0s autopkgtest [11:53:14]: starting date and time: 2025-01-19 11:53:14+0000 0s autopkgtest [11:53:14]: git checkout: 325255d2 Merge branch 'pin-any-arch' into 'ubuntu/production' 0s autopkgtest [11:53:14]: host juju-7f2275-prod-proposed-migration-environment-20; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.1cmt6w9f/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:krb5 --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=krb5/1.21.3-4 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor builder-cpu2-ram4-disk20 --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-20@bos03-24.secgroup --name adt-plucky-amd64-sssd-20250119-115314-juju-7f2275-prod-proposed-migration-environment-20-3bd26888-70e6-4b16-925f-3a3bfd8d8493 --image adt/ubuntu-plucky-amd64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-20 --net-id=net_prod-proposed-migration-amd64 -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com,radosgw.ps5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 51s autopkgtest [11:54:05]: testbed dpkg architecture: amd64 51s autopkgtest [11:54:05]: testbed apt version: 2.9.18 51s autopkgtest [11:54:05]: @@@@@@@@@@@@@@@@@@@@ test bed setup 51s autopkgtest [11:54:05]: testbed release detected to be: None 52s autopkgtest [11:54:06]: updating testbed package index (apt update) 52s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 53s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 53s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 53s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 53s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 53s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [795 kB] 53s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [14.6 kB] 53s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [146 kB] 53s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 Packages [276 kB] 53s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/main i386 Packages [189 kB] 53s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/restricted i386 Packages [2408 B] 53s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/restricted amd64 Packages [40.1 kB] 53s Get:13 http://ftpmaster.internal/ubuntu plucky-proposed/universe amd64 Packages [914 kB] 53s Get:14 http://ftpmaster.internal/ubuntu plucky-proposed/universe i386 Packages [393 kB] 53s Get:15 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse amd64 Packages [24.6 kB] 53s Get:16 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse i386 Packages [4116 B] 53s Fetched 2881 kB in 1s (3021 kB/s) 54s Reading package lists... 55s Reading package lists... 55s Building dependency tree... 55s Reading state information... 55s Calculating upgrade... 55s The following packages will be upgraded: 55s gir1.2-glib-2.0 libglib2.0-0t64 libglib2.0-bin libglib2.0-data 55s python3.13-gdbm 55s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 55s Need to get 2025 kB of archives. 55s After this operation, 0 B of additional disk space will be used. 55s Get:1 http://ftpmaster.internal/ubuntu plucky/main amd64 libglib2.0-data all 2.82.4-2 [52.3 kB] 55s Get:2 http://ftpmaster.internal/ubuntu plucky/main amd64 libglib2.0-bin amd64 2.82.4-2 [103 kB] 56s Get:3 http://ftpmaster.internal/ubuntu plucky/main amd64 gir1.2-glib-2.0 amd64 2.82.4-2 [182 kB] 56s Get:4 http://ftpmaster.internal/ubuntu plucky/main amd64 libglib2.0-0t64 amd64 2.82.4-2 [1656 kB] 56s Get:5 http://ftpmaster.internal/ubuntu plucky/main amd64 python3.13-gdbm amd64 3.13.1-3 [31.7 kB] 56s Fetched 2025 kB in 1s (3254 kB/s) 56s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 89449 files and directories currently installed.) 56s Preparing to unpack .../libglib2.0-data_2.82.4-2_all.deb ... 56s Unpacking libglib2.0-data (2.82.4-2) over (2.82.4-1) ... 56s Preparing to unpack .../libglib2.0-bin_2.82.4-2_amd64.deb ... 56s Unpacking libglib2.0-bin (2.82.4-2) over (2.82.4-1) ... 56s Preparing to unpack .../gir1.2-glib-2.0_2.82.4-2_amd64.deb ... 56s Unpacking gir1.2-glib-2.0:amd64 (2.82.4-2) over (2.82.4-1) ... 56s Preparing to unpack .../libglib2.0-0t64_2.82.4-2_amd64.deb ... 56s Unpacking libglib2.0-0t64:amd64 (2.82.4-2) over (2.82.4-1) ... 56s Preparing to unpack .../python3.13-gdbm_3.13.1-3_amd64.deb ... 56s Unpacking python3.13-gdbm (3.13.1-3) over (3.13.1-2) ... 56s Setting up libglib2.0-0t64:amd64 (2.82.4-2) ... 56s No schema files found: doing nothing. 56s Setting up libglib2.0-data (2.82.4-2) ... 56s Setting up gir1.2-glib-2.0:amd64 (2.82.4-2) ... 56s Setting up python3.13-gdbm (3.13.1-3) ... 56s Setting up libglib2.0-bin (2.82.4-2) ... 56s Processing triggers for libc-bin (2.40-4ubuntu1) ... 57s Processing triggers for man-db (2.13.0-1) ... 58s 58s Running kernel seems to be up-to-date. 58s 58s Restarting services... 58s systemctl restart packagekit.service polkit.service udisks2.service 58s 58s Service restarts being deferred: 58s systemctl restart ModemManager.service 58s 58s No containers need to be restarted. 58s 58s No user sessions are running outdated binaries. 58s 58s No VM guests are running outdated hypervisor (qemu) binaries on this host. 59s Reading package lists... 59s Building dependency tree... 59s Reading state information... 59s 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. 59s autopkgtest [11:54:13]: upgrading testbed (apt dist-upgrade and autopurge) 60s Reading package lists... 60s Building dependency tree... 60s Reading state information... 60s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 60s Starting 2 pkgProblemResolver with broken count: 0 60s Done 61s Entering ResolveByKeep 61s 61s The following packages will be upgraded: 61s krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 61s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 61s Need to get 686 kB of archives. 61s After this operation, 229 kB of additional disk space will be used. 61s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 krb5-locales all 1.21.3-4 [14.5 kB] 61s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libgssapi-krb5-2 amd64 1.21.3-4 [159 kB] 61s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libkrb5-3 amd64 1.21.3-4 [386 kB] 61s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libkrb5support0 amd64 1.21.3-4 [35.2 kB] 61s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libk5crypto3 amd64 1.21.3-4 [90.6 kB] 62s Fetched 686 kB in 1s (1260 kB/s) 62s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 89449 files and directories currently installed.) 62s Preparing to unpack .../krb5-locales_1.21.3-4_all.deb ... 62s Unpacking krb5-locales (1.21.3-4) over (1.21.3-3) ... 62s Preparing to unpack .../libgssapi-krb5-2_1.21.3-4_amd64.deb ... 62s Unpacking libgssapi-krb5-2:amd64 (1.21.3-4) over (1.21.3-3) ... 62s Preparing to unpack .../libkrb5-3_1.21.3-4_amd64.deb ... 62s Unpacking libkrb5-3:amd64 (1.21.3-4) over (1.21.3-3) ... 62s Preparing to unpack .../libkrb5support0_1.21.3-4_amd64.deb ... 62s Unpacking libkrb5support0:amd64 (1.21.3-4) over (1.21.3-3) ... 62s Preparing to unpack .../libk5crypto3_1.21.3-4_amd64.deb ... 62s Unpacking libk5crypto3:amd64 (1.21.3-4) over (1.21.3-3) ... 62s Setting up krb5-locales (1.21.3-4) ... 62s Setting up libkrb5support0:amd64 (1.21.3-4) ... 62s Setting up libk5crypto3:amd64 (1.21.3-4) ... 62s Setting up libkrb5-3:amd64 (1.21.3-4) ... 62s Setting up libgssapi-krb5-2:amd64 (1.21.3-4) ... 62s Processing triggers for libc-bin (2.40-4ubuntu1) ... 62s 62s Running kernel seems to be up-to-date. 62s 62s Restarting services... 62s systemctl restart packagekit.service ssh.service 62s 62s No containers need to be restarted. 62s 62s User sessions running outdated binaries: 62s ubuntu @ session #4: sshd-session[1215] 62s 62s No VM guests are running outdated hypervisor (qemu) binaries on this host. 64s Reading package lists... 64s Building dependency tree... 64s Reading state information... 64s Starting pkgProblemResolver with broken count: 0 64s Starting 2 pkgProblemResolver with broken count: 0 64s Done 64s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 67s autopkgtest [11:54:21]: testbed running kernel: Linux 6.11.0-8-generic #8-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 16 13:41:20 UTC 2024 67s autopkgtest [11:54:21]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 81s Get:1 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (dsc) [5048 B] 81s Get:2 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (tar) [8002 kB] 81s Get:3 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (diff) [49.2 kB] 81s gpgv: Signature made Wed Jul 3 23:54:05 2024 UTC 81s gpgv: using RSA key 8AFD08D3D1B817B2DF8982F501AC4B4083590A98 81s gpgv: Can't check signature: No public key 81s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.5-3ubuntu2.dsc: no acceptable signature found 82s autopkgtest [11:54:36]: testing package sssd version 2.9.5-3ubuntu2 86s autopkgtest [11:54:40]: build not needed 94s autopkgtest [11:54:48]: test ldap-user-group-ldap-auth: preparing testbed 94s Reading package lists... 94s Building dependency tree... 94s Reading state information... 94s Starting pkgProblemResolver with broken count: 0 94s Starting 2 pkgProblemResolver with broken count: 0 94s Done 95s The following NEW packages will be installed: 95s expect ldap-utils libargon2-1 libavahi-client3 libavahi-common-data 95s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 95s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 95s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 95s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 95s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 95s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 95s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtdb1 95s libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 95s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 95s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 95s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 95s tcl-expect 95s 0 upgraded, 63 newly installed, 0 to remove and 0 not upgraded. 95s Need to get 12.2 MB of archives. 95s After this operation, 46.3 MB of additional disk space will be used. 95s Get:1 http://ftpmaster.internal/ubuntu plucky/main amd64 libargon2-1 amd64 0~20190702+dfsg-4build1 [20.8 kB] 95s Get:2 http://ftpmaster.internal/ubuntu plucky/main amd64 libltdl7 amd64 2.4.7-8 [43.9 kB] 95s Get:3 http://ftpmaster.internal/ubuntu plucky/main amd64 libodbc2 amd64 2.3.12-1ubuntu1 [158 kB] 95s Get:4 http://ftpmaster.internal/ubuntu plucky/main amd64 slapd amd64 2.6.8+dfsg-1~exp4ubuntu3 [1570 kB] 95s Get:5 http://ftpmaster.internal/ubuntu plucky/universe amd64 tcl-expect amd64 5.45.4-3 [110 kB] 95s Get:6 http://ftpmaster.internal/ubuntu plucky/universe amd64 expect amd64 5.45.4-3 [137 kB] 95s Get:7 http://ftpmaster.internal/ubuntu plucky/main amd64 ldap-utils amd64 2.6.8+dfsg-1~exp4ubuntu3 [153 kB] 95s Get:8 http://ftpmaster.internal/ubuntu plucky/main amd64 libavahi-common-data amd64 0.8-14ubuntu1 [30.5 kB] 95s Get:9 http://ftpmaster.internal/ubuntu plucky/main amd64 libavahi-common3 amd64 0.8-14ubuntu1 [23.3 kB] 95s Get:10 http://ftpmaster.internal/ubuntu plucky/main amd64 libavahi-client3 amd64 0.8-14ubuntu1 [27.5 kB] 95s Get:11 http://ftpmaster.internal/ubuntu plucky/main amd64 libbasicobjects0t64 amd64 0.6.2-3 [5878 B] 95s Get:12 http://ftpmaster.internal/ubuntu plucky/main amd64 libcares2 amd64 1.34.4-2.1 [109 kB] 95s Get:13 http://ftpmaster.internal/ubuntu plucky/main amd64 libcollection4t64 amd64 0.6.2-3 [31.1 kB] 95s Get:14 http://ftpmaster.internal/ubuntu plucky/main amd64 libcrack2 amd64 2.9.6-5.2 [29.3 kB] 95s Get:15 http://ftpmaster.internal/ubuntu plucky/main amd64 libdhash1t64 amd64 0.6.2-3 [8792 B] 95s Get:16 http://ftpmaster.internal/ubuntu plucky/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-10 [144 kB] 95s Get:17 http://ftpmaster.internal/ubuntu plucky/main amd64 libpath-utils1t64 amd64 0.6.2-3 [8810 B] 95s Get:18 http://ftpmaster.internal/ubuntu plucky/main amd64 libref-array1t64 amd64 0.6.2-3 [7396 B] 95s Get:19 http://ftpmaster.internal/ubuntu plucky/main amd64 libini-config5t64 amd64 0.6.2-3 [43.9 kB] 95s Get:20 http://ftpmaster.internal/ubuntu plucky/main amd64 libipa-hbac0t64 amd64 2.9.5-3ubuntu2 [18.0 kB] 95s Get:21 http://ftpmaster.internal/ubuntu plucky/universe amd64 libjose0 amd64 14-1 [45.2 kB] 95s Get:22 http://ftpmaster.internal/ubuntu plucky/main amd64 libverto-libevent1t64 amd64 0.3.1-1.2ubuntu3 [6424 B] 95s Get:23 http://ftpmaster.internal/ubuntu plucky/main amd64 libverto1t64 amd64 0.3.1-1.2ubuntu3 [10.5 kB] 95s Get:24 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libkrad0 amd64 1.21.3-4 [22.6 kB] 95s Get:25 http://ftpmaster.internal/ubuntu plucky/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 95s Get:26 http://ftpmaster.internal/ubuntu plucky/main amd64 libtdb1 amd64 1.4.12-1 [47.2 kB] 95s Get:27 http://ftpmaster.internal/ubuntu plucky/main amd64 libtevent0t64 amd64 0.16.1-3 [42.7 kB] 96s Get:28 http://ftpmaster.internal/ubuntu plucky/main amd64 libldb2 amd64 2:2.9.1+samba4.20.4+dfsg-1ubuntu3 [197 kB] 96s Get:29 http://ftpmaster.internal/ubuntu plucky/main amd64 libnfsidmap1 amd64 1:2.6.4-4ubuntu1 [48.3 kB] 96s Get:30 http://ftpmaster.internal/ubuntu plucky/universe amd64 libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 96s Get:31 http://ftpmaster.internal/ubuntu plucky/main amd64 libpwquality-common all 1.4.5-3build1 [7748 B] 96s Get:32 http://ftpmaster.internal/ubuntu plucky/main amd64 libpwquality1 amd64 1.4.5-3build1 [13.5 kB] 96s Get:33 http://ftpmaster.internal/ubuntu plucky/main amd64 libpam-pwquality amd64 1.4.5-3build1 [11.7 kB] 96s Get:34 http://ftpmaster.internal/ubuntu plucky/main amd64 libwbclient0 amd64 2:4.20.4+dfsg-1ubuntu3 [75.9 kB] 96s Get:35 http://ftpmaster.internal/ubuntu plucky/main amd64 samba-libs amd64 2:4.20.4+dfsg-1ubuntu3 [6395 kB] 96s Get:36 http://ftpmaster.internal/ubuntu plucky/main amd64 libsmbclient0 amd64 2:4.20.4+dfsg-1ubuntu3 [63.7 kB] 96s Get:37 http://ftpmaster.internal/ubuntu plucky/main amd64 libnss-sss amd64 2.9.5-3ubuntu2 [32.1 kB] 96s Get:38 http://ftpmaster.internal/ubuntu plucky/main amd64 libpam-sss amd64 2.9.5-3ubuntu2 [51.0 kB] 96s Get:39 http://ftpmaster.internal/ubuntu plucky/main amd64 python3-sss amd64 2.9.5-3ubuntu2 [47.6 kB] 96s Get:40 http://ftpmaster.internal/ubuntu plucky/main amd64 libsss-certmap0 amd64 2.9.5-3ubuntu2 [47.6 kB] 96s Get:41 http://ftpmaster.internal/ubuntu plucky/main amd64 libsss-idmap0 amd64 2.9.5-3ubuntu2 [22.3 kB] 96s Get:42 http://ftpmaster.internal/ubuntu plucky/main amd64 libsss-nss-idmap0 amd64 2.9.5-3ubuntu2 [30.9 kB] 96s Get:43 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-common amd64 2.9.5-3ubuntu2 [1140 kB] 96s Get:44 http://ftpmaster.internal/ubuntu plucky/universe amd64 sssd-idp amd64 2.9.5-3ubuntu2 [27.4 kB] 96s Get:45 http://ftpmaster.internal/ubuntu plucky/universe amd64 sssd-passkey amd64 2.9.5-3ubuntu2 [32.5 kB] 96s Get:46 http://ftpmaster.internal/ubuntu plucky/main amd64 libipa-hbac-dev amd64 2.9.5-3ubuntu2 [6670 B] 96s Get:47 http://ftpmaster.internal/ubuntu plucky/main amd64 libsss-certmap-dev amd64 2.9.5-3ubuntu2 [5734 B] 96s Get:48 http://ftpmaster.internal/ubuntu plucky/main amd64 libsss-idmap-dev amd64 2.9.5-3ubuntu2 [8384 B] 96s Get:49 http://ftpmaster.internal/ubuntu plucky/main amd64 libsss-nss-idmap-dev amd64 2.9.5-3ubuntu2 [6718 B] 96s Get:50 http://ftpmaster.internal/ubuntu plucky/universe amd64 libsss-sudo amd64 2.9.5-3ubuntu2 [21.8 kB] 96s Get:51 http://ftpmaster.internal/ubuntu plucky/universe amd64 python3-libipa-hbac amd64 2.9.5-3ubuntu2 [16.9 kB] 96s Get:52 http://ftpmaster.internal/ubuntu plucky/universe amd64 python3-libsss-nss-idmap amd64 2.9.5-3ubuntu2 [9254 B] 96s Get:53 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-ad-common amd64 2.9.5-3ubuntu2 [76.9 kB] 96s Get:54 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-krb5-common amd64 2.9.5-3ubuntu2 [88.9 kB] 96s Get:55 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-ad amd64 2.9.5-3ubuntu2 [136 kB] 96s Get:56 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-ipa amd64 2.9.5-3ubuntu2 [220 kB] 96s Get:57 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-krb5 amd64 2.9.5-3ubuntu2 [14.6 kB] 96s Get:58 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-ldap amd64 2.9.5-3ubuntu2 [31.5 kB] 96s Get:59 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-proxy amd64 2.9.5-3ubuntu2 [44.6 kB] 96s Get:60 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd amd64 2.9.5-3ubuntu2 [4118 B] 96s Get:61 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-dbus amd64 2.9.5-3ubuntu2 [104 kB] 96s Get:62 http://ftpmaster.internal/ubuntu plucky/universe amd64 sssd-kcm amd64 2.9.5-3ubuntu2 [140 kB] 96s Get:63 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-tools amd64 2.9.5-3ubuntu2 [97.8 kB] 96s Preconfiguring packages ... 96s Fetched 12.2 MB in 1s (8959 kB/s) 96s Selecting previously unselected package libargon2-1:amd64. 96s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 89449 files and directories currently installed.) 96s Preparing to unpack .../00-libargon2-1_0~20190702+dfsg-4build1_amd64.deb ... 96s Unpacking libargon2-1:amd64 (0~20190702+dfsg-4build1) ... 96s Selecting previously unselected package libltdl7:amd64. 96s Preparing to unpack .../01-libltdl7_2.4.7-8_amd64.deb ... 96s Unpacking libltdl7:amd64 (2.4.7-8) ... 96s Selecting previously unselected package libodbc2:amd64. 96s Preparing to unpack .../02-libodbc2_2.3.12-1ubuntu1_amd64.deb ... 96s Unpacking libodbc2:amd64 (2.3.12-1ubuntu1) ... 97s Selecting previously unselected package slapd. 97s Preparing to unpack .../03-slapd_2.6.8+dfsg-1~exp4ubuntu3_amd64.deb ... 97s Unpacking slapd (2.6.8+dfsg-1~exp4ubuntu3) ... 97s Selecting previously unselected package tcl-expect:amd64. 97s Preparing to unpack .../04-tcl-expect_5.45.4-3_amd64.deb ... 97s Unpacking tcl-expect:amd64 (5.45.4-3) ... 97s Selecting previously unselected package expect. 97s Preparing to unpack .../05-expect_5.45.4-3_amd64.deb ... 97s Unpacking expect (5.45.4-3) ... 97s Selecting previously unselected package ldap-utils. 97s Preparing to unpack .../06-ldap-utils_2.6.8+dfsg-1~exp4ubuntu3_amd64.deb ... 97s Unpacking ldap-utils (2.6.8+dfsg-1~exp4ubuntu3) ... 97s Selecting previously unselected package libavahi-common-data:amd64. 97s Preparing to unpack .../07-libavahi-common-data_0.8-14ubuntu1_amd64.deb ... 97s Unpacking libavahi-common-data:amd64 (0.8-14ubuntu1) ... 97s Selecting previously unselected package libavahi-common3:amd64. 97s Preparing to unpack .../08-libavahi-common3_0.8-14ubuntu1_amd64.deb ... 97s Unpacking libavahi-common3:amd64 (0.8-14ubuntu1) ... 97s Selecting previously unselected package libavahi-client3:amd64. 97s Preparing to unpack .../09-libavahi-client3_0.8-14ubuntu1_amd64.deb ... 97s Unpacking libavahi-client3:amd64 (0.8-14ubuntu1) ... 97s Selecting previously unselected package libbasicobjects0t64:amd64. 97s Preparing to unpack .../10-libbasicobjects0t64_0.6.2-3_amd64.deb ... 97s Unpacking libbasicobjects0t64:amd64 (0.6.2-3) ... 97s Selecting previously unselected package libcares2:amd64. 97s Preparing to unpack .../11-libcares2_1.34.4-2.1_amd64.deb ... 97s Unpacking libcares2:amd64 (1.34.4-2.1) ... 97s Selecting previously unselected package libcollection4t64:amd64. 97s Preparing to unpack .../12-libcollection4t64_0.6.2-3_amd64.deb ... 97s Unpacking libcollection4t64:amd64 (0.6.2-3) ... 97s Selecting previously unselected package libcrack2:amd64. 97s Preparing to unpack .../13-libcrack2_2.9.6-5.2_amd64.deb ... 97s Unpacking libcrack2:amd64 (2.9.6-5.2) ... 97s Selecting previously unselected package libdhash1t64:amd64. 97s Preparing to unpack .../14-libdhash1t64_0.6.2-3_amd64.deb ... 97s Unpacking libdhash1t64:amd64 (0.6.2-3) ... 97s Selecting previously unselected package libevent-2.1-7t64:amd64. 97s Preparing to unpack .../15-libevent-2.1-7t64_2.1.12-stable-10_amd64.deb ... 97s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-10) ... 97s Selecting previously unselected package libpath-utils1t64:amd64. 97s Preparing to unpack .../16-libpath-utils1t64_0.6.2-3_amd64.deb ... 97s Unpacking libpath-utils1t64:amd64 (0.6.2-3) ... 97s Selecting previously unselected package libref-array1t64:amd64. 97s Preparing to unpack .../17-libref-array1t64_0.6.2-3_amd64.deb ... 97s Unpacking libref-array1t64:amd64 (0.6.2-3) ... 97s Selecting previously unselected package libini-config5t64:amd64. 97s Preparing to unpack .../18-libini-config5t64_0.6.2-3_amd64.deb ... 97s Unpacking libini-config5t64:amd64 (0.6.2-3) ... 97s Selecting previously unselected package libipa-hbac0t64. 97s Preparing to unpack .../19-libipa-hbac0t64_2.9.5-3ubuntu2_amd64.deb ... 97s Unpacking libipa-hbac0t64 (2.9.5-3ubuntu2) ... 97s Selecting previously unselected package libjose0:amd64. 97s Preparing to unpack .../20-libjose0_14-1_amd64.deb ... 97s Unpacking libjose0:amd64 (14-1) ... 97s Selecting previously unselected package libverto-libevent1t64:amd64. 97s Preparing to unpack .../21-libverto-libevent1t64_0.3.1-1.2ubuntu3_amd64.deb ... 97s Unpacking libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 97s Selecting previously unselected package libverto1t64:amd64. 97s Preparing to unpack .../22-libverto1t64_0.3.1-1.2ubuntu3_amd64.deb ... 97s Unpacking libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 97s Selecting previously unselected package libkrad0:amd64. 97s Preparing to unpack .../23-libkrad0_1.21.3-4_amd64.deb ... 97s Unpacking libkrad0:amd64 (1.21.3-4) ... 97s Selecting previously unselected package libtalloc2:amd64. 97s Preparing to unpack .../24-libtalloc2_2.4.2-1build2_amd64.deb ... 97s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 97s Selecting previously unselected package libtdb1:amd64. 97s Preparing to unpack .../25-libtdb1_1.4.12-1_amd64.deb ... 97s Unpacking libtdb1:amd64 (1.4.12-1) ... 97s Selecting previously unselected package libtevent0t64:amd64. 97s Preparing to unpack .../26-libtevent0t64_0.16.1-3_amd64.deb ... 97s Unpacking libtevent0t64:amd64 (0.16.1-3) ... 97s Selecting previously unselected package libldb2:amd64. 97s Preparing to unpack .../27-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu3_amd64.deb ... 97s Unpacking libldb2:amd64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 97s Selecting previously unselected package libnfsidmap1:amd64. 97s Preparing to unpack .../28-libnfsidmap1_1%3a2.6.4-4ubuntu1_amd64.deb ... 97s Unpacking libnfsidmap1:amd64 (1:2.6.4-4ubuntu1) ... 97s Selecting previously unselected package libnss-sudo. 97s Preparing to unpack .../29-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 97s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 98s Selecting previously unselected package libpwquality-common. 98s Preparing to unpack .../30-libpwquality-common_1.4.5-3build1_all.deb ... 98s Unpacking libpwquality-common (1.4.5-3build1) ... 98s Selecting previously unselected package libpwquality1:amd64. 98s Preparing to unpack .../31-libpwquality1_1.4.5-3build1_amd64.deb ... 98s Unpacking libpwquality1:amd64 (1.4.5-3build1) ... 98s Selecting previously unselected package libpam-pwquality:amd64. 98s Preparing to unpack .../32-libpam-pwquality_1.4.5-3build1_amd64.deb ... 98s Unpacking libpam-pwquality:amd64 (1.4.5-3build1) ... 98s Selecting previously unselected package libwbclient0:amd64. 98s Preparing to unpack .../33-libwbclient0_2%3a4.20.4+dfsg-1ubuntu3_amd64.deb ... 98s Unpacking libwbclient0:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 98s Selecting previously unselected package samba-libs:amd64. 98s Preparing to unpack .../34-samba-libs_2%3a4.20.4+dfsg-1ubuntu3_amd64.deb ... 98s Unpacking samba-libs:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 98s Selecting previously unselected package libsmbclient0:amd64. 98s Preparing to unpack .../35-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu3_amd64.deb ... 98s Unpacking libsmbclient0:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 98s Selecting previously unselected package libnss-sss:amd64. 98s Preparing to unpack .../36-libnss-sss_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking libnss-sss:amd64 (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package libpam-sss:amd64. 98s Preparing to unpack .../37-libpam-sss_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking libpam-sss:amd64 (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package python3-sss. 98s Preparing to unpack .../38-python3-sss_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking python3-sss (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package libsss-certmap0. 98s Preparing to unpack .../39-libsss-certmap0_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking libsss-certmap0 (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package libsss-idmap0. 98s Preparing to unpack .../40-libsss-idmap0_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking libsss-idmap0 (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package libsss-nss-idmap0. 98s Preparing to unpack .../41-libsss-nss-idmap0_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-common. 98s Preparing to unpack .../42-sssd-common_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-common (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-idp. 98s Preparing to unpack .../43-sssd-idp_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-idp (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-passkey. 98s Preparing to unpack .../44-sssd-passkey_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-passkey (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package libipa-hbac-dev. 98s Preparing to unpack .../45-libipa-hbac-dev_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking libipa-hbac-dev (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package libsss-certmap-dev. 98s Preparing to unpack .../46-libsss-certmap-dev_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking libsss-certmap-dev (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package libsss-idmap-dev. 98s Preparing to unpack .../47-libsss-idmap-dev_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking libsss-idmap-dev (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package libsss-nss-idmap-dev. 98s Preparing to unpack .../48-libsss-nss-idmap-dev_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking libsss-nss-idmap-dev (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package libsss-sudo. 98s Preparing to unpack .../49-libsss-sudo_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking libsss-sudo (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package python3-libipa-hbac. 98s Preparing to unpack .../50-python3-libipa-hbac_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking python3-libipa-hbac (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package python3-libsss-nss-idmap. 