '-----BEGIN CERTIFICATE-----' 924s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312-auth.output 924s + echo '-----END CERTIFICATE-----' 924s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312-auth.pem 924s Certificate: 924s Data: 924s Version: 3 (0x2) 924s Serial Number: 4 (0x4) 924s Signature Algorithm: sha256WithRSAEncryption 924s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 924s Validity 924s Not Before: Jun 14 15:09:20 2024 GMT 924s Not After : Jun 14 15:09:20 2025 GMT 924s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 924s Subject Public Key Info: 924s Public Key Algorithm: rsaEncryption 924s Public-Key: (1024 bit) 924s Modulus: 924s 00:d0:46:fb:1a:b3:12:e9:fa:49:b1:94:be:a3:3d: 924s b4:ba:fd:65:1a:94:6b:76:51:04:96:2a:d6:fc:ae: 924s 12:3d:67:f2:4d:9c:ae:51:56:da:fd:d2:41:cc:6d: 924s f1:d1:c6:46:85:1b:e5:97:ec:bb:47:42:a5:33:91: 924s e4:56:e5:23:06:db:f7:af:3b:c6:3e:67:c3:e6:f5: 924s 06:80:af:62:77:98:3c:02:a6:c8:a0:85:a6:57:1d: 924s 7b:ff:57:ca:0d:ea:fe:69:ad:ee:76:20:79:a6:1b: 924s d6:ab:f9:10:c6:4d:42:9f:59:4d:96:3b:21:b4:14: 924s ae:92:3e:f4:6a:02:e7:4d:fd 924s Exponent: 65537 (0x10001) 924s X509v3 extensions: 924s X509v3 Authority Key Identifier: 924s E4:F6:48:0E:FB:99:03:3E:12:02:9D:A4:BE:13:8A:9C:C9:8F:F8:E5 924s X509v3 Basic Constraints: 924s CA:FALSE 924s Netscape Cert Type: 924s SSL Client, S/MIME 924s Netscape Comment: 924s Test Organization Intermediate CA trusted Certificate 924s X509v3 Subject Key Identifier: 924s F4:50:43:57:C0:70:32:9A:AB:96:DD:79:45:6B:D6:34:64:08:74:49 924s X509v3 Key Usage: critical 924s Digital Signature, Non Repudiation, Key Encipherment 924s X509v3 Extended Key Usage: 924s TLS Web Client Authentication, E-mail Protection 924s X509v3 Subject Alternative Name: 924s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 924s Signature Algorithm: sha256WithRSAEncryption 924s Signature Value: 924s 7a:b0:32:cf:5d:f5:39:c2:be:9b:32:89:96:68:b9:fe:5e:7c: 924s 8d:07:9a:c3:42:4b:43:e5:08:51:ac:7f:fd:8d:52:c5:61:48: 924s aa:8f:88:93:84:cd:bf:f0:f5:5a:57:bc:4c:0a:41:10:34:a2: 924s 78:87:2d:e6:19:a2:d4:6f:c9:bd:51:b0:a6:67:f7:a3:20:7c: 924s d8:cf:91:e1:50:d6:e5:3d:fa:3b:65:89:63:dd:51:c5:c5:d0: 924s 91:67:c9:d2:39:a7:1c:de:21:e2:6b:f7:cc:98:b2:fa:cc:3f: 924s 9e:a5:49:87:17:1a:ef:3b:bf:fc:c0:a8:6e:49:77:e5:24:0b: 924s 24:1d 924s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-2312-auth.pem 924s + found_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 924s + '[' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD '!=' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD ']' 924s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem partial_chain 924s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem partial_chain 924s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 924s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 924s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 924s + local verify_option=partial_chain 924s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 924s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 924s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 924s + local key_cn 924s + local key_name 924s + local tokens_dir 924s + local output_cert_file 924s + token_name= 924s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem .pem 924s + key_name=test-intermediate-CA-trusted-certificate-0001 924s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 924s ++ sed -n 's/ *commonName *= //p' 924s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 924s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 924s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 924s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 924s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 924s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 924s + token_name='Test Organization Interme Token' 924s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 924s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 924s + echo 'Test Organization Interme Token' 924s Test Organization Interme Token 924s + '[' -n partial_chain ']' 924s + local verify_arg=--verify=partial_chain 924s + local output_base_name=SSSD-child-5662 924s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662.output 924s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662.pem 924s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 924s [p11_child[1884]] [main] (0x0400): p11_child started. 924s [p11_child[1884]] [main] (0x2000): Running in [pre-auth] mode. 924s [p11_child[1884]] [main] (0x2000): Running with effective IDs: [0][0]. 924s [p11_child[1884]] [main] (0x2000): Running with real IDs [0][0]. 924s [p11_child[1884]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 924s [p11_child[1884]] [do_card] (0x4000): Module List: 924s [p11_child[1884]] [do_card] (0x4000): common name: [softhsm2]. 924s [p11_child[1884]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 924s [p11_child[1884]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1905de3a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 924s [p11_child[1884]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 924s [p11_child[1884]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1905de3a][419814970] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 924s [p11_child[1884]] [do_card] (0x4000): Login NOT required. 924s [p11_child[1884]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 924s [p11_child[1884]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 924s [p11_child[1884]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 924s [p11_child[1884]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1905de3a;slot-manufacturer=SoftHSM%20project;slot-id=419814970;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e2aa29601905de3a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 924s [p11_child[1884]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 924s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662.output 924s + echo '-----BEGIN CERTIFICATE-----' 924s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662.output 924s + echo '-----END CERTIFICATE-----' 924s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662.pem 924s Certificate: 924s Data: 924s Version: 3 (0x2) 924s Serial Number: 4 (0x4) 924s Signature Algorithm: sha256WithRSAEncryption 924s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 924s Validity 924s Not Before: Jun 14 15:09:20 2024 GMT 924s Not After : Jun 14 15:09:20 2025 GMT 924s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 924s Subject Public Key Info: 924s Public Key Algorithm: rsaEncryption 924s Public-Key: (1024 bit) 924s Modulus: 924s 00:d0:46:fb:1a:b3:12:e9:fa:49:b1:94:be:a3:3d: 924s b4:ba:fd:65:1a:94:6b:76:51:04:96:2a:d6:fc:ae: 924s 12:3d:67:f2:4d:9c:ae:51:56:da:fd:d2:41:cc:6d: 924s f1:d1:c6:46:85:1b:e5:97:ec:bb:47:42:a5:33:91: 924s e4:56:e5:23:06:db:f7:af:3b:c6:3e:67:c3:e6:f5: 924s 06:80:af:62:77:98:3c:02:a6:c8:a0:85:a6:57:1d: 924s 7b:ff:57:ca:0d:ea:fe:69:ad:ee:76:20:79:a6:1b: 924s d6:ab:f9:10:c6:4d:42:9f:59:4d:96:3b:21:b4:14: 924s ae:92:3e:f4:6a:02:e7:4d:fd 924s Exponent: 65537 (0x10001) 924s X509v3 extensions: 924s X509v3 Authority Key Identifier: 924s E4:F6:48:0E:FB:99:03:3E:12:02:9D:A4:BE:13:8A:9C:C9:8F:F8:E5 924s X509v3 Basic Constraints: 924s CA:FALSE 924s Netscape Cert Type: 924s SSL Client, S/MIME 924s Netscape Comment: 924s Test Organization Intermediate CA trusted Certificate 924s X509v3 Subject Key Identifier: 924s F4:50:43:57:C0:70:32:9A:AB:96:DD:79:45:6B:D6:34:64:08:74:49 924s X509v3 Key Usage: critical 924s Digital Signature, Non Repudiation, Key Encipherment 924s X509v3 Extended Key Usage: 924s TLS Web Client Authentication, E-mail Protection 924s X509v3 Subject Alternative Name: 924s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 924s Signature Algorithm: sha256WithRSAEncryption 924s Signature Value: 924s 7a:b0:32:cf:5d:f5:39:c2:be:9b:32:89:96:68:b9:fe:5e:7c: 924s 8d:07:9a:c3:42:4b:43:e5:08:51:ac:7f:fd:8d:52:c5:61:48: 924s aa:8f:88:93:84:cd:bf:f0:f5:5a:57:bc:4c:0a:41:10:34:a2: 924s 78:87:2d:e6:19:a2:d4:6f:c9:bd:51:b0:a6:67:f7:a3:20:7c: 924s d8:cf:91:e1:50:d6:e5:3d:fa:3b:65:89:63:dd:51:c5:c5:d0: 924s 91:67:c9:d2:39:a7:1c:de:21:e2:6b:f7:cc:98:b2:fa:cc:3f: 924s 9e:a5:49:87:17:1a:ef:3b:bf:fc:c0:a8:6e:49:77:e5:24:0b: 924s 24:1d 924s + local found_md5 expected_md5 924s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 924s + expected_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 924s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662.pem 924s + found_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 924s + '[' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD '!=' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD ']' 924s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662-auth.output 924s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662-auth.output .output 924s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662-auth.pem 924s + echo -n 053350 924s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 924s [p11_child[1892]] [main] (0x0400): p11_child started. 924s [p11_child[1892]] [main] (0x2000): Running in [auth] mode. 924s [p11_child[1892]] [main] (0x2000): Running with effective IDs: [0][0]. 924s [p11_child[1892]] [main] (0x2000): Running with real IDs [0][0]. 924s [p11_child[1892]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 924s [p11_child[1892]] [do_card] (0x4000): Module List: 924s [p11_child[1892]] [do_card] (0x4000): common name: [softhsm2]. 924s [p11_child[1892]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 924s [p11_child[1892]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1905de3a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 924s [p11_child[1892]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 924s [p11_child[1892]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1905de3a][419814970] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 924s [p11_child[1892]] [do_card] (0x4000): Login required. 924s [p11_child[1892]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 924s [p11_child[1892]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 924s [p11_child[1892]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 924s [p11_child[1892]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1905de3a;slot-manufacturer=SoftHSM%20project;slot-id=419814970;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e2aa29601905de3a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 924s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 924s [p11_child[1892]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 924s [p11_child[1892]] [do_card] (0x4000): Certificate verified and validated. 924s [p11_child[1892]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 924s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662-auth.output 924s + echo '-----BEGIN CERTIFICATE-----' 924s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662-auth.output 924s + echo '-----END CERTIFICATE-----' 924s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662-auth.pem 924s Certificate: 924s Data: 924s Version: 3 (0x2) 924s Serial Number: 4 (0x4) 924s Signature Algorithm: sha256WithRSAEncryption 924s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 924s Validity 924s Not Before: Jun 14 15:09:20 2024 GMT 924s Not After : Jun 14 15:09:20 2025 GMT 924s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 924s Subject Public Key Info: 924s Public Key Algorithm: rsaEncryption 924s Public-Key: (1024 bit) 924s Modulus: 924s 00:d0:46:fb:1a:b3:12:e9:fa:49:b1:94:be:a3:3d: 924s b4:ba:fd:65:1a:94:6b:76:51:04:96:2a:d6:fc:ae: 924s 12:3d:67:f2:4d:9c:ae:51:56:da:fd:d2:41:cc:6d: 924s f1:d1:c6:46:85:1b:e5:97:ec:bb:47:42:a5:33:91: 924s e4:56:e5:23:06:db:f7:af:3b:c6:3e:67:c3:e6:f5: 924s 06:80:af:62:77:98:3c:02:a6:c8:a0:85:a6:57:1d: 924s 7b:ff:57:ca:0d:ea:fe:69:ad:ee:76:20:79:a6:1b: 924s d6:ab:f9:10:c6:4d:42:9f:59:4d:96:3b:21:b4:14: 924s ae:92:3e:f4:6a:02:e7:4d:fd 924s Exponent: 65537 (0x10001) 924s X509v3 extensions: 924s X509v3 Authority Key Identifier: 924s E4:F6:48:0E:FB:99:03:3E:12:02:9D:A4:BE:13:8A:9C:C9:8F:F8:E5 924s X509v3 Basic Constraints: 924s CA:FALSE 924s Netscape Cert Type: 924s SSL Client, S/MIME 924s Netscape Comment: 924s Test Organization Intermediate CA trusted Certificate 924s X509v3 Subject Key Identifier: 924s F4:50:43:57:C0:70:32:9A:AB:96:DD:79:45:6B:D6:34:64:08:74:49 924s X509v3 Key Usage: critical 924s Digital Signature, Non Repudiation, Key Encipherment 924s X509v3 Extended Key Usage: 924s TLS Web Client Authentication, E-mail Protection 924s X509v3 Subject Alternative Name: 924s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 924s Signature Algorithm: sha256WithRSAEncryption 924s Signature Value: 924s 7a:b0:32:cf:5d:f5:39:c2:be:9b:32:89:96:68:b9:fe:5e:7c: 924s 8d:07:9a:c3:42:4b:43:e5:08:51:ac:7f:fd:8d:52:c5:61:48: 924s aa:8f:88:93:84:cd:bf:f0:f5:5a:57:bc:4c:0a:41:10:34:a2: 924s 78:87:2d:e6:19:a2:d4:6f:c9:bd:51:b0:a6:67:f7:a3:20:7c: 924s d8:cf:91:e1:50:d6:e5:3d:fa:3b:65:89:63:dd:51:c5:c5:d0: 924s 91:67:c9:d2:39:a7:1c:de:21:e2:6b:f7:cc:98:b2:fa:cc:3f: 924s 9e:a5:49:87:17:1a:ef:3b:bf:fc:c0:a8:6e:49:77:e5:24:0b: 924s 24:1d 924s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5662-auth.pem 924s + found_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 924s + '[' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD '!=' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD ']' 924s + invalid_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 924s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 924s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 924s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 924s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 924s + local verify_option= 924s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 924s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 924s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 924s + local key_cn 924s + local key_name 924s + local tokens_dir 924s + local output_cert_file 924s + token_name= 924s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem .pem 924s + key_name=test-intermediate-CA-trusted-certificate-0001 924s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 924s ++ sed -n 's/ *commonName *= //p' 924s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 924s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 924s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 924s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 924s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 924s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 924s + token_name='Test Organization Interme Token' 924s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 924s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 924s + echo 'Test Organization Interme Token' 924s Test Organization Interme Token 924s + '[' -n '' ']' 924s + local output_base_name=SSSD-child-9479 924s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-9479.output 924s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-9479.pem 924s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 924s [p11_child[1902]] [main] (0x0400): p11_child started. 924s [p11_child[1902]] [main] (0x2000): Running in [pre-auth] mode. 924s [p11_child[1902]] [main] (0x2000): Running with effective IDs: [0][0]. 924s [p11_child[1902]] [main] (0x2000): Running with real IDs [0][0]. 924s [p11_child[1902]] [do_card] (0x4000): Module List: 924s [p11_child[1902]] [do_card] (0x4000): common name: [softhsm2]. 924s [p11_child[1902]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 924s [p11_child[1902]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1905de3a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 924s [p11_child[1902]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 924s [p11_child[1902]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1905de3a][419814970] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 924s [p11_child[1902]] [do_card] (0x4000): Login NOT required. 924s [p11_child[1902]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 924s [p11_child[1902]] [do_verification] (0x0040): X509_verify_cert failed [0]. 924s [p11_child[1902]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 924s [p11_child[1902]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 924s [p11_child[1902]] [do_card] (0x4000): No certificate found. 924s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-9479.output 924s + return 2 924s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem partial_chain 924s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem partial_chain 924s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 924s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 924s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 924s + local verify_option=partial_chain 924s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31429 924s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 924s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31429 924s + local key_cn 924s + local key_name 924s + local tokens_dir 924s + local output_cert_file 924s + token_name= 924s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem .pem 924s + key_name=test-intermediate-CA-trusted-certificate-0001 924s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 924s ++ sed -n 's/ *commonName *= //p' 924s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 924s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 924s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 924s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 924s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 924s Test Organization Interme Token 924s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 924s + token_name='Test Organization Interme Token' 924s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 924s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 924s + echo 'Test Organization Interme Token' 924s + '[' -n partial_chain ']' 924s + local verify_arg=--verify=partial_chain 924s + local output_base_name=SSSD-child-5318 924s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318.output 924s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318.pem 924s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem 924s [p11_child[1909]] [main] (0x0400): p11_child started. 