98s Preparing to unpack .../51-python3-libsss-nss-idmap_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking python3-libsss-nss-idmap (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-ad-common. 98s Preparing to unpack .../52-sssd-ad-common_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-ad-common (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-krb5-common. 98s Preparing to unpack .../53-sssd-krb5-common_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-krb5-common (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-ad. 98s Preparing to unpack .../54-sssd-ad_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-ad (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-ipa. 98s Preparing to unpack .../55-sssd-ipa_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-ipa (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-krb5. 98s Preparing to unpack .../56-sssd-krb5_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-krb5 (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-ldap. 98s Preparing to unpack .../57-sssd-ldap_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-ldap (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-proxy. 98s Preparing to unpack .../58-sssd-proxy_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-proxy (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd. 98s Preparing to unpack .../59-sssd_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-dbus. 98s Preparing to unpack .../60-sssd-dbus_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-dbus (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-kcm. 98s Preparing to unpack .../61-sssd-kcm_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-kcm (2.9.5-3ubuntu2) ... 98s Selecting previously unselected package sssd-tools. 98s Preparing to unpack .../62-sssd-tools_2.9.5-3ubuntu2_amd64.deb ... 98s Unpacking sssd-tools (2.9.5-3ubuntu2) ... 99s Setting up libpwquality-common (1.4.5-3build1) ... 99s Setting up libnfsidmap1:amd64 (1:2.6.4-4ubuntu1) ... 99s Setting up libsss-idmap0 (2.9.5-3ubuntu2) ... 99s Setting up libbasicobjects0t64:amd64 (0.6.2-3) ... 99s Setting up libipa-hbac0t64 (2.9.5-3ubuntu2) ... 99s Setting up libsss-idmap-dev (2.9.5-3ubuntu2) ... 99s Setting up libref-array1t64:amd64 (0.6.2-3) ... 99s Setting up libipa-hbac-dev (2.9.5-3ubuntu2) ... 99s Setting up libtdb1:amd64 (1.4.12-1) ... 99s Setting up libargon2-1:amd64 (0~20190702+dfsg-4build1) ... 99s Setting up libcollection4t64:amd64 (0.6.2-3) ... 99s Setting up tcl-expect:amd64 (5.45.4-3) ... 99s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-10) ... 99s Setting up ldap-utils (2.6.8+dfsg-1~exp4ubuntu3) ... 99s Setting up libjose0:amd64 (14-1) ... 99s Setting up libwbclient0:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 99s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 99s Setting up libpath-utils1t64:amd64 (0.6.2-3) ... 99s Setting up libavahi-common-data:amd64 (0.8-14ubuntu1) ... 99s Setting up libcares2:amd64 (1.34.4-2.1) ... 99s Setting up libdhash1t64:amd64 (0.6.2-3) ... 99s Setting up libltdl7:amd64 (2.4.7-8) ... 99s Setting up libcrack2:amd64 (2.9.6-5.2) ... 99s Setting up libodbc2:amd64 (2.3.12-1ubuntu1) ... 99s Setting up python3-libipa-hbac (2.9.5-3ubuntu2) ... 99s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 99s Setting up libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 99s Setting up libini-config5t64:amd64 (0.6.2-3) ... 99s Setting up libtevent0t64:amd64 (0.16.1-3) ... 99s Setting up libnss-sss:amd64 (2.9.5-3ubuntu2) ... 99s Setting up slapd (2.6.8+dfsg-1~exp4ubuntu3) ... 99s Creating new user openldap... done. 99s Creating initial configuration... done. 99s Creating LDAP directory... done. 99s invoke-rc.d: policy-rc.d denied execution of start. 99s Setting up libsss-sudo (2.9.5-3ubuntu2) ... 99s Setting up libsss-nss-idmap-dev (2.9.5-3ubuntu2) ... 99s Setting up expect (5.45.4-3) ... 99s Setting up libavahi-common3:amd64 (0.8-14ubuntu1) ... 99s Setting up libsss-certmap0 (2.9.5-3ubuntu2) ... 99s Setting up libpwquality1:amd64 (1.4.5-3build1) ... 99s Setting up python3-libsss-nss-idmap (2.9.5-3ubuntu2) ... 99s Setting up libldb2:amd64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 99s Setting up libavahi-client3:amd64 (0.8-14ubuntu1) ... 99s Setting up libpam-pwquality:amd64 (1.4.5-3build1) ... 99s Setting up samba-libs:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 99s Setting up libsss-certmap-dev (2.9.5-3ubuntu2) ... 99s Setting up python3-sss (2.9.5-3ubuntu2) ... 100s Setting up libsmbclient0:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 100s Setting up libpam-sss:amd64 (2.9.5-3ubuntu2) ... 100s Setting up sssd-common (2.9.5-3ubuntu2) ... 100s Creating SSSD system user & group... 100s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 100s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 100s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 100s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 100s invoke-rc.d: policy-rc.d denied execution of start. 100s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 100s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 101s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 101s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 101s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 101s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 101s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 102s /usr/sbin/policy-rc.d returned 101, not running 'start sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket sssd.service' 102s Setting up sssd-proxy (2.9.5-3ubuntu2) ... 102s Setting up sssd-kcm (2.9.5-3ubuntu2) ... 102s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 102s /usr/sbin/policy-rc.d returned 101, not running 'start sssd-kcm.service sssd-kcm.socket' 102s Setting up sssd-dbus (2.9.5-3ubuntu2) ... 102s /usr/sbin/policy-rc.d returned 101, not running 'start sssd-ifp.service' 102s Setting up sssd-ad-common (2.9.5-3ubuntu2) ... 102s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 103s /usr/sbin/policy-rc.d returned 101, not running 'start sssd-pac.service sssd-pac.socket' 103s Setting up sssd-krb5-common (2.9.5-3ubuntu2) ... 103s Setting up sssd-krb5 (2.9.5-3ubuntu2) ... 103s Setting up sssd-ldap (2.9.5-3ubuntu2) ... 103s Setting up sssd-ad (2.9.5-3ubuntu2) ... 103s Setting up sssd-tools (2.9.5-3ubuntu2) ... 103s Setting up sssd-ipa (2.9.5-3ubuntu2) ... 103s Setting up sssd (2.9.5-3ubuntu2) ... 103s Setting up libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 103s Setting up libkrad0:amd64 (1.21.3-4) ... 103s Setting up libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 103s Setting up sssd-passkey (2.9.5-3ubuntu2) ... 103s Setting up sssd-idp (2.9.5-3ubuntu2) ... 103s Processing triggers for libc-bin (2.40-4ubuntu1) ... 103s Processing triggers for ufw (0.36.2-8) ... 103s Processing triggers for man-db (2.13.0-1) ... 104s Processing triggers for dbus (1.14.10-4ubuntu5) ... 105s 105s Running kernel seems to be up-to-date. 105s 105s No services need to be restarted. 105s 105s No containers need to be restarted. 105s 105s User sessions running outdated binaries: 105s ubuntu @ session #4: sshd-session[1215] 105s 105s No VM guests are running outdated hypervisor (qemu) binaries on this host. 112s autopkgtest [11:55:06]: test ldap-user-group-ldap-auth: [----------------------- 112s + . debian/tests/util 112s + . debian/tests/common-tests 112s + mydomain=example.com 112s + myhostname=ldap.example.com 112s + mysuffix=dc=example,dc=com 112s + admin_dn=cn=admin,dc=example,dc=com 112s + admin_pw=secret 112s + ldap_user=testuser1 112s + ldap_user_pw=testuser1secret 112s + ldap_group=ldapusers 112s + adjust_hostname ldap.example.com 112s + local myhostname=ldap.example.com 112s + echo ldap.example.com 112s + hostname ldap.example.com 112s + grep -qE ldap.example.com /etc/hosts 112s + echo 127.0.1.10 ldap.example.com 112s + reconfigure_slapd 112s + debconf-set-selections 112s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 112s + dpkg-reconfigure -fnoninteractive -pcritical slapd 112s invoke-rc.d: policy-rc.d denied execution of stop. 112s invoke-rc.d: policy-rc.d denied execution of stop. 112s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3... done. 112s Moving old database directory to /var/backups: 112s - directory unknown... done. 112s Creating initial configuration... done. 112s Creating LDAP directory... done. 112s invoke-rc.d: policy-rc.d denied execution of start. 112s + generate_certs ldap.example.com 112s + local cn=ldap.example.com 112s + local cert=/etc/ldap/server.pem 112s + local key=/etc/ldap/server.key 112s + local cnf=/etc/ldap/openssl.cnf 112s + cat 112s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 113s .......................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 113s ......................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 113s ----- 113s + chmod 0640 /etc/ldap/server.key 113s + chgrp openldap /etc/ldap/server.key 113s + [ ! -f /etc/ldap/server.pem ] 113s + [ ! -f /etc/ldap/server.key ] 113s + enable_ldap_ssl 113s + cat 113s + cat 113s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 113s ldap_sasl_interactive_bind: Can't contact LDAP server (-1) 113s autopkgtest [11:55:07]: test ldap-user-group-ldap-auth: -----------------------] 113s autopkgtest [11:55:07]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 113s ldap-user-group-ldap-auth FAIL non-zero exit status 253 114s autopkgtest [11:55:08]: test ldap-user-group-krb5-auth: preparing testbed 114s Reading package lists... 114s Building dependency tree... 114s Reading state information... 114s Starting pkgProblemResolver with broken count: 0 114s Starting 2 pkgProblemResolver with broken count: 0 114s Done 115s The following NEW packages will be installed: 115s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 115s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 115s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 115s Need to get 627 kB of archives. 115s After this operation, 2205 kB of additional disk space will be used. 115s Get:1 http://ftpmaster.internal/ubuntu plucky/main amd64 krb5-config all 2.7 [22.0 kB] 115s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libgssrpc4t64 amd64 1.21.3-4 [58.1 kB] 115s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libkadm5clnt-mit12 amd64 1.21.3-4 [41.3 kB] 115s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libkdb5-10t64 amd64 1.21.3-4 [41.8 kB] 115s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libkadm5srv-mit12 amd64 1.21.3-4 [55.5 kB] 115s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/universe amd64 krb5-user amd64 1.21.3-4 [111 kB] 115s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/universe amd64 krb5-kdc amd64 1.21.3-4 [197 kB] 115s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/universe amd64 krb5-admin-server amd64 1.21.3-4 [100 kB] 115s Preconfiguring packages ... 117s Fetched 627 kB in 1s (1105 kB/s) 117s Selecting previously unselected package krb5-config. 117s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 90492 files and directories currently installed.) 117s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 117s Unpacking krb5-config (2.7) ... 117s Selecting previously unselected package libgssrpc4t64:amd64. 117s Preparing to unpack .../1-libgssrpc4t64_1.21.3-4_amd64.deb ... 117s Unpacking libgssrpc4t64:amd64 (1.21.3-4) ... 117s Selecting previously unselected package libkadm5clnt-mit12:amd64. 117s Preparing to unpack .../2-libkadm5clnt-mit12_1.21.3-4_amd64.deb ... 117s Unpacking libkadm5clnt-mit12:amd64 (1.21.3-4) ... 117s Selecting previously unselected package libkdb5-10t64:amd64. 117s Preparing to unpack .../3-libkdb5-10t64_1.21.3-4_amd64.deb ... 117s Unpacking libkdb5-10t64:amd64 (1.21.3-4) ... 117s Selecting previously unselected package libkadm5srv-mit12:amd64. 117s Preparing to unpack .../4-libkadm5srv-mit12_1.21.3-4_amd64.deb ... 117s Unpacking libkadm5srv-mit12:amd64 (1.21.3-4) ... 117s Selecting previously unselected package krb5-user. 117s Preparing to unpack .../5-krb5-user_1.21.3-4_amd64.deb ... 117s Unpacking krb5-user (1.21.3-4) ... 117s Selecting previously unselected package krb5-kdc. 117s Preparing to unpack .../6-krb5-kdc_1.21.3-4_amd64.deb ... 117s Unpacking krb5-kdc (1.21.3-4) ... 117s Selecting previously unselected package krb5-admin-server. 117s Preparing to unpack .../7-krb5-admin-server_1.21.3-4_amd64.deb ... 117s Unpacking krb5-admin-server (1.21.3-4) ... 117s Setting up libgssrpc4t64:amd64 (1.21.3-4) ... 117s Setting up krb5-config (2.7) ... 117s Setting up libkadm5clnt-mit12:amd64 (1.21.3-4) ... 117s Setting up libkdb5-10t64:amd64 (1.21.3-4) ... 117s Setting up libkadm5srv-mit12:amd64 (1.21.3-4) ... 117s Setting up krb5-user (1.21.3-4) ... 117s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 117s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 117s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 117s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 117s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 117s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 117s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 117s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 117s Setting up krb5-kdc (1.21.3-4) ... 117s invoke-rc.d: policy-rc.d denied execution of start. 117s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 118s /usr/sbin/policy-rc.d returned 101, not running 'start krb5-kdc.service' 118s Setting up krb5-admin-server (1.21.3-4) ... 118s invoke-rc.d: policy-rc.d denied execution of start. 118s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 118s /usr/sbin/policy-rc.d returned 101, not running 'start krb5-admin-server.service' 118s Processing triggers for man-db (2.13.0-1) ... 119s Processing triggers for libc-bin (2.40-4ubuntu1) ... 119s 119s Running kernel seems to be up-to-date. 119s 119s No services need to be restarted. 119s 119s No containers need to be restarted. 119s 119s User sessions running outdated binaries: 119s ubuntu @ session #4: sshd-session[1215] 119s 119s No VM guests are running outdated hypervisor (qemu) binaries on this host. 127s autopkgtest [11:55:21]: test ldap-user-group-krb5-auth: [----------------------- 127s + . debian/tests/util 127s + . debian/tests/common-tests 127s + mydomain=example.com 127s + myhostname=ldap.example.com 127s + mysuffix=dc=example,dc=com 127s + myrealm=EXAMPLE.COM 127s + admin_dn=cn=admin,dc=example,dc=com 127s + admin_pw=secret 127s + ldap_user=testuser1 127s + ldap_user_pw=testuser1secret 127s + kerberos_principal_pw=testuser1kerberos 127s + ldap_group=ldapusers 127s + adjust_hostname ldap.example.com 127s + local myhostname=ldap.example.com 127s + echo ldap.example.com 127s + hostname ldap.example.com 127s + grep -qE ldap.example.com /etc/hosts 127s + reconfigure_slapd 127s + debconf-set-selections 127s + rm -rf /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3 /var/backups/unknown-2.6.8+dfsg-1~exp4ubuntu3-20250119-115506.ldapdb 127s + dpkg-reconfigure -fnoninteractive -pcritical slapd 127s invoke-rc.d: policy-rc.d denied execution of stop. 127s invoke-rc.d: policy-rc.d denied execution of stop. 127s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3... done. 127s Moving old database directory to /var/backups: 127s - directory unknown... done. 127s Creating initial configuration... done. 127s Creating LDAP directory... done. 127s invoke-rc.d: policy-rc.d denied execution of start. 127s + generate_certs ldap.example.com 127s + local cn=ldap.example.com 127s + local cert=/etc/ldap/server.pem 127s + local key=/etc/ldap/server.key 127s + local cnf=/etc/ldap/openssl.cnf 127s + cat 127s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 128s ...................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 128s ...........++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 128s ----- 128s + chmod 0640 /etc/ldap/server.key 128s + chgrp openldap /etc/ldap/server.key 128s + [ ! -f /etc/ldap/server.pem ] 128s + [ ! -f /etc/ldap/server.key ] 128s + enable_ldap_ssl 128s + cat 128s + cat 128s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 128s ldap_sasl_interactive_bind: Can't contact LDAP server (-1) 128s autopkgtest [11:55:22]: test ldap-user-group-krb5-auth: -----------------------] 128s ldap-user-group-krb5-auth FAIL non-zero exit status 253 128s autopkgtest [11:55:22]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 129s autopkgtest [11:55:23]: test sssd-softhism2-certificates-tests.sh: preparing testbed 193s autopkgtest [11:56:27]: testbed dpkg architecture: amd64 193s autopkgtest [11:56:27]: testbed apt version: 2.9.18 194s autopkgtest [11:56:28]: @@@@@@@@@@@@@@@@@@@@ test bed setup 194s autopkgtest [11:56:28]: testbed release detected to be: plucky 195s autopkgtest [11:56:29]: updating testbed package index (apt update) 195s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 195s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 195s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 195s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 195s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [14.6 kB] 195s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 195s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [795 kB] 195s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [146 kB] 195s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 Packages [276 kB] 196s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/main i386 Packages [189 kB] 196s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/restricted amd64 Packages [40.1 kB] 196s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/restricted i386 Packages [2408 B] 196s Get:13 http://ftpmaster.internal/ubuntu plucky-proposed/universe amd64 Packages [914 kB] 196s Get:14 http://ftpmaster.internal/ubuntu plucky-proposed/universe i386 Packages [393 kB] 196s Get:15 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse amd64 Packages [24.6 kB] 196s Get:16 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse i386 Packages [4116 B] 196s Fetched 2881 kB in 1s (3079 kB/s) 197s Reading package lists... 197s Reading package lists... 198s Building dependency tree... 198s Reading state information... 198s Calculating upgrade... 198s The following packages will be upgraded: 198s gir1.2-glib-2.0 libglib2.0-0t64 libglib2.0-bin libglib2.0-data 198s python3.13-gdbm 198s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 198s Need to get 2025 kB of archives. 198s After this operation, 0 B of additional disk space will be used. 198s Get:1 http://ftpmaster.internal/ubuntu plucky/main amd64 libglib2.0-data all 2.82.4-2 [52.3 kB] 199s Get:2 http://ftpmaster.internal/ubuntu plucky/main amd64 libglib2.0-bin amd64 2.82.4-2 [103 kB] 199s Get:3 http://ftpmaster.internal/ubuntu plucky/main amd64 gir1.2-glib-2.0 amd64 2.82.4-2 [182 kB] 199s Get:4 http://ftpmaster.internal/ubuntu plucky/main amd64 libglib2.0-0t64 amd64 2.82.4-2 [1656 kB] 199s Get:5 http://ftpmaster.internal/ubuntu plucky/main amd64 python3.13-gdbm amd64 3.13.1-3 [31.7 kB] 199s Fetched 2025 kB in 1s (2955 kB/s) 199s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 89449 files and directories currently installed.) 199s Preparing to unpack .../libglib2.0-data_2.82.4-2_all.deb ... 199s Unpacking libglib2.0-data (2.82.4-2) over (2.82.4-1) ... 200s Preparing to unpack .../libglib2.0-bin_2.82.4-2_amd64.deb ... 200s Unpacking libglib2.0-bin (2.82.4-2) over (2.82.4-1) ... 200s Preparing to unpack .../gir1.2-glib-2.0_2.82.4-2_amd64.deb ... 200s Unpacking gir1.2-glib-2.0:amd64 (2.82.4-2) over (2.82.4-1) ... 200s Preparing to unpack .../libglib2.0-0t64_2.82.4-2_amd64.deb ... 200s Unpacking libglib2.0-0t64:amd64 (2.82.4-2) over (2.82.4-1) ... 200s Preparing to unpack .../python3.13-gdbm_3.13.1-3_amd64.deb ... 200s Unpacking python3.13-gdbm (3.13.1-3) over (3.13.1-2) ... 200s Setting up libglib2.0-0t64:amd64 (2.82.4-2) ... 200s No schema files found: doing nothing. 200s Setting up libglib2.0-data (2.82.4-2) ... 200s Setting up gir1.2-glib-2.0:amd64 (2.82.4-2) ... 200s Setting up python3.13-gdbm (3.13.1-3) ... 200s Setting up libglib2.0-bin (2.82.4-2) ... 200s Processing triggers for libc-bin (2.40-4ubuntu1) ... 200s Processing triggers for man-db (2.13.0-1) ... 201s 201s Running kernel seems to be up-to-date. 201s 201s Restarting services... 201s systemctl restart packagekit.service polkit.service udisks2.service 201s 201s Service restarts being deferred: 201s systemctl restart ModemManager.service 201s 201s No containers need to be restarted. 201s 201s No user sessions are running outdated binaries. 201s 201s No VM guests are running outdated hypervisor (qemu) binaries on this host. 202s Reading package lists... 202s Building dependency tree... 202s Reading state information... 202s 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. 202s autopkgtest [11:56:36]: upgrading testbed (apt dist-upgrade and autopurge) 202s Reading package lists... 203s Building dependency tree... 203s Reading state information... 203s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 203s Starting 2 pkgProblemResolver with broken count: 0 203s Done 203s Entering ResolveByKeep 204s 204s The following packages will be upgraded: 204s krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 204s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 204s Need to get 686 kB of archives. 204s After this operation, 229 kB of additional disk space will be used. 204s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 krb5-locales all 1.21.3-4 [14.5 kB] 204s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libgssapi-krb5-2 amd64 1.21.3-4 [159 kB] 204s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libkrb5-3 amd64 1.21.3-4 [386 kB] 204s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libkrb5support0 amd64 1.21.3-4 [35.2 kB] 204s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main amd64 libk5crypto3 amd64 1.21.3-4 [90.6 kB] 205s Fetched 686 kB in 1s (1222 kB/s) 205s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 89449 files and directories currently installed.) 205s Preparing to unpack .../krb5-locales_1.21.3-4_all.deb ... 205s Unpacking krb5-locales (1.21.3-4) over (1.21.3-3) ... 205s Preparing to unpack .../libgssapi-krb5-2_1.21.3-4_amd64.deb ... 205s Unpacking libgssapi-krb5-2:amd64 (1.21.3-4) over (1.21.3-3) ... 205s Preparing to unpack .../libkrb5-3_1.21.3-4_amd64.deb ... 205s Unpacking libkrb5-3:amd64 (1.21.3-4) over (1.21.3-3) ... 205s Preparing to unpack .../libkrb5support0_1.21.3-4_amd64.deb ... 205s Unpacking libkrb5support0:amd64 (1.21.3-4) over (1.21.3-3) ... 205s Preparing to unpack .../libk5crypto3_1.21.3-4_amd64.deb ... 205s Unpacking libk5crypto3:amd64 (1.21.3-4) over (1.21.3-3) ... 205s Setting up krb5-locales (1.21.3-4) ... 205s Setting up libkrb5support0:amd64 (1.21.3-4) ... 205s Setting up libk5crypto3:amd64 (1.21.3-4) ... 205s Setting up libkrb5-3:amd64 (1.21.3-4) ... 205s Setting up libgssapi-krb5-2:amd64 (1.21.3-4) ... 205s Processing triggers for libc-bin (2.40-4ubuntu1) ... 205s 205s Running kernel seems to be up-to-date. 205s 205s Restarting services... 205s systemctl restart packagekit.service ssh.service 205s 205s No containers need to be restarted. 205s 205s User sessions running outdated binaries: 205s ubuntu @ session #4: sshd-session[1202] 205s 205s No VM guests are running outdated hypervisor (qemu) binaries on this host. 206s Reading package lists... 207s Building dependency tree... 207s Reading state information... 207s Starting pkgProblemResolver with broken count: 0 207s Starting 2 pkgProblemResolver with broken count: 0 207s Done 207s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 210s Reading package lists... 210s Building dependency tree... 210s Reading state information... 210s Starting pkgProblemResolver with broken count: 0 210s Starting 2 pkgProblemResolver with broken count: 0 210s Done 211s The following NEW packages will be installed: 211s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 211s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 211s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 211s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 211s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 211s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 211s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 211s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 211s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 211s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 211s Need to get 10.6 MB of archives. 