924s [p11_child[1909]] [main] (0x2000): Running in [pre-auth] mode. 924s [p11_child[1909]] [main] (0x2000): Running with effective IDs: [0][0]. 924s [p11_child[1909]] [main] (0x2000): Running with real IDs [0][0]. 924s [p11_child[1909]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 924s [p11_child[1909]] [do_card] (0x4000): Module List: 924s [p11_child[1909]] [do_card] (0x4000): common name: [softhsm2]. 924s [p11_child[1909]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 924s [p11_child[1909]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1905de3a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 924s [p11_child[1909]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 924s [p11_child[1909]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1905de3a][419814970] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 924s [p11_child[1909]] [do_card] (0x4000): Login NOT required. 924s [p11_child[1909]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 924s [p11_child[1909]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 924s [p11_child[1909]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 924s [p11_child[1909]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1905de3a;slot-manufacturer=SoftHSM%20project;slot-id=419814970;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e2aa29601905de3a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 924s [p11_child[1909]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 924s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318.output 924s + echo '-----BEGIN CERTIFICATE-----' 924s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318.output 924s + echo '-----END CERTIFICATE-----' 924s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318.pem 924s Certificate: 924s Data: 924s Version: 3 (0x2) 924s Serial Number: 4 (0x4) 924s Signature Algorithm: sha256WithRSAEncryption 924s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 924s Validity 924s Not Before: Jun 14 15:09:20 2024 GMT 924s Not After : Jun 14 15:09:20 2025 GMT 924s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 924s Subject Public Key Info: 924s Public Key Algorithm: rsaEncryption 924s Public-Key: (1024 bit) 924s Modulus: 924s 00:d0:46:fb:1a:b3:12:e9:fa:49:b1:94:be:a3:3d: 924s b4:ba:fd:65:1a:94:6b:76:51:04:96:2a:d6:fc:ae: 924s 12:3d:67:f2:4d:9c:ae:51:56:da:fd:d2:41:cc:6d: 924s f1:d1:c6:46:85:1b:e5:97:ec:bb:47:42:a5:33:91: 924s e4:56:e5:23:06:db:f7:af:3b:c6:3e:67:c3:e6:f5: 924s 06:80:af:62:77:98:3c:02:a6:c8:a0:85:a6:57:1d: 924s 7b:ff:57:ca:0d:ea:fe:69:ad:ee:76:20:79:a6:1b: 924s d6:ab:f9:10:c6:4d:42:9f:59:4d:96:3b:21:b4:14: 924s ae:92:3e:f4:6a:02:e7:4d:fd 924s Exponent: 65537 (0x10001) 924s X509v3 extensions: 924s X509v3 Authority Key Identifier: 924s E4:F6:48:0E:FB:99:03:3E:12:02:9D:A4:BE:13:8A:9C:C9:8F:F8:E5 924s X509v3 Basic Constraints: 924s CA:FALSE 924s Netscape Cert Type: 924s SSL Client, S/MIME 924s Netscape Comment: 924s Test Organization Intermediate CA trusted Certificate 924s X509v3 Subject Key Identifier: 924s F4:50:43:57:C0:70:32:9A:AB:96:DD:79:45:6B:D6:34:64:08:74:49 924s X509v3 Key Usage: critical 924s Digital Signature, Non Repudiation, Key Encipherment 924s X509v3 Extended Key Usage: 924s TLS Web Client Authentication, E-mail Protection 924s X509v3 Subject Alternative Name: 924s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 924s Signature Algorithm: sha256WithRSAEncryption 924s Signature Value: 924s 7a:b0:32:cf:5d:f5:39:c2:be:9b:32:89:96:68:b9:fe:5e:7c: 924s 8d:07:9a:c3:42:4b:43:e5:08:51:ac:7f:fd:8d:52:c5:61:48: 924s aa:8f:88:93:84:cd:bf:f0:f5:5a:57:bc:4c:0a:41:10:34:a2: 924s 78:87:2d:e6:19:a2:d4:6f:c9:bd:51:b0:a6:67:f7:a3:20:7c: 924s d8:cf:91:e1:50:d6:e5:3d:fa:3b:65:89:63:dd:51:c5:c5:d0: 924s 91:67:c9:d2:39:a7:1c:de:21:e2:6b:f7:cc:98:b2:fa:cc:3f: 924s 9e:a5:49:87:17:1a:ef:3b:bf:fc:c0:a8:6e:49:77:e5:24:0b: 924s 24:1d 924s + local found_md5 expected_md5 924s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA-trusted-certificate-0001.pem 924s + expected_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 925s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318.pem 925s + found_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 925s + '[' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD '!=' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD ']' 925s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318-auth.output 925s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318-auth.output .output 925s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318-auth.pem 925s + echo -n 053350 925s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 925s [p11_child[1917]] [main] (0x0400): p11_child started. 925s [p11_child[1917]] [main] (0x2000): Running in [auth] mode. 925s [p11_child[1917]] [main] (0x2000): Running with effective IDs: [0][0]. 925s [p11_child[1917]] [main] (0x2000): Running with real IDs [0][0]. 925s [p11_child[1917]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 925s [p11_child[1917]] [do_card] (0x4000): Module List: 925s [p11_child[1917]] [do_card] (0x4000): common name: [softhsm2]. 925s [p11_child[1917]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 925s [p11_child[1917]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1905de3a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 925s [p11_child[1917]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 925s [p11_child[1917]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1905de3a][419814970] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 925s [p11_child[1917]] [do_card] (0x4000): Login required. 925s [p11_child[1917]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 925s [p11_child[1917]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 925s [p11_child[1917]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 925s [p11_child[1917]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1905de3a;slot-manufacturer=SoftHSM%20project;slot-id=419814970;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e2aa29601905de3a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 925s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 925s [p11_child[1917]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 925s [p11_child[1917]] [do_card] (0x4000): Certificate verified and validated. 925s [p11_child[1917]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 925s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318-auth.output 925s + echo '-----BEGIN CERTIFICATE-----' 925s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318-auth.output 925s + echo '-----END CERTIFICATE-----' 925s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318-auth.pem 925s Certificate: 925s Data: 925s Version: 3 (0x2) 925s Serial Number: 4 (0x4) 925s Signature Algorithm: sha256WithRSAEncryption 925s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 925s Validity 925s Not Before: Jun 14 15:09:20 2024 GMT 925s Not After : Jun 14 15:09:20 2025 GMT 925s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 925s Subject Public Key Info: 925s Public Key Algorithm: rsaEncryption 925s Public-Key: (1024 bit) 925s Modulus: 925s 00:d0:46:fb:1a:b3:12:e9:fa:49:b1:94:be:a3:3d: 925s b4:ba:fd:65:1a:94:6b:76:51:04:96:2a:d6:fc:ae: 925s 12:3d:67:f2:4d:9c:ae:51:56:da:fd:d2:41:cc:6d: 925s f1:d1:c6:46:85:1b:e5:97:ec:bb:47:42:a5:33:91: 925s e4:56:e5:23:06:db:f7:af:3b:c6:3e:67:c3:e6:f5: 925s 06:80:af:62:77:98:3c:02:a6:c8:a0:85:a6:57:1d: 925s 7b:ff:57:ca:0d:ea:fe:69:ad:ee:76:20:79:a6:1b: 925s d6:ab:f9:10:c6:4d:42:9f:59:4d:96:3b:21:b4:14: 925s ae:92:3e:f4:6a:02:e7:4d:fd 925s Exponent: 65537 (0x10001) 925s X509v3 extensions: 925s X509v3 Authority Key Identifier: 925s E4:F6:48:0E:FB:99:03:3E:12:02:9D:A4:BE:13:8A:9C:C9:8F:F8:E5 925s X509v3 Basic Constraints: 925s CA:FALSE 925s Netscape Cert Type: 925s SSL Client, S/MIME 925s Netscape Comment: 925s Test Organization Intermediate CA trusted Certificate 925s X509v3 Subject Key Identifier: 925s F4:50:43:57:C0:70:32:9A:AB:96:DD:79:45:6B:D6:34:64:08:74:49 925s X509v3 Key Usage: critical 925s Digital Signature, Non Repudiation, Key Encipherment 925s X509v3 Extended Key Usage: 925s TLS Web Client Authentication, E-mail Protection 925s X509v3 Subject Alternative Name: 925s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 925s Signature Algorithm: sha256WithRSAEncryption 925s Signature Value: 925s 7a:b0:32:cf:5d:f5:39:c2:be:9b:32:89:96:68:b9:fe:5e:7c: 925s 8d:07:9a:c3:42:4b:43:e5:08:51:ac:7f:fd:8d:52:c5:61:48: 925s aa:8f:88:93:84:cd:bf:f0:f5:5a:57:bc:4c:0a:41:10:34:a2: 925s 78:87:2d:e6:19:a2:d4:6f:c9:bd:51:b0:a6:67:f7:a3:20:7c: 925s d8:cf:91:e1:50:d6:e5:3d:fa:3b:65:89:63:dd:51:c5:c5:d0: 925s 91:67:c9:d2:39:a7:1c:de:21:e2:6b:f7:cc:98:b2:fa:cc:3f: 925s 9e:a5:49:87:17:1a:ef:3b:bf:fc:c0:a8:6e:49:77:e5:24:0b: 925s 24:1d 925s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-5318-auth.pem 925s + found_md5=Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD 925s + '[' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD '!=' Modulus=D046FB1AB312E9FA49B194BEA33DB4BAFD651A946B765104962AD6FCAE123D67F24D9CAE5156DAFDD241CC6DF1D1C646851BE597ECBB4742A53391E456E52306DBF7AF3BC63E67C3E6F50680AF6277983C02A6C8A085A6571D7BFF57CA0DEAFE69ADEE762079A61BD6ABF910C64D429F594D963B21B414AE923EF46A02E74DFD ']' 925s + invalid_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 925s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 925s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 925s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 925s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 925s + local verify_option= 925s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 925s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 925s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 925s + local key_cn 925s + local key_name 925s + local tokens_dir 925s + local output_cert_file 925s + token_name= 925s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 925s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 925s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 925s ++ sed -n 's/ *commonName *= //p' 925s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 925s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 925s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 925s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 925s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 925s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 925s + token_name='Test Organization Sub Int Token' 925s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 925s + local key_file 925s + local decrypted_key 925s + mkdir -p /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 925s + key_file=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 925s + decrypted_key=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 925s + cat 925s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 925s Slot 0 has a free/uninitialized token. 925s The token has been initialized and is reassigned to slot 1065389421 925s + softhsm2-util --show-slots 925s Available slots: 925s Slot 1065389421 925s Slot info: 925s Description: SoftHSM slot ID 0x3f808d6d 925s Manufacturer ID: SoftHSM project 925s Hardware version: 2.6 925s Firmware version: 2.6 925s Token present: yes 925s Token info: 925s Manufacturer ID: SoftHSM project 925s Model: SoftHSM v2 925s Hardware version: 2.6 925s Firmware version: 2.6 925s Serial number: 5281e4153f808d6d 925s Initialized: yes 925s User PIN init.: yes 925s Label: Test Organization Sub Int Token 925s Slot 1 925s Slot info: 925s Description: SoftHSM slot ID 0x1 925s Manufacturer ID: SoftHSM project 925s Hardware version: 2.6 925s Firmware version: 2.6 925s Token present: yes 925s Token info: 925s Manufacturer ID: SoftHSM project 925s Model: SoftHSM v2 925s Hardware version: 2.6 925s Firmware version: 2.6 925s Serial number: 925s Initialized: no 925s User PIN init.: no 925s Label: 925s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 925s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-12927 -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 925s writing RSA key 925s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 925s + rm /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 925s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 925s Object 0: 925s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5281e4153f808d6d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 925s Type: X.509 Certificate (RSA-1024) 925s Expires: Sat Jun 14 15:09:20 2025 925s Label: Test Organization Sub Intermediate Trusted Certificate 0001 925s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 925s 925s Test Organization Sub Int Token 925s + echo 'Test Organization Sub Int Token' 925s + '[' -n '' ']' 925s + local output_base_name=SSSD-child-12571 925s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-12571.output 925s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-12571.pem 925s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 925s [p11_child[1936]] [main] (0x0400): p11_child started. 925s [p11_child[1936]] [main] (0x2000): Running in [pre-auth] mode. 925s [p11_child[1936]] [main] (0x2000): Running with effective IDs: [0][0]. 925s [p11_child[1936]] [main] (0x2000): Running with real IDs [0][0]. 925s [p11_child[1936]] [do_card] (0x4000): Module List: 925s [p11_child[1936]] [do_card] (0x4000): common name: [softhsm2]. 925s [p11_child[1936]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 925s [p11_child[1936]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 925s [p11_child[1936]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 925s [p11_child[1936]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 925s [p11_child[1936]] [do_card] (0x4000): Login NOT required. 925s [p11_child[1936]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 925s [p11_child[1936]] [do_verification] (0x0040): X509_verify_cert failed [0]. 925s [p11_child[1936]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 925s [p11_child[1936]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 925s [p11_child[1936]] [do_card] (0x4000): No certificate found. 925s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-12571.output 925s + return 2 925s + invalid_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem partial_chain 925s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem partial_chain 925s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 925s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 925s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 925s + local verify_option=partial_chain 925s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 925s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 925s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 925s + local key_cn 925s + local key_name 925s + local tokens_dir 925s + local output_cert_file 925s + token_name= 925s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 925s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 925s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 925s ++ sed -n 's/ *commonName *= //p' 925s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 925s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 925s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 925s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 925s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 925s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 925s + token_name='Test Organization Sub Int Token' 925s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 925s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 925s + echo 'Test Organization Sub Int Token' 925s Test Organization Sub Int Token 925s + '[' -n partial_chain ']' 925s + local verify_arg=--verify=partial_chain 925s + local output_base_name=SSSD-child-24532 925s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-24532.output 925s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-24532.pem 925s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-root-CA.pem 925s [p11_child[1943]] [main] (0x0400): p11_child started. 925s [p11_child[1943]] [main] (0x2000): Running in [pre-auth] mode. 925s [p11_child[1943]] [main] (0x2000): Running with effective IDs: [0][0]. 925s [p11_child[1943]] [main] (0x2000): Running with real IDs [0][0]. 925s [p11_child[1943]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 925s [p11_child[1943]] [do_card] (0x4000): Module List: 925s [p11_child[1943]] [do_card] (0x4000): common name: [softhsm2]. 925s [p11_child[1943]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 925s [p11_child[1943]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 925s [p11_child[1943]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 925s [p11_child[1943]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 925s [p11_child[1943]] [do_card] (0x4000): Login NOT required. 925s [p11_child[1943]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 925s [p11_child[1943]] [do_verification] (0x0040): X509_verify_cert failed [0]. 925s [p11_child[1943]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 925s [p11_child[1943]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 925s [p11_child[1943]] [do_card] (0x4000): No certificate found. 925s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-24532.output 925s + return 2 925s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 925s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 925s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 925s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 925s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 925s + local verify_option= 925s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 925s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 925s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 925s + local key_cn 925s + local key_name 925s + local tokens_dir 925s + local output_cert_file 925s + token_name= 925s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 925s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 925s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 925s ++ sed -n 's/ *commonName *= //p' 925s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 925s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 925s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 925s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 925s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 925s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 925s + token_name='Test Organization Sub Int Token' 925s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 925s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 925s + echo 'Test Organization Sub Int Token' 925s + '[' -n '' ']' 925s Test Organization Sub Int Token 925s + local output_base_name=SSSD-child-32706 925s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706.output 925s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706.pem 925s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 925s [p11_child[1950]] [main] (0x0400): p11_child started. 