211s After this operation, 40.9 MB of additional disk space will be used. 211s Get:1 http://ftpmaster.internal/ubuntu plucky/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-10 [144 kB] 211s Get:2 http://ftpmaster.internal/ubuntu plucky/main amd64 libunbound8 amd64 1.20.0-1ubuntu2.1 [447 kB] 211s Get:3 http://ftpmaster.internal/ubuntu plucky/main amd64 libgnutls-dane0t64 amd64 3.8.8-2ubuntu1 [24.3 kB] 211s Get:4 http://ftpmaster.internal/ubuntu plucky/universe amd64 gnutls-bin amd64 3.8.8-2ubuntu1 [282 kB] 211s Get:5 http://ftpmaster.internal/ubuntu plucky/main amd64 libavahi-common-data amd64 0.8-14ubuntu1 [30.5 kB] 211s Get:6 http://ftpmaster.internal/ubuntu plucky/main amd64 libavahi-common3 amd64 0.8-14ubuntu1 [23.3 kB] 211s Get:7 http://ftpmaster.internal/ubuntu plucky/main amd64 libavahi-client3 amd64 0.8-14ubuntu1 [27.5 kB] 211s Get:8 http://ftpmaster.internal/ubuntu plucky/main amd64 libbasicobjects0t64 amd64 0.6.2-3 [5878 B] 211s Get:9 http://ftpmaster.internal/ubuntu plucky/main amd64 libcares2 amd64 1.34.4-2.1 [109 kB] 211s Get:10 http://ftpmaster.internal/ubuntu plucky/main amd64 libcollection4t64 amd64 0.6.2-3 [31.1 kB] 211s Get:11 http://ftpmaster.internal/ubuntu plucky/main amd64 libcrack2 amd64 2.9.6-5.2 [29.3 kB] 211s Get:12 http://ftpmaster.internal/ubuntu plucky/main amd64 libdhash1t64 amd64 0.6.2-3 [8792 B] 211s Get:13 http://ftpmaster.internal/ubuntu plucky/main amd64 libpath-utils1t64 amd64 0.6.2-3 [8810 B] 211s Get:14 http://ftpmaster.internal/ubuntu plucky/main amd64 libref-array1t64 amd64 0.6.2-3 [7396 B] 211s Get:15 http://ftpmaster.internal/ubuntu plucky/main amd64 libini-config5t64 amd64 0.6.2-3 [43.9 kB] 211s Get:16 http://ftpmaster.internal/ubuntu plucky/main amd64 libipa-hbac0t64 amd64 2.9.5-3ubuntu2 [18.0 kB] 211s Get:17 http://ftpmaster.internal/ubuntu plucky/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 211s Get:18 http://ftpmaster.internal/ubuntu plucky/main amd64 libtdb1 amd64 1.4.12-1 [47.2 kB] 211s Get:19 http://ftpmaster.internal/ubuntu plucky/main amd64 libtevent0t64 amd64 0.16.1-3 [42.7 kB] 211s Get:20 http://ftpmaster.internal/ubuntu plucky/main amd64 libldb2 amd64 2:2.9.1+samba4.20.4+dfsg-1ubuntu3 [197 kB] 211s Get:21 http://ftpmaster.internal/ubuntu plucky/main amd64 libnfsidmap1 amd64 1:2.6.4-4ubuntu1 [48.3 kB] 211s Get:22 http://ftpmaster.internal/ubuntu plucky/main amd64 libpwquality-common all 1.4.5-3build1 [7748 B] 211s Get:23 http://ftpmaster.internal/ubuntu plucky/main amd64 libpwquality1 amd64 1.4.5-3build1 [13.5 kB] 211s Get:24 http://ftpmaster.internal/ubuntu plucky/main amd64 libpam-pwquality amd64 1.4.5-3build1 [11.7 kB] 211s Get:25 http://ftpmaster.internal/ubuntu plucky/main amd64 libwbclient0 amd64 2:4.20.4+dfsg-1ubuntu3 [75.9 kB] 211s Get:26 http://ftpmaster.internal/ubuntu plucky/main amd64 samba-libs amd64 2:4.20.4+dfsg-1ubuntu3 [6395 kB] 212s Get:27 http://ftpmaster.internal/ubuntu plucky/main amd64 libsmbclient0 amd64 2:4.20.4+dfsg-1ubuntu3 [63.7 kB] 212s Get:28 http://ftpmaster.internal/ubuntu plucky/main amd64 libnss-sss amd64 2.9.5-3ubuntu2 [32.1 kB] 212s Get:29 http://ftpmaster.internal/ubuntu plucky/main amd64 libpam-sss amd64 2.9.5-3ubuntu2 [51.0 kB] 212s Get:30 http://ftpmaster.internal/ubuntu plucky/universe amd64 softhsm2-common amd64 2.6.1-2.2ubuntu3 [6198 B] 212s Get:31 http://ftpmaster.internal/ubuntu plucky/universe amd64 libsofthsm2 amd64 2.6.1-2.2ubuntu3 [266 kB] 212s Get:32 http://ftpmaster.internal/ubuntu plucky/main amd64 libsss-certmap0 amd64 2.9.5-3ubuntu2 [47.6 kB] 212s Get:33 http://ftpmaster.internal/ubuntu plucky/main amd64 libsss-idmap0 amd64 2.9.5-3ubuntu2 [22.3 kB] 212s Get:34 http://ftpmaster.internal/ubuntu plucky/main amd64 libsss-nss-idmap0 amd64 2.9.5-3ubuntu2 [30.9 kB] 212s Get:35 http://ftpmaster.internal/ubuntu plucky/main amd64 python3-sss amd64 2.9.5-3ubuntu2 [47.6 kB] 212s Get:36 http://ftpmaster.internal/ubuntu plucky/universe amd64 softhsm2 amd64 2.6.1-2.2ubuntu3 [175 kB] 212s Get:37 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-common amd64 2.9.5-3ubuntu2 [1140 kB] 212s Get:38 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-ad-common amd64 2.9.5-3ubuntu2 [76.9 kB] 212s Get:39 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-krb5-common amd64 2.9.5-3ubuntu2 [88.9 kB] 212s Get:40 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-ad amd64 2.9.5-3ubuntu2 [136 kB] 212s Get:41 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-ipa amd64 2.9.5-3ubuntu2 [220 kB] 212s Get:42 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-krb5 amd64 2.9.5-3ubuntu2 [14.6 kB] 212s Get:43 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-ldap amd64 2.9.5-3ubuntu2 [31.5 kB] 212s Get:44 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd-proxy amd64 2.9.5-3ubuntu2 [44.6 kB] 212s Get:45 http://ftpmaster.internal/ubuntu plucky/main amd64 sssd amd64 2.9.5-3ubuntu2 [4118 B] 212s Fetched 10.6 MB in 1s (9154 kB/s) 212s Selecting previously unselected package libevent-2.1-7t64:amd64. 212s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 89449 files and directories currently installed.) 212s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10_amd64.deb ... 212s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-10) ... 212s Selecting previously unselected package libunbound8:amd64. 212s Preparing to unpack .../01-libunbound8_1.20.0-1ubuntu2.1_amd64.deb ... 212s Unpacking libunbound8:amd64 (1.20.0-1ubuntu2.1) ... 212s Selecting previously unselected package libgnutls-dane0t64:amd64. 212s Preparing to unpack .../02-libgnutls-dane0t64_3.8.8-2ubuntu1_amd64.deb ... 212s Unpacking libgnutls-dane0t64:amd64 (3.8.8-2ubuntu1) ... 212s Selecting previously unselected package gnutls-bin. 212s Preparing to unpack .../03-gnutls-bin_3.8.8-2ubuntu1_amd64.deb ... 212s Unpacking gnutls-bin (3.8.8-2ubuntu1) ... 212s Selecting previously unselected package libavahi-common-data:amd64. 212s Preparing to unpack .../04-libavahi-common-data_0.8-14ubuntu1_amd64.deb ... 212s Unpacking libavahi-common-data:amd64 (0.8-14ubuntu1) ... 212s Selecting previously unselected package libavahi-common3:amd64. 212s Preparing to unpack .../05-libavahi-common3_0.8-14ubuntu1_amd64.deb ... 212s Unpacking libavahi-common3:amd64 (0.8-14ubuntu1) ... 212s Selecting previously unselected package libavahi-client3:amd64. 212s Preparing to unpack .../06-libavahi-client3_0.8-14ubuntu1_amd64.deb ... 212s Unpacking libavahi-client3:amd64 (0.8-14ubuntu1) ... 212s Selecting previously unselected package libbasicobjects0t64:amd64. 212s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-3_amd64.deb ... 212s Unpacking libbasicobjects0t64:amd64 (0.6.2-3) ... 212s Selecting previously unselected package libcares2:amd64. 212s Preparing to unpack .../08-libcares2_1.34.4-2.1_amd64.deb ... 212s Unpacking libcares2:amd64 (1.34.4-2.1) ... 212s Selecting previously unselected package libcollection4t64:amd64. 212s Preparing to unpack .../09-libcollection4t64_0.6.2-3_amd64.deb ... 212s Unpacking libcollection4t64:amd64 (0.6.2-3) ... 212s Selecting previously unselected package libcrack2:amd64. 212s Preparing to unpack .../10-libcrack2_2.9.6-5.2_amd64.deb ... 212s Unpacking libcrack2:amd64 (2.9.6-5.2) ... 212s Selecting previously unselected package libdhash1t64:amd64. 212s Preparing to unpack .../11-libdhash1t64_0.6.2-3_amd64.deb ... 212s Unpacking libdhash1t64:amd64 (0.6.2-3) ... 213s Selecting previously unselected package libpath-utils1t64:amd64. 213s Preparing to unpack .../12-libpath-utils1t64_0.6.2-3_amd64.deb ... 213s Unpacking libpath-utils1t64:amd64 (0.6.2-3) ... 213s Selecting previously unselected package libref-array1t64:amd64. 213s Preparing to unpack .../13-libref-array1t64_0.6.2-3_amd64.deb ... 213s Unpacking libref-array1t64:amd64 (0.6.2-3) ... 213s Selecting previously unselected package libini-config5t64:amd64. 213s Preparing to unpack .../14-libini-config5t64_0.6.2-3_amd64.deb ... 213s Unpacking libini-config5t64:amd64 (0.6.2-3) ... 213s Selecting previously unselected package libipa-hbac0t64. 213s Preparing to unpack .../15-libipa-hbac0t64_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking libipa-hbac0t64 (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package libtalloc2:amd64. 213s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_amd64.deb ... 213s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 213s Selecting previously unselected package libtdb1:amd64. 213s Preparing to unpack .../17-libtdb1_1.4.12-1_amd64.deb ... 213s Unpacking libtdb1:amd64 (1.4.12-1) ... 213s Selecting previously unselected package libtevent0t64:amd64. 213s Preparing to unpack .../18-libtevent0t64_0.16.1-3_amd64.deb ... 213s Unpacking libtevent0t64:amd64 (0.16.1-3) ... 213s Selecting previously unselected package libldb2:amd64. 213s Preparing to unpack .../19-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu3_amd64.deb ... 213s Unpacking libldb2:amd64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 213s Selecting previously unselected package libnfsidmap1:amd64. 213s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-4ubuntu1_amd64.deb ... 213s Unpacking libnfsidmap1:amd64 (1:2.6.4-4ubuntu1) ... 213s Selecting previously unselected package libpwquality-common. 213s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 213s Unpacking libpwquality-common (1.4.5-3build1) ... 213s Selecting previously unselected package libpwquality1:amd64. 213s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_amd64.deb ... 213s Unpacking libpwquality1:amd64 (1.4.5-3build1) ... 213s Selecting previously unselected package libpam-pwquality:amd64. 213s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_amd64.deb ... 213s Unpacking libpam-pwquality:amd64 (1.4.5-3build1) ... 213s Selecting previously unselected package libwbclient0:amd64. 213s Preparing to unpack .../24-libwbclient0_2%3a4.20.4+dfsg-1ubuntu3_amd64.deb ... 213s Unpacking libwbclient0:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 213s Selecting previously unselected package samba-libs:amd64. 213s Preparing to unpack .../25-samba-libs_2%3a4.20.4+dfsg-1ubuntu3_amd64.deb ... 213s Unpacking samba-libs:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 213s Selecting previously unselected package libsmbclient0:amd64. 213s Preparing to unpack .../26-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu3_amd64.deb ... 213s Unpacking libsmbclient0:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 213s Selecting previously unselected package libnss-sss:amd64. 213s Preparing to unpack .../27-libnss-sss_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking libnss-sss:amd64 (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package libpam-sss:amd64. 213s Preparing to unpack .../28-libpam-sss_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking libpam-sss:amd64 (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package softhsm2-common. 213s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_amd64.deb ... 213s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 213s Selecting previously unselected package libsofthsm2. 213s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_amd64.deb ... 213s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 213s Selecting previously unselected package libsss-certmap0. 213s Preparing to unpack .../31-libsss-certmap0_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking libsss-certmap0 (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package libsss-idmap0. 213s Preparing to unpack .../32-libsss-idmap0_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking libsss-idmap0 (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package libsss-nss-idmap0. 213s Preparing to unpack .../33-libsss-nss-idmap0_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package python3-sss. 213s Preparing to unpack .../34-python3-sss_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking python3-sss (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package softhsm2. 213s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_amd64.deb ... 213s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 213s Selecting previously unselected package sssd-common. 213s Preparing to unpack .../36-sssd-common_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking sssd-common (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package sssd-ad-common. 213s Preparing to unpack .../37-sssd-ad-common_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking sssd-ad-common (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package sssd-krb5-common. 213s Preparing to unpack .../38-sssd-krb5-common_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking sssd-krb5-common (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package sssd-ad. 213s Preparing to unpack .../39-sssd-ad_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking sssd-ad (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package sssd-ipa. 213s Preparing to unpack .../40-sssd-ipa_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking sssd-ipa (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package sssd-krb5. 213s Preparing to unpack .../41-sssd-krb5_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking sssd-krb5 (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package sssd-ldap. 213s Preparing to unpack .../42-sssd-ldap_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking sssd-ldap (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package sssd-proxy. 213s Preparing to unpack .../43-sssd-proxy_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking sssd-proxy (2.9.5-3ubuntu2) ... 213s Selecting previously unselected package sssd. 213s Preparing to unpack .../44-sssd_2.9.5-3ubuntu2_amd64.deb ... 213s Unpacking sssd (2.9.5-3ubuntu2) ... 213s Setting up libpwquality-common (1.4.5-3build1) ... 213s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 214s Creating config file /etc/softhsm/softhsm2.conf with new version 214s Setting up libnfsidmap1:amd64 (1:2.6.4-4ubuntu1) ... 214s Setting up libsss-idmap0 (2.9.5-3ubuntu2) ... 214s Setting up libbasicobjects0t64:amd64 (0.6.2-3) ... 214s Setting up libipa-hbac0t64 (2.9.5-3ubuntu2) ... 214s Setting up libref-array1t64:amd64 (0.6.2-3) ... 214s Setting up libtdb1:amd64 (1.4.12-1) ... 214s Setting up libcollection4t64:amd64 (0.6.2-3) ... 214s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-10) ... 214s Setting up libwbclient0:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 214s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 214s Setting up libpath-utils1t64:amd64 (0.6.2-3) ... 214s Setting up libunbound8:amd64 (1.20.0-1ubuntu2.1) ... 214s Setting up libgnutls-dane0t64:amd64 (3.8.8-2ubuntu1) ... 214s Setting up libavahi-common-data:amd64 (0.8-14ubuntu1) ... 214s Setting up libcares2:amd64 (1.34.4-2.1) ... 214s Setting up libdhash1t64:amd64 (0.6.2-3) ... 214s Setting up libcrack2:amd64 (2.9.6-5.2) ... 214s Setting up libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 214s Setting up libini-config5t64:amd64 (0.6.2-3) ... 214s Setting up libtevent0t64:amd64 (0.16.1-3) ... 214s Setting up libnss-sss:amd64 (2.9.5-3ubuntu2) ... 214s Setting up gnutls-bin (3.8.8-2ubuntu1) ... 214s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 214s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 214s Setting up libavahi-common3:amd64 (0.8-14ubuntu1) ... 214s Setting up libsss-certmap0 (2.9.5-3ubuntu2) ... 214s Setting up libpwquality1:amd64 (1.4.5-3build1) ... 214s Setting up libldb2:amd64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 214s Setting up libavahi-client3:amd64 (0.8-14ubuntu1) ... 214s Setting up libpam-pwquality:amd64 (1.4.5-3build1) ... 214s Setting up samba-libs:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 214s Setting up python3-sss (2.9.5-3ubuntu2) ... 214s Setting up libsmbclient0:amd64 (2:4.20.4+dfsg-1ubuntu3) ... 214s Setting up libpam-sss:amd64 (2.9.5-3ubuntu2) ... 214s Setting up sssd-common (2.9.5-3ubuntu2) ... 214s Creating SSSD system user & group... 214s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 214s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 214s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 214s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 214s invoke-rc.d: policy-rc.d denied execution of start. 215s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 215s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 215s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 215s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 215s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 215s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 216s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 216s /usr/sbin/policy-rc.d returned 101, not running 'start sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket sssd.service' 216s Setting up sssd-proxy (2.9.5-3ubuntu2) ... 216s Setting up sssd-ad-common (2.9.5-3ubuntu2) ... 216s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 216s /usr/sbin/policy-rc.d returned 101, not running 'start sssd-pac.service sssd-pac.socket' 216s Setting up sssd-krb5-common (2.9.5-3ubuntu2) ... 216s Setting up sssd-krb5 (2.9.5-3ubuntu2) ... 216s Setting up sssd-ldap (2.9.5-3ubuntu2) ... 216s Setting up sssd-ad (2.9.5-3ubuntu2) ... 216s Setting up sssd-ipa (2.9.5-3ubuntu2) ... 216s Setting up sssd (2.9.5-3ubuntu2) ... 216s Processing triggers for man-db (2.13.0-1) ... 218s Processing triggers for libc-bin (2.40-4ubuntu1) ... 218s 218s Running kernel seems to be up-to-date. 218s 218s No services need to be restarted. 218s 218s No containers need to be restarted. 218s 218s User sessions running outdated binaries: 218s ubuntu @ session #4: sshd-session[1202] 218s 218s No VM guests are running outdated hypervisor (qemu) binaries on this host. 223s autopkgtest [11:56:57]: test sssd-softhism2-certificates-tests.sh: [----------------------- 223s + '[' -z ubuntu ']' 223s + required_tools=(p11tool openssl softhsm2-util) 223s + for cmd in "${required_tools[@]}" 223s + command -v p11tool 223s + for cmd in "${required_tools[@]}" 223s + command -v openssl 223s + for cmd in "${required_tools[@]}" 223s + command -v softhsm2-util 223s + PIN=053350 223s +++ find /usr/lib/softhsm/libsofthsm2.so 223s +++ head -n 1 223s ++ realpath /usr/lib/softhsm/libsofthsm2.so 223s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 223s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 223s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 223s + '[' '!' -v NO_SSSD_TESTS ']' 223s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 223s + ca_db_arg=ca_db 223s ++ /usr/libexec/sssd/p11_child --help 223s + p11_child_help='Usage: p11_child [OPTION...] 223s -d, --debug-level=INT Debug level 223s --debug-timestamps=INT Add debug timestamps 223s --debug-microseconds=INT Show timestamps with microseconds 223s --dumpable=INT Allow core dumps 223s --debug-fd=INT An open file descriptor for the debug 223s logs 223s --logger=stderr|files|journald Set logger 223s --auth Run in auth mode 223s --pre Run in pre-auth mode 223s --wait_for_card Wait until card is available 223s --verification Run in verification mode 223s --pin Expect PIN on stdin 223s --keypad Expect PIN on keypad 223s --verify=STRING Tune validation 223s --ca_db=STRING CA DB to use 223s --module_name=STRING Module name for authentication 223s --token_name=STRING Token name for authentication 223s --key_id=STRING Key ID for authentication 223s --label=STRING Label for authentication 223s --certificate=STRING certificate to verify, base64 encoded 223s --uri=STRING PKCS#11 URI to restrict selection 223s --chain-id=LONG Tevent chain ID used for logging 223s purposes 223s 223s Help options: 223s -?, --help Show this help message 223s --usage Display brief usage message' 223s + echo 'Usage: p11_child [OPTION...] 223s -d, --debug-level=INT Debug level 223s --debug-timestamps=INT Add debug timestamps 223s --debug-microseconds=INT Show timestamps with microseconds 223s --dumpable=INT Allow core dumps 223s --debug-fd=INT An open file descriptor for the debug 223s logs 223s --logger=stderr|files|journald Set logger 223s --auth Run in auth mode 223s --pre Run in pre-auth mode 223s --wait_for_card Wait until card is available 223s --verification Run in verification mode 223s + grep nssdb -qs 223s --pin Expect PIN on stdin 223s --keypad Expect PIN on keypad 223s --verify=STRING Tune validation 223s --ca_db=STRING CA DB to use 223s --module_name=STRING Module name for authentication 223s --token_name=STRING Token name for authentication 223s --key_id=STRING Key ID for authentication 223s --label=STRING Label for authentication 223s --certificate=STRING certificate to verify, base64 encoded 223s --uri=STRING PKCS#11 URI to restrict selection 223s --chain-id=LONG Tevent chain ID used for logging 223s purposes 223s 223s Help options: 223s -?, --help Show this help message 223s --usage Display brief usage message' 223s + echo 'Usage: p11_child [OPTION...] 223s -d, --debug-level=INT Debug level 223s --debug-timestamps=INT Add debug timestamps 223s --debug-microseconds=INT Show timestamps with microseconds 223s --dumpable=INT Allow core dumps 223s --debug-fd=INT An open file descriptor for the debug 223s logs 223s --logger=stderr|files|journald Set logger 223s --auth Run in auth mode 223s --pre Run in pre-auth mode 223s --wait_for_card Wait until card is available 223s --verification Run in verification mode 223s --pin Expect PIN on stdin 223s --keypad Expect PIN on keypad 223s --verify=STRING Tune validation 223s --ca_db=STRING CA DB to use 223s --module_name=STRING Module name for authentication 223s --token_name=STRING Token name for authentication 223s --key_id=STRING Key ID for authentication 223s --label=STRING Label for authentication 223s --certificate=STRING certificate to verify, base64 encoded 223s --uri=STRING PKCS#11 URI to restrict selection 223s --chain-id=LONG Tevent chain ID used for logging 223s purposes 223s 223s Help options: 223s -?, --help Show this help message 223s --usage Display brief usage message' 223s + grep -qs -- --ca_db 223s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 223s ++ mktemp -d -t sssd-softhsm2-XXXXXX 223s + tmpdir=/tmp/sssd-softhsm2-XHwNZk 223s + keys_size=1024 223s + [[ ! -v KEEP_TEMPORARY_FILES ]] 223s + trap 'rm -rf "$tmpdir"' EXIT 223s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 223s + echo -n 01 223s + touch /tmp/sssd-softhsm2-XHwNZk/index.txt 223s + mkdir -p /tmp/sssd-softhsm2-XHwNZk/new_certs 223s + cat 223s + root_ca_key_pass=pass:random-root-CA-password-14800 223s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-XHwNZk/test-root-CA-key.pem -passout pass:random-root-CA-password-14800 1024 223s + openssl req -passin pass:random-root-CA-password-14800 -batch -config /tmp/sssd-softhsm2-XHwNZk/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-XHwNZk/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 223s + openssl x509 -noout -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 223s + cat 223s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-23429 223s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-23429 1024 223s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-23429 -config /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.config -key /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-14800 -sha256 -out /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-certificate-request.pem 223s + openssl req -text -noout -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-certificate-request.pem 223s Certificate Request: 223s Data: 223s Version: 1 (0x0) 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:9e:02:9d:22:e0:f6:29:f2:12:a9:ad:85:d8:d1: 223s 5c:ae:62:7d:83:d9:6e:6e:61:ed:79:84:15:55:83: 223s ab:9c:2c:47:19:67:ce:cb:30:81:f5:e7:f7:ea:1a: 223s 02:be:5a:81:b6:be:70:b6:14:ef:dd:63:f4:a3:6f: 223s b1:ab:25:f1:b6:1a:09:18:5e:d5:f1:82:b3:2a:e7: 223s 4f:c0:04:08:fe:ca:69:7b:89:7f:97:91:e3:f8:70: 223s 8c:f8:eb:a0:17:5e:6f:50:9c:7c:ef:7e:3b:97:56: 223s 46:5c:bd:16:45:cb:23:48:16:13:c8:89:f1:6f:a9: 223s 55:e4:83:cc:eb:f0:1c:08:9d 223s Exponent: 65537 (0x10001) 223s Attributes: 223s (none) 223s Requested Extensions: 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 7b:77:05:c4:6e:a9:2f:87:46:31:a2:6d:19:88:8e:d1:cc:84: 223s 4b:2f:98:8c:b0:04:08:27:87:ba:e6:4c:cd:84:3a:8d:3f:fb: 223s 1c:b7:45:3a:0e:43:2c:67:02:cb:84:c4:b0:c2:8d:de:13:cf: 223s 21:65:38:30:5d:49:7c:8b:1c:f2:48:7c:c2:28:bf:f5:98:5a: 223s ab:89:c4:21:c5:a2:24:85:50:a3:9a:79:ca:2c:b0:34:ca:3e: 223s e8:b2:b6:bc:c0:60:45:32:9d:dc:fd:34:93:e2:a4:d9:f5:41: 223s 54:5d:0d:ec:f3:b0:19:59:b4:37:70:20:75:2c:3f:4b:cb:f9: 223s 6c:b4 223s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-XHwNZk/test-root-CA.config -passin pass:random-root-CA-password-14800 -keyfile /tmp/sssd-softhsm2-XHwNZk/test-root-CA-key.pem -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 223s Using configuration from /tmp/sssd-softhsm2-XHwNZk/test-root-CA.config 223s Check that the request matches the signature 223s Signature ok 223s Certificate Details: 223s Serial Number: 1 (0x1) 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: 223s organizationName = Test Organization 223s organizationalUnitName = T/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem: OK 223s est Organization Unit 223s commonName = Test Organization Intermediate CA 223s X509v3 extensions: 223s X509v3 Subject Key Identifier: 223s 87:BB:9F:04:11:59:F4:77:6B:F8:26:D0:DE:46:91:F6:2D:AD:7E:BD 223s X509v3 Authority Key Identifier: 223s keyid:5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 223s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 223s serial:00 223s X509v3 Basic Constraints: 223s CA:TRUE 223s X509v3 Key Usage: critical 223s Digital Signature, Certificate Sign, CRL Sign 223s Certificate is to be certified until Jan 19 11:56:57 2026 GMT (365 days) 223s 223s Write out database with 1 new entries 223s Database updated 223s + openssl x509 -noout -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 223s + cat 223s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-1499 223s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-1499 1024 223s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-1499 -config /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-23429 -sha256 -out /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-certificate-request.pem 223s + openssl req -text -noout -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-certificate-request.pem 223s Certificate Request: 223s Data: 223s Version: 1 (0x0) 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:c3:7a:9a:01:01:7a:71:a0:56:69:c1:18:5a:84: 223s 47:51:ba:65:54:aa:57:cc:1d:f1:b1:25:80:7e:1c: 223s 04:1f:ad:8c:49:0d:16:39:01:28:69:a3:51:cd:a6: 223s 0b:f2:34:ae:e9:9d:60:2a:cd:7e:b2:8f:f7:5b:05: 223s 5c:77:e9:63:7a:e8:18:6f:b6:f4:a2:3b:e5:45:85: 223s 56:99:b0:28:b6:07:bc:46:6a:0f:84:66:b6:79:7f: 223s 46:b0:23:97:26:a8:e2:d3:a9:dd:3c:b7:59:0b:f7: 223s 2f:18:0f:3e:6d:ea:f0:31:b0:35:4b:65:51:7e:0c: 223s 5e:f7:be:f5:c1:6c:ad:8e:25 223s Exponent: 65537 (0x10001) 223s Attributes: 223s (none) 223s Requested Extensions: 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 