925s [p11_child[1950]] [main] (0x2000): Running in [pre-auth] mode. 925s [p11_child[1950]] [main] (0x2000): Running with effective IDs: [0][0]. 925s [p11_child[1950]] [main] (0x2000): Running with real IDs [0][0]. 925s [p11_child[1950]] [do_card] (0x4000): Module List: 925s [p11_child[1950]] [do_card] (0x4000): common name: [softhsm2]. 925s [p11_child[1950]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 925s [p11_child[1950]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 925s [p11_child[1950]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 925s [p11_child[1950]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 925s [p11_child[1950]] [do_card] (0x4000): Login NOT required. 925s [p11_child[1950]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 925s [p11_child[1950]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 925s [p11_child[1950]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 925s [p11_child[1950]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3f808d6d;slot-manufacturer=SoftHSM%20project;slot-id=1065389421;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5281e4153f808d6d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 925s [p11_child[1950]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 925s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706.output 925s + echo '-----BEGIN CERTIFICATE-----' 925s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706.output 925s + echo '-----END CERTIFICATE-----' 925s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706.pem 925s Certificate: 925s Data: 925s Version: 3 (0x2) 925s Serial Number: 5 (0x5) 925s Signature Algorithm: sha256WithRSAEncryption 925s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 925s Validity 925s Not Before: Jun 14 15:09:20 2024 GMT 925s Not After : Jun 14 15:09:20 2025 GMT 925s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 925s Subject Public Key Info: 925s Public Key Algorithm: rsaEncryption 925s Public-Key: (1024 bit) 925s Modulus: 925s 00:cc:d4:f6:6b:2f:d4:55:d9:02:12:a7:ad:05:a7: 925s 77:01:d2:d2:ca:64:0c:1d:67:bc:45:3d:97:ce:34: 925s ef:a7:33:0b:2d:20:5b:77:f5:9b:e8:06:67:21:eb: 925s 54:63:f3:9e:6d:c9:03:49:ce:be:a8:32:9f:19:1c: 925s d2:47:27:a2:60:53:88:2d:e3:5a:eb:3a:25:e4:74: 925s 39:aa:5e:02:eb:69:95:42:d9:90:d2:30:d8:0b:47: 925s 4a:6f:68:d0:f2:f2:ed:ec:18:d7:7b:84:de:12:e3: 925s 9b:1a:1c:cc:40:59:0a:26:a9:ca:c1:e1:13:11:9d: 925s c9:43:47:fa:f1:6e:37:68:c7 925s Exponent: 65537 (0x10001) 925s X509v3 extensions: 925s X509v3 Authority Key Identifier: 925s ED:43:D2:0D:7E:70:58:EF:BD:95:F5:E4:DE:FC:81:53:54:93:BB:1D 925s X509v3 Basic Constraints: 925s CA:FALSE 925s Netscape Cert Type: 925s SSL Client, S/MIME 925s Netscape Comment: 925s Test Organization Sub Intermediate CA trusted Certificate 925s X509v3 Subject Key Identifier: 925s 10:30:E6:69:72:F8:DA:19:C5:D4:86:75:35:6E:70:EE:C2:65:7D:E3 925s X509v3 Key Usage: critical 925s Digital Signature, Non Repudiation, Key Encipherment 925s X509v3 Extended Key Usage: 925s TLS Web Client Authentication, E-mail Protection 925s X509v3 Subject Alternative Name: 925s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 925s Signature Algorithm: sha256WithRSAEncryption 925s Signature Value: 925s 51:80:56:00:23:09:c7:c6:38:83:71:18:1c:f5:42:a2:6e:45: 925s 2c:74:8e:00:06:21:bd:60:87:4b:ab:ea:2c:ea:53:96:b6:9d: 925s 84:dd:76:03:54:73:08:3f:84:46:5f:38:8b:71:14:6e:e2:a1: 925s 66:ab:5a:12:9d:8b:63:45:29:c8:37:d2:d7:b6:46:35:14:1c: 925s 59:48:af:1c:65:95:6f:f5:d9:fa:28:38:fe:72:2c:da:51:a4: 925s 13:5f:13:c8:d3:4d:7e:3e:ba:10:54:57:71:64:22:b7:83:ff: 925s f8:4e:8f:ca:f7:86:80:cd:99:ec:4f:ec:ad:53:a5:7d:92:4d: 925s 45:fd 925s + local found_md5 expected_md5 925s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 925s + expected_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 925s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706.pem 925s + found_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 925s + '[' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 '!=' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 ']' 925s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706-auth.output 925s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706-auth.output .output 925s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706-auth.pem 925s + echo -n 053350 925s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 925s [p11_child[1958]] [main] (0x0400): p11_child started. 925s [p11_child[1958]] [main] (0x2000): Running in [auth] mode. 925s [p11_child[1958]] [main] (0x2000): Running with effective IDs: [0][0]. 925s [p11_child[1958]] [main] (0x2000): Running with real IDs [0][0]. 925s [p11_child[1958]] [do_card] (0x4000): Module List: 925s [p11_child[1958]] [do_card] (0x4000): common name: [softhsm2]. 925s [p11_child[1958]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 925s [p11_child[1958]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 925s [p11_child[1958]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 925s [p11_child[1958]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 925s [p11_child[1958]] [do_card] (0x4000): Login required. 925s [p11_child[1958]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 925s [p11_child[1958]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 925s [p11_child[1958]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 925s [p11_child[1958]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3f808d6d;slot-manufacturer=SoftHSM%20project;slot-id=1065389421;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5281e4153f808d6d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 925s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 925s [p11_child[1958]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 925s [p11_child[1958]] [do_card] (0x4000): Certificate verified and validated. 925s [p11_child[1958]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 925s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706-auth.output 925s + echo '-----BEGIN CERTIFICATE-----' 925s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706-auth.output 926s + echo '-----END CERTIFICATE-----' 926s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706-auth.pem 926s Certificate: 926s Data: 926s Version: 3 (0x2) 926s Serial Number: 5 (0x5) 926s Signature Algorithm: sha256WithRSAEncryption 926s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 926s Validity 926s Not Before: Jun 14 15:09:20 2024 GMT 926s Not After : Jun 14 15:09:20 2025 GMT 926s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 926s Subject Public Key Info: 926s Public Key Algorithm: rsaEncryption 926s Public-Key: (1024 bit) 926s Modulus: 926s 00:cc:d4:f6:6b:2f:d4:55:d9:02:12:a7:ad:05:a7: 926s 77:01:d2:d2:ca:64:0c:1d:67:bc:45:3d:97:ce:34: 926s ef:a7:33:0b:2d:20:5b:77:f5:9b:e8:06:67:21:eb: 926s 54:63:f3:9e:6d:c9:03:49:ce:be:a8:32:9f:19:1c: 926s d2:47:27:a2:60:53:88:2d:e3:5a:eb:3a:25:e4:74: 926s 39:aa:5e:02:eb:69:95:42:d9:90:d2:30:d8:0b:47: 926s 4a:6f:68:d0:f2:f2:ed:ec:18:d7:7b:84:de:12:e3: 926s 9b:1a:1c:cc:40:59:0a:26:a9:ca:c1:e1:13:11:9d: 926s c9:43:47:fa:f1:6e:37:68:c7 926s Exponent: 65537 (0x10001) 926s X509v3 extensions: 926s X509v3 Authority Key Identifier: 926s ED:43:D2:0D:7E:70:58:EF:BD:95:F5:E4:DE:FC:81:53:54:93:BB:1D 926s X509v3 Basic Constraints: 926s CA:FALSE 926s Netscape Cert Type: 926s SSL Client, S/MIME 926s Netscape Comment: 926s Test Organization Sub Intermediate CA trusted Certificate 926s X509v3 Subject Key Identifier: 926s 10:30:E6:69:72:F8:DA:19:C5:D4:86:75:35:6E:70:EE:C2:65:7D:E3 926s X509v3 Key Usage: critical 926s Digital Signature, Non Repudiation, Key Encipherment 926s X509v3 Extended Key Usage: 926s TLS Web Client Authentication, E-mail Protection 926s X509v3 Subject Alternative Name: 926s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 926s Signature Algorithm: sha256WithRSAEncryption 926s Signature Value: 926s 51:80:56:00:23:09:c7:c6:38:83:71:18:1c:f5:42:a2:6e:45: 926s 2c:74:8e:00:06:21:bd:60:87:4b:ab:ea:2c:ea:53:96:b6:9d: 926s 84:dd:76:03:54:73:08:3f:84:46:5f:38:8b:71:14:6e:e2:a1: 926s 66:ab:5a:12:9d:8b:63:45:29:c8:37:d2:d7:b6:46:35:14:1c: 926s 59:48:af:1c:65:95:6f:f5:d9:fa:28:38:fe:72:2c:da:51:a4: 926s 13:5f:13:c8:d3:4d:7e:3e:ba:10:54:57:71:64:22:b7:83:ff: 926s f8:4e:8f:ca:f7:86:80:cd:99:ec:4f:ec:ad:53:a5:7d:92:4d: 926s 45:fd 926s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-32706-auth.pem 926s + found_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 926s + '[' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 '!=' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 ']' 926s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem partial_chain 926s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem partial_chain 926s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 926s + local verify_option=partial_chain 926s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local key_cn 926s + local key_name 926s + local tokens_dir 926s + local output_cert_file 926s + token_name= 926s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 926s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 926s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s ++ sed -n 's/ *commonName *= //p' 926s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 926s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 926s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 926s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 926s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 926s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 926s + token_name='Test Organization Sub Int Token' 926s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 926s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 926s + echo 'Test Organization Sub Int Token' 926s Test Organization Sub Int Token 926s + '[' -n partial_chain ']' 926s + local verify_arg=--verify=partial_chain 926s + local output_base_name=SSSD-child-26397 926s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397.output 926s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397.pem 926s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem 926s [p11_child[1968]] [main] (0x0400): p11_child started. 926s [p11_child[1968]] [main] (0x2000): Running in [pre-auth] mode. 926s [p11_child[1968]] [main] (0x2000): Running with effective IDs: [0][0]. 926s [p11_child[1968]] [main] (0x2000): Running with real IDs [0][0]. 926s [p11_child[1968]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 926s [p11_child[1968]] [do_card] (0x4000): Module List: 926s [p11_child[1968]] [do_card] (0x4000): common name: [softhsm2]. 926s [p11_child[1968]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 926s [p11_child[1968]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 926s [p11_child[1968]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 926s [p11_child[1968]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 926s [p11_child[1968]] [do_card] (0x4000): Login NOT required. 926s [p11_child[1968]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 926s [p11_child[1968]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 926s [p11_child[1968]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 926s [p11_child[1968]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3f808d6d;slot-manufacturer=SoftHSM%20project;slot-id=1065389421;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5281e4153f808d6d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 926s [p11_child[1968]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 926s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397.output 926s + echo '-----BEGIN CERTIFICATE-----' 926s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397.output 926s + echo '-----END CERTIFICATE-----' 926s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397.pem 926s + local found_md5 expected_md5 926s Certificate: 926s Data: 926s Version: 3 (0x2) 926s Serial Number: 5 (0x5) 926s Signature Algorithm: sha256WithRSAEncryption 926s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 926s Validity 926s Not Before: Jun 14 15:09:20 2024 GMT 926s Not After : Jun 14 15:09:20 2025 GMT 926s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 926s Subject Public Key Info: 926s Public Key Algorithm: rsaEncryption 926s Public-Key: (1024 bit) 926s Modulus: 926s 00:cc:d4:f6:6b:2f:d4:55:d9:02:12:a7:ad:05:a7: 926s 77:01:d2:d2:ca:64:0c:1d:67:bc:45:3d:97:ce:34: 926s ef:a7:33:0b:2d:20:5b:77:f5:9b:e8:06:67:21:eb: 926s 54:63:f3:9e:6d:c9:03:49:ce:be:a8:32:9f:19:1c: 926s d2:47:27:a2:60:53:88:2d:e3:5a:eb:3a:25:e4:74: 926s 39:aa:5e:02:eb:69:95:42:d9:90:d2:30:d8:0b:47: 926s 4a:6f:68:d0:f2:f2:ed:ec:18:d7:7b:84:de:12:e3: 926s 9b:1a:1c:cc:40:59:0a:26:a9:ca:c1:e1:13:11:9d: 926s c9:43:47:fa:f1:6e:37:68:c7 926s Exponent: 65537 (0x10001) 926s X509v3 extensions: 926s X509v3 Authority Key Identifier: 926s ED:43:D2:0D:7E:70:58:EF:BD:95:F5:E4:DE:FC:81:53:54:93:BB:1D 926s X509v3 Basic Constraints: 926s CA:FALSE 926s Netscape Cert Type: 926s SSL Client, S/MIME 926s Netscape Comment: 926s Test Organization Sub Intermediate CA trusted Certificate 926s X509v3 Subject Key Identifier: 926s 10:30:E6:69:72:F8:DA:19:C5:D4:86:75:35:6E:70:EE:C2:65:7D:E3 926s X509v3 Key Usage: critical 926s Digital Signature, Non Repudiation, Key Encipherment 926s X509v3 Extended Key Usage: 926s TLS Web Client Authentication, E-mail Protection 926s X509v3 Subject Alternative Name: 926s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 926s Signature Algorithm: sha256WithRSAEncryption 926s Signature Value: 926s 51:80:56:00:23:09:c7:c6:38:83:71:18:1c:f5:42:a2:6e:45: 926s 2c:74:8e:00:06:21:bd:60:87:4b:ab:ea:2c:ea:53:96:b6:9d: 926s 84:dd:76:03:54:73:08:3f:84:46:5f:38:8b:71:14:6e:e2:a1: 926s 66:ab:5a:12:9d:8b:63:45:29:c8:37:d2:d7:b6:46:35:14:1c: 926s 59:48:af:1c:65:95:6f:f5:d9:fa:28:38:fe:72:2c:da:51:a4: 926s 13:5f:13:c8:d3:4d:7e:3e:ba:10:54:57:71:64:22:b7:83:ff: 926s f8:4e:8f:ca:f7:86:80:cd:99:ec:4f:ec:ad:53:a5:7d:92:4d: 926s 45:fd 926s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s + expected_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 926s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397.pem 926s + found_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 926s + '[' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 '!=' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 ']' 926s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397-auth.output 926s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397-auth.output .output 926s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397-auth.pem 926s + echo -n 053350 926s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 926s [p11_child[1976]] [main] (0x0400): p11_child started. 926s [p11_child[1976]] [main] (0x2000): Running in [auth] mode. 926s [p11_child[1976]] [main] (0x2000): Running with effective IDs: [0][0]. 926s [p11_child[1976]] [main] (0x2000): Running with real IDs [0][0]. 926s [p11_child[1976]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 926s [p11_child[1976]] [do_card] (0x4000): Module List: 926s [p11_child[1976]] [do_card] (0x4000): common name: [softhsm2]. 926s [p11_child[1976]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 926s [p11_child[1976]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 926s [p11_child[1976]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 926s [p11_child[1976]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 926s [p11_child[1976]] [do_card] (0x4000): Login required. 926s [p11_child[1976]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 926s [p11_child[1976]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 926s [p11_child[1976]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 926s [p11_child[1976]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3f808d6d;slot-manufacturer=SoftHSM%20project;slot-id=1065389421;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5281e4153f808d6d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 926s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 926s [p11_child[1976]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 926s [p11_child[1976]] [do_card] (0x4000): Certificate verified and validated. 926s [p11_child[1976]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 926s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397-auth.output 926s + echo '-----BEGIN CERTIFICATE-----' 926s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397-auth.output 926s + echo '-----END CERTIFICATE-----' 926s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397-auth.pem 926s Certificate: 926s Data: 926s Version: 3 (0x2) 926s Serial Number: 5 (0x5) 926s Signature Algorithm: sha256WithRSAEncryption 926s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 926s Validity 926s Not Before: Jun 14 15:09:20 2024 GMT 926s Not After : Jun 14 15:09:20 2025 GMT 926s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 926s Subject Public Key Info: 926s Public Key Algorithm: rsaEncryption 926s Public-Key: (1024 bit) 926s Modulus: 926s 00:cc:d4:f6:6b:2f:d4:55:d9:02:12:a7:ad:05:a7: 926s 77:01:d2:d2:ca:64:0c:1d:67:bc:45:3d:97:ce:34: 926s ef:a7:33:0b:2d:20:5b:77:f5:9b:e8:06:67:21:eb: 926s 54:63:f3:9e:6d:c9:03:49:ce:be:a8:32:9f:19:1c: 926s d2:47:27:a2:60:53:88:2d:e3:5a:eb:3a:25:e4:74: 926s 39:aa:5e:02:eb:69:95:42:d9:90:d2:30:d8:0b:47: 926s 4a:6f:68:d0:f2:f2:ed:ec:18:d7:7b:84:de:12:e3: 926s 9b:1a:1c:cc:40:59:0a:26:a9:ca:c1:e1:13:11:9d: 926s c9:43:47:fa:f1:6e:37:68:c7 926s Exponent: 65537 (0x10001) 926s X509v3 extensions: 926s X509v3 Authority Key Identifier: 926s ED:43:D2:0D:7E:70:58:EF:BD:95:F5:E4:DE:FC:81:53:54:93:BB:1D 926s X509v3 Basic Constraints: 926s CA:FALSE 926s Netscape Cert Type: 926s SSL Client, S/MIME 926s Netscape Comment: 926s Test Organization Sub Intermediate CA trusted Certificate 926s X509v3 Subject Key Identifier: 926s 10:30:E6:69:72:F8:DA:19:C5:D4:86:75:35:6E:70:EE:C2:65:7D:E3 926s X509v3 Key Usage: critical 926s Digital Signature, Non Repudiation, Key Encipherment 926s X509v3 Extended Key Usage: 926s TLS Web Client Authentication, E-mail Protection 926s X509v3 Subject Alternative Name: 926s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 926s Signature Algorithm: sha256WithRSAEncryption 926s Signature Value: 926s 51:80:56:00:23:09:c7:c6:38:83:71:18:1c:f5:42:a2:6e:45: 926s 2c:74:8e:00:06:21:bd:60:87:4b:ab:ea:2c:ea:53:96:b6:9d: 926s 84:dd:76:03:54:73:08:3f:84:46:5f:38:8b:71:14:6e:e2:a1: 926s 66:ab:5a:12:9d:8b:63:45:29:c8:37:d2:d7:b6:46:35:14:1c: 926s 59:48:af:1c:65:95:6f:f5:d9:fa:28:38:fe:72:2c:da:51:a4: 926s 13:5f:13:c8:d3:4d:7e:3e:ba:10:54:57:71:64:22:b7:83:ff: 926s f8:4e:8f:ca:f7:86:80:cd:99:ec:4f:ec:ad:53:a5:7d:92:4d: 926s 45:fd 926s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-26397-auth.pem 926s + found_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 926s + '[' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 '!=' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 ']' 926s + invalid_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 926s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 926s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 926s + local verify_option= 926s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local key_cn 926s + local key_name 926s + local tokens_dir 926s + local output_cert_file 926s + token_name= 926s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 926s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 926s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s ++ sed -n 's/ *commonName *= //p' 926s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 926s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 926s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 926s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 926s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 926s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 926s + token_name='Test Organization Sub Int Token' 926s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 926s Test Organization Sub Int Token 926s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 926s + echo 'Test Organization Sub Int Token' 926s + '[' -n '' ']' 926s + local output_base_name=SSSD-child-31842 926s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-31842.output 926s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-31842.pem 926s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 926s [p11_child[1986]] [main] (0x0400): p11_child started. 926s [p11_child[1986]] [main] (0x2000): Running in [pre-auth] mode. 926s [p11_child[1986]] [main] (0x2000): Running with effective IDs: [0][0]. 926s [p11_child[1986]] [main] (0x2000): Running with real IDs [0][0]. 926s [p11_child[1986]] [do_card] (0x4000): Module List: 926s [p11_child[1986]] [do_card] (0x4000): common name: [softhsm2]. 926s [p11_child[1986]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 926s [p11_child[1986]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 926s [p11_child[1986]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 926s [p11_child[1986]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 926s [p11_child[1986]] [do_card] (0x4000): Login NOT required. 926s [p11_child[1986]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 926s [p11_child[1986]] [do_verification] (0x0040): X509_verify_cert failed [0]. 926s [p11_child[1986]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 926s [p11_child[1986]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 926s [p11_child[1986]] [do_card] (0x4000): No certificate found. 926s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-31842.output 926s + return 2 926s + invalid_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-root-intermediate-chain-CA.pem partial_chain 926s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-root-intermediate-chain-CA.pem partial_chain 926s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-root-intermediate-chain-CA.pem 926s + local verify_option=partial_chain 926s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local key_cn 926s + local key_name 926s + local tokens_dir 926s + local output_cert_file 926s + token_name= 926s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 926s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 926s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s ++ sed -n 's/ *commonName *= //p' 926s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 926s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 926s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 926s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 926s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 926s Test Organization Sub Int Token 926s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 926s + token_name='Test Organization Sub Int Token' 926s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 926s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 926s + echo 'Test Organization Sub Int Token' 926s + '[' -n partial_chain ']' 926s + local verify_arg=--verify=partial_chain 926s + local output_base_name=SSSD-child-26153 926s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-26153.output 926s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-26153.pem 926s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-root-intermediate-chain-CA.pem 926s [p11_child[1993]] [main] (0x0400): p11_child started. 926s [p11_child[1993]] [main] (0x2000): Running in [pre-auth] mode. 926s [p11_child[1993]] [main] (0x2000): Running with effective IDs: [0][0]. 926s [p11_child[1993]] [main] (0x2000): Running with real IDs [0][0]. 926s [p11_child[1993]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 926s [p11_child[1993]] [do_card] (0x4000): Module List: 926s [p11_child[1993]] [do_card] (0x4000): common name: [softhsm2]. 926s [p11_child[1993]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 926s [p11_child[1993]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 926s [p11_child[1993]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 926s [p11_child[1993]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 926s [p11_child[1993]] [do_card] (0x4000): Login NOT required. 926s [p11_child[1993]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 926s [p11_child[1993]] [do_verification] (0x0040): X509_verify_cert failed [0]. 926s [p11_child[1993]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 926s [p11_child[1993]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 926s [p11_child[1993]] [do_card] (0x4000): No certificate found. 926s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-26153.output 926s + return 2 926s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem partial_chain 926s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem partial_chain 926s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 926s + local verify_option=partial_chain 926s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 926s + local key_cn 926s + local key_name 926s + local tokens_dir 926s + local output_cert_file 926s + token_name= 926s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 926s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 926s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s ++ sed -n 's/ *commonName *= //p' 926s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 926s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 926s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 926s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 926s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 926s Test Organization Sub Int Token 926s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 926s + token_name='Test Organization Sub Int Token' 926s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 926s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 926s + echo 'Test Organization Sub Int Token' 926s + '[' -n partial_chain ']' 926s + local verify_arg=--verify=partial_chain 926s + local output_base_name=SSSD-child-15902 926s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902.output 926s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902.pem 926s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem 926s [p11_child[2000]] [main] (0x0400): p11_child started. 926s [p11_child[2000]] [main] (0x2000): Running in [pre-auth] mode. 926s [p11_child[2000]] [main] (0x2000): Running with effective IDs: [0][0]. 926s [p11_child[2000]] [main] (0x2000): Running with real IDs [0][0]. 926s [p11_child[2000]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 926s [p11_child[2000]] [do_card] (0x4000): Module List: 926s [p11_child[2000]] [do_card] (0x4000): common name: [softhsm2]. 926s [p11_child[2000]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 926s [p11_child[2000]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 926s [p11_child[2000]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 926s [p11_child[2000]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 926s [p11_child[2000]] [do_card] (0x4000): Login NOT required. 926s [p11_child[2000]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 926s [p11_child[2000]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 926s [p11_child[2000]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 926s [p11_child[2000]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3f808d6d;slot-manufacturer=SoftHSM%20project;slot-id=1065389421;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5281e4153f808d6d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 926s [p11_child[2000]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 926s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902.output 926s + echo '-----BEGIN CERTIFICATE-----' 926s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902.output 926s + echo '-----END CERTIFICATE-----' 926s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902.pem 926s Certificate: 926s Data: 926s Version: 3 (0x2) 926s Serial Number: 5 (0x5) 926s Signature Algorithm: sha256WithRSAEncryption 926s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 926s Validity 926s Not Before: Jun 14 15:09:20 2024 GMT 926s Not After : Jun 14 15:09:20 2025 GMT 926s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 926s Subject Public Key Info: 926s Public Key Algorithm: rsaEncryption 926s Public-Key: (1024 bit) 926s Modulus: 926s 00:cc:d4:f6:6b:2f:d4:55:d9:02:12:a7:ad:05:a7: 926s 77:01:d2:d2:ca:64:0c:1d:67:bc:45:3d:97:ce:34: 926s ef:a7:33:0b:2d:20:5b:77:f5:9b:e8:06:67:21:eb: 926s 54:63:f3:9e:6d:c9:03:49:ce:be:a8:32:9f:19:1c: 926s d2:47:27:a2:60:53:88:2d:e3:5a:eb:3a:25:e4:74: 926s 39:aa:5e:02:eb:69:95:42:d9:90:d2:30:d8:0b:47: 926s 4a:6f:68:d0:f2:f2:ed:ec:18:d7:7b:84:de:12:e3: 926s 9b:1a:1c:cc:40:59:0a:26:a9:ca:c1:e1:13:11:9d: 926s c9:43:47:fa:f1:6e:37:68:c7 926s Exponent: 65537 (0x10001) 926s X509v3 extensions: 926s X509v3 Authority Key Identifier: 926s ED:43:D2:0D:7E:70:58:EF:BD:95:F5:E4:DE:FC:81:53:54:93:BB:1D 926s X509v3 Basic Constraints: 926s CA:FALSE 926s Netscape Cert Type: 926s SSL Client, S/MIME 926s Netscape Comment: 926s Test Organization Sub Intermediate CA trusted Certificate 926s X509v3 Subject Key Identifier: 926s 10:30:E6:69:72:F8:DA:19:C5:D4:86:75:35:6E:70:EE:C2:65:7D:E3 926s X509v3 Key Usage: critical 926s Digital Signature, Non Repudiation, Key Encipherment 926s X509v3 Extended Key Usage: 926s TLS Web Client Authentication, E-mail Protection 926s X509v3 Subject Alternative Name: 926s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 926s Signature Algorithm: sha256WithRSAEncryption 926s Signature Value: 926s 51:80:56:00:23:09:c7:c6:38:83:71:18:1c:f5:42:a2:6e:45: 926s 2c:74:8e:00:06:21:bd:60:87:4b:ab:ea:2c:ea:53:96:b6:9d: 926s 84:dd:76:03:54:73:08:3f:84:46:5f:38:8b:71:14:6e:e2:a1: 926s 66:ab:5a:12:9d:8b:63:45:29:c8:37:d2:d7:b6:46:35:14:1c: 926s 59:48:af:1c:65:95:6f:f5:d9:fa:28:38:fe:72:2c:da:51:a4: 926s 13:5f:13:c8:d3:4d:7e:3e:ba:10:54:57:71:64:22:b7:83:ff: 926s f8:4e:8f:ca:f7:86:80:cd:99:ec:4f:ec:ad:53:a5:7d:92:4d: 926s 45:fd 926s + local found_md5 expected_md5 926s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 926s + expected_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 926s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902.pem 926s + found_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 926s + '[' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 '!=' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 ']' 926s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902-auth.output 926s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902-auth.output .output 926s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902-auth.pem 926s + echo -n 053350 926s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 926s [p11_child[2008]] [main] (0x0400): p11_child started. 926s [p11_child[2008]] [main] (0x2000): Running in [auth] mode. 926s [p11_child[2008]] [main] (0x2000): Running with effective IDs: [0][0]. 926s [p11_child[2008]] [main] (0x2000): Running with real IDs [0][0]. 926s [p11_child[2008]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 927s [p11_child[2008]] [do_card] (0x4000): Module List: 927s [p11_child[2008]] [do_card] (0x4000): common name: [softhsm2]. 927s [p11_child[2008]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 927s [p11_child[2008]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 927s [p11_child[2008]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 927s [p11_child[2008]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 927s [p11_child[2008]] [do_card] (0x4000): Login required. 927s [p11_child[2008]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 927s [p11_child[2008]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 927s [p11_child[2008]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 927s [p11_child[2008]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3f808d6d;slot-manufacturer=SoftHSM%20project;slot-id=1065389421;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5281e4153f808d6d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 927s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 927s [p11_child[2008]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 927s [p11_child[2008]] [do_card] (0x4000): Certificate verified and validated. 927s [p11_child[2008]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 927s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902-auth.output 927s + echo '-----BEGIN CERTIFICATE-----' 927s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902-auth.output 927s + echo '-----END CERTIFICATE-----' 927s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902-auth.pem 927s Certificate: 927s Data: 927s Version: 3 (0x2) 927s Serial Number: 5 (0x5) 927s Signature Algorithm: sha256WithRSAEncryption 927s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 927s Validity 927s Not Before: Jun 14 15:09:20 2024 GMT 927s Not After : Jun 14 15:09:20 2025 GMT 927s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 927s Subject Public Key Info: 927s Public Key Algorithm: rsaEncryption 927s Public-Key: (1024 bit) 927s Modulus: 927s 00:cc:d4:f6:6b:2f:d4:55:d9:02:12:a7:ad:05:a7: 927s 77:01:d2:d2:ca:64:0c:1d:67:bc:45:3d:97:ce:34: 927s ef:a7:33:0b:2d:20:5b:77:f5:9b:e8:06:67:21:eb: 927s 54:63:f3:9e:6d:c9:03:49:ce:be:a8:32:9f:19:1c: 927s d2:47:27:a2:60:53:88:2d:e3:5a:eb:3a:25:e4:74: 927s 39:aa:5e:02:eb:69:95:42:d9:90:d2:30:d8:0b:47: 927s 4a:6f:68:d0:f2:f2:ed:ec:18:d7:7b:84:de:12:e3: 927s 9b:1a:1c:cc:40:59:0a:26:a9:ca:c1:e1:13:11:9d: 927s c9:43:47:fa:f1:6e:37:68:c7 927s Exponent: 65537 (0x10001) 927s X509v3 extensions: 927s X509v3 Authority Key Identifier: 927s ED:43:D2:0D:7E:70:58:EF:BD:95:F5:E4:DE:FC:81:53:54:93:BB:1D 927s X509v3 Basic Constraints: 927s CA:FALSE 927s Netscape Cert Type: 927s SSL Client, S/MIME 927s Netscape Comment: 927s Test Organization Sub Intermediate CA trusted Certificate 927s X509v3 Subject Key Identifier: 927s 10:30:E6:69:72:F8:DA:19:C5:D4:86:75:35:6E:70:EE:C2:65:7D:E3 927s X509v3 Key Usage: critical 927s Digital Signature, Non Repudiation, Key Encipherment 927s X509v3 Extended Key Usage: 927s TLS Web Client Authentication, E-mail Protection 927s X509v3 Subject Alternative Name: 927s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 927s Signature Algorithm: sha256WithRSAEncryption 927s Signature Value: 927s 51:80:56:00:23:09:c7:c6:38:83:71:18:1c:f5:42:a2:6e:45: 927s 2c:74:8e:00:06:21:bd:60:87:4b:ab:ea:2c:ea:53:96:b6:9d: 927s 84:dd:76:03:54:73:08:3f:84:46:5f:38:8b:71:14:6e:e2:a1: 927s 66:ab:5a:12:9d:8b:63:45:29:c8:37:d2:d7:b6:46:35:14:1c: 927s 59:48:af:1c:65:95:6f:f5:d9:fa:28:38:fe:72:2c:da:51:a4: 927s 13:5f:13:c8:d3:4d:7e:3e:ba:10:54:57:71:64:22:b7:83:ff: 927s f8:4e:8f:ca:f7:86:80:cd:99:ec:4f:ec:ad:53:a5:7d:92:4d: 927s 45:fd 927s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-15902-auth.pem 927s + found_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 927s + '[' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 '!=' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 ']' 927s + valid_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-intermediate-sub-chain-CA.pem partial_chain 927s + check_certificate /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 /tmp/sssd-softhsm2-MqbIl9/test-intermediate-sub-chain-CA.pem partial_chain 927s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 927s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 927s + local key_ring=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-sub-chain-CA.pem 927s + local verify_option=partial_chain 927s + prepare_softhsm2_card /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-12927 927s + local certificate=/tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 927s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-12927 927s + local key_cn 927s + local key_name 927s + local tokens_dir 927s + local output_cert_file 927s + token_name= 927s ++ basename /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 927s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 927s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 927s ++ sed -n 's/ *commonName *= //p' 927s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 927s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 927s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 927s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 927s ++ basename /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 927s + tokens_dir=/tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 927s + token_name='Test Organization Sub Int Token' 927s + '[' '!' -e /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 927s Test Organization Sub Int Token 927s + '[' '!' -d /tmp/sssd-softhsm2-MqbIl9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 927s + echo 'Test Organization Sub Int Token' 927s + '[' -n partial_chain ']' 927s + local verify_arg=--verify=partial_chain 927s + local output_base_name=SSSD-child-10723 927s + local output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723.output 927s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723.pem 927s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-sub-chain-CA.pem 927s [p11_child[2018]] [main] (0x0400): p11_child started. 927s [p11_child[2018]] [main] (0x2000): Running in [pre-auth] mode. 927s [p11_child[2018]] [main] (0x2000): Running with effective IDs: [0][0]. 927s [p11_child[2018]] [main] (0x2000): Running with real IDs [0][0]. 927s [p11_child[2018]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 927s [p11_child[2018]] [do_card] (0x4000): Module List: 927s [p11_child[2018]] [do_card] (0x4000): common name: [softhsm2]. 927s [p11_child[2018]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 927s [p11_child[2018]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 927s [p11_child[2018]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 927s [p11_child[2018]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 927s [p11_child[2018]] [do_card] (0x4000): Login NOT required. 927s [p11_child[2018]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 927s [p11_child[2018]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 927s [p11_child[2018]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 927s [p11_child[2018]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3f808d6d;slot-manufacturer=SoftHSM%20project;slot-id=1065389421;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5281e4153f808d6d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 927s [p11_child[2018]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 927s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723.output 927s + echo '-----BEGIN CERTIFICATE-----' 927s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723.output 927s + echo '-----END CERTIFICATE-----' 927s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723.pem 927s Certificate: 927s Data: 927s Version: 3 (0x2) 927s Serial Number: 5 (0x5) 927s Signature Algorithm: sha256WithRSAEncryption 927s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 927s Validity 927s Not Before: Jun 14 15:09:20 2024 GMT 927s Not After : Jun 14 15:09:20 2025 GMT 927s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 927s Subject Public Key Info: 927s Public Key Algorithm: rsaEncryption 927s Public-Key: (1024 bit) 927s Modulus: 927s 00:cc:d4:f6:6b:2f:d4:55:d9:02:12:a7:ad:05:a7: 927s 77:01:d2:d2:ca:64:0c:1d:67:bc:45:3d:97:ce:34: 927s ef:a7:33:0b:2d:20:5b:77:f5:9b:e8:06:67:21:eb: 927s 54:63:f3:9e:6d:c9:03:49:ce:be:a8:32:9f:19:1c: 927s d2:47:27:a2:60:53:88:2d:e3:5a:eb:3a:25:e4:74: 927s 39:aa:5e:02:eb:69:95:42:d9:90:d2:30:d8:0b:47: 927s 4a:6f:68:d0:f2:f2:ed:ec:18:d7:7b:84:de:12:e3: 927s 9b:1a:1c:cc:40:59:0a:26:a9:ca:c1:e1:13:11:9d: 927s c9:43:47:fa:f1:6e:37:68:c7 927s Exponent: 65537 (0x10001) 927s X509v3 extensions: 927s X509v3 Authority Key Identifier: 927s ED:43:D2:0D:7E:70:58:EF:BD:95:F5:E4:DE:FC:81:53:54:93:BB:1D 927s X509v3 Basic Constraints: 927s CA:FALSE 927s Netscape Cert Type: 927s SSL Client, S/MIME 927s Netscape Comment: 927s Test Organization Sub Intermediate CA trusted Certificate 927s X509v3 Subject Key Identifier: 927s 10:30:E6:69:72:F8:DA:19:C5:D4:86:75:35:6E:70:EE:C2:65:7D:E3 927s X509v3 Key Usage: critical 927s Digital Signature, Non Repudiation, Key Encipherment 927s X509v3 Extended Key Usage: 927s TLS Web Client Authentication, E-mail Protection 927s X509v3 Subject Alternative Name: 927s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 927s Signature Algorithm: sha256WithRSAEncryption 927s Signature Value: 927s 51:80:56:00:23:09:c7:c6:38:83:71:18:1c:f5:42:a2:6e:45: 927s 2c:74:8e:00:06:21:bd:60:87:4b:ab:ea:2c:ea:53:96:b6:9d: 927s 84:dd:76:03:54:73:08:3f:84:46:5f:38:8b:71:14:6e:e2:a1: 927s 66:ab:5a:12:9d:8b:63:45:29:c8:37:d2:d7:b6:46:35:14:1c: 927s 59:48:af:1c:65:95:6f:f5:d9:fa:28:38:fe:72:2c:da:51:a4: 927s 13:5f:13:c8:d3:4d:7e:3e:ba:10:54:57:71:64:22:b7:83:ff: 927s f8:4e:8f:ca:f7:86:80:cd:99:ec:4f:ec:ad:53:a5:7d:92:4d: 927s 45:fd 927s + local found_md5 expected_md5 927s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/test-sub-intermediate-CA-trusted-certificate-0001.pem 927s + expected_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 927s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723.pem 927s + found_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 927s + '[' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 '!=' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 ']' 927s + output_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723-auth.output 927s ++ basename /tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723-auth.output .output 927s + output_cert_file=/tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723-auth.pem 927s + echo -n 053350 927s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-MqbIl9/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 927s [p11_child[2026]] [main] (0x0400): p11_child started. 927s [p11_child[2026]] [main] (0x2000): Running in [auth] mode. 927s [p11_child[2026]] [main] (0x2000): Running with effective IDs: [0][0]. 927s [p11_child[2026]] [main] (0x2000): Running with real IDs [0][0]. 927s [p11_child[2026]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 927s [p11_child[2026]] [do_card] (0x4000): Module List: 927s [p11_child[2026]] [do_card] (0x4000): common name: [softhsm2]. 927s [p11_child[2026]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 927s [p11_child[2026]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3f808d6d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 927s [p11_child[2026]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 927s [p11_child[2026]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x3f808d6d][1065389421] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 927s [p11_child[2026]] [do_card] (0x4000): Login required. 927s [p11_child[2026]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 927s [p11_child[2026]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 927s [p11_child[2026]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 927s [p11_child[2026]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3f808d6d;slot-manufacturer=SoftHSM%20project;slot-id=1065389421;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5281e4153f808d6d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 927s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 927s [p11_child[2026]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 927s [p11_child[2026]] [do_card] (0x4000): Certificate verified and validated. 927s [p11_child[2026]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 927s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723-auth.output 927s + echo '-----BEGIN CERTIFICATE-----' 927s + tail -n1 /tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723-auth.output 927s + echo '-----END CERTIFICATE-----' 927s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723-auth.pem 927s Certificate: 927s Data: 927s Version: 3 (0x2) 927s Serial Number: 5 (0x5) 927s Signature Algorithm: sha256WithRSAEncryption 927s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 927s Validity 927s Not Before: Jun 14 15:09:20 2024 GMT 927s Not After : Jun 14 15:09:20 2025 GMT 927s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 927s Subject Public Key Info: 927s Public Key Algorithm: rsaEncryption 927s Public-Key: (1024 bit) 927s Modulus: 927s 00:cc:d4:f6:6b:2f:d4:55:d9:02:12:a7:ad:05:a7: 927s 77:01:d2:d2:ca:64:0c:1d:67:bc:45:3d:97:ce:34: 927s ef:a7:33:0b:2d:20:5b:77:f5:9b:e8:06:67:21:eb: 927s 54:63:f3:9e:6d:c9:03:49:ce:be:a8:32:9f:19:1c: 927s d2:47:27:a2:60:53:88:2d:e3:5a:eb:3a:25:e4:74: 927s 39:aa:5e:02:eb:69:95:42:d9:90:d2:30:d8:0b:47: 927s 4a:6f:68:d0:f2:f2:ed:ec:18:d7:7b:84:de:12:e3: 927s 9b:1a:1c:cc:40:59:0a:26:a9:ca:c1:e1:13:11:9d: 927s c9:43:47:fa:f1:6e:37:68:c7 927s Exponent: 65537 (0x10001) 927s X509v3 extensions: 927s X509v3 Authority Key Identifier: 927s ED:43:D2:0D:7E:70:58:EF:BD:95:F5:E4:DE:FC:81:53:54:93:BB:1D 927s X509v3 Basic Constraints: 927s CA:FALSE 927s Netscape Cert Type: 927s SSL Client, S/MIME 927s Netscape Comment: 927s Test Organization Sub Intermediate CA trusted Certificate 927s X509v3 Subject Key Identifier: 927s 10:30:E6:69:72:F8:DA:19:C5:D4:86:75:35:6E:70:EE:C2:65:7D:E3 927s X509v3 Key Usage: critical 927s Digital Signature, Non Repudiation, Key Encipherment 927s X509v3 Extended Key Usage: 927s TLS Web Client Authentication, E-mail Protection 927s X509v3 Subject Alternative Name: 927s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 927s Signature Algorithm: sha256WithRSAEncryption 927s Signature Value: 927s 51:80:56:00:23:09:c7:c6:38:83:71:18:1c:f5:42:a2:6e:45: 927s 2c:74:8e:00:06:21:bd:60:87:4b:ab:ea:2c:ea:53:96:b6:9d: 927s 84:dd:76:03:54:73:08:3f:84:46:5f:38:8b:71:14:6e:e2:a1: 927s 66:ab:5a:12:9d:8b:63:45:29:c8:37:d2:d7:b6:46:35:14:1c: 927s 59:48:af:1c:65:95:6f:f5:d9:fa:28:38:fe:72:2c:da:51:a4: 927s 13:5f:13:c8:d3:4d:7e:3e:ba:10:54:57:71:64:22:b7:83:ff: 927s f8:4e:8f:ca:f7:86:80:cd:99:ec:4f:ec:ad:53:a5:7d:92:4d: 927s 45:fd 927s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-MqbIl9/SSSD-child-10723-auth.pem 927s + found_md5=Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 927s + '[' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 '!=' Modulus=CCD4F66B2FD455D90212A7AD05A77701D2D2CA640C1D67BC453D97CE34EFA7330B2D205B77F59BE8066721EB5463F39E6DC90349CEBEA8329F191CD24727A26053882DE35AEB3A25E47439AA5E02EB699542D990D230D80B474A6F68D0F2F2EDEC18D77B84DE12E39B1A1CCC40590A26A9CAC1E113119DC94347FAF16E3768C7 ']' 927s + set +x 927s 927s Test completed, Root CA and intermediate issued certificates verified! 928s autopkgtest [15:09:29]: test sssd-softhism2-certificates-tests.sh: -----------------------] 932s autopkgtest [15:09:33]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 932s sssd-softhism2-certificates-tests.sh PASS 935s autopkgtest [15:09:36]: test sssd-smart-card-pam-auth-configs: preparing testbed 945s Reading package lists... 945s Building dependency tree... 945s Reading state information... 945s Starting pkgProblemResolver with broken count: 0 946s Starting 2 pkgProblemResolver with broken count: 0 946s Done 946s The following additional packages will be installed: 946s pamtester 946s The following NEW packages will be installed: 946s autopkgtest-satdep pamtester 946s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 946s Need to get 11.4 kB/12.1 kB of archives. 946s After this operation, 31.7 kB of additional disk space will be used. 946s Get:1 /tmp/autopkgtest.IeyOLF/4-autopkgtest-satdep.deb autopkgtest-satdep armhf 0 [760 B] 947s Get:2 http://ftpmaster.internal/ubuntu oracular/universe armhf pamtester armhf 0.1.2-4 [11.4 kB] 947s Fetched 11.4 kB in 0s (63.6 kB/s) 947s Selecting previously unselected package pamtester. 947s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 59013 files and directories currently installed.) 947s Preparing to unpack .../pamtester_0.1.2-4_armhf.deb ... 947s Unpacking pamtester (0.1.2-4) ... 947s Selecting previously unselected package autopkgtest-satdep. 947s Preparing to unpack .../4-autopkgtest-satdep.deb ... 947s Unpacking autopkgtest-satdep (0) ... 948s Setting up pamtester (0.1.2-4) ... 948s Setting up autopkgtest-satdep (0) ... 948s Processing triggers for man-db (2.12.1-2) ... 961s (Reading database ... 59019 files and directories currently installed.) 961s Removing autopkgtest-satdep (0) ... 967s autopkgtest [15:10:08]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 967s autopkgtest [15:10:08]: test sssd-smart-card-pam-auth-configs: [----------------------- 969s + '[' -z ubuntu ']' 969s + export DEBIAN_FRONTEND=noninteractive 969s + DEBIAN_FRONTEND=noninteractive 969s + required_tools=(pamtester softhsm2-util sssd) 969s + [[ ! -v OFFLINE_MODE ]] 969s + for cmd in "${required_tools[@]}" 969s + command -v pamtester 969s + for cmd in "${required_tools[@]}" 969s + command -v softhsm2-util 969s + for cmd in "${required_tools[@]}" 969s + command -v sssd 969s + PIN=123456 969s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 969s + tmpdir=/tmp/sssd-softhsm2-certs-TuuZGK 969s + backupsdir= 969s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 969s + declare -a restore_paths 969s + declare -a delete_paths 969s + trap handle_exit EXIT 969s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 969s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 969s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 969s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 969s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-TuuZGK GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 969s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-TuuZGK 969s + GENERATE_SMART_CARDS=1 969s + KEEP_TEMPORARY_FILES=1 969s + NO_SSSD_TESTS=1 969s + bash debian/tests/sssd-softhism2-certificates-tests.sh 969s + '[' -z ubuntu ']' 969s + required_tools=(p11tool openssl softhsm2-util) 969s + for cmd in "${required_tools[@]}" 969s + command -v p11tool 969s + for cmd in "${required_tools[@]}" 969s + command -v openssl 969s + for cmd in "${required_tools[@]}" 969s + command -v softhsm2-util 969s + PIN=123456 969s +++ find /usr/lib/softhsm/libsofthsm2.so 969s +++ head -n 1 969s ++ realpath /usr/lib/softhsm/libsofthsm2.so 969s + SOFTHSM2_MODULE=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 969s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 969s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 969s + '[' '!' -v NO_SSSD_TESTS ']' 969s + '[' '!' -e /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so ']' 969s + tmpdir=/tmp/sssd-softhsm2-certs-TuuZGK 969s + keys_size=1024 969s + [[ ! -v KEEP_TEMPORARY_FILES ]] 969s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 969s + echo -n 01 969s + touch /tmp/sssd-softhsm2-certs-TuuZGK/index.txt 969s + mkdir -p /tmp/sssd-softhsm2-certs-TuuZGK/new_certs 969s + cat 969s + root_ca_key_pass=pass:random-root-CA-password-17433 969s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-key.pem -passout pass:random-root-CA-password-17433 1024 970s + openssl req -passin pass:random-root-CA-password-17433 -batch -config /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.pem 970s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.pem 970s + cat 970s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-13418 970s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-13418 1024 970s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-13418 -config /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-17433 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-certificate-request.pem 970s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-certificate-request.pem 970s Certificate Request: 970s Data: 970s Version: 1 (0x0) 970s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 970s Subject Public Key Info: 970s Public Key Algorithm: rsaEncryption 970s Public-Key: (1024 bit) 970s Modulus: 970s 00:b5:9c:72:1d:0d:49:8c:27:cf:cb:67:15:62:cb: 970s 1b:55:68:86:59:1e:96:5c:33:25:2d:3e:a5:28:8a: 970s 8b:df:63:1e:ce:97:64:2a:3e:1b:fe:22:d4:51:bf: 970s 8f:11:10:5c:40:fc:45:34:88:3d:e9:35:65:8b:66: 970s ad:9e:b4:4a:e4:24:21:2b:b9:ea:fe:89:a1:63:b7: 970s 7a:ab:bd:6c:06:d6:db:1d:64:30:70:02:04:86:0a: 970s f5:8d:23:b8:db:fa:61:70:b3:88:57:dd:e1:8f:2e: 970s 5d:6f:1f:12:c4:56:a2:50:84:f1:6e:e6:0c:e3:aa: 970s 48:c5:2a:8e:0e:b3:6b:ba:7b 970s Exponent: 65537 (0x10001) 970s Attributes: 970s (none) 970s Requested Extensions: 970s Signature Algorithm: sha256WithRSAEncryption 970s Signature Value: 970s 17:fe:c0:6d:cc:20:81:c6:7e:92:ee:f4:c2:1e:73:1e:0f:39: 970s ac:aa:59:1d:00:e6:89:86:2d:82:f7:d5:c6:9d:e1:d3:b6:64: 970s ef:59:44:be:e4:f0:a6:f3:30:6d:66:0e:c6:69:76:e3:97:de: 970s f6:b9:84:e6:87:6a:00:62:82:31:cd:69:03:2e:b5:79:ec:0f: 970s 0f:25:2c:22:55:06:8a:62:c2:aa:e2:d4:0a:a0:8d:47:64:1d: 970s 96:a1:96:5c:95:6c:1f:a2:8e:0f:5a:9e:9a:e5:5d:37:1c:45: 970s c6:48:6f:67:38:94:76:00:42:83:52:6a:19:0b:5c:9e:3f:62: 970s 28:a1 970s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.config -passin pass:random-root-CA-password-17433 -keyfile /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem 970s Using configuration from /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.config 970s Check that the request matches the signature 970s Signature ok 970s Certificate Details: 970s Serial Number: 1 (0x1) 970s Validity 970s Not Before: Jun 14 15:10:11 2024 GMT 970s Not After : Jun 14 15:10:11 2025 GMT 970s Subject: 970s organizationName = Test Organization 970s organizationalUnitName = Test Organization Unit 970s commonName = Test Organization Intermediate CA 970s X509v3 extensions: 970s X509v3 Subject Key Identifier: 970s DB:69:07:39:F9:68:2D:85:9D:F8:20:3C:42:0B:BD:AB:43:DD:F4:7E 970s X509v3 Authority Key Identifier: 970s keyid:7C:0D:15:29:54:6C:92:8B:B5:F8:69:A1:51:40:FA:46:94:5F:EF:7C 970s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 970s serial:00 970s X509v3 Basic Constraints: 970s CA:TRUE 970s X509v3 Key Usage: critical 970s Digital Signature, Certificate Sign, CRL Sign 970s Certificate is to be certified until Jun 14 15:10:11 2025 GMT (365 days) 970s 970s Write out database with 1 new entries 970s Database updated 970s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem 970s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem 970s /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem: OK 970s + cat 970s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-1969 970s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-1969 1024 970s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-1969 -config /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-13418 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-certificate-request.pem 970s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-certificate-request.pem 970s Certificate Request: 970s Data: 970s Version: 1 (0x0) 970s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 970s Subject Public Key Info: 970s Public Key Algorithm: rsaEncryption 970s Public-Key: (1024 bit) 970s Modulus: 970s 00:b3:21:7f:87:fa:55:84:9c:7c:9e:4b:f5:15:fe: 970s f7:ed:d5:23:21:5d:8a:0f:a7:ff:73:29:0a:03:af: 970s 87:d6:9a:3c:ac:de:81:49:4e:4c:38:64:68:a2:c7: 970s 33:2d:d0:09:a4:9d:ca:ad:08:58:ff:5a:52:1f:02: 970s f1:e0:a9:83:05:a4:47:bd:e1:73:45:21:e7:d2:aa: 970s 72:2f:d7:75:be:76:ae:ea:64:83:c1:a0:42:b6:b2: 970s 78:f3:f2:ee:a7:93:b0:a5:d0:fe:e0:1b:14:b0:35: 970s 20:3c:d0:be:a6:6a:ee:34:c0:b7:4c:f2:b8:f7:9e: 970s a8:db:f4:bc:ee:e7:32:d2:d5 970s Exponent: 65537 (0x10001) 970s Attributes: 970s (none) 970s Requested Extensions: 970s Signature Algorithm: sha256WithRSAEncryption 970s Signature Value: 970s 47:67:50:1c:55:a6:2a:ff:eb:32:cb:1c:3b:82:c6:dd:6c:a5: 970s fa:71:31:e4:b5:c2:9d:ad:4f:83:e6:fb:ba:f4:77:bb:a8:40: 970s c4:71:f1:93:4e:58:56:3a:58:12:51:7e:0c:36:2e:4b:7b:02: 970s 77:72:3b:66:ed:2d:6c:57:a3:ec:40:cc:ec:3c:d4:fd:b2:5e: 970s a8:7e:03:66:4d:fc:b8:1c:ea:d3:75:08:cb:3e:e9:fa:be:fd: 970s fa:cb:c4:93:58:26:cf:ce:59:0f:e4:72:2b:75:5e:93:cf:d2: 970s 2d:11:f4:62:48:2f:01:88:72:c0:e2:85:ae:c7:81:92:d6:45: 970s 7d:b6 970s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-13418 -keyfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem 970s Using configuration from /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.config 970s Check that the request matches the signature 970s Signature ok 970s Certificate Details: 970s Serial Number: 2 (0x2) 970s Validity 970s Not Before: Jun 14 15:10:11 2024 GMT 970s Not After : Jun 14 15:10:11 2025 GMT 970s Subject: 970s organizationName = Test Organization 970s organizationalUnitName = Test Organization Unit 970s commonName = Test Organization Sub Intermediate CA 970s X509v3 extensions: 970s X509v3 Subject Key Identifier: 970s E8:C7:01:DC:5A:13:9E:51:15:8A:F2:13:4A:2D:EC:3B:E3:98:16:06 970s X509v3 Authority Key Identifier: 970s keyid:DB:69:07:39:F9:68:2D:85:9D:F8:20:3C:42:0B:BD:AB:43:DD:F4:7E 970s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 970s serial:01 970s X509v3 Basic Constraints: 970s CA:TRUE 970s X509v3 Key Usage: critical 970s Digital Signature, Certificate Sign, CRL Sign 970s Certificate is to be certified until Jun 14 15:10:11 2025 GMT (365 days) 970s 970s Write out database with 1 new entries 970s Database updated 970s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem 970s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem 970s /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem: OK 970s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem 970s + local cmd=openssl 970s + shift 970s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem 971s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 971s error 20 at 0 depth lookup: unable to get local issuer certificate 971s error /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem: verification failed 971s + cat 971s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-11063 971s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-11063 1024 971s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-11063 -key /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001-request.pem 971s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001-request.pem 971s Certificate Request: 971s Data: 971s Version: 1 (0x0) 971s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 971s Subject Public Key Info: 971s Public Key Algorithm: rsaEncryption 971s Public-Key: (1024 bit) 971s Modulus: 971s 00:b8:d8:2c:a3:39:b6:86:1e:ea:af:1b:4d:95:b6: 971s c9:74:83:54:17:e2:76:57:eb:ac:72:e4:ae:da:d0: 971s c0:6e:f4:91:ef:7f:ef:1a:ba:af:35:cb:38:44:3e: 971s af:ba:a0:af:1f:9d:25:28:9e:c7:24:e8:4d:6e:03: 971s 56:a6:5f:85:33:3c:f9:dc:b4:d6:86:8f:4f:f2:c0: 971s ed:77:5b:2a:94:ee:7a:3c:a8:9d:d4:8a:62:74:b7: 971s d5:b6:da:50:26:61:04:35:e1:54:e9:d4:72:56:69: 971s 78:19:54:dd:26:8f:75:d5:36:50:df:87:b9:b0:b0: 971s ed:7a:de:51:fa:e3:82:d8:39 971s Exponent: 65537 (0x10001) 971s Attributes: 971s Requested Extensions: 971s X509v3 Basic Constraints: 971s CA:FALSE 971s Netscape Cert Type: 971s SSL Client, S/MIME 971s Netscape Comment: 971s Test Organization Root CA trusted Certificate 971s X509v3 Subject Key Identifier: 971s D6:2B:02:F0:04:B5:BD:4D:02:1C:DE:1C:F3:D1:3E:E1:FC:69:C3:AE 971s X509v3 Key Usage: critical 971s Digital Signature, Non Repudiation, Key Encipherment 971s X509v3 Extended Key Usage: 971s TLS Web Client Authentication, E-mail Protection 971s X509v3 Subject Alternative Name: 971s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 971s Signature Algorithm: sha256WithRSAEncryption 971s Signature Value: 971s 84:eb:da:17:f0:71:cb:08:ff:27:1b:3b:60:8c:da:dd:90:0c: 971s 92:99:a5:f0:b8:5e:6e:b9:89:8a:a2:35:97:86:46:fa:1d:a1: 971s 9a:e6:4e:ca:52:6d:c5:0c:2d:6b:32:d8:b1:a7:68:fc:b5:94: 971s 92:b4:8f:a8:8a:fe:ea:ca:97:66:b7:98:c2:f6:bd:01:96:e1: 971s 1e:ec:33:63:5c:a3:ac:aa:45:7f:38:ce:0b:45:ca:eb:81:82: 971s 34:5a:d7:93:c3:5a:19:94:ca:89:55:06:fc:29:16:df:2e:8b: 971s ad:b3:e0:f0:8c:e2:ab:f5:8a:31:6a:fe:c0:37:72:0e:52:29: 971s 73:34 971s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.config -passin pass:random-root-CA-password-17433 -keyfile /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem 971s Using configuration from /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.config 971s Check that the request matches the signature 971s Signature ok 971s Certificate Details: 971s Serial Number: 3 (0x3) 971s Validity 971s Not Before: Jun 14 15:10:12 2024 GMT 971s Not After : Jun 14 15:10:12 2025 GMT 971s Subject: 971s organizationName = Test Organization 971s organizationalUnitName = Test Organization Unit 971s commonName = Test Organization Root Trusted Certificate 0001 971s X509v3 extensions: 971s X509v3 Authority Key Identifier: 971s 7C:0D:15:29:54:6C:92:8B:B5:F8:69:A1:51:40:FA:46:94:5F:EF:7C 971s X509v3 Basic Constraints: 971s CA:FALSE 971s Netscape Cert Type: 971s SSL Client, S/MIME 971s Netscape Comment: 971s Test Organization Root CA trusted Certificate 971s X509v3 Subject Key Identifier: 971s D6:2B:02:F0:04:B5:BD:4D:02:1C:DE:1C:F3:D1:3E:E1:FC:69:C3:AE 971s X509v3 Key Usage: critical 971s Digital Signature, Non Repudiation, Key Encipherment 971s X509v3 Extended Key Usage: 971s TLS Web Client Authentication, E-mail Protection 971s X509v3 Subject Alternative Name: 971s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 971s Certificate is to be certified until Jun 14 15:10:12 2025 GMT (365 days) 971s 971s Write out database with 1 new entries 971s Database updated 971s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem 971s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem 971s /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem: OK 971s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem 971s + local cmd=openssl 971s + shift 971s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem 971s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 971s error 20 at 0 depth lookup: unable to get local issuer certificate 971s error /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem: verification failed 971s + cat 971s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-4936 971s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-4936 1024 971s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-4936 -key /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001-request.pem 971s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001-request.pem 971s Certificate Request: 971s Data: 971s Version: 1 (0x0) 971s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 971s Subject Public Key Info: 971s Public Key Algorithm: rsaEncryption 971s Public-Key: (1024 bit) 971s Modulus: 971s 00:ec:21:c0:b5:9f:fb:5d:f6:8b:3c:18:2c:d7:cf: 971s a5:bf:26:9a:cb:62:47:64:21:ce:25:1d:87:ae:15: 971s f7:3c:fd:15:8e:d6:09:08:d5:fa:3f:92:14:3c:a5: 971s 49:ff:ff:cd:29:ae:c8:57:d7:16:3a:e0:7b:f2:71: 971s fc:80:f6:ab:e6:c1:e5:f2:e1:f1:90:4e:2c:18:a9: 971s eb:3c:49:f9:5d:5c:a2:a6:a5:be:ae:39:8e:77:57: 971s 16:1c:08:ca:41:7e:59:a6:bf:e3:a1:75:c5:28:00: 971s a5:bb:d9:b8:c4:4e:9b:6d:41:c5:86:5e:ed:2d:ee: 971s be:5a:e1:c5:e2:81:57:9c:29 971s Exponent: 65537 (0x10001) 971s Attributes: 971s Requested Extensions: 971s X509v3 Basic Constraints: 971s CA:FALSE 971s Netscape Cert Type: 971s SSL Client, S/MIME 971s Netscape Comment: 971s Test Organization Intermediate CA trusted Certificate 971s X509v3 Subject Key Identifier: 971s B9:BA:C8:D8:9F:77:4E:1F:DA:08:4E:63:81:79:4E:E4:58:DF:24:F4 971s X509v3 Key Usage: critical 971s Digital Signature, Non Repudiation, Key Encipherment 971s X509v3 Extended Key Usage: 971s TLS Web Client Authentication, E-mail Protection 971s X509v3 Subject Alternative Name: 971s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 971s Signature Algorithm: sha256WithRSAEncryption 971s Signature Value: 971s b4:8b:ab:e5:42:79:12:18:5e:41:ea:a9:b4:86:ac:f3:d5:bb: 971s a8:80:00:e1:42:67:59:75:3c:96:b0:c5:c1:e6:2e:9f:d3:a0: 971s 63:d5:3b:ec:bc:7d:b9:08:17:92:99:79:7f:5b:f2:49:ab:ad: 971s 9e:f8:fd:99:d8:a1:04:a1:b0:f8:44:38:4d:ad:4e:cf:8b:1e: 971s de:e9:da:44:8d:53:3d:10:94:e5:0e:f1:e9:2c:61:94:80:f6: 971s 3e:3b:9e:48:7e:91:51:e4:da:97:f8:54:1a:f4:ea:19:61:c9: 971s db:b1:c9:0f:d4:5b:40:c4:ea:5f:65:01:fc:d5:84:78:9c:04: 971s de:bb 971s + openssl ca -passin pass:random-intermediate-CA-password-13418 -config /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem 971s Using configuration from /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.config 971s Check that the request matches the signature 971s Signature ok 971s Certificate Details: 971s Serial Number: 4 (0x4) 971s Validity 971s Not Before: Jun 14 15:10:12 2024 GMT 971s Not After : Jun 14 15:10:12 2025 GMT 971s Subject: 971s organizationName = Test Organization 971s organizationalUnitName = Test Organization Unit 971s commonName = Test Organization Intermediate Trusted Certificate 0001 971s X509v3 extensions: 971s X509v3 Authority Key Identifier: 971s DB:69:07:39:F9:68:2D:85:9D:F8:20:3C:42:0B:BD:AB:43:DD:F4:7E 971s X509v3 Basic Constraints: 971s CA:FALSE 971s Netscape Cert Type: 971s SSL Client, S/MIME 971s Netscape Comment: 971s Test Organization Intermediate CA trusted Certificate 971s X509v3 Subject Key Identifier: 971s B9:BA:C8:D8:9F:77:4E:1F:DA:08:4E:63:81:79:4E:E4:58:DF:24:F4 971s X509v3 Key Usage: critical 971s Digital Signature, Non Repudiation, Key Encipherment 971s X509v3 Extended Key Usage: 971s TLS Web Client Authentication, E-mail Protection 971s X509v3 Subject Alternative Name: 971s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 971s Certificate is to be certified until Jun 14 15:10:12 2025 GMT (365 days) 971s 971s Write out database with 1 new entries 971s Database updated 971s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem 971s + echo 'This certificate should not be trusted fully' 971s This certificate should not be trusted fully 971s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem 971s + local cmd=openssl 971s + shift 971s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem 971s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 971s error 2 at 1 depth lookup: unable to get issuer certificate 971s error /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 971s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem 971s /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem: OK 971s + cat 971s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29959 971s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-29959 1024 971s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-29959 -key /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 972s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 972s Certificate Request: 972s Data: 972s Version: 1 (0x0) 972s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 972s Subject Public Key Info: 972s Public Key Algorithm: rsaEncryption 972s Public-Key: (1024 bit) 972s Modulus: 972s 00:af:bd:c3:8e:00:67:5a:b5:2e:a9:e9:b8:32:be: 972s 11:f5:94:82:9d:9e:6e:69:8f:d0:e1:ff:f5:54:e5: 972s f0:6e:3d:a3:4b:c7:c2:35:87:9e:51:e5:a9:45:5d: 972s 66:cf:c6:22:1c:05:21:81:9c:2a:1b:76:ac:90:f6: 972s 4c:4a:42:b9:2d:66:fd:26:8d:88:98:78:25:9c:8a: 972s 06:20:0d:8c:76:0b:d1:36:d1:ec:b1:d1:ae:52:8d: 972s 95:44:ee:d0:94:73:65:da:9f:7d:b0:68:29:91:85: 972s d3:88:ea:71:6c:0e:fb:86:f7:ba:74:07:9c:de:0f: 972s 4e:40:5f:5b:81:46:dc:fd:0d 972s Exponent: 65537 (0x10001) 972s Attributes: 972s Requested Extensions: 972s X509v3 Basic Constraints: 972s CA:FALSE 972s Netscape Cert Type: 972s SSL Client, S/MIME 972s Netscape Comment: 972s Test Organization Sub Intermediate CA trusted Certificate 972s X509v3 Subject Key Identifier: 972s D7:F4:1F:BC:33:4B:6A:3A:85:55:93:73:64:CB:66:55:8B:46:C6:4F 972s X509v3 Key Usage: critical 972s Digital Signature, Non Repudiation, Key Encipherment 972s X509v3 Extended Key Usage: 972s TLS Web Client Authentication, E-mail Protection 972s X509v3 Subject Alternative Name: 972s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 972s Signature Algorithm: sha256WithRSAEncryption 972s Signature Value: 972s 0e:c5:ac:30:db:2a:4c:35:17:d1:76:e4:e2:03:50:56:f1:16: 972s 2f:3e:eb:04:01:e0:75:4a:2b:81:74:db:37:46:d1:b2:80:ba: 972s ca:b7:ac:14:15:36:c6:62:1e:5b:14:8f:18:57:7c:d6:47:31: 972s 3b:e2:d6:e9:94:62:00:ec:9f:d1:f1:dc:77:be:7d:7c:28:b8: 972s 54:4c:c3:50:b7:d8:e5:01:50:bc:9d:75:d6:22:07:42:3b:35: 972s 9e:bc:e7:21:2a:9c:a6:3c:90:b6:e2:ae:96:dd:65:61:88:87: 972s 65:f9:8d:c5:3b:5f:bc:4a:fe:d4:9b:99:ca:dd:47:89:89:d6: 972s 37:3b 972s + openssl ca -passin pass:random-sub-intermediate-CA-password-1969 -config /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 972s Using configuration from /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.config 972s Check that the request matches the signature 972s Signature ok 972s Certificate Details: 972s Serial Number: 5 (0x5) 972s Validity 972s Not Before: Jun 14 15:10:13 2024 GMT 972s Not After : Jun 14 15:10:13 2025 GMT 972s Subject: 972s organizationName = Test Organization 972s organizationalUnitName = Test Organization Unit 972s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 972s X509v3 extensions: 972s X509v3 Authority Key Identifier: 972s E8:C7:01:DC:5A:13:9E:51:15:8A:F2:13:4A:2D:EC:3B:E3:98:16:06 972s X509v3 Basic Constraints: 972s CA:FALSE 972s Netscape Cert Type: 972s SSL Client, S/MIME 972s Netscape Comment: 972s Test Organization Sub Intermediate CA trusted Certificate 972s X509v3 Subject Key Identifier: 972s D7:F4:1F:BC:33:4B:6A:3A:85:55:93:73:64:CB:66:55:8B:46:C6:4F 972s X509v3 Key Usage: critical 972s Digital Signature, Non Repudiation, Key Encipherment 972s X509v3 Extended Key Usage: 972s TLS Web Client Authentication, E-mail Protection 972s X509v3 Subject Alternative Name: 972s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 972s Certificate is to be certified until Jun 14 15:10:13 2025 GMT (365 days) 972s 972s Write out database with 1 new entries 972s Database updated 972s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 972s + echo 'This certificate should not be trusted fully' 972s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 972s This certificate should not be trusted fully 972s + local cmd=openssl 972s + shift 972s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 972s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 972s error 2 at 1 depth lookup: unable to get issuer certificate 972s error /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 972s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 972s + local cmd=openssl 972s + shift 972s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 972s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 972s error 20 at 0 depth lookup: unable to get local issuer certificate 972s error /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 972s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 972s /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 972s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 972s + local cmd=openssl 972s + shift 972s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 972s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 972s error 20 at 0 depth lookup: unable to get local issuer certificate 972s error /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 972s Building a the full-chain CA file... 972s + echo 'Building a the full-chain CA file...' 972s + cat /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem 972s + cat /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem 972s + cat /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem 972s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem 972s + openssl pkcs7 -print_certs -noout 972s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 972s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 972s 972s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 972s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 972s 972s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 972s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 972s 972s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem 972s /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA.pem: OK 972s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem 972s /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem: OK 972s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem 972s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-root-intermediate-chain-CA.pem 972s /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem: OK 972s /tmp/sssd-softhsm2-certs-TuuZGK/test-root-intermediate-chain-CA.pem: OK 972s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 972s /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 972s + echo 'Certificates generation completed!' 972s Certificates generation completed! 972s + [[ -v NO_SSSD_TESTS ]] 972s + [[ -v GENERATE_SMART_CARDS ]] 972s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-11063 972s + local certificate=/tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem 972s + local key_pass=pass:random-root-ca-trusted-cert-0001-11063 972s + local key_cn 972s + local key_name 972s + local tokens_dir 972s + local output_cert_file 972s + token_name= 972s ++ basename /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem .pem 972s + key_name=test-root-CA-trusted-certificate-0001 972s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem 972s ++ sed -n 's/ *commonName *= //p' 972s + key_cn='Test Organization Root Trusted Certificate 0001' 972s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 972s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-root-CA-trusted-certificate-0001.conf 972s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-root-CA-trusted-certificate-0001.conf 972s ++ basename /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 972s + tokens_dir=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-root-CA-trusted-certificate-0001 972s + token_name='Test Organization Root Tr Token' 972s + '[' '!' -e /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 972s + local key_file 972s + local decrypted_key 972s + mkdir -p /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-root-CA-trusted-certificate-0001 972s + key_file=/tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001-key.pem 972s + decrypted_key=/tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001-key-decrypted.pem 972s + cat 972s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 972s Slot 0 has a free/uninitialized token. 972s The token has been initialized and is reassigned to slot 294807412 972s + softhsm2-util --show-slots 972s Available slots: 972s Slot 294807412 972s Slot info: 972s Description: SoftHSM slot ID 0x11926774 972s Manufacturer ID: SoftHSM project 972s Hardware version: 2.6 972s Firmware version: 2.6 972s Token present: yes 972s Token info: 972s Manufacturer ID: SoftHSM project 972s Model: SoftHSM v2 972s Hardware version: 2.6 972s Firmware version: 2.6 972s Serial number: 29d4d1cd11926774 972s Initialized: yes 972s User PIN init.: yes 972s Label: Test Organization Root Tr Token 972s Slot 1 972s Slot info: 972s Description: SoftHSM slot ID 0x1 972s Manufacturer ID: SoftHSM project 972s Hardware version: 2.6 972s Firmware version: 2.6 972s Token present: yes 972s Token info: 972s Manufacturer ID: SoftHSM project 972s Model: SoftHSM v2 972s Hardware version: 2.6 972s Firmware version: 2.6 972s Serial number: 972s Initialized: no 972s User PIN init.: no 972s Label: 972s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 972s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-11063 -in /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001-key-decrypted.pem 972s writing RSA key 972s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 972s + rm /tmp/sssd-softhsm2-certs-TuuZGK/test-root-CA-trusted-certificate-0001-key-decrypted.pem 972s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 972s Object 0: 972s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=29d4d1cd11926774;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 972s Type: X.509 Certificate (RSA-1024) 972s Expires: Sat Jun 14 15:10:12 2025 972s Label: Test Organization Root Trusted Certificate 0001 972s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 972s 972s + echo 'Test Organization Root Tr Token' 972s Test Organization Root Tr Token 972s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-4936 972s + local certificate=/tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem 972s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-4936 972s + local key_cn 972s + local key_name 972s + local tokens_dir 972s + local output_cert_file 972s + token_name= 972s ++ basename /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem .pem 972s + key_name=test-intermediate-CA-trusted-certificate-0001 972s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem 973s ++ sed -n 's/ *commonName *= //p' 973s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 973s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 973s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 973s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 973s ++ basename /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 973s + tokens_dir=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-intermediate-CA-trusted-certificate-0001 973s + token_name='Test Organization Interme Token' 973s + '[' '!' -e /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 973s + local key_file 973s + local decrypted_key 973s + mkdir -p /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-intermediate-CA-trusted-certificate-0001 973s + key_file=/tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001-key.pem 973s + decrypted_key=/tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 973s + cat 973s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 973s Slot 0 has a free/uninitialized token. 973s The token has been initialized and is reassigned to slot 1276178610 973s + softhsm2-util --show-slots 973s Available slots: 973s Slot 1276178610 973s Slot info: 973s Description: SoftHSM slot ID 0x4c10f0b2 973s Manufacturer ID: SoftHSM project 973s Hardware version: 2.6 973s Firmware version: 2.6 973s Token present: yes 973s Token info: 973s Manufacturer ID: SoftHSM project 973s Model: SoftHSM v2 973s Hardware version: 2.6 973s Firmware version: 2.6 973s Serial number: 755936af4c10f0b2 973s Initialized: yes 973s User PIN init.: yes 973s Label: Test Organization Interme Token 973s Slot 1 973s Slot info: 973s Description: SoftHSM slot ID 0x1 973s Manufacturer ID: SoftHSM project 973s Hardware version: 2.6 973s Firmware version: 2.6 973s Token present: yes 973s Token info: 973s Manufacturer ID: SoftHSM project 973s Model: SoftHSM v2 973s Hardware version: 2.6 973s Firmware version: 2.6 973s Serial number: 973s Initialized: no 973s User PIN init.: no 973s Label: 973s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 973s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-4936 -in /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 973s writing RSA key 973s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 973s + rm /tmp/sssd-softhsm2-certs-TuuZGK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 973s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 973s Object 0: 973s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=755936af4c10f0b2;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 973s Type: X.509 Certificate (RSA-1024) 973s Expires: Sat Jun 14 15:10:12 2025 973s Label: Test Organization Intermediate Trusted Certificate 0001 973s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 973s 973s Test Organization Interme Token 973s + echo 'Test Organization Interme Token' 973s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29959 973s + local certificate=/tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 973s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29959 973s + local key_cn 973s + local key_name 973s + local tokens_dir 973s + local output_cert_file 973s + token_name= 973s ++ basename /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 973s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 973s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem 973s ++ sed -n 's/ *commonName *= //p' 973s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 973s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 973s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 973s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 973s ++ basename /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 973s + tokens_dir=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 973s + token_name='Test Organization Sub Int Token' 973s + '[' '!' -e /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 973s + local key_file 973s + local decrypted_key 973s + mkdir -p /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 973s + key_file=/tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 973s + decrypted_key=/tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 973s + cat 973s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 973s Slot 0 has a free/uninitialized token. 973s The token has been initialized and is reassigned to slot 866560131 973s + softhsm2-util --show-slots 973s Available slots: 973s Slot 866560131 973s Slot info: 973s Description: SoftHSM slot ID 0x33a6a883 973s Manufacturer ID: SoftHSM project 973s Hardware version: 2.6 973s Firmware version: 2.6 973s Token present: yes 973s Token info: 973s Manufacturer ID: SoftHSM project 973s Model: SoftHSM v2 973s Hardware version: 2.6 973s Firmware version: 2.6 973s Serial number: d9fc9eaa33a6a883 973s Initialized: yes 973s User PIN init.: yes 973s Label: Test Organization Sub Int Token 973s Slot 1 973s Slot info: 973s Description: SoftHSM slot ID 0x1 973s Manufacturer ID: SoftHSM project 973s Hardware version: 2.6 973s Firmware version: 2.6 973s Token present: yes 973s Token info: 973s Manufacturer ID: SoftHSM project 973s Model: SoftHSM v2 973s Hardware version: 2.6 973s Firmware version: 2.6 973s Serial number: 973s Initialized: no 973s User PIN init.: no 973s Label: 973s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 973s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-29959 -in /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 973s writing RSA key 973s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 973s + rm /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 973s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 973s Object 0: 973s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d9fc9eaa33a6a883;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 973s Type: X.509 Certificate (RSA-1024) 973s Expires: Sat Jun 14 15:10:13 2025 973s Label: Test Organization Sub Intermediate Trusted Certificate 0001 973s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 973s 973s + echo 'Test Organization Sub Int Token' 973s Test Organization Sub Int Token 973s Certificates generation completed! 973s + echo 'Certificates generation completed!' 973s + exit 0 973s + find /tmp/sssd-softhsm2-certs-TuuZGK -type d -exec chmod 777 '{}' ';' 973s + find /tmp/sssd-softhsm2-certs-TuuZGK -type f -exec chmod 666 '{}' ';' 973s + backup_file /etc/sssd/sssd.conf 973s + '[' -z '' ']' 973s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 973s + backupsdir=/tmp/sssd-softhsm2-backups-E8rqIo 973s + '[' -e /etc/sssd/sssd.conf ']' 973s + delete_paths+=("$1") 973s + rm -f /etc/sssd/sssd.conf 974s ++ runuser -u ubuntu -- sh -c 'echo ~' 974s + user_home=/home/ubuntu 974s + mkdir -p /home/ubuntu 974s + chown ubuntu:ubuntu /home/ubuntu 974s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 974s + user_config=/home/ubuntu/.config 974s + system_config=/etc 974s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 974s + for path_pair in "${softhsm2_conf_paths[@]}" 974s + IFS=: 974s + read -r -a path 974s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 974s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 974s + '[' -z /tmp/sssd-softhsm2-backups-E8rqIo ']' 974s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 974s + delete_paths+=("$1") 974s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 974s + for path_pair in "${softhsm2_conf_paths[@]}" 974s + IFS=: 974s + read -r -a path 974s + path=/etc/softhsm/softhsm2.conf 974s + backup_file /etc/softhsm/softhsm2.conf 974s + '[' -z /tmp/sssd-softhsm2-backups-E8rqIo ']' 974s + '[' -e /etc/softhsm/softhsm2.conf ']' 974s ++ dirname /etc/softhsm/softhsm2.conf 974s + local back_dir=/tmp/sssd-softhsm2-backups-E8rqIo//etc/softhsm 974s ++ basename /etc/softhsm/softhsm2.conf 974s + local back_path=/tmp/sssd-softhsm2-backups-E8rqIo//etc/softhsm/softhsm2.conf 974s + '[' '!' -e /tmp/sssd-softhsm2-backups-E8rqIo//etc/softhsm/softhsm2.conf ']' 974s + mkdir -p /tmp/sssd-softhsm2-backups-E8rqIo//etc/softhsm 974s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-E8rqIo//etc/softhsm/softhsm2.conf 974s + restore_paths+=("$back_path") 974s + rm -f /etc/softhsm/softhsm2.conf 974s + test_authentication login /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem 974s + pam_service=login 974s + certificate_config=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-root-CA-trusted-certificate-0001.conf 974s + ca_db=/tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem 974s + verification_options= 974s + mkdir -p -m 700 /etc/sssd 974s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 974s Using CA DB '/tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem' with verification options: '' 974s + cat 974s + chmod 600 /etc/sssd/sssd.conf 974s + for path_pair in "${softhsm2_conf_paths[@]}" 974s + IFS=: 974s + read -r -a path 974s + user=ubuntu 974s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 974s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 974s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 974s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 974s + runuser -u ubuntu -- softhsm2-util --show-slots 974s + grep 'Test Organization' 974s Label: Test Organization Root Tr Token 974s + for path_pair in "${softhsm2_conf_paths[@]}" 974s + IFS=: 974s + read -r -a path 974s + user=root 974s + path=/etc/softhsm/softhsm2.conf 974s ++ dirname /etc/softhsm/softhsm2.conf 974s + runuser -u root -- mkdir -p /etc/softhsm 974s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 974s + runuser -u root -- softhsm2-util --show-slots 974s + grep 'Test Organization' 974s Label: Test Organization Root Tr Token 974s + systemctl restart sssd 975s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 976s + for alternative in "${alternative_pam_configs[@]}" 976s + pam-auth-update --enable sss-smart-card-optional 977s + cat /etc/pam.d/common-auth 977s # 977s # /etc/pam.d/common-auth - authentication settings common to all services 977s # 977s # This file is included from other service-specific PAM config files, 977s # and should contain a list of the authentication modules that define 977s # the central authentication scheme for use on the system 977s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 977s # traditional Unix authentication mechanisms. 977s # 977s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 977s # To take advantage of this, it is recommended that you configure any 977s # local modules either before or after the default block, and use 977s # pam-auth-update to manage selection of other modules. See 977s # pam-auth-update(8) for details. 977s 977s # here are the per-package modules (the "Primary" block) 977s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 977s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 977s auth [success=1 default=ignore] pam_sss.so use_first_pass 977s # here's the fallback if no module succeeds 977s auth requisite pam_deny.so 977s # prime the stack with a positive return value if there isn't one already; 977s # this avoids us returning an error just because nothing sets a success code 977s # since the modules above will each just jump around 977s auth required pam_permit.so 977s # and here are more per-package modules (the "Additional" block) 977s auth optional pam_cap.so 977s # end of pam-auth-update config 977s + echo -n -e 123456 977s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 977s pamtester: invoking pam_start(login, ubuntu, ...) 977s pamtester: performing operation - authenticate 977s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 978s + echo -n -e 123456 978s + runuser -u ubuntu -- pamtester -v login '' authenticate 978s pamtester: invoking pam_start(login, , ...) 978s pamtester: performing operation - authenticate 978s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 978s + echo -n -e wrong123456 978s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 978s pamtester: invoking pam_start(login, ubuntu, ...) 978s pamtester: performing operation - authenticate 981s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 982s + echo -n -e wrong123456 982s + runuser -u ubuntu -- pamtester -v login '' authenticate 982s pamtester: invoking pam_start(login, , ...) 982s pamtester: performing operation - authenticate 985s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 985s + echo -n -e 123456 985s + pamtester -v login root authenticate 985s pamtester: invoking pam_start(login, root, ...) 985s pamtester: performing operation - authenticate 988s Password: pamtester: Authentication failure 988s + for alternative in "${alternative_pam_configs[@]}" 988s + pam-auth-update --enable sss-smart-card-required 989s PAM configuration 989s ----------------- 989s 989s Incompatible PAM profiles selected. 989s 989s The following PAM profiles cannot be used together: 989s 989s SSS required smart card authentication, SSS optional smart card 989s authentication 989s 989s Please select a different set of modules to enable. 989s 989s + cat /etc/pam.d/common-auth 989s # 989s # /etc/pam.d/common-auth - authentication settings common to all services 989s # 989s # This file is included from other service-specific PAM config files, 989s # and should contain a list of the authentication modules that define 989s # the central authentication scheme for use on the system 989s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 989s # traditional Unix authentication mechanisms. 989s # 989s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 989s # To take advantage of this, it is recommended that you configure any 989s # local modules either before or after the default block, and use 989s # pam-auth-update to manage selection of other modules. See 989s # pam-auth-update(8) for details. 989s 989s # here are the per-package modules (the "Primary" block) 989s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 989s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 989s auth [success=1 default=ignore] pam_sss.so use_first_pass 989s # here's the fallback if no module succeeds 989s auth requisite pam_deny.so 989s # prime the stack with a positive return value if there isn't one already; 989s # this avoids us returning an error just because nothing sets a success code 989s # since the modules above will each just jump around 989s auth required pam_permit.so 989s # and here are more per-package modules (the "Additional" block) 989s auth optional pam_cap.so 989s # end of pam-auth-update config 989s + echo -n -e 123456 989s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 989s pamtester: invoking pam_start(login, ubuntu, ...) 