39:4e:60:b5:32:d3:9d:e3:5b:9a:ce:50:dd:c1:6a:b5:98:21: 223s 63:a7:d3:3b:e8:d4:64:7c:45:72:90:cc:02:6b:c2:fa:b7:ac: 223s e9:76:b9:41:7f:c4:bb:84:57:07:b7:99:eb:a9:81:2e:89:60: 223s 34:ff:f8:de:ad:56:d0:b7:49:b4:d4:77:f6:96:47:be:ab:e0: 223s 04:e1:40:be:62:2e:59:3a:c7:3a:2a:2b:32:55:62:f0:8e:c8: 223s ca:1f:74:9d:d3:06:07:7b:be:6a:14:8d:e6:f1:a7:0b:a4:a8: 223s 6b:86:5c:4b:a8:70:ad:eb:4a:61:52:72:0c:95:bd:bd:bb:f7: 223s 8f:4e 223s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-23429 -keyfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 223s Using configuration from /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.config 223s Check that the request matches the signature 223s Signature ok 223s Certificate Details: 223s Serial Number: 2 (0x2) 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: 223s organizationName = Test Organization 223s organizationalUnitName = Test Organization Unit 223s commonName = Test Organization Sub Intermediate CA 223s X509v3 extensions: 223s X509v3 Subject Key Identifier: 223s 99:83:7A:2A:E5:A6:5E:71:AB:EC:EC:15:96:A0:28:36:55:04:98:9A 223s X509v3 Authority Key Identifier: 223s keyid:87:BB:9F:04:11:59:F4:77:6B:F8:26:D0:DE:46:91:F6:2D:AD:7E:BD 223s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 223s serial:01 223s X509v3 Basic Constraints: 223s CA:TRUE 223s X509v3 Key Usage: critical 223s Digital Signature, Certificate Sign, CRL Sign 223s Certificate is to be certified until Jan 19 11:56:57 2026 GMT (365 days) 223s 223s Write out database with 1 new entries 223s Database updated 223s + openssl x509 -noout -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 223s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 223s /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem: OK 223s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 223s + local cmd=openssl 223s + shift 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 223s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 223s error 20 at 0 depth lookup: unable to get local issuer certificate 223s error /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem: verification failed 223s + cat 223s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-827 1024 223s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-827 -key /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001-request.pem 223s + openssl req -text -noout -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001-request.pem 223s Certificate Request: 223s Data: 223s Version: 1 (0x0) 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e2:74:bc:49:b2:a4:57:94:e1:df:59:6f:44:e8: 223s 95:3e:cf:5b:8b:5d:f0:c7:36:0d:ef:3e:56:82:4d: 223s 57:a3:e6:1e:4f:06:13:b3:1c:c8:5f:88:cc:c7:06: 223s ca:68:0c:1c:71:8c:af:78:18:3a:fd:75:8f:d2:62: 223s b2:4b:71:d2:6b:32:f2:bc:90:d1:e7:26:bc:d9:78: 223s 37:ee:7a:5b:37:2b:bb:5c:dd:3f:08:71:94:81:5c: 223s 60:90:4e:82:14:9e:df:c7:f3:c9:f0:69:55:5d:60: 223s c4:24:3b:fd:54:9f:9d:69:4e:30:6e:47:d0:fd:ac: 223s 40:79:7a:85:bb:96:4b:7a:bd 223s Exponent: 65537 (0x10001) 223s Attributes: 223s Requested Extensions: 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Root CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 02:bc:a8:93:7b:b5:0f:74:5b:85:83:80:5c:dc:4c:be:3f:a3: 223s 24:4b:c6:79:26:28:52:21:fc:7d:c3:d4:87:68:b8:ca:87:7c: 223s 93:63:1e:ac:91:aa:96:84:fb:28:fe:e7:55:a2:e3:f8:a2:61: 223s ff:f2:ae:df:df:a0:1c:0a:fa:da:1a:a0:9f:ad:dc:6a:ef:e1: 223s 07:fe:1f:12:e0:3d:23:25:4e:af:2b:a8:84:a2:a6:8b:fe:65: 223s 6d:29:0b:59:26:4f:4b:ca:4c:5e:ca:ae:ef:0d:b1:2f:ce:01: 223s d1:21:8d:d0:52:a4:43:d1:69:1b:e6:a2:14:fc:57:42:0d:19: 223s b4:77 223s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-XHwNZk/test-root-CA.config -passin pass:random-root-CA-password-14800 -keyfile /tmp/sssd-softhsm2-XHwNZk/test-root-CA-key.pem -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s Using configuration from /tmp/sssd-softhsm2-XHwNZk/test-root-CA.config 223s Check that the request matches the signature 223s Signature ok 223s Certificate Details: 223s Serial Number: 3 (0x3) 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: 223s organizationName = Test Organization 223s organizationalUnitName = Test Organization Unit 223s commonName = Test Organization Root Trusted Certificate 0001 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Root CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Certificate is to be certified until Jan 19 11:56:57 2026 GMT (365 days) 223s 223s Write out database with 1 new entries 223s Database updated 223s + openssl x509 -noout -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem: OK 223s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local cmd=openssl 223s + shift 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 223s error 20 at 0 depth lookup: unable to get local issuer certificate 223s error /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem: verification failed 223s + cat 223s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 223s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-22943 1024 223s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-22943 -key /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001-request.pem 223s + openssl req -text -noout -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001-request.pem 223s Certificate Request: 223s Data: 223s Version: 1 (0x0) 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:ae:6f:8e:50:7f:e5:d0:78:28:0d:07:a3:72:41: 223s 63:d1:75:7e:a8:0e:27:4a:2b:a3:b2:c4:3f:21:9a: 223s f8:7c:bd:a3:fb:8a:e5:5c:e5:2e:9f:f2:4e:c1:c6: 223s bf:99:4c:ad:55:32:b1:90:b6:78:47:25:f7:8a:2b: 223s 5d:bb:4f:6d:36:ee:13:ef:4b:7c:23:a5:64:0a:a7: 223s d1:50:80:aa:6a:63:df:ea:c3:6d:5e:29:88:28:07: 223s 63:34:a8:f8:08:e9:4d:ae:d1:d6:48:f4:1b:f3:13: 223s 45:e8:7d:54:d8:24:21:9d:62:e4:48:1b:1f:96:98: 223s 86:c8:98:43:6f:ec:23:71:bd 223s Exponent: 65537 (0x10001) 223s Attributes: 223s Requested Extensions: 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Intermediate CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s D2:01:62:D7:C8:42:74:E0:D4:95:1E:21:BF:CE:DB:4B:B3:24:51:76 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 81:98:22:e2:ba:02:51:91:c4:7b:80:e6:f2:ad:3e:7b:5e:05: 223s af:7e:9e:c6:54:11:15:b6:eb:bc:58:02:64:ca:ee:ac:ae:83: 223s 69:8a:81:7d:c9:eb:8a:46:f4:c4:f6:ee:56:a7:04:73:fe:b1: 223s 88:e0:6e:03:60:9d:95:f6:d8:d0:ea:7e:32:ac:03:40:e1:3e: 223s c3:9b:c3:ba:67:52:ed:ce:70:7a:c9:5c:de:2e:7c:47:5a:1b: 223s 70:1f:b7:47:17:90:36:7b:e1:cf:67:87:e7:63:13:5c:0e:48: 223s 4a:76:79:69:06:13:6d:5d:b1:91:a1:4a:e6:ca:89:ee:50:27: 223s bf:e8 223s + openssl ca -passin pass:random-intermediate-CA-password-23429 -config /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 223s Using configuration from /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.config 223s Check that the request matches the signature 223s Signature ok 223s Certificate Details: 223s Serial Number: 4 (0x4) 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: 223s organizationName = Test Organization 223s organizationalUnitName = Test Organization Unit 223s commonName = Test Organization Intermediate Trusted Certificate 0001 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 87:BB:9F:04:11:59:F4:77:6B:F8:26:D0:DE:46:91:F6:2D:AD:7E:BD 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Intermediate CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s D2:01:62:D7:C8:42:74:E0:D4:95:1E:21:BF:CE:DB:4B:B3:24:51:76 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Certificate is to be certified until Jan 19 11:56:57 2026 GMT (365 days) 223s 223s Write out database with 1 new entries 223s Database updated 223s + openssl x509 -noout -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 223s + echo 'This certificate should not be trusted fully' 223s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 223s + local cmd=openssl 223s This certificate should not be trusted fully 223s + shift 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 223s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 223s error 2 at 1 depth lookup: unable to get issuer certificate 223s error /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 223s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 223s /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem: OK 223s + cat 223s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 223s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-29294 1024 223s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-29294 -key /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 223s + openssl req -text -noout -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 223s Certificate Request: 223s Data: 223s Version: 1 (0x0) 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:9b:75:2c:7f:7c:2d:ba:f4:d2:aa:90:78:70:ed: 223s 82:36:62:c9:25:28:ca:0b:a1:82:d9:6e:9e:1f:92: 223s 8e:c1:47:bc:25:5f:7a:38:b2:f1:05:76:9b:87:b5: 223s 5d:c9:62:ec:79:ca:db:8b:26:fd:90:87:a3:1c:f2: 223s c6:28:78:42:32:9a:c7:73:25:25:54:f3:07:2f:dc: 223s 73:98:91:a7:50:a2:52:b5:88:22:69:25:b1:a7:13: 223s 91:8d:67:fd:01:db:93:9d:80:72:a1:ca:b3:a4:c0: 223s 67:b1:bb:32:47:42:a7:1e:d8:01:c0:96:ba:9d:e7: 223s 2e:1f:d1:6f:ba:90:fd:9b:c5 223s Exponent: 65537 (0x10001) 223s Attributes: 223s Requested Extensions: 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Sub Intermediate CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 48:29:1A:4A:6B:F6:5C:9B:43:14:D3:FB:06:77:53:24:69:DA:CB:67 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 81:31:a6:a5:d9:fa:98:c5:fb:5f:a5:f0:bb:22:52:79:83:b4: 223s 43:95:5d:2f:66:d1:f8:a6:0d:09:bb:6f:e9:3c:20:98:eb:18: 223s cb:92:a8:61:10:c7:df:72:55:34:a0:90:f5:f3:a0:52:23:3b: 223s cb:fc:e4:4d:6a:67:d0:83:3f:72:96:3a:e7:64:9e:45:97:87: 223s d2:b0:43:81:4c:e2:3b:db:72:8f:4c:1f:b2:f2:db:c2:5b:c2: 223s 71:64:3a:f6:29:15:51:a4:8d:b5:e3:fd:1c:1e:ad:5e:d1:8e: 223s 33:e6:a3:04:dc:17:cc:ae:8d:60:a4:9a:79:c5:be:40:ce:a6: 223s 68:b8 223s + openssl ca -passin pass:random-sub-intermediate-CA-password-1499 -config /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s Using configuration from /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.config 223s Check that the request matches the signature 223s Signature ok 223s Certificate Details: 223s Serial Number: 5 (0x5) 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: 223s organizationName = Test Organization 223s organizationalUnitName = Test Organization Unit 223s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 99:83:7A:2A:E5:A6:5E:71:AB:EC:EC:15:96:A0:28:36:55:04:98:9A 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Sub Intermediate CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 48:29:1A:4A:6B:F6:5C:9B:43:14:D3:FB:06:77:53:24:69:DA:CB:67 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Certificate is to be certified until Jan 19 11:56:57 2026 GMT (365 days) 223s 223s Write out database with 1 new entries 223s Database updated 223s + openssl x509 -noout -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s This certificate should not be trusted fully 223s + echo 'This certificate should not be trusted fully' 223s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local cmd=openssl 223s + shift 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 223s error 2 at 1 depth lookup: unable to get issuer certificate 223s error /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 223s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local cmd=openssl 223s + shift 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 223s error 20 at 0 depth lookup: unable to get local issuer certificate 223s error /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 223s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 223s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + local cmd=openssl 223s + shift 223s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 223s error 20 at 0 depth lookup: unable to get local issuer certificate 223s error /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 223s Building a the full-chain CA file... 223s + echo 'Building a the full-chain CA file...' 223s + cat /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 223s + cat /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 223s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s 223s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 223s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s 223s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 223s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 223s 223s /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem: OK 223s /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem: OK 223s /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem: OK 223s /tmp/sssd-softhsm2-XHwNZk/test-root-intermediate-chain-CA.pem: OK 223s /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 223s Certificates generation completed! 223s + cat /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 223s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 223s + openssl pkcs7 -print_certs -noout 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-root-intermediate-chain-CA.pem 223s + openssl verify -CAfile /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 223s + echo 'Certificates generation completed!' 223s + [[ -v NO_SSSD_TESTS ]] 223s + invalid_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /dev/null 223s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /dev/null 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_ring=/dev/null 223s + local verify_option= 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-root-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Root Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 223s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 223s + token_name='Test Organization Root Tr Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 223s + local key_file 223s + local decrypted_key 223s + mkdir -p /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 223s + key_file=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001-key.pem 223s + decrypted_key=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001-key-decrypted.pem 223s + cat 223s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 223s Slot 0 has a free/uninitialized token. 223s The token has been initialized and is reassigned to slot 1487035714 223s + softhsm2-util --show-slots 223s Available slots: 223s Slot 1487035714 223s Slot info: 223s Description: SoftHSM slot ID 0x58a25d42 223s Manufacturer ID: SoftHSM project 223s Hardware version: 2.6 223s Firmware version: 2.6 223s Token present: yes 223s Token info: 223s Manufacturer ID: SoftHSM project 223s Model: SoftHSM v2 223s Hardware version: 2.6 223s Firmware version: 2.6 223s Serial number: 32c96c3f58a25d42 223s Initialized: yes 223s User PIN init.: yes 223s Label: Test Organization Root Tr Token 223s Slot 1 223s Slot info: 223s Description: SoftHSM slot ID 0x1 223s Manufacturer ID: SoftHSM project 223s Hardware version: 2.6 223s Firmware version: 2.6 223s Token present: yes 223s Token info: 223s Manufacturer ID: SoftHSM project 223s Model: SoftHSM v2 223s Hardware version: 2.6 223s Firmware version: 2.6 223s Serial number: 223s Initialized: no 223s User PIN init.: no 223s Label: 223s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 223s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-827 -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001-key-decrypted.pem 223s writing RSA key 223s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 223s + rm /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001-key-decrypted.pem 223s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 223s Object 0: 223s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32c96c3f58a25d42;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 223s Type: X.509 Certificate (RSA-1024) 223s Expires: Mon Jan 19 11:56:57 2026 223s Label: Test Organization Root Trusted Certificate 0001 223s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 223s 223s + echo 'Test Organization Root Tr Token' 223s + '[' -n '' ']' 223s + local output_base_name=SSSD-child-1280 223s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-1280.output 223s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-1280.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 223s Test Organization Root Tr Token 223s [p11_child[3228]] [main] (0x0400): p11_child started. 223s [p11_child[3228]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[3228]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[3228]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[3228]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 223s [p11_child[3228]] [do_work] (0x0040): init_verification failed. 223s [p11_child[3228]] [main] (0x0020): p11_child failed (5) 223s + return 2 223s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /dev/null no_verification 223s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /dev/null no_verification 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_ring=/dev/null 223s + local verify_option=no_verification 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-root-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Root Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 223s Test Organization Root Tr Token 223s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 223s + token_name='Test Organization Root Tr Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 223s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 223s + echo 'Test Organization Root Tr Token' 223s + '[' -n no_verification ']' 223s + local verify_arg=--verify=no_verification 223s + local output_base_name=SSSD-child-21812 223s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812.output 223s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 223s [p11_child[3234]] [main] (0x0400): p11_child started. 223s [p11_child[3234]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[3234]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[3234]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[3234]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 223s [p11_child[3234]] [do_card] (0x4000): Module List: 223s [p11_child[3234]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[3234]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3234]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[3234]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 223s [p11_child[3234]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3234]] [do_card] (0x4000): Login NOT required. 223s [p11_child[3234]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 223s [p11_child[3234]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[3234]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x58a25d42;slot-manufacturer=SoftHSM%20project;slot-id=1487035714;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32c96c3f58a25d42;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[3234]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 3 (0x3) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e2:74:bc:49:b2:a4:57:94:e1:df:59:6f:44:e8: 223s 95:3e:cf:5b:8b:5d:f0:c7:36:0d:ef:3e:56:82:4d: 223s 57:a3:e6:1e:4f:06:13:b3:1c:c8:5f:88:cc:c7:06: 223s ca:68:0c:1c:71:8c:af:78:18:3a:fd:75:8f:d2:62: 223s b2:4b:71:d2:6b:32:f2:bc:90:d1:e7:26:bc:d9:78: 223s 37:ee:7a:5b:37:2b:bb:5c:dd:3f:08:71:94:81:5c: 223s 60:90:4e:82:14:9e:df:c7:f3:c9:f0:69:55:5d:60: 223s c4:24:3b:fd:54:9f:9d:69:4e:30:6e:47:d0:fd:ac: 223s 40:79:7a:85:bb:96:4b:7a:bd 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Root CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 8c:08:bc:cc:78:70:c0:84:75:6a:39:8b:10:0d:2e:cc:01:f0: 223s f1:7f:e3:2d:95:59:54:24:d0:00:a5:76:1d:15:38:bb:7f:43: 223s cc:57:22:2d:6d:d4:6f:1a:82:57:1a:28:16:19:48:fa:38:f9: 223s 21:bf:ca:45:26:36:2e:45:41:87:8c:1d:0e:f8:5f:8c:74:7e: 223s 6e:bd:c1:65:71:ca:66:b1:98:3d:2b:0c:45:29:9a:d5:86:d1: 223s 88:c5:3e:33:05:72:f6:fe:68:db:6e:74:22:0f:8b:94:a4:cf: 223s cb:ab:bd:20:bc:ae:91:5d:ad:aa:fb:42:d3:85:4d:6d:e7:74: 223s dc:6d 223s + local found_md5 expected_md5 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + expected_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812.pem 223s + found_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s + '[' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD '!=' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD ']' 223s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812-auth.output 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812-auth.output .output 223s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812-auth.pem 223s + echo -n 053350 223s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 223s [p11_child[3242]] [main] (0x0400): p11_child started. 223s [p11_child[3242]] [main] (0x2000): Running in [auth] mode. 223s [p11_child[3242]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[3242]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[3242]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 223s [p11_child[3242]] [do_card] (0x4000): Module List: 223s [p11_child[3242]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[3242]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3242]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[3242]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 223s [p11_child[3242]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3242]] [do_card] (0x4000): Login required. 223s [p11_child[3242]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 223s [p11_child[3242]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[3242]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x58a25d42;slot-manufacturer=SoftHSM%20project;slot-id=1487035714;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32c96c3f58a25d42;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 223s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 223s [p11_child[3242]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 223s [p11_child[3242]] [do_card] (0x4000): Certificate verified and validated. 223s [p11_child[3242]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812-auth.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812-auth.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812-auth.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 3 (0x3) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e2:74:bc:49:b2:a4:57:94:e1:df:59:6f:44:e8: 223s 95:3e:cf:5b:8b:5d:f0:c7:36:0d:ef:3e:56:82:4d: 223s 57:a3:e6:1e:4f:06:13:b3:1c:c8:5f:88:cc:c7:06: 223s ca:68:0c:1c:71:8c:af:78:18:3a:fd:75:8f:d2:62: 223s b2:4b:71:d2:6b:32:f2:bc:90:d1:e7:26:bc:d9:78: 223s 37:ee:7a:5b:37:2b:bb:5c:dd:3f:08:71:94:81:5c: 223s 60:90:4e:82:14:9e:df:c7:f3:c9:f0:69:55:5d:60: 223s c4:24:3b:fd:54:9f:9d:69:4e:30:6e:47:d0:fd:ac: 223s 40:79:7a:85:bb:96:4b:7a:bd 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Root CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 8c:08:bc:cc:78:70:c0:84:75:6a:39:8b:10:0d:2e:cc:01:f0: 223s f1:7f:e3:2d:95:59:54:24:d0:00:a5:76:1d:15:38:bb:7f:43: 223s cc:57:22:2d:6d:d4:6f:1a:82:57:1a:28:16:19:48:fa:38:f9: 223s 21:bf:ca:45:26:36:2e:45:41:87:8c:1d:0e:f8:5f:8c:74:7e: 223s 6e:bd:c1:65:71:ca:66:b1:98:3d:2b:0c:45:29:9a:d5:86:d1: 223s 88:c5:3e:33:05:72:f6:fe:68:db:6e:74:22:0f:8b:94:a4:cf: 223s cb:ab:bd:20:bc:ae:91:5d:ad:aa:fb:42:d3:85:4d:6d:e7:74: 223s dc:6d 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21812-auth.pem 223s + found_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s + '[' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD '!=' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD ']' 223s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 223s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 223s + local verify_option= 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-root-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Root Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 223s Test Organization Root Tr Token 223s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 223s + token_name='Test Organization Root Tr Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 223s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 223s + echo 'Test Organization Root Tr Token' 223s + '[' -n '' ']' 223s + local output_base_name=SSSD-child-15603 223s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603.output 223s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 223s [p11_child[3252]] [main] (0x0400): p11_child started. 223s [p11_child[3252]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[3252]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[3252]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[3252]] [do_card] (0x4000): Module List: 223s [p11_child[3252]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[3252]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3252]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[3252]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 223s [p11_child[3252]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3252]] [do_card] (0x4000): Login NOT required. 223s [p11_child[3252]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 223s [p11_child[3252]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[3252]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[3252]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x58a25d42;slot-manufacturer=SoftHSM%20project;slot-id=1487035714;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32c96c3f58a25d42;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[3252]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 3 (0x3) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e2:74:bc:49:b2:a4:57:94:e1:df:59:6f:44:e8: 223s 95:3e:cf:5b:8b:5d:f0:c7:36:0d:ef:3e:56:82:4d: 223s 57:a3:e6:1e:4f:06:13:b3:1c:c8:5f:88:cc:c7:06: 223s ca:68:0c:1c:71:8c:af:78:18:3a:fd:75:8f:d2:62: 223s b2:4b:71:d2:6b:32:f2:bc:90:d1:e7:26:bc:d9:78: 223s 37:ee:7a:5b:37:2b:bb:5c:dd:3f:08:71:94:81:5c: 223s 60:90:4e:82:14:9e:df:c7:f3:c9:f0:69:55:5d:60: 223s c4:24:3b:fd:54:9f:9d:69:4e:30:6e:47:d0:fd:ac: 223s 40:79:7a:85:bb:96:4b:7a:bd 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Root CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 8c:08:bc:cc:78:70:c0:84:75:6a:39:8b:10:0d:2e:cc:01:f0: 223s f1:7f:e3:2d:95:59:54:24:d0:00:a5:76:1d:15:38:bb:7f:43: 223s cc:57:22:2d:6d:d4:6f:1a:82:57:1a:28:16:19:48:fa:38:f9: 223s 21:bf:ca:45:26:36:2e:45:41:87:8c:1d:0e:f8:5f:8c:74:7e: 223s 6e:bd:c1:65:71:ca:66:b1:98:3d:2b:0c:45:29:9a:d5:86:d1: 223s 88:c5:3e:33:05:72:f6:fe:68:db:6e:74:22:0f:8b:94:a4:cf: 223s cb:ab:bd:20:bc:ae:91:5d:ad:aa:fb:42:d3:85:4d:6d:e7:74: 223s dc:6d 223s + local found_md5 expected_md5 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + expected_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603.pem 223s + found_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s + '[' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD '!=' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD ']' 223s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603-auth.output 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603-auth.output .output 223s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603-auth.pem 223s + echo -n 053350 223s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 223s [p11_child[3260]] [main] (0x0400): p11_child started. 223s [p11_child[3260]] [main] (0x2000): Running in [auth] mode. 223s [p11_child[3260]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[3260]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[3260]] [do_card] (0x4000): Module List: 223s [p11_child[3260]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[3260]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3260]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[3260]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 223s [p11_child[3260]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3260]] [do_card] (0x4000): Login required. 223s [p11_child[3260]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 223s [p11_child[3260]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[3260]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[3260]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x58a25d42;slot-manufacturer=SoftHSM%20project;slot-id=1487035714;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32c96c3f58a25d42;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 223s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 223s [p11_child[3260]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 223s [p11_child[3260]] [do_card] (0x4000): Certificate verified and validated. 223s [p11_child[3260]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603-auth.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603-auth.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603-auth.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 3 (0x3) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e2:74:bc:49:b2:a4:57:94:e1:df:59:6f:44:e8: 223s 95:3e:cf:5b:8b:5d:f0:c7:36:0d:ef:3e:56:82:4d: 223s 57:a3:e6:1e:4f:06:13:b3:1c:c8:5f:88:cc:c7:06: 223s ca:68:0c:1c:71:8c:af:78:18:3a:fd:75:8f:d2:62: 223s b2:4b:71:d2:6b:32:f2:bc:90:d1:e7:26:bc:d9:78: 223s 37:ee:7a:5b:37:2b:bb:5c:dd:3f:08:71:94:81:5c: 223s 60:90:4e:82:14:9e:df:c7:f3:c9:f0:69:55:5d:60: 223s c4:24:3b:fd:54:9f:9d:69:4e:30:6e:47:d0:fd:ac: 223s 40:79:7a:85:bb:96:4b:7a:bd 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Root CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 8c:08:bc:cc:78:70:c0:84:75:6a:39:8b:10:0d:2e:cc:01:f0: 223s f1:7f:e3:2d:95:59:54:24:d0:00:a5:76:1d:15:38:bb:7f:43: 223s cc:57:22:2d:6d:d4:6f:1a:82:57:1a:28:16:19:48:fa:38:f9: 223s 21:bf:ca:45:26:36:2e:45:41:87:8c:1d:0e:f8:5f:8c:74:7e: 223s 6e:bd:c1:65:71:ca:66:b1:98:3d:2b:0c:45:29:9a:d5:86:d1: 223s 88:c5:3e:33:05:72:f6:fe:68:db:6e:74:22:0f:8b:94:a4:cf: 223s cb:ab:bd:20:bc:ae:91:5d:ad:aa:fb:42:d3:85:4d:6d:e7:74: 223s dc:6d 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-15603-auth.pem 223s + found_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s + '[' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD '!=' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD ']' 223s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem partial_chain 223s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem partial_chain 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 223s + local verify_option=partial_chain 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-root-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Root Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 223s Test Organization Root Tr Token 223s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 223s + token_name='Test Organization Root Tr Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 223s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 223s + echo 'Test Organization Root Tr Token' 223s + '[' -n partial_chain ']' 223s + local verify_arg=--verify=partial_chain 223s + local output_base_name=SSSD-child-21619 223s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619.output 223s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 223s [p11_child[3270]] [main] (0x0400): p11_child started. 223s [p11_child[3270]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[3270]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[3270]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[3270]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 223s [p11_child[3270]] [do_card] (0x4000): Module List: 223s [p11_child[3270]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[3270]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3270]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[3270]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 223s [p11_child[3270]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3270]] [do_card] (0x4000): Login NOT required. 223s [p11_child[3270]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 223s [p11_child[3270]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[3270]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[3270]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x58a25d42;slot-manufacturer=SoftHSM%20project;slot-id=1487035714;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32c96c3f58a25d42;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[3270]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 3 (0x3) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e2:74:bc:49:b2:a4:57:94:e1:df:59:6f:44:e8: 223s 95:3e:cf:5b:8b:5d:f0:c7:36:0d:ef:3e:56:82:4d: 223s 57:a3:e6:1e:4f:06:13:b3:1c:c8:5f:88:cc:c7:06: 223s ca:68:0c:1c:71:8c:af:78:18:3a:fd:75:8f:d2:62: 223s b2:4b:71:d2:6b:32:f2:bc:90:d1:e7:26:bc:d9:78: 223s 37:ee:7a:5b:37:2b:bb:5c:dd:3f:08:71:94:81:5c: 223s 60:90:4e:82:14:9e:df:c7:f3:c9:f0:69:55:5d:60: 223s c4:24:3b:fd:54:9f:9d:69:4e:30:6e:47:d0:fd:ac: 223s 40:79:7a:85:bb:96:4b:7a:bd 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Root CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 8c:08:bc:cc:78:70:c0:84:75:6a:39:8b:10:0d:2e:cc:01:f0: 223s f1:7f:e3:2d:95:59:54:24:d0:00:a5:76:1d:15:38:bb:7f:43: 223s cc:57:22:2d:6d:d4:6f:1a:82:57:1a:28:16:19:48:fa:38:f9: 223s 21:bf:ca:45:26:36:2e:45:41:87:8c:1d:0e:f8:5f:8c:74:7e: 223s 6e:bd:c1:65:71:ca:66:b1:98:3d:2b:0c:45:29:9a:d5:86:d1: 223s 88:c5:3e:33:05:72:f6:fe:68:db:6e:74:22:0f:8b:94:a4:cf: 223s cb:ab:bd:20:bc:ae:91:5d:ad:aa:fb:42:d3:85:4d:6d:e7:74: 223s dc:6d 223s + local found_md5 expected_md5 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + expected_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619.pem 223s + found_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s + '[' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD '!=' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD ']' 223s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619-auth.output 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619-auth.output .output 223s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619-auth.pem 223s + echo -n 053350 223s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 223s [p11_child[3278]] [main] (0x0400): p11_child started. 223s [p11_child[3278]] [main] (0x2000): Running in [auth] mode. 223s [p11_child[3278]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[3278]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[3278]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 223s [p11_child[3278]] [do_card] (0x4000): Module List: 223s [p11_child[3278]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[3278]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3278]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[3278]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 223s [p11_child[3278]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3278]] [do_card] (0x4000): Login required. 223s [p11_child[3278]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 223s [p11_child[3278]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[3278]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[3278]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x58a25d42;slot-manufacturer=SoftHSM%20project;slot-id=1487035714;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32c96c3f58a25d42;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 223s [p11_child[3278]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 223s [p11_child[3278]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 223s [p11_child[3278]] [do_card] (0x4000): Certificate verified and validated. 223s [p11_child[3278]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619-auth.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619-auth.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619-auth.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 3 (0x3) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e2:74:bc:49:b2:a4:57:94:e1:df:59:6f:44:e8: 223s 95:3e:cf:5b:8b:5d:f0:c7:36:0d:ef:3e:56:82:4d: 223s 57:a3:e6:1e:4f:06:13:b3:1c:c8:5f:88:cc:c7:06: 223s ca:68:0c:1c:71:8c:af:78:18:3a:fd:75:8f:d2:62: 223s b2:4b:71:d2:6b:32:f2:bc:90:d1:e7:26:bc:d9:78: 223s 37:ee:7a:5b:37:2b:bb:5c:dd:3f:08:71:94:81:5c: 223s 60:90:4e:82:14:9e:df:c7:f3:c9:f0:69:55:5d:60: 223s c4:24:3b:fd:54:9f:9d:69:4e:30:6e:47:d0:fd:ac: 223s 40:79:7a:85:bb:96:4b:7a:bd 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Root CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 8c:08:bc:cc:78:70:c0:84:75:6a:39:8b:10:0d:2e:cc:01:f0: 223s f1:7f:e3:2d:95:59:54:24:d0:00:a5:76:1d:15:38:bb:7f:43: 223s cc:57:22:2d:6d:d4:6f:1a:82:57:1a:28:16:19:48:fa:38:f9: 223s 21:bf:ca:45:26:36:2e:45:41:87:8c:1d:0e:f8:5f:8c:74:7e: 223s 6e:bd:c1:65:71:ca:66:b1:98:3d:2b:0c:45:29:9a:d5:86:d1: 223s 88:c5:3e:33:05:72:f6:fe:68:db:6e:74:22:0f:8b:94:a4:cf: 223s cb:ab:bd:20:bc:ae:91:5d:ad:aa:fb:42:d3:85:4d:6d:e7:74: 223s dc:6d 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21619-auth.pem 223s + found_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s + '[' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD '!=' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD ']' 223s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 223s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 223s + local verify_option= 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-root-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Root Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 223s Test Organization Root Tr Token 223s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 223s + token_name='Test Organization Root Tr Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 223s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 223s + echo 'Test Organization Root Tr Token' 223s + '[' -n '' ']' 223s + local output_base_name=SSSD-child-18193 223s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193.output 223s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 223s [p11_child[3288]] [main] (0x0400): p11_child started. 223s [p11_child[3288]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[3288]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[3288]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[3288]] [do_card] (0x4000): Module List: 223s [p11_child[3288]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[3288]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3288]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[3288]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 223s [p11_child[3288]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3288]] [do_card] (0x4000): Login NOT required. 223s [p11_child[3288]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 223s [p11_child[3288]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[3288]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[3288]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x58a25d42;slot-manufacturer=SoftHSM%20project;slot-id=1487035714;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32c96c3f58a25d42;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[3288]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 3 (0x3) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e2:74:bc:49:b2:a4:57:94:e1:df:59:6f:44:e8: 223s 95:3e:cf:5b:8b:5d:f0:c7:36:0d:ef:3e:56:82:4d: 223s 57:a3:e6:1e:4f:06:13:b3:1c:c8:5f:88:cc:c7:06: 223s ca:68:0c:1c:71:8c:af:78:18:3a:fd:75:8f:d2:62: 223s b2:4b:71:d2:6b:32:f2:bc:90:d1:e7:26:bc:d9:78: 223s 37:ee:7a:5b:37:2b:bb:5c:dd:3f:08:71:94:81:5c: 223s 60:90:4e:82:14:9e:df:c7:f3:c9:f0:69:55:5d:60: 223s c4:24:3b:fd:54:9f:9d:69:4e:30:6e:47:d0:fd:ac: 223s 40:79:7a:85:bb:96:4b:7a:bd 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Root CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 8c:08:bc:cc:78:70:c0:84:75:6a:39:8b:10:0d:2e:cc:01:f0: 223s f1:7f:e3:2d:95:59:54:24:d0:00:a5:76:1d:15:38:bb:7f:43: 223s cc:57:22:2d:6d:d4:6f:1a:82:57:1a:28:16:19:48:fa:38:f9: 223s 21:bf:ca:45:26:36:2e:45:41:87:8c:1d:0e:f8:5f:8c:74:7e: 223s 6e:bd:c1:65:71:ca:66:b1:98:3d:2b:0c:45:29:9a:d5:86:d1: 223s 88:c5:3e:33:05:72:f6:fe:68:db:6e:74:22:0f:8b:94:a4:cf: 223s cb:ab:bd:20:bc:ae:91:5d:ad:aa:fb:42:d3:85:4d:6d:e7:74: 223s dc:6d 223s + local found_md5 expected_md5 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + expected_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193.pem 223s + found_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s + '[' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD '!=' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD ']' 223s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193-auth.output 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193-auth.output .output 223s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193-auth.pem 223s + echo -n 053350 223s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 223s [p11_child[3296]] [main] (0x0400): p11_child started. 223s [p11_child[3296]] [main] (0x2000): Running in [auth] mode. 223s [p11_child[3296]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[3296]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[3296]] [do_card] (0x4000): Module List: 223s [p11_child[3296]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[3296]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3296]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[3296]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 223s [p11_child[3296]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3296]] [do_card] (0x4000): Login required. 223s [p11_child[3296]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 223s [p11_child[3296]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[3296]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[3296]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x58a25d42;slot-manufacturer=SoftHSM%20project;slot-id=1487035714;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32c96c3f58a25d42;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 223s [p11_child[3296]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 223s [p11_child[3296]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 223s [p11_child[3296]] [do_card] (0x4000): Certificate verified and validated. 223s [p11_child[3296]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193-auth.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193-auth.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193-auth.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 3 (0x3) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e2:74:bc:49:b2:a4:57:94:e1:df:59:6f:44:e8: 223s 95:3e:cf:5b:8b:5d:f0:c7:36:0d:ef:3e:56:82:4d: 223s 57:a3:e6:1e:4f:06:13:b3:1c:c8:5f:88:cc:c7:06: 223s ca:68:0c:1c:71:8c:af:78:18:3a:fd:75:8f:d2:62: 223s b2:4b:71:d2:6b:32:f2:bc:90:d1:e7:26:bc:d9:78: 223s 37:ee:7a:5b:37:2b:bb:5c:dd:3f:08:71:94:81:5c: 223s 60:90:4e:82:14:9e:df:c7:f3:c9:f0:69:55:5d:60: 223s c4:24:3b:fd:54:9f:9d:69:4e:30:6e:47:d0:fd:ac: 223s 40:79:7a:85:bb:96:4b:7a:bd 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Root CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 8c:08:bc:cc:78:70:c0:84:75:6a:39:8b:10:0d:2e:cc:01:f0: 223s f1:7f:e3:2d:95:59:54:24:d0:00:a5:76:1d:15:38:bb:7f:43: 223s cc:57:22:2d:6d:d4:6f:1a:82:57:1a:28:16:19:48:fa:38:f9: 223s 21:bf:ca:45:26:36:2e:45:41:87:8c:1d:0e:f8:5f:8c:74:7e: 223s 6e:bd:c1:65:71:ca:66:b1:98:3d:2b:0c:45:29:9a:d5:86:d1: 223s 88:c5:3e:33:05:72:f6:fe:68:db:6e:74:22:0f:8b:94:a4:cf: 223s cb:ab:bd:20:bc:ae:91:5d:ad:aa:fb:42:d3:85:4d:6d:e7:74: 223s dc:6d 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18193-auth.pem 223s + found_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 223s + '[' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD '!=' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD ']' 223s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem partial_chain 223s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem partial_chain 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 223s + local verify_option=partial_chain 223s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 223s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 223s + local key_cn 223s + local key_name 223s + local tokens_dir 223s + local output_cert_file 223s + token_name= 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem .pem 223s + key_name=test-root-CA-trusted-certificate-0001 223s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 223s ++ sed -n 's/ *commonName *= //p' 223s + key_cn='Test Organization Root Trusted Certificate 0001' 223s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 223s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 223s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 223s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 223s + token_name='Test Organization Root Tr Token' 223s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 223s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 223s Test Organization Root Tr Token 223s + echo 'Test Organization Root Tr Token' 223s + '[' -n partial_chain ']' 223s + local verify_arg=--verify=partial_chain 223s + local output_base_name=SSSD-child-7657 223s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657.output 223s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657.pem 223s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 223s [p11_child[3306]] [main] (0x0400): p11_child started. 223s [p11_child[3306]] [main] (0x2000): Running in [pre-auth] mode. 223s [p11_child[3306]] [main] (0x2000): Running with effective IDs: [0][0]. 223s [p11_child[3306]] [main] (0x2000): Running with real IDs [0][0]. 223s [p11_child[3306]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 223s [p11_child[3306]] [do_card] (0x4000): Module List: 223s [p11_child[3306]] [do_card] (0x4000): common name: [softhsm2]. 223s [p11_child[3306]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3306]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 223s [p11_child[3306]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 223s [p11_child[3306]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 223s [p11_child[3306]] [do_card] (0x4000): Login NOT required. 223s [p11_child[3306]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 223s [p11_child[3306]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 223s [p11_child[3306]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 223s [p11_child[3306]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x58a25d42;slot-manufacturer=SoftHSM%20project;slot-id=1487035714;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32c96c3f58a25d42;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 223s [p11_child[3306]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 223s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657.output 223s + echo '-----BEGIN CERTIFICATE-----' 223s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657.output 223s + echo '-----END CERTIFICATE-----' 223s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657.pem 223s Certificate: 223s Data: 223s Version: 3 (0x2) 223s Serial Number: 3 (0x3) 223s Signature Algorithm: sha256WithRSAEncryption 223s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 223s Validity 223s Not Before: Jan 19 11:56:57 2025 GMT 223s Not After : Jan 19 11:56:57 2026 GMT 223s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 223s Subject Public Key Info: 223s Public Key Algorithm: rsaEncryption 223s Public-Key: (1024 bit) 223s Modulus: 223s 00:e2:74:bc:49:b2:a4:57:94:e1:df:59:6f:44:e8: 223s 95:3e:cf:5b:8b:5d:f0:c7:36:0d:ef:3e:56:82:4d: 223s 57:a3:e6:1e:4f:06:13:b3:1c:c8:5f:88:cc:c7:06: 223s ca:68:0c:1c:71:8c:af:78:18:3a:fd:75:8f:d2:62: 223s b2:4b:71:d2:6b:32:f2:bc:90:d1:e7:26:bc:d9:78: 223s 37:ee:7a:5b:37:2b:bb:5c:dd:3f:08:71:94:81:5c: 223s 60:90:4e:82:14:9e:df:c7:f3:c9:f0:69:55:5d:60: 223s c4:24:3b:fd:54:9f:9d:69:4e:30:6e:47:d0:fd:ac: 223s 40:79:7a:85:bb:96:4b:7a:bd 223s Exponent: 65537 (0x10001) 223s X509v3 extensions: 223s X509v3 Authority Key Identifier: 223s 5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 223s X509v3 Basic Constraints: 223s CA:FALSE 223s Netscape Cert Type: 223s SSL Client, S/MIME 223s Netscape Comment: 223s Test Organization Root CA trusted Certificate 223s X509v3 Subject Key Identifier: 223s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 223s X509v3 Key Usage: critical 223s Digital Signature, Non Repudiation, Key Encipherment 223s X509v3 Extended Key Usage: 223s TLS Web Client Authentication, E-mail Protection 223s X509v3 Subject Alternative Name: 223s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 223s Signature Algorithm: sha256WithRSAEncryption 223s Signature Value: 223s 8c:08:bc:cc:78:70:c0:84:75:6a:39:8b:10:0d:2e:cc:01:f0: 223s f1:7f:e3:2d:95:59:54:24:d0:00:a5:76:1d:15:38:bb:7f:43: 223s cc:57:22:2d:6d:d4:6f:1a:82:57:1a:28:16:19:48:fa:38:f9: 223s 21:bf:ca:45:26:36:2e:45:41:87:8c:1d:0e:f8:5f:8c:74:7e: 223s 6e:bd:c1:65:71:ca:66:b1:98:3d:2b:0c:45:29:9a:d5:86:d1: 223s 88:c5:3e:33:05:72:f6:fe:68:db:6e:74:22:0f:8b:94:a4:cf: 223s cb:ab:bd:20:bc:ae:91:5d:ad:aa:fb:42:d3:85:4d:6d:e7:74: 223s dc:6d 223s + local found_md5 expected_md5 223s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 224s + expected_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657.pem 224s + found_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 224s + '[' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD '!=' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD ']' 224s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657-auth.output 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657-auth.output .output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657-auth.pem 224s + echo -n 053350 224s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 224s [p11_child[3314]] [main] (0x0400): p11_child started. 224s [p11_child[3314]] [main] (0x2000): Running in [auth] mode. 224s [p11_child[3314]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3314]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3314]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3314]] [do_card] (0x4000): Module List: 224s [p11_child[3314]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3314]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3314]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3314]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 224s [p11_child[3314]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3314]] [do_card] (0x4000): Login required. 224s [p11_child[3314]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 224s [p11_child[3314]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3314]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3314]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x58a25d42;slot-manufacturer=SoftHSM%20project;slot-id=1487035714;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32c96c3f58a25d42;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 224s [p11_child[3314]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 224s [p11_child[3314]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 224s [p11_child[3314]] [do_card] (0x4000): Certificate verified and validated. 224s [p11_child[3314]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657-auth.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657-auth.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657-auth.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 3 (0x3) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:e2:74:bc:49:b2:a4:57:94:e1:df:59:6f:44:e8: 224s 95:3e:cf:5b:8b:5d:f0:c7:36:0d:ef:3e:56:82:4d: 224s 57:a3:e6:1e:4f:06:13:b3:1c:c8:5f:88:cc:c7:06: 224s ca:68:0c:1c:71:8c:af:78:18:3a:fd:75:8f:d2:62: 224s b2:4b:71:d2:6b:32:f2:bc:90:d1:e7:26:bc:d9:78: 224s 37:ee:7a:5b:37:2b:bb:5c:dd:3f:08:71:94:81:5c: 224s 60:90:4e:82:14:9e:df:c7:f3:c9:f0:69:55:5d:60: 224s c4:24:3b:fd:54:9f:9d:69:4e:30:6e:47:d0:fd:ac: 224s 40:79:7a:85:bb:96:4b:7a:bd 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 5A:08:60:3B:5B:B8:CB:2D:50:68:91:B7:AA:02:44:88:76:30:76:21 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Root CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s 25:AC:A0:D2:B5:C5:44:5D:A0:4C:25:4B:AD:A8:FE:1F:B5:65:93:BF 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 8c:08:bc:cc:78:70:c0:84:75:6a:39:8b:10:0d:2e:cc:01:f0: 224s f1:7f:e3:2d:95:59:54:24:d0:00:a5:76:1d:15:38:bb:7f:43: 224s cc:57:22:2d:6d:d4:6f:1a:82:57:1a:28:16:19:48:fa:38:f9: 224s 21:bf:ca:45:26:36:2e:45:41:87:8c:1d:0e:f8:5f:8c:74:7e: 224s 6e:bd:c1:65:71:ca:66:b1:98:3d:2b:0c:45:29:9a:d5:86:d1: 224s 88:c5:3e:33:05:72:f6:fe:68:db:6e:74:22:0f:8b:94:a4:cf: 224s cb:ab:bd:20:bc:ae:91:5d:ad:aa:fb:42:d3:85:4d:6d:e7:74: 224s dc:6d 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-7657-auth.pem 224s + found_md5=Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD 224s + '[' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD '!=' Modulus=E274BC49B2A45794E1DF596F44E8953ECF5B8B5DF0C7360DEF3E56824D57A3E61E4F0613B31CC85F88CCC706CA680C1C718CAF78183AFD758FD262B24B71D26B32F2BC90D1E726BCD97837EE7A5B372BBB5CDD3F087194815C60904E82149EDFC7F3C9F069555D60C4243BFD549F9D694E306E47D0FDAC40797A85BB964B7ABD ']' 224s + invalid_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s + local verify_option= 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-root-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Root Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 224s + token_name='Test Organization Root Tr Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 224s Test Organization Root Tr Token 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Root Tr Token' 224s + '[' -n '' ']' 224s + local output_base_name=SSSD-child-16133 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-16133.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-16133.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s [p11_child[3324]] [main] (0x0400): p11_child started. 224s [p11_child[3324]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3324]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3324]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3324]] [do_card] (0x4000): Module List: 224s [p11_child[3324]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3324]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3324]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3324]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 224s [p11_child[3324]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3324]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3324]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 224s [p11_child[3324]] [do_verification] (0x0040): X509_verify_cert failed [0]. 224s [p11_child[3324]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 224s [p11_child[3324]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 224s [p11_child[3324]] [do_card] (0x4000): No certificate found. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-16133.output 224s + return 2 224s + invalid_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem partial_chain 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem partial_chain 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s + local verify_option=partial_chain 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-827 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-root-ca-trusted-cert-0001-827 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-root-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-root-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Root Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 224s Test Organization Root Tr Token 224s + token_name='Test Organization Root Tr Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-root-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Root Tr Token' 224s + '[' -n partial_chain ']' 224s + local verify_arg=--verify=partial_chain 224s + local output_base_name=SSSD-child-27540 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-27540.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-27540.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s [p11_child[3331]] [main] (0x0400): p11_child started. 224s [p11_child[3331]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3331]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3331]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3331]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3331]] [do_card] (0x4000): Module List: 224s [p11_child[3331]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3331]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3331]] [do_card] (0x4000): Description [SoftHSM slot ID 0x58a25d42] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3331]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 224s [p11_child[3331]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x58a25d42][1487035714] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3331]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3331]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 224s [p11_child[3331]] [do_verification] (0x0040): X509_verify_cert failed [0]. 224s [p11_child[3331]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 224s [p11_child[3331]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 224s [p11_child[3331]] [do_card] (0x4000): No certificate found. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-27540.output 224s + return 2 224s + invalid_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /dev/null 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /dev/null 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_ring=/dev/null 224s + local verify_option= 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Interme Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 224s + local key_file 224s + local decrypted_key 224s + mkdir -p /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 224s + key_file=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001-key.pem 224s + decrypted_key=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 224s + cat 224s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 224s Slot 0 has a free/uninitialized token. 224s The token has been initialized and is reassigned to slot 9620270 224s + softhsm2-util --show-slots 224s Available slots: 224s Slot 9620270 224s Slot info: 224s Description: SoftHSM slot ID 0x92cb2e 224s Manufacturer ID: SoftHSM project 224s Hardware version: 2.6 224s Firmware version: 2.6 224s Token present: yes 224s Token info: 224s Manufacturer ID: SoftHSM project 224s Model: SoftHSM v2 224s Hardware version: 2.6 224s Firmware version: 2.6 224s Serial number: bd709f4f8092cb2e 224s Initialized: yes 224s User PIN init.: yes 224s Label: Test Organization Interme Token 224s Slot 1 224s Slot info: 224s Description: SoftHSM slot ID 0x1 224s Manufacturer ID: SoftHSM project 224s Hardware version: 2.6 224s Firmware version: 2.6 224s Token present: yes 224s Token info: 224s Manufacturer ID: SoftHSM project 224s Model: SoftHSM v2 224s Hardware version: 2.6 224s Firmware version: 2.6 224s Serial number: 224s Initialized: no 224s User PIN init.: no 224s Label: 224s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 224s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-22943 -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 224s writing RSA key 224s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 224s + rm /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 224s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 224s Object 0: 224s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bd709f4f8092cb2e;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 224s Type: X.509 Certificate (RSA-1024) 224s Expires: Mon Jan 19 11:56:57 2026 224s Label: Test Organization Intermediate Trusted Certificate 0001 224s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 224s 224s + echo 'Test Organization Interme Token' 224s Test Organization Interme Token 224s + '[' -n '' ']' 224s + local output_base_name=SSSD-child-27812 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-27812.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-27812.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 224s [p11_child[3347]] [main] (0x0400): p11_child started. 224s [p11_child[3347]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3347]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3347]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3347]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 224s [p11_child[3347]] [do_work] (0x0040): init_verification failed. 224s [p11_child[3347]] [main] (0x0020): p11_child failed (5) 224s + return 2 224s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /dev/null no_verification 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /dev/null no_verification 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_ring=/dev/null 224s + local verify_option=no_verification 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Interme Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 224s Test Organization Interme Token 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Interme Token' 224s + '[' -n no_verification ']' 224s + local verify_arg=--verify=no_verification 224s + local output_base_name=SSSD-child-19795 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 224s [p11_child[3353]] [main] (0x0400): p11_child started. 224s [p11_child[3353]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3353]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3353]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3353]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 224s [p11_child[3353]] [do_card] (0x4000): Module List: 224s [p11_child[3353]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3353]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3353]] [do_card] (0x4000): Description [SoftHSM slot ID 0x92cb2e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3353]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 224s [p11_child[3353]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x92cb2e][9620270] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3353]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3353]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 224s [p11_child[3353]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3353]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x92cb2e;slot-manufacturer=SoftHSM%20project;slot-id=9620270;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bd709f4f8092cb2e;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3353]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 4 (0x4) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:ae:6f:8e:50:7f:e5:d0:78:28:0d:07:a3:72:41: 224s 63:d1:75:7e:a8:0e:27:4a:2b:a3:b2:c4:3f:21:9a: 224s f8:7c:bd:a3:fb:8a:e5:5c:e5:2e:9f:f2:4e:c1:c6: 224s bf:99:4c:ad:55:32:b1:90:b6:78:47:25:f7:8a:2b: 224s 5d:bb:4f:6d:36:ee:13:ef:4b:7c:23:a5:64:0a:a7: 224s d1:50:80:aa:6a:63:df:ea:c3:6d:5e:29:88:28:07: 224s 63:34:a8:f8:08:e9:4d:ae:d1:d6:48:f4:1b:f3:13: 224s 45:e8:7d:54:d8:24:21:9d:62:e4:48:1b:1f:96:98: 224s 86:c8:98:43:6f:ec:23:71:bd 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 87:BB:9F:04:11:59:F4:77:6B:F8:26:D0:DE:46:91:F6:2D:AD:7E:BD 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s D2:01:62:D7:C8:42:74:E0:D4:95:1E:21:BF:CE:DB:4B:B3:24:51:76 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 29:12:2b:64:98:61:0f:ec:f3:96:dc:23:e8:45:5c:95:3e:fa: 224s 21:d0:f0:3f:4f:dd:f1:6c:07:98:52:1b:24:53:c2:80:e3:36: 224s 28:81:9f:e0:24:7f:e0:20:a8:fe:9c:b5:57:fa:b2:c8:dc:01: 224s a6:ca:57:5b:ef:6b:33:97:fb:f7:a1:a7:b1:c1:d4:08:fb:42: 224s 66:37:b3:62:25:f7:c5:80:6b:1e:a6:8a:1f:6b:7f:5b:3c:21: 224s c6:13:00:d0:1a:77:e0:cb:20:e7:07:7d:14:40:0e:4a:13:d0: 224s 0c:cf:65:97:cc:67:d4:02:82:29:fe:ee:f2:d2:b2:8a:24:68: 224s 90:41 224s + local found_md5 expected_md5 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + expected_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795.pem 224s + found_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s + '[' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD '!=' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD ']' 224s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795-auth.output 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795-auth.output .output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795-auth.pem 224s + echo -n 053350 224s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 224s [p11_child[3361]] [main] (0x0400): p11_child started. 224s [p11_child[3361]] [main] (0x2000): Running in [auth] mode. 224s [p11_child[3361]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3361]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3361]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 224s [p11_child[3361]] [do_card] (0x4000): Module List: 224s [p11_child[3361]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3361]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3361]] [do_card] (0x4000): Description [SoftHSM slot ID 0x92cb2e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3361]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 224s [p11_child[3361]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x92cb2e][9620270] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3361]] [do_card] (0x4000): Login required. 224s [p11_child[3361]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 224s [p11_child[3361]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3361]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x92cb2e;slot-manufacturer=SoftHSM%20project;slot-id=9620270;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bd709f4f8092cb2e;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 224s [p11_child[3361]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 224s [p11_child[3361]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 224s [p11_child[3361]] [do_card] (0x4000): Certificate verified and validated. 224s [p11_child[3361]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795-auth.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795-auth.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795-auth.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 4 (0x4) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:ae:6f:8e:50:7f:e5:d0:78:28:0d:07:a3:72:41: 224s 63:d1:75:7e:a8:0e:27:4a:2b:a3:b2:c4:3f:21:9a: 224s f8:7c:bd:a3:fb:8a:e5:5c:e5:2e:9f:f2:4e:c1:c6: 224s bf:99:4c:ad:55:32:b1:90:b6:78:47:25:f7:8a:2b: 224s 5d:bb:4f:6d:36:ee:13:ef:4b:7c:23:a5:64:0a:a7: 224s d1:50:80:aa:6a:63:df:ea:c3:6d:5e:29:88:28:07: 224s 63:34:a8:f8:08:e9:4d:ae:d1:d6:48:f4:1b:f3:13: 224s 45:e8:7d:54:d8:24:21:9d:62:e4:48:1b:1f:96:98: 224s 86:c8:98:43:6f:ec:23:71:bd 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 87:BB:9F:04:11:59:F4:77:6B:F8:26:D0:DE:46:91:F6:2D:AD:7E:BD 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s D2:01:62:D7:C8:42:74:E0:D4:95:1E:21:BF:CE:DB:4B:B3:24:51:76 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 29:12:2b:64:98:61:0f:ec:f3:96:dc:23:e8:45:5c:95:3e:fa: 224s 21:d0:f0:3f:4f:dd:f1:6c:07:98:52:1b:24:53:c2:80:e3:36: 224s 28:81:9f:e0:24:7f:e0:20:a8:fe:9c:b5:57:fa:b2:c8:dc:01: 224s a6:ca:57:5b:ef:6b:33:97:fb:f7:a1:a7:b1:c1:d4:08:fb:42: 224s 66:37:b3:62:25:f7:c5:80:6b:1e:a6:8a:1f:6b:7f:5b:3c:21: 224s c6:13:00:d0:1a:77:e0:cb:20:e7:07:7d:14:40:0e:4a:13:d0: 224s 0c:cf:65:97:cc:67:d4:02:82:29:fe:ee:f2:d2:b2:8a:24:68: 224s 90:41 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-19795-auth.pem 224s + found_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s + '[' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD '!=' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD ']' 224s + invalid_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s + local verify_option= 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 224s Test Organization Interme Token 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Interme Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Interme Token' 224s + '[' -n '' ']' 224s + local output_base_name=SSSD-child-18139 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18139.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18139.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s [p11_child[3371]] [main] (0x0400): p11_child started. 224s [p11_child[3371]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3371]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3371]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3371]] [do_card] (0x4000): Module List: 224s [p11_child[3371]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3371]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3371]] [do_card] (0x4000): Description [SoftHSM slot ID 0x92cb2e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3371]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 224s [p11_child[3371]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x92cb2e][9620270] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3371]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3371]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 224s [p11_child[3371]] [do_verification] (0x0040): X509_verify_cert failed [0]. 224s [p11_child[3371]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 224s [p11_child[3371]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 224s [p11_child[3371]] [do_card] (0x4000): No certificate found. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18139.output 224s + return 2 224s + invalid_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem partial_chain 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem partial_chain 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s + local verify_option=partial_chain 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 224s Test Organization Interme Token 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Interme Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Interme Token' 224s + '[' -n partial_chain ']' 224s + local verify_arg=--verify=partial_chain 224s + local output_base_name=SSSD-child-31805 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-31805.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-31805.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s [p11_child[3378]] [main] (0x0400): p11_child started. 224s [p11_child[3378]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3378]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3378]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3378]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3378]] [do_card] (0x4000): Module List: 224s [p11_child[3378]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3378]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3378]] [do_card] (0x4000): Description [SoftHSM slot ID 0x92cb2e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3378]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 224s [p11_child[3378]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x92cb2e][9620270] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3378]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3378]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 224s [p11_child[3378]] [do_verification] (0x0040): X509_verify_cert failed [0]. 224s [p11_child[3378]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 224s [p11_child[3378]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 224s [p11_child[3378]] [do_card] (0x4000): No certificate found. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-31805.output 224s + return 2 224s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s + local verify_option= 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 224s Test Organization Interme Token 224s + token_name='Test Organization Interme Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Interme Token' 224s + '[' -n '' ']' 224s + local output_base_name=SSSD-child-18550 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s [p11_child[3385]] [main] (0x0400): p11_child started. 224s [p11_child[3385]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3385]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3385]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3385]] [do_card] (0x4000): Module List: 224s [p11_child[3385]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3385]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3385]] [do_card] (0x4000): Description [SoftHSM slot ID 0x92cb2e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3385]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 224s [p11_child[3385]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x92cb2e][9620270] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3385]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3385]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 224s [p11_child[3385]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3385]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3385]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x92cb2e;slot-manufacturer=SoftHSM%20project;slot-id=9620270;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bd709f4f8092cb2e;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3385]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 4 (0x4) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:ae:6f:8e:50:7f:e5:d0:78:28:0d:07:a3:72:41: 224s 63:d1:75:7e:a8:0e:27:4a:2b:a3:b2:c4:3f:21:9a: 224s f8:7c:bd:a3:fb:8a:e5:5c:e5:2e:9f:f2:4e:c1:c6: 224s bf:99:4c:ad:55:32:b1:90:b6:78:47:25:f7:8a:2b: 224s 5d:bb:4f:6d:36:ee:13:ef:4b:7c:23:a5:64:0a:a7: 224s d1:50:80:aa:6a:63:df:ea:c3:6d:5e:29:88:28:07: 224s 63:34:a8:f8:08:e9:4d:ae:d1:d6:48:f4:1b:f3:13: 224s 45:e8:7d:54:d8:24:21:9d:62:e4:48:1b:1f:96:98: 224s 86:c8:98:43:6f:ec:23:71:bd 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 87:BB:9F:04:11:59:F4:77:6B:F8:26:D0:DE:46:91:F6:2D:AD:7E:BD 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s D2:01:62:D7:C8:42:74:E0:D4:95:1E:21:BF:CE:DB:4B:B3:24:51:76 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 29:12:2b:64:98:61:0f:ec:f3:96:dc:23:e8:45:5c:95:3e:fa: 224s 21:d0:f0:3f:4f:dd:f1:6c:07:98:52:1b:24:53:c2:80:e3:36: 224s 28:81:9f:e0:24:7f:e0:20:a8:fe:9c:b5:57:fa:b2:c8:dc:01: 224s a6:ca:57:5b:ef:6b:33:97:fb:f7:a1:a7:b1:c1:d4:08:fb:42: 224s 66:37:b3:62:25:f7:c5:80:6b:1e:a6:8a:1f:6b:7f:5b:3c:21: 224s c6:13:00:d0:1a:77:e0:cb:20:e7:07:7d:14:40:0e:4a:13:d0: 224s 0c:cf:65:97:cc:67:d4:02:82:29:fe:ee:f2:d2:b2:8a:24:68: 224s 90:41 224s + local found_md5 expected_md5 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + expected_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550.pem 224s + found_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s + '[' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD '!=' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD ']' 224s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550-auth.output 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550-auth.output .output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550-auth.pem 224s + echo -n 053350 224s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 224s [p11_child[3393]] [main] (0x0400): p11_child started. 224s [p11_child[3393]] [main] (0x2000): Running in [auth] mode. 224s [p11_child[3393]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3393]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3393]] [do_card] (0x4000): Module List: 224s [p11_child[3393]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3393]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3393]] [do_card] (0x4000): Description [SoftHSM slot ID 0x92cb2e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3393]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 224s [p11_child[3393]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x92cb2e][9620270] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3393]] [do_card] (0x4000): Login required. 224s [p11_child[3393]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 224s [p11_child[3393]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3393]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3393]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x92cb2e;slot-manufacturer=SoftHSM%20project;slot-id=9620270;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bd709f4f8092cb2e;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 224s [p11_child[3393]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 224s [p11_child[3393]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 224s [p11_child[3393]] [do_card] (0x4000): Certificate verified and validated. 224s [p11_child[3393]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550-auth.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550-auth.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550-auth.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 4 (0x4) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:ae:6f:8e:50:7f:e5:d0:78:28:0d:07:a3:72:41: 224s 63:d1:75:7e:a8:0e:27:4a:2b:a3:b2:c4:3f:21:9a: 224s f8:7c:bd:a3:fb:8a:e5:5c:e5:2e:9f:f2:4e:c1:c6: 224s bf:99:4c:ad:55:32:b1:90:b6:78:47:25:f7:8a:2b: 224s 5d:bb:4f:6d:36:ee:13:ef:4b:7c:23:a5:64:0a:a7: 224s d1:50:80:aa:6a:63:df:ea:c3:6d:5e:29:88:28:07: 224s 63:34:a8:f8:08:e9:4d:ae:d1:d6:48:f4:1b:f3:13: 224s 45:e8:7d:54:d8:24:21:9d:62:e4:48:1b:1f:96:98: 224s 86:c8:98:43:6f:ec:23:71:bd 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 87:BB:9F:04:11:59:F4:77:6B:F8:26:D0:DE:46:91:F6:2D:AD:7E:BD 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s D2:01:62:D7:C8:42:74:E0:D4:95:1E:21:BF:CE:DB:4B:B3:24:51:76 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 29:12:2b:64:98:61:0f:ec:f3:96:dc:23:e8:45:5c:95:3e:fa: 224s 21:d0:f0:3f:4f:dd:f1:6c:07:98:52:1b:24:53:c2:80:e3:36: 224s 28:81:9f:e0:24:7f:e0:20:a8:fe:9c:b5:57:fa:b2:c8:dc:01: 224s a6:ca:57:5b:ef:6b:33:97:fb:f7:a1:a7:b1:c1:d4:08:fb:42: 224s 66:37:b3:62:25:f7:c5:80:6b:1e:a6:8a:1f:6b:7f:5b:3c:21: 224s c6:13:00:d0:1a:77:e0:cb:20:e7:07:7d:14:40:0e:4a:13:d0: 224s 0c:cf:65:97:cc:67:d4:02:82:29:fe:ee:f2:d2:b2:8a:24:68: 224s 90:41 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18550-auth.pem 224s + found_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s + '[' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD '!=' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD ']' 224s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem partial_chain 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem partial_chain 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s + local verify_option=partial_chain 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 224s Test Organization Interme Token 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Interme Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Interme Token' 224s + '[' -n partial_chain ']' 224s + local verify_arg=--verify=partial_chain 224s + local output_base_name=SSSD-child-8479 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s [p11_child[3403]] [main] (0x0400): p11_child started. 