989s pamtester: performing operation - authenticate 989s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 989s + echo -n -e 123456 989s + runuser -u ubuntu -- pamtester -v login '' authenticate 989s pamtester: invoking pam_start(login, , ...) 989s pamtester: performing operation - authenticate 990s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 990s + echo -n -e wrong123456 990s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 990s pamtester: invoking pam_start(login, ubuntu, ...) 990s pamtester: performing operation - authenticate 993s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 993s + echo -n -e wrong123456 993s + runuser -u ubuntu -- pamtester -v login '' authenticate 993s pamtester: invoking pam_start(login, , ...) 993s pamtester: performing operation - authenticate 996s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 996s + echo -n -e 123456 996s + pamtester -v login root authenticate 996s pamtester: invoking pam_start(login, root, ...) 996s pamtester: performing operation - authenticate 1000s pamtester: Authentication service cannot retrieve authentication info 1000s + test_authentication login /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem 1000s Using CA DB '/tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem' with verification options: '' 1000s + pam_service=login 1000s + certificate_config=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1000s + ca_db=/tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem 1000s + verification_options= 1000s + mkdir -p -m 700 /etc/sssd 1000s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-TuuZGK/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 1000s + cat 1000s + chmod 600 /etc/sssd/sssd.conf 1000s + for path_pair in "${softhsm2_conf_paths[@]}" 1000s + IFS=: 1000s + read -r -a path 1000s + user=ubuntu 1000s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1000s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 1000s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 1000s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 1000s + runuser -u ubuntu -- softhsm2-util --show-slots 1000s + grep 'Test Organization' 1000s + for path_pair in "${softhsm2_conf_paths[@]}" 1000s + IFS=: 1000s + read -r -a path 1000s + user=root 1000s + path=/etc/softhsm/softhsm2.conf 1000s Label: Test Organization Sub Int Token 1000s ++ dirname /etc/softhsm/softhsm2.conf 1000s + runuser -u root -- mkdir -p /etc/softhsm 1000s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 1000s + runuser -u root -- softhsm2-util --show-slots 1000s + grep 'Test Organization' 1001s Label: Test Organization Sub Int Token 1001s + systemctl restart sssd 1001s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1001s + for alternative in "${alternative_pam_configs[@]}" 1001s + pam-auth-update --enable sss-smart-card-optional 1002s + cat /etc/pam.d/common-auth 1002s # 1002s # /etc/pam.d/common-auth - authentication settings common to all services 1002s # 1002s # This file is included from other service-specific PAM config files, 1002s # and should contain a list of the authentication modules that define 1002s # the central authentication scheme for use on the system 1002s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1002s # traditional Unix authentication mechanisms. 1002s # 1002s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1002s # To take advantage of this, it is recommended that you configure any 1002s # local modules either before or after the default block, and use 1002s # pam-auth-update to manage selection of other modules. See 1002s # pam-auth-update(8) for details. 1002s 1002s # here are the per-package modules (the "Primary" block) 1002s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 1002s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1002s auth [success=1 default=ignore] pam_sss.so use_first_pass 1002s # here's the fallback if no module succeeds 1002s auth requisite pam_deny.so 1002s # prime the stack with a positive return value if there isn't one already; 1002s # this avoids us returning an error just because nothing sets a success code 1002s # since the modules above will each just jump around 1002s auth required pam_permit.so 1002s # and here are more per-package modules (the "Additional" block) 1002s auth optional pam_cap.so 1002s # end of pam-auth-update config 1002s + echo -n -e 123456 1002s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1002s pamtester: invoking pam_start(login, ubuntu, ...) 1002s pamtester: performing operation - authenticate 1002s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1002s + echo -n -e 123456 1002s + runuser -u ubuntu -- pamtester -v login '' authenticate 1002s pamtester: invoking pam_start(login, , ...) 1002s pamtester: performing operation - authenticate 1002s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1002s + echo -n -e wrong123456 1002s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1002s pamtester: invoking pam_start(login, ubuntu, ...) 1002s pamtester: performing operation - authenticate 1005s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1005s + echo -n -e wrong123456 1005s + runuser -u ubuntu -- pamtester -v login '' authenticate 1005s pamtester: invoking pam_start(login, , ...) 1005s pamtester: performing operation - authenticate 1008s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1008s + echo -n -e 123456 1008s + pamtester -v login root authenticate 1008s pamtester: invoking pam_start(login, root, ...) 1008s pamtester: performing operation - authenticate 1012s Password: pamtester: Authentication failure 1012s + for alternative in "${alternative_pam_configs[@]}" 1012s + pam-auth-update --enable sss-smart-card-required 1012s PAM configuration 1012s ----------------- 1012s 1012s Incompatible PAM profiles selected. 1012s 1012s The following PAM profiles cannot be used together: 1012s 1012s SSS required smart card authentication, SSS optional smart card 1012s authentication 1012s 1012s Please select a different set of modules to enable. 1012s 1012s + cat /etc/pam.d/common-auth 1012s # 1012s # /etc/pam.d/common-auth - authentication settings common to all services 1012s # 1012s # This file is included from other service-specific PAM config files, 1012s # and should contain a list of the authentication modules that define 1012s # the central authentication scheme for use on the system 1012s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1012s # traditional Unix authentication mechanisms. 1012s # 1012s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1012s # To take advantage of this, it is recommended that you configure any 1012s # local modules either before or after the default block, and use 1012s # pam-auth-update to manage selection of other modules. See 1012s # pam-auth-update(8) for details. 1012s 1012s # here are the per-package modules (the "Primary" block) 1012s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 1012s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1012s auth [success=1 default=ignore] pam_sss.so use_first_pass 1012s # here's the fallback if no module succeeds 1012s auth requisite pam_deny.so 1012s # prime the stack with a positive return value if there isn't one already; 1012s # this avoids us returning an error just because nothing sets a success code 1012s # since the modules above will each just jump around 1012s auth required pam_permit.so 1012s # and here are more per-package modules (the "Additional" block) 1012s auth optional pam_cap.so 1012s # end of pam-auth-update config 1012s + echo -n -e 123456 1012s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1012s pamtester: invoking pam_start(login, ubuntu, ...) 1012s pamtester: performing operation - authenticate 1012s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1012s + echo -n -e 123456 1012s + runuser -u ubuntu -- pamtester -v login '' authenticate 1012s pamtester: invoking pam_start(login, , ...) 1012s pamtester: performing operation - authenticate 1012s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1012s + echo -n -e wrong123456 1012s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1012s pamtester: invoking pam_start(login, ubuntu, ...) 1012s pamtester: performing operation - authenticate 1015s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1015s + echo -n -e wrong123456 1015s + runuser -u ubuntu -- pamtester -v login '' authenticate 1015s pamtester: invoking pam_start(login, , ...) 1015s pamtester: performing operation - authenticate 1019s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1019s + echo -n -e 123456 1019s + pamtester -v login root authenticate 1019s pamtester: invoking pam_start(login, root, ...) 1019s pamtester: performing operation - authenticate 1023s pamtester: Authentication service cannot retrieve authentication info 1023s + test_authentication login /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem partial_chain 1023s + pam_service=login 1023s + certificate_config=/tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1023s + ca_db=/tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem 1023s + verification_options=partial_chain 1023s + mkdir -p -m 700 /etc/sssd 1023s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 1023s + cat 1023s Using CA DB '/tmp/sssd-softhsm2-certs-TuuZGK/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 1023s + chmod 600 /etc/sssd/sssd.conf 1023s + for path_pair in "${softhsm2_conf_paths[@]}" 1023s + IFS=: 1023s + read -r -a path 1023s + user=ubuntu 1023s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1023s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 1023s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 1023s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 1023s + runuser -u ubuntu -- softhsm2-util --show-slots 1023s + grep 'Test Organization' 1023s Label: Test Organization Sub Int Token 1023s + for path_pair in "${softhsm2_conf_paths[@]}" 1023s + IFS=: 1023s + read -r -a path 1023s + user=root 1023s + path=/etc/softhsm/softhsm2.conf 1023s ++ dirname /etc/softhsm/softhsm2.conf 1023s + runuser -u root -- mkdir -p /etc/softhsm 1023s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-TuuZGK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 1023s + runuser -u root -- softhsm2-util --show-slots 1023s + grep 'Test Organization' 1023s Label: Test Organization Sub Int Token 1023s + systemctl restart sssd 1024s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1025s + for alternative in "${alternative_pam_configs[@]}" 1025s + pam-auth-update --enable sss-smart-card-optional 1025s + cat /etc/pam.d/common-auth 1025s # 1025s # /etc/pam.d/common-auth - authentication settings common to all services 1025s # 1025s # This file is included from other service-specific PAM config files, 1025s # and should contain a list of the authentication modules that define 1025s # the central authentication scheme for use on the system 1025s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1025s # traditional Unix authentication mechanisms. 1025s # 1025s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1025s # To take advantage of this, it is recommended that you configure any 1025s # local modules either before or after the default block, and use 1025s # pam-auth-update to manage selection of other modules. See 1025s # pam-auth-update(8) for details. 1025s 1025s # here are the per-package modules (the "Primary" block) 1025s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 1025s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1025s auth [success=1 default=ignore] pam_sss.so use_first_pass 1025s # here's the fallback if no module succeeds 1025s auth requisite pam_deny.so 1025s # prime the stack with a positive return value if there isn't one already; 1025s # this avoids us returning an error just because nothing sets a success code 1025s # since the modules above will each just jump around 1025s auth required pam_permit.so 1025s # and here are more per-package modules (the "Additional" block) 1025s auth optional pam_cap.so 1025s # end of pam-auth-update config 1025s + echo -n -e 123456 1025s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1025s pamtester: invoking pam_start(login, ubuntu, ...) 1025s pamtester: performing operation - authenticate 1025s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1025s + echo -n -e 123456 1025s + runuser -u ubuntu -- pamtester -v login '' authenticate 1025s pamtester: invoking pam_start(login, , ...) 1025s pamtester: performing operation - authenticate 1026s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1026s + echo -n -e wrong123456 1026s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1026s pamtester: invoking pam_start(login, ubuntu, ...) 1026s pamtester: performing operation - authenticate 1029s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1029s + echo -n -e wrong123456 1029s + runuser -u ubuntu -- pamtester -v login '' authenticate 1029s pamtester: invoking pam_start(login, , ...) 1029s pamtester: performing operation - authenticate 1032s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 1032s + echo -n -e 123456 1032s + pamtester -v login root authenticate 1032s pamtester: invoking pam_start(login, root, ...) 1032s pamtester: performing operation - authenticate 1036s Password: pamtester: Authentication failure 1036s + for alternative in "${alternative_pam_configs[@]}" 1036s + pam-auth-update --enable sss-smart-card-required 1036s PAM configuration 1036s ----------------- 1036s 1036s Incompatible PAM profiles selected. 1036s 1036s The following PAM profiles cannot be used together: 1036s 1036s SSS required smart card authentication, SSS optional smart card 1036s authentication 1036s 1036s Please select a different set of modules to enable. 1036s 1036s + cat /etc/pam.d/common-auth 1036s # 1036s # /etc/pam.d/common-auth - authentication settings common to all services 1036s # 1036s # This file is included from other service-specific PAM config files, 1036s # and should contain a list of the authentication modules that define 1036s # the central authentication scheme for use on the system 1036s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1036s # traditional Unix authentication mechanisms. 1036s # 1036s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1036s # To take advantage of this, it is recommended that you configure any 1036s # local modules either before or after the default block, and use 1036s # pam-auth-update to manage selection of other modules. See 1036s # pam-auth-update(8) for details. 1036s 1036s # here are the per-package modules (the "Primary" block) 1036s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 1036s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1036s auth [success=1 default=ignore] pam_sss.so use_first_pass 1036s # here's the fallback if no module succeeds 1036s auth requisite pam_deny.so 1036s # prime the stack with a positive return value if there isn't one already; 1036s # this avoids us returning an error just because nothing sets a success code 1036s # since the modules above will each just jump around 1036s auth required pam_permit.so 1036s # and here are more per-package modules (the "Additional" block) 1036s auth optional pam_cap.so 1036s # end of pam-auth-update config 1036s + echo -n -e 123456 1036s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1036s pamtester: invoking pam_start(login, ubuntu, ...) 1036s pamtester: performing operation - authenticate 1036s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1036s + echo -n -e 123456 1036s + runuser -u ubuntu -- pamtester -v login '' authenticate 1036s pamtester: invoking pam_start(login, , ...) 1036s pamtester: performing operation - authenticate 1036s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 1036s + echo -n -e wrong123456 1036s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1036s pamtester: invoking pam_start(login, ubuntu, ...) 1036s pamtester: performing operation - authenticate 1040s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1040s + echo -n -e wrong123456 1040s + runuser -u ubuntu -- pamtester -v login '' authenticate 1040s pamtester: invoking pam_start(login, , ...) 1040s pamtester: performing operation - authenticate 1042s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 1042s + echo -n -e 123456 1042s + pamtester -v login root authenticate 1042s pamtester: invoking pam_start(login, root, ...) 1042s pamtester: performing operation - authenticate 1045s pamtester: Authentication service cannot retrieve authentication info 1045s + handle_exit 1045s + exit_code=0 1045s + restore_changes 1045s + for path in "${restore_paths[@]}" 1045s + local original_path 1045s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-E8rqIo /tmp/sssd-softhsm2-backups-E8rqIo//etc/softhsm/softhsm2.conf 1045s + original_path=/etc/softhsm/softhsm2.conf 1045s + rm /etc/softhsm/softhsm2.conf 1045s + mv /tmp/sssd-softhsm2-backups-E8rqIo//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 1045s + for path in "${delete_paths[@]}" 1045s + rm -f /etc/sssd/sssd.conf 1045s + for path in "${delete_paths[@]}" 1045s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 1045s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1047s + '[' -e /etc/sssd/sssd.conf ']' 1047s + systemctl stop sssd 1048s + '[' -e /etc/softhsm/softhsm2.conf ']' 1048s + chmod 600 /etc/softhsm/softhsm2.conf 1048s + rm -rf /tmp/sssd-softhsm2-certs-TuuZGK 1048s + '[' 0 = 0 ']' 1048s + rm -rf /tmp/sssd-softhsm2-backups-E8rqIo 1048s + set +x 1048s Script completed successfully! 1050s autopkgtest [15:11:31]: test sssd-smart-card-pam-auth-configs: -----------------------] 1054s autopkgtest [15:11:35]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 1054s sssd-smart-card-pam-auth-configs PASS 1058s autopkgtest [15:11:39]: @@@@@@@@@@@@@@@@@@@@ summary 1058s ldap-user-group-ldap-auth PASS 1058s ldap-user-group-krb5-auth PASS 1058s sssd-softhism2-certificates-tests.sh PASS 1058s sssd-smart-card-pam-auth-configs PASS