224s [p11_child[3403]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3403]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3403]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3403]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3403]] [do_card] (0x4000): Module List: 224s [p11_child[3403]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3403]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3403]] [do_card] (0x4000): Description [SoftHSM slot ID 0x92cb2e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3403]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 224s [p11_child[3403]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x92cb2e][9620270] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3403]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3403]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 224s [p11_child[3403]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3403]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3403]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x92cb2e;slot-manufacturer=SoftHSM%20project;slot-id=9620270;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bd709f4f8092cb2e;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3403]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 4 (0x4) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:ae:6f:8e:50:7f:e5:d0:78:28:0d:07:a3:72:41: 224s 63:d1:75:7e:a8:0e:27:4a:2b:a3:b2:c4:3f:21:9a: 224s f8:7c:bd:a3:fb:8a:e5:5c:e5:2e:9f:f2:4e:c1:c6: 224s bf:99:4c:ad:55:32:b1:90:b6:78:47:25:f7:8a:2b: 224s 5d:bb:4f:6d:36:ee:13:ef:4b:7c:23:a5:64:0a:a7: 224s d1:50:80:aa:6a:63:df:ea:c3:6d:5e:29:88:28:07: 224s 63:34:a8:f8:08:e9:4d:ae:d1:d6:48:f4:1b:f3:13: 224s 45:e8:7d:54:d8:24:21:9d:62:e4:48:1b:1f:96:98: 224s 86:c8:98:43:6f:ec:23:71:bd 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 87:BB:9F:04:11:59:F4:77:6B:F8:26:D0:DE:46:91:F6:2D:AD:7E:BD 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s D2:01:62:D7:C8:42:74:E0:D4:95:1E:21:BF:CE:DB:4B:B3:24:51:76 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 29:12:2b:64:98:61:0f:ec:f3:96:dc:23:e8:45:5c:95:3e:fa: 224s 21:d0:f0:3f:4f:dd:f1:6c:07:98:52:1b:24:53:c2:80:e3:36: 224s 28:81:9f:e0:24:7f:e0:20:a8:fe:9c:b5:57:fa:b2:c8:dc:01: 224s a6:ca:57:5b:ef:6b:33:97:fb:f7:a1:a7:b1:c1:d4:08:fb:42: 224s 66:37:b3:62:25:f7:c5:80:6b:1e:a6:8a:1f:6b:7f:5b:3c:21: 224s c6:13:00:d0:1a:77:e0:cb:20:e7:07:7d:14:40:0e:4a:13:d0: 224s 0c:cf:65:97:cc:67:d4:02:82:29:fe:ee:f2:d2:b2:8a:24:68: 224s 90:41 224s + local found_md5 expected_md5 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + expected_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479.pem 224s + found_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s + '[' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD '!=' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD ']' 224s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479-auth.output 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479-auth.output .output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479-auth.pem 224s + echo -n 053350 224s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 224s [p11_child[3411]] [main] (0x0400): p11_child started. 224s [p11_child[3411]] [main] (0x2000): Running in [auth] mode. 224s [p11_child[3411]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3411]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3411]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3411]] [do_card] (0x4000): Module List: 224s [p11_child[3411]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3411]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3411]] [do_card] (0x4000): Description [SoftHSM slot ID 0x92cb2e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3411]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 224s [p11_child[3411]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x92cb2e][9620270] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3411]] [do_card] (0x4000): Login required. 224s [p11_child[3411]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 224s [p11_child[3411]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3411]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3411]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x92cb2e;slot-manufacturer=SoftHSM%20project;slot-id=9620270;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bd709f4f8092cb2e;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 224s [p11_child[3411]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 224s [p11_child[3411]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 224s [p11_child[3411]] [do_card] (0x4000): Certificate verified and validated. 224s [p11_child[3411]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479-auth.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479-auth.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479-auth.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 4 (0x4) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:ae:6f:8e:50:7f:e5:d0:78:28:0d:07:a3:72:41: 224s 63:d1:75:7e:a8:0e:27:4a:2b:a3:b2:c4:3f:21:9a: 224s f8:7c:bd:a3:fb:8a:e5:5c:e5:2e:9f:f2:4e:c1:c6: 224s bf:99:4c:ad:55:32:b1:90:b6:78:47:25:f7:8a:2b: 224s 5d:bb:4f:6d:36:ee:13:ef:4b:7c:23:a5:64:0a:a7: 224s d1:50:80:aa:6a:63:df:ea:c3:6d:5e:29:88:28:07: 224s 63:34:a8:f8:08:e9:4d:ae:d1:d6:48:f4:1b:f3:13: 224s 45:e8:7d:54:d8:24:21:9d:62:e4:48:1b:1f:96:98: 224s 86:c8:98:43:6f:ec:23:71:bd 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 87:BB:9F:04:11:59:F4:77:6B:F8:26:D0:DE:46:91:F6:2D:AD:7E:BD 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s D2:01:62:D7:C8:42:74:E0:D4:95:1E:21:BF:CE:DB:4B:B3:24:51:76 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 29:12:2b:64:98:61:0f:ec:f3:96:dc:23:e8:45:5c:95:3e:fa: 224s 21:d0:f0:3f:4f:dd:f1:6c:07:98:52:1b:24:53:c2:80:e3:36: 224s 28:81:9f:e0:24:7f:e0:20:a8:fe:9c:b5:57:fa:b2:c8:dc:01: 224s a6:ca:57:5b:ef:6b:33:97:fb:f7:a1:a7:b1:c1:d4:08:fb:42: 224s 66:37:b3:62:25:f7:c5:80:6b:1e:a6:8a:1f:6b:7f:5b:3c:21: 224s c6:13:00:d0:1a:77:e0:cb:20:e7:07:7d:14:40:0e:4a:13:d0: 224s 0c:cf:65:97:cc:67:d4:02:82:29:fe:ee:f2:d2:b2:8a:24:68: 224s 90:41 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8479-auth.pem 224s + found_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s + '[' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD '!=' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD ']' 224s + invalid_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s + local verify_option= 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Interme Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Interme Token' 224s Test Organization Interme Token 224s + '[' -n '' ']' 224s + local output_base_name=SSSD-child-16447 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-16447.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-16447.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s [p11_child[3421]] [main] (0x0400): p11_child started. 224s [p11_child[3421]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3421]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3421]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3421]] [do_card] (0x4000): Module List: 224s [p11_child[3421]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3421]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3421]] [do_card] (0x4000): Description [SoftHSM slot ID 0x92cb2e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3421]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 224s [p11_child[3421]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x92cb2e][9620270] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3421]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3421]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 224s [p11_child[3421]] [do_verification] (0x0040): X509_verify_cert failed [0]. 224s [p11_child[3421]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 224s [p11_child[3421]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 224s [p11_child[3421]] [do_card] (0x4000): No certificate found. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-16447.output 224s + return 2 224s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem partial_chain 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem partial_chain 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s + local verify_option=partial_chain 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22943 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 224s Test Organization Interme Token 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Interme Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Interme Token' 224s + '[' -n partial_chain ']' 224s + local verify_arg=--verify=partial_chain 224s + local output_base_name=SSSD-child-8191 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem 224s [p11_child[3428]] [main] (0x0400): p11_child started. 224s [p11_child[3428]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3428]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3428]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3428]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3428]] [do_card] (0x4000): Module List: 224s [p11_child[3428]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3428]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3428]] [do_card] (0x4000): Description [SoftHSM slot ID 0x92cb2e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3428]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 224s [p11_child[3428]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x92cb2e][9620270] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3428]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3428]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 224s [p11_child[3428]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3428]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3428]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x92cb2e;slot-manufacturer=SoftHSM%20project;slot-id=9620270;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bd709f4f8092cb2e;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3428]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 4 (0x4) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:ae:6f:8e:50:7f:e5:d0:78:28:0d:07:a3:72:41: 224s 63:d1:75:7e:a8:0e:27:4a:2b:a3:b2:c4:3f:21:9a: 224s f8:7c:bd:a3:fb:8a:e5:5c:e5:2e:9f:f2:4e:c1:c6: 224s bf:99:4c:ad:55:32:b1:90:b6:78:47:25:f7:8a:2b: 224s 5d:bb:4f:6d:36:ee:13:ef:4b:7c:23:a5:64:0a:a7: 224s d1:50:80:aa:6a:63:df:ea:c3:6d:5e:29:88:28:07: 224s 63:34:a8:f8:08:e9:4d:ae:d1:d6:48:f4:1b:f3:13: 224s 45:e8:7d:54:d8:24:21:9d:62:e4:48:1b:1f:96:98: 224s 86:c8:98:43:6f:ec:23:71:bd 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 87:BB:9F:04:11:59:F4:77:6B:F8:26:D0:DE:46:91:F6:2D:AD:7E:BD 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s D2:01:62:D7:C8:42:74:E0:D4:95:1E:21:BF:CE:DB:4B:B3:24:51:76 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 29:12:2b:64:98:61:0f:ec:f3:96:dc:23:e8:45:5c:95:3e:fa: 224s 21:d0:f0:3f:4f:dd:f1:6c:07:98:52:1b:24:53:c2:80:e3:36: 224s 28:81:9f:e0:24:7f:e0:20:a8:fe:9c:b5:57:fa:b2:c8:dc:01: 224s a6:ca:57:5b:ef:6b:33:97:fb:f7:a1:a7:b1:c1:d4:08:fb:42: 224s 66:37:b3:62:25:f7:c5:80:6b:1e:a6:8a:1f:6b:7f:5b:3c:21: 224s c6:13:00:d0:1a:77:e0:cb:20:e7:07:7d:14:40:0e:4a:13:d0: 224s 0c:cf:65:97:cc:67:d4:02:82:29:fe:ee:f2:d2:b2:8a:24:68: 224s 90:41 224s + local found_md5 expected_md5 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA-trusted-certificate-0001.pem 224s + expected_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191.pem 224s + found_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s + '[' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD '!=' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD ']' 224s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191-auth.output 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191-auth.output .output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191-auth.pem 224s + echo -n 053350 224s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 224s [p11_child[3436]] [main] (0x0400): p11_child started. 224s [p11_child[3436]] [main] (0x2000): Running in [auth] mode. 224s [p11_child[3436]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3436]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3436]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3436]] [do_card] (0x4000): Module List: 224s [p11_child[3436]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3436]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3436]] [do_card] (0x4000): Description [SoftHSM slot ID 0x92cb2e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3436]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 224s [p11_child[3436]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x92cb2e][9620270] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3436]] [do_card] (0x4000): Login required. 224s [p11_child[3436]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 224s [p11_child[3436]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3436]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3436]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x92cb2e;slot-manufacturer=SoftHSM%20project;slot-id=9620270;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bd709f4f8092cb2e;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 224s [p11_child[3436]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 224s [p11_child[3436]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 224s [p11_child[3436]] [do_card] (0x4000): Certificate verified and validated. 224s [p11_child[3436]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191-auth.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191-auth.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191-auth.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 4 (0x4) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:ae:6f:8e:50:7f:e5:d0:78:28:0d:07:a3:72:41: 224s 63:d1:75:7e:a8:0e:27:4a:2b:a3:b2:c4:3f:21:9a: 224s f8:7c:bd:a3:fb:8a:e5:5c:e5:2e:9f:f2:4e:c1:c6: 224s bf:99:4c:ad:55:32:b1:90:b6:78:47:25:f7:8a:2b: 224s 5d:bb:4f:6d:36:ee:13:ef:4b:7c:23:a5:64:0a:a7: 224s d1:50:80:aa:6a:63:df:ea:c3:6d:5e:29:88:28:07: 224s 63:34:a8:f8:08:e9:4d:ae:d1:d6:48:f4:1b:f3:13: 224s 45:e8:7d:54:d8:24:21:9d:62:e4:48:1b:1f:96:98: 224s 86:c8:98:43:6f:ec:23:71:bd 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 87:BB:9F:04:11:59:F4:77:6B:F8:26:D0:DE:46:91:F6:2D:AD:7E:BD 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s D2:01:62:D7:C8:42:74:E0:D4:95:1E:21:BF:CE:DB:4B:B3:24:51:76 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 29:12:2b:64:98:61:0f:ec:f3:96:dc:23:e8:45:5c:95:3e:fa: 224s 21:d0:f0:3f:4f:dd:f1:6c:07:98:52:1b:24:53:c2:80:e3:36: 224s 28:81:9f:e0:24:7f:e0:20:a8:fe:9c:b5:57:fa:b2:c8:dc:01: 224s a6:ca:57:5b:ef:6b:33:97:fb:f7:a1:a7:b1:c1:d4:08:fb:42: 224s 66:37:b3:62:25:f7:c5:80:6b:1e:a6:8a:1f:6b:7f:5b:3c:21: 224s c6:13:00:d0:1a:77:e0:cb:20:e7:07:7d:14:40:0e:4a:13:d0: 224s 0c:cf:65:97:cc:67:d4:02:82:29:fe:ee:f2:d2:b2:8a:24:68: 224s 90:41 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-8191-auth.pem 224s + found_md5=Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD 224s + '[' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD '!=' Modulus=AE6F8E507FE5D078280D07A3724163D1757EA80E274A2BA3B2C43F219AF87CBDA3FB8AE55CE52E9FF24EC1C6BF994CAD5532B190B6784725F78A2B5DBB4F6D36EE13EF4B7C23A5640AA7D15080AA6A63DFEAC36D5E298828076334A8F808E94DAED1D648F41BF31345E87D54D824219D62E4481B1F969886C898436FEC2371BD ']' 224s + invalid_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s + local verify_option= 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Sub Int Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 224s + local key_file 224s + local decrypted_key 224s + mkdir -p /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 224s + key_file=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 224s + decrypted_key=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 224s + cat 224s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 224s Slot 0 has a free/uninitialized token. 224s The token has been initialized and is reassigned to slot 565875828 224s + softhsm2-util --show-slots 224s Available slots: 224s Slot 565875828 224s Slot info: 224s Description: SoftHSM slot ID 0x21ba9474 224s Manufacturer ID: SoftHSM project 224s Hardware version: 2.6 224s Firmware version: 2.6 224s Token present: yes 224s Token info: 224s Manufacturer ID: SoftHSM project 224s Model: SoftHSM v2 224s Hardware version: 2.6 224s Firmware version: 2.6 224s Serial number: 0fc0fb2e21ba9474 224s Initialized: yes 224s User PIN init.: yes 224s Label: Test Organization Sub Int Token 224s Slot 1 224s Slot info: 224s Description: SoftHSM slot ID 0x1 224s Manufacturer ID: SoftHSM project 224s Hardware version: 2.6 224s Firmware version: 2.6 224s Token present: yes 224s Token info: 224s Manufacturer ID: SoftHSM project 224s Model: SoftHSM v2 224s Hardware version: 2.6 224s Firmware version: 2.6 224s Serial number: 224s Initialized: no 224s User PIN init.: no 224s Label: 224s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 224s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-29294 -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 224s writing RSA key 224s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 224s + rm /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 224s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 224s Object 0: 224s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0fc0fb2e21ba9474;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 224s Type: X.509 Certificate (RSA-1024) 224s Expires: Mon Jan 19 11:56:57 2026 224s Label: Test Organization Sub Intermediate Trusted Certificate 0001 224s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 224s 224s Test Organization Sub Int Token 224s + echo 'Test Organization Sub Int Token' 224s + '[' -n '' ']' 224s + local output_base_name=SSSD-child-9619 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-9619.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-9619.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s [p11_child[3455]] [main] (0x0400): p11_child started. 224s [p11_child[3455]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3455]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3455]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3455]] [do_card] (0x4000): Module List: 224s [p11_child[3455]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3455]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3455]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3455]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 224s [p11_child[3455]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3455]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3455]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 224s [p11_child[3455]] [do_verification] (0x0040): X509_verify_cert failed [0]. 224s [p11_child[3455]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 224s [p11_child[3455]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 224s [p11_child[3455]] [do_card] (0x4000): No certificate found. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-9619.output 224s + return 2 224s + invalid_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem partial_chain 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem partial_chain 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s + local verify_option=partial_chain 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Sub Int Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 224s Test Organization Sub Int Token 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Sub Int Token' 224s + '[' -n partial_chain ']' 224s + local verify_arg=--verify=partial_chain 224s + local output_base_name=SSSD-child-18721 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18721.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-18721.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-root-CA.pem 224s [p11_child[3462]] [main] (0x0400): p11_child started. 224s [p11_child[3462]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3462]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3462]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3462]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3462]] [do_card] (0x4000): Module List: 224s [p11_child[3462]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3462]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3462]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3462]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 224s [p11_child[3462]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3462]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3462]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 224s [p11_child[3462]] [do_verification] (0x0040): X509_verify_cert failed [0]. 224s [p11_child[3462]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 224s [p11_child[3462]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 224s [p11_child[3462]] [do_card] (0x4000): No certificate found. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-18721.output 224s + return 2 224s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s + local verify_option= 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Sub Int Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 224s Test Organization Sub Int Token 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Sub Int Token' 224s + '[' -n '' ']' 224s + local output_base_name=SSSD-child-27736 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s [p11_child[3469]] [main] (0x0400): p11_child started. 224s [p11_child[3469]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3469]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3469]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3469]] [do_card] (0x4000): Module List: 224s [p11_child[3469]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3469]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3469]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3469]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 224s [p11_child[3469]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3469]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3469]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 224s [p11_child[3469]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3469]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3469]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x21ba9474;slot-manufacturer=SoftHSM%20project;slot-id=565875828;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0fc0fb2e21ba9474;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3469]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 5 (0x5) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:9b:75:2c:7f:7c:2d:ba:f4:d2:aa:90:78:70:ed: 224s 82:36:62:c9:25:28:ca:0b:a1:82:d9:6e:9e:1f:92: 224s 8e:c1:47:bc:25:5f:7a:38:b2:f1:05:76:9b:87:b5: 224s 5d:c9:62:ec:79:ca:db:8b:26:fd:90:87:a3:1c:f2: 224s c6:28:78:42:32:9a:c7:73:25:25:54:f3:07:2f:dc: 224s 73:98:91:a7:50:a2:52:b5:88:22:69:25:b1:a7:13: 224s 91:8d:67:fd:01:db:93:9d:80:72:a1:ca:b3:a4:c0: 224s 67:b1:bb:32:47:42:a7:1e:d8:01:c0:96:ba:9d:e7: 224s 2e:1f:d1:6f:ba:90:fd:9b:c5 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 99:83:7A:2A:E5:A6:5E:71:AB:EC:EC:15:96:A0:28:36:55:04:98:9A 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Sub Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s 48:29:1A:4A:6B:F6:5C:9B:43:14:D3:FB:06:77:53:24:69:DA:CB:67 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 7e:89:c4:02:59:ba:bc:aa:d6:73:3d:9b:82:1d:32:70:11:84: 224s 3a:b9:37:1f:59:43:0c:00:c9:a0:c7:66:07:5e:73:61:9d:9a: 224s 22:c4:b6:89:7c:78:7e:4c:23:fe:ee:22:f3:2b:a7:83:0b:c5: 224s 90:47:21:96:13:61:f5:d2:23:51:a9:ad:79:c9:a1:a2:93:2f: 224s 79:47:55:7a:cb:56:bd:1d:d4:e8:1f:0e:10:ec:76:8d:e1:dc: 224s 7a:85:10:30:ca:26:d0:ec:b8:83:3a:fd:59:37:bc:e2:8d:90: 224s 56:51:9b:23:57:3c:9a:98:38:a6:3a:39:f9:38:f7:58:b2:e1: 224s 0f:c6 224s + local found_md5 expected_md5 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + expected_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736.pem 224s + found_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 224s + '[' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 '!=' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 ']' 224s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736-auth.output 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736-auth.output .output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736-auth.pem 224s + echo -n 053350 224s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 224s [p11_child[3477]] [main] (0x0400): p11_child started. 224s [p11_child[3477]] [main] (0x2000): Running in [auth] mode. 224s [p11_child[3477]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3477]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3477]] [do_card] (0x4000): Module List: 224s [p11_child[3477]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3477]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3477]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3477]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 224s [p11_child[3477]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3477]] [do_card] (0x4000): Login required. 224s [p11_child[3477]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 224s [p11_child[3477]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3477]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3477]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x21ba9474;slot-manufacturer=SoftHSM%20project;slot-id=565875828;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0fc0fb2e21ba9474;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 224s [p11_child[3477]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 224s [p11_child[3477]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 224s [p11_child[3477]] [do_card] (0x4000): Certificate verified and validated. 224s [p11_child[3477]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736-auth.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736-auth.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736-auth.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 5 (0x5) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:9b:75:2c:7f:7c:2d:ba:f4:d2:aa:90:78:70:ed: 224s 82:36:62:c9:25:28:ca:0b:a1:82:d9:6e:9e:1f:92: 224s 8e:c1:47:bc:25:5f:7a:38:b2:f1:05:76:9b:87:b5: 224s 5d:c9:62:ec:79:ca:db:8b:26:fd:90:87:a3:1c:f2: 224s c6:28:78:42:32:9a:c7:73:25:25:54:f3:07:2f:dc: 224s 73:98:91:a7:50:a2:52:b5:88:22:69:25:b1:a7:13: 224s 91:8d:67:fd:01:db:93:9d:80:72:a1:ca:b3:a4:c0: 224s 67:b1:bb:32:47:42:a7:1e:d8:01:c0:96:ba:9d:e7: 224s 2e:1f:d1:6f:ba:90:fd:9b:c5 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 99:83:7A:2A:E5:A6:5E:71:AB:EC:EC:15:96:A0:28:36:55:04:98:9A 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Sub Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s 48:29:1A:4A:6B:F6:5C:9B:43:14:D3:FB:06:77:53:24:69:DA:CB:67 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 7e:89:c4:02:59:ba:bc:aa:d6:73:3d:9b:82:1d:32:70:11:84: 224s 3a:b9:37:1f:59:43:0c:00:c9:a0:c7:66:07:5e:73:61:9d:9a: 224s 22:c4:b6:89:7c:78:7e:4c:23:fe:ee:22:f3:2b:a7:83:0b:c5: 224s 90:47:21:96:13:61:f5:d2:23:51:a9:ad:79:c9:a1:a2:93:2f: 224s 79:47:55:7a:cb:56:bd:1d:d4:e8:1f:0e:10:ec:76:8d:e1:dc: 224s 7a:85:10:30:ca:26:d0:ec:b8:83:3a:fd:59:37:bc:e2:8d:90: 224s 56:51:9b:23:57:3c:9a:98:38:a6:3a:39:f9:38:f7:58:b2:e1: 224s 0f:c6 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-27736-auth.pem 224s + found_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 224s + '[' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 '!=' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 ']' 224s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem partial_chain 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem partial_chain 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s + local verify_option=partial_chain 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Sub Int Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Sub Int Token' 224s + '[' -n partial_chain ']' 224s + local verify_arg=--verify=partial_chain 224s + local output_base_name=SSSD-child-29388 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem 224s Test Organization Sub Int Token 224s [p11_child[3487]] [main] (0x0400): p11_child started. 224s [p11_child[3487]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3487]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3487]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3487]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3487]] [do_card] (0x4000): Module List: 224s [p11_child[3487]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3487]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3487]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3487]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 224s [p11_child[3487]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3487]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3487]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 224s [p11_child[3487]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3487]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3487]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x21ba9474;slot-manufacturer=SoftHSM%20project;slot-id=565875828;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0fc0fb2e21ba9474;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3487]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 5 (0x5) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:9b:75:2c:7f:7c:2d:ba:f4:d2:aa:90:78:70:ed: 224s 82:36:62:c9:25:28:ca:0b:a1:82:d9:6e:9e:1f:92: 224s 8e:c1:47:bc:25:5f:7a:38:b2:f1:05:76:9b:87:b5: 224s 5d:c9:62:ec:79:ca:db:8b:26:fd:90:87:a3:1c:f2: 224s c6:28:78:42:32:9a:c7:73:25:25:54:f3:07:2f:dc: 224s 73:98:91:a7:50:a2:52:b5:88:22:69:25:b1:a7:13: 224s 91:8d:67:fd:01:db:93:9d:80:72:a1:ca:b3:a4:c0: 224s 67:b1:bb:32:47:42:a7:1e:d8:01:c0:96:ba:9d:e7: 224s 2e:1f:d1:6f:ba:90:fd:9b:c5 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 99:83:7A:2A:E5:A6:5E:71:AB:EC:EC:15:96:A0:28:36:55:04:98:9A 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Sub Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s 48:29:1A:4A:6B:F6:5C:9B:43:14:D3:FB:06:77:53:24:69:DA:CB:67 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 7e:89:c4:02:59:ba:bc:aa:d6:73:3d:9b:82:1d:32:70:11:84: 224s 3a:b9:37:1f:59:43:0c:00:c9:a0:c7:66:07:5e:73:61:9d:9a: 224s 22:c4:b6:89:7c:78:7e:4c:23:fe:ee:22:f3:2b:a7:83:0b:c5: 224s 90:47:21:96:13:61:f5:d2:23:51:a9:ad:79:c9:a1:a2:93:2f: 224s 79:47:55:7a:cb:56:bd:1d:d4:e8:1f:0e:10:ec:76:8d:e1:dc: 224s 7a:85:10:30:ca:26:d0:ec:b8:83:3a:fd:59:37:bc:e2:8d:90: 224s 56:51:9b:23:57:3c:9a:98:38:a6:3a:39:f9:38:f7:58:b2:e1: 224s 0f:c6 224s + local found_md5 expected_md5 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + expected_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388.pem 224s + found_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 224s + '[' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 '!=' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 ']' 224s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388-auth.output 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388-auth.output .output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388-auth.pem 224s + echo -n 053350 224s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 224s [p11_child[3495]] [main] (0x0400): p11_child started. 224s [p11_child[3495]] [main] (0x2000): Running in [auth] mode. 224s [p11_child[3495]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3495]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3495]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3495]] [do_card] (0x4000): Module List: 224s [p11_child[3495]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3495]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3495]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3495]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 224s [p11_child[3495]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3495]] [do_card] (0x4000): Login required. 224s [p11_child[3495]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 224s [p11_child[3495]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3495]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3495]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x21ba9474;slot-manufacturer=SoftHSM%20project;slot-id=565875828;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0fc0fb2e21ba9474;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 224s [p11_child[3495]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 224s [p11_child[3495]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 224s [p11_child[3495]] [do_card] (0x4000): Certificate verified and validated. 224s [p11_child[3495]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388-auth.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388-auth.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388-auth.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 5 (0x5) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:9b:75:2c:7f:7c:2d:ba:f4:d2:aa:90:78:70:ed: 224s 82:36:62:c9:25:28:ca:0b:a1:82:d9:6e:9e:1f:92: 224s 8e:c1:47:bc:25:5f:7a:38:b2:f1:05:76:9b:87:b5: 224s 5d:c9:62:ec:79:ca:db:8b:26:fd:90:87:a3:1c:f2: 224s c6:28:78:42:32:9a:c7:73:25:25:54:f3:07:2f:dc: 224s 73:98:91:a7:50:a2:52:b5:88:22:69:25:b1:a7:13: 224s 91:8d:67:fd:01:db:93:9d:80:72:a1:ca:b3:a4:c0: 224s 67:b1:bb:32:47:42:a7:1e:d8:01:c0:96:ba:9d:e7: 224s 2e:1f:d1:6f:ba:90:fd:9b:c5 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 99:83:7A:2A:E5:A6:5E:71:AB:EC:EC:15:96:A0:28:36:55:04:98:9A 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Sub Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s 48:29:1A:4A:6B:F6:5C:9B:43:14:D3:FB:06:77:53:24:69:DA:CB:67 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 7e:89:c4:02:59:ba:bc:aa:d6:73:3d:9b:82:1d:32:70:11:84: 224s 3a:b9:37:1f:59:43:0c:00:c9:a0:c7:66:07:5e:73:61:9d:9a: 224s 22:c4:b6:89:7c:78:7e:4c:23:fe:ee:22:f3:2b:a7:83:0b:c5: 224s 90:47:21:96:13:61:f5:d2:23:51:a9:ad:79:c9:a1:a2:93:2f: 224s 79:47:55:7a:cb:56:bd:1d:d4:e8:1f:0e:10:ec:76:8d:e1:dc: 224s 7a:85:10:30:ca:26:d0:ec:b8:83:3a:fd:59:37:bc:e2:8d:90: 224s 56:51:9b:23:57:3c:9a:98:38:a6:3a:39:f9:38:f7:58:b2:e1: 224s 0f:c6 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-29388-auth.pem 224s + found_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 224s + '[' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 '!=' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 ']' 224s + invalid_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 224s + local verify_option= 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 224s Test Organization Sub Int Token 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Sub Int Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Sub Int Token' 224s + '[' -n '' ']' 224s + local output_base_name=SSSD-child-14357 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-14357.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-14357.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 224s [p11_child[3505]] [main] (0x0400): p11_child started. 224s [p11_child[3505]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3505]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3505]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3505]] [do_card] (0x4000): Module List: 224s [p11_child[3505]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3505]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3505]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3505]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 224s [p11_child[3505]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3505]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3505]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 224s [p11_child[3505]] [do_verification] (0x0040): X509_verify_cert failed [0]. 224s [p11_child[3505]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 224s [p11_child[3505]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 224s [p11_child[3505]] [do_card] (0x4000): No certificate found. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-14357.output 224s + return 2 224s + invalid_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-root-intermediate-chain-CA.pem partial_chain 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-root-intermediate-chain-CA.pem partial_chain 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-root-intermediate-chain-CA.pem 224s + local verify_option=partial_chain 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Sub Int Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Sub Int Token' 224s Test Organization Sub Int Token 224s + '[' -n partial_chain ']' 224s + local verify_arg=--verify=partial_chain 224s + local output_base_name=SSSD-child-21417 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-21417.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-21417.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-root-intermediate-chain-CA.pem 224s [p11_child[3512]] [main] (0x0400): p11_child started. 224s [p11_child[3512]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3512]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3512]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3512]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3512]] [do_card] (0x4000): Module List: 224s [p11_child[3512]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3512]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3512]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3512]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 224s [p11_child[3512]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3512]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3512]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 224s [p11_child[3512]] [do_verification] (0x0040): X509_verify_cert failed [0]. 224s [p11_child[3512]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 224s [p11_child[3512]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 224s [p11_child[3512]] [do_card] (0x4000): No certificate found. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-21417.output 224s + return 2 224s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem partial_chain 224s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem partial_chain 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 224s + local verify_option=partial_chain 224s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 224s + local key_cn 224s + local key_name 224s + local tokens_dir 224s + local output_cert_file 224s + token_name= 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 224s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 224s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 224s ++ sed -n 's/ *commonName *= //p' 224s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 224s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 224s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 224s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 224s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 224s + token_name='Test Organization Sub Int Token' 224s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 224s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 224s + echo 'Test Organization Sub Int Token' 224s + '[' -n partial_chain ']' 224s + local verify_arg=--verify=partial_chain 224s + local output_base_name=SSSD-child-31754 224s Test Organization Sub Int Token 224s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754.output 224s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754.pem 224s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem 224s [p11_child[3519]] [main] (0x0400): p11_child started. 224s [p11_child[3519]] [main] (0x2000): Running in [pre-auth] mode. 224s [p11_child[3519]] [main] (0x2000): Running with effective IDs: [0][0]. 224s [p11_child[3519]] [main] (0x2000): Running with real IDs [0][0]. 224s [p11_child[3519]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 224s [p11_child[3519]] [do_card] (0x4000): Module List: 224s [p11_child[3519]] [do_card] (0x4000): common name: [softhsm2]. 224s [p11_child[3519]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3519]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 224s [p11_child[3519]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 224s [p11_child[3519]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 224s [p11_child[3519]] [do_card] (0x4000): Login NOT required. 224s [p11_child[3519]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 224s [p11_child[3519]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 224s [p11_child[3519]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 224s [p11_child[3519]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x21ba9474;slot-manufacturer=SoftHSM%20project;slot-id=565875828;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0fc0fb2e21ba9474;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 224s [p11_child[3519]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 224s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754.output 224s + echo '-----BEGIN CERTIFICATE-----' 224s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754.output 224s + echo '-----END CERTIFICATE-----' 224s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754.pem 224s Certificate: 224s Data: 224s Version: 3 (0x2) 224s Serial Number: 5 (0x5) 224s Signature Algorithm: sha256WithRSAEncryption 224s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 224s Validity 224s Not Before: Jan 19 11:56:57 2025 GMT 224s Not After : Jan 19 11:56:57 2026 GMT 224s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 224s Subject Public Key Info: 224s Public Key Algorithm: rsaEncryption 224s Public-Key: (1024 bit) 224s Modulus: 224s 00:9b:75:2c:7f:7c:2d:ba:f4:d2:aa:90:78:70:ed: 224s 82:36:62:c9:25:28:ca:0b:a1:82:d9:6e:9e:1f:92: 224s 8e:c1:47:bc:25:5f:7a:38:b2:f1:05:76:9b:87:b5: 224s 5d:c9:62:ec:79:ca:db:8b:26:fd:90:87:a3:1c:f2: 224s c6:28:78:42:32:9a:c7:73:25:25:54:f3:07:2f:dc: 224s 73:98:91:a7:50:a2:52:b5:88:22:69:25:b1:a7:13: 224s 91:8d:67:fd:01:db:93:9d:80:72:a1:ca:b3:a4:c0: 224s 67:b1:bb:32:47:42:a7:1e:d8:01:c0:96:ba:9d:e7: 224s 2e:1f:d1:6f:ba:90:fd:9b:c5 224s Exponent: 65537 (0x10001) 224s X509v3 extensions: 224s X509v3 Authority Key Identifier: 224s 99:83:7A:2A:E5:A6:5E:71:AB:EC:EC:15:96:A0:28:36:55:04:98:9A 224s X509v3 Basic Constraints: 224s CA:FALSE 224s Netscape Cert Type: 224s SSL Client, S/MIME 224s Netscape Comment: 224s Test Organization Sub Intermediate CA trusted Certificate 224s X509v3 Subject Key Identifier: 224s 48:29:1A:4A:6B:F6:5C:9B:43:14:D3:FB:06:77:53:24:69:DA:CB:67 224s X509v3 Key Usage: critical 224s Digital Signature, Non Repudiation, Key Encipherment 224s X509v3 Extended Key Usage: 224s TLS Web Client Authentication, E-mail Protection 224s X509v3 Subject Alternative Name: 224s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 224s Signature Algorithm: sha256WithRSAEncryption 224s Signature Value: 224s 7e:89:c4:02:59:ba:bc:aa:d6:73:3d:9b:82:1d:32:70:11:84: 224s 3a:b9:37:1f:59:43:0c:00:c9:a0:c7:66:07:5e:73:61:9d:9a: 224s 22:c4:b6:89:7c:78:7e:4c:23:fe:ee:22:f3:2b:a7:83:0b:c5: 224s 90:47:21:96:13:61:f5:d2:23:51:a9:ad:79:c9:a1:a2:93:2f: 224s 79:47:55:7a:cb:56:bd:1d:d4:e8:1f:0e:10:ec:76:8d:e1:dc: 224s 7a:85:10:30:ca:26:d0:ec:b8:83:3a:fd:59:37:bc:e2:8d:90: 224s 56:51:9b:23:57:3c:9a:98:38:a6:3a:39:f9:38:f7:58:b2:e1: 224s 0f:c6 224s + local found_md5 expected_md5 224s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 225s + expected_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 225s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754.pem 225s + found_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 225s + '[' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 '!=' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 ']' 225s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754-auth.output 225s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754-auth.output .output 225s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754-auth.pem 225s + echo -n 053350 225s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 225s [p11_child[3527]] [main] (0x0400): p11_child started. 225s [p11_child[3527]] [main] (0x2000): Running in [auth] mode. 225s [p11_child[3527]] [main] (0x2000): Running with effective IDs: [0][0]. 225s [p11_child[3527]] [main] (0x2000): Running with real IDs [0][0]. 225s [p11_child[3527]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 225s [p11_child[3527]] [do_card] (0x4000): Module List: 225s [p11_child[3527]] [do_card] (0x4000): common name: [softhsm2]. 225s [p11_child[3527]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 225s [p11_child[3527]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 225s [p11_child[3527]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 225s [p11_child[3527]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 225s [p11_child[3527]] [do_card] (0x4000): Login required. 225s [p11_child[3527]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 225s [p11_child[3527]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 225s [p11_child[3527]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 225s [p11_child[3527]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x21ba9474;slot-manufacturer=SoftHSM%20project;slot-id=565875828;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0fc0fb2e21ba9474;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 225s [p11_child[3527]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 225s [p11_child[3527]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 225s [p11_child[3527]] [do_card] (0x4000): Certificate verified and validated. 225s [p11_child[3527]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 225s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754-auth.output 225s + echo '-----BEGIN CERTIFICATE-----' 225s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754-auth.output 225s + echo '-----END CERTIFICATE-----' 225s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754-auth.pem 225s Certificate: 225s Data: 225s Version: 3 (0x2) 225s Serial Number: 5 (0x5) 225s Signature Algorithm: sha256WithRSAEncryption 225s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 225s Validity 225s Not Before: Jan 19 11:56:57 2025 GMT 225s Not After : Jan 19 11:56:57 2026 GMT 225s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 225s Subject Public Key Info: 225s Public Key Algorithm: rsaEncryption 225s Public-Key: (1024 bit) 225s Modulus: 225s 00:9b:75:2c:7f:7c:2d:ba:f4:d2:aa:90:78:70:ed: 225s 82:36:62:c9:25:28:ca:0b:a1:82:d9:6e:9e:1f:92: 225s 8e:c1:47:bc:25:5f:7a:38:b2:f1:05:76:9b:87:b5: 225s 5d:c9:62:ec:79:ca:db:8b:26:fd:90:87:a3:1c:f2: 225s c6:28:78:42:32:9a:c7:73:25:25:54:f3:07:2f:dc: 225s 73:98:91:a7:50:a2:52:b5:88:22:69:25:b1:a7:13: 225s 91:8d:67:fd:01:db:93:9d:80:72:a1:ca:b3:a4:c0: 225s 67:b1:bb:32:47:42:a7:1e:d8:01:c0:96:ba:9d:e7: 225s 2e:1f:d1:6f:ba:90:fd:9b:c5 225s Exponent: 65537 (0x10001) 225s X509v3 extensions: 225s X509v3 Authority Key Identifier: 225s 99:83:7A:2A:E5:A6:5E:71:AB:EC:EC:15:96:A0:28:36:55:04:98:9A 225s X509v3 Basic Constraints: 225s CA:FALSE 225s Netscape Cert Type: 225s SSL Client, S/MIME 225s Netscape Comment: 225s Test Organization Sub Intermediate CA trusted Certificate 225s X509v3 Subject Key Identifier: 225s 48:29:1A:4A:6B:F6:5C:9B:43:14:D3:FB:06:77:53:24:69:DA:CB:67 225s X509v3 Key Usage: critical 225s Digital Signature, Non Repudiation, Key Encipherment 225s X509v3 Extended Key Usage: 225s TLS Web Client Authentication, E-mail Protection 225s X509v3 Subject Alternative Name: 225s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 225s Signature Algorithm: sha256WithRSAEncryption 225s Signature Value: 225s 7e:89:c4:02:59:ba:bc:aa:d6:73:3d:9b:82:1d:32:70:11:84: 225s 3a:b9:37:1f:59:43:0c:00:c9:a0:c7:66:07:5e:73:61:9d:9a: 225s 22:c4:b6:89:7c:78:7e:4c:23:fe:ee:22:f3:2b:a7:83:0b:c5: 225s 90:47:21:96:13:61:f5:d2:23:51:a9:ad:79:c9:a1:a2:93:2f: 225s 79:47:55:7a:cb:56:bd:1d:d4:e8:1f:0e:10:ec:76:8d:e1:dc: 225s 7a:85:10:30:ca:26:d0:ec:b8:83:3a:fd:59:37:bc:e2:8d:90: 225s 56:51:9b:23:57:3c:9a:98:38:a6:3a:39:f9:38:f7:58:b2:e1: 225s 0f:c6 225s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-31754-auth.pem 225s + found_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 225s + '[' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 '!=' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 ']' 225s + valid_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-intermediate-sub-chain-CA.pem partial_chain 225s + check_certificate /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 /tmp/sssd-softhsm2-XHwNZk/test-intermediate-sub-chain-CA.pem partial_chain 225s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 225s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 225s + local key_ring=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-sub-chain-CA.pem 225s + local verify_option=partial_chain 225s + prepare_softhsm2_card /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29294 225s + local certificate=/tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 225s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29294 225s + local key_cn 225s + local key_name 225s + local tokens_dir 225s + local output_cert_file 225s + token_name= 225s ++ basename /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 225s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 225s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 225s ++ sed -n 's/ *commonName *= //p' 225s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 225s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 225s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 225s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 225s ++ basename /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 225s + tokens_dir=/tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 225s + token_name='Test Organization Sub Int Token' 225s + '[' '!' -e /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 225s + '[' '!' -d /tmp/sssd-softhsm2-XHwNZk/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 225s Test Organization Sub Int Token 225s + echo 'Test Organization Sub Int Token' 225s + '[' -n partial_chain ']' 225s + local verify_arg=--verify=partial_chain 225s + local output_base_name=SSSD-child-20422 225s + local output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422.output 225s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422.pem 225s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-sub-chain-CA.pem 225s [p11_child[3537]] [main] (0x0400): p11_child started. 225s [p11_child[3537]] [main] (0x2000): Running in [pre-auth] mode. 225s [p11_child[3537]] [main] (0x2000): Running with effective IDs: [0][0]. 225s [p11_child[3537]] [main] (0x2000): Running with real IDs [0][0]. 225s [p11_child[3537]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 225s [p11_child[3537]] [do_card] (0x4000): Module List: 225s [p11_child[3537]] [do_card] (0x4000): common name: [softhsm2]. 225s [p11_child[3537]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 225s [p11_child[3537]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 225s [p11_child[3537]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 225s [p11_child[3537]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 225s [p11_child[3537]] [do_card] (0x4000): Login NOT required. 225s [p11_child[3537]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 225s [p11_child[3537]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 225s [p11_child[3537]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 225s [p11_child[3537]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x21ba9474;slot-manufacturer=SoftHSM%20project;slot-id=565875828;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0fc0fb2e21ba9474;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 225s [p11_child[3537]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 225s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422.output 225s + echo '-----BEGIN CERTIFICATE-----' 225s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422.output 225s + echo '-----END CERTIFICATE-----' 225s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422.pem 225s Certificate: 225s Data: 225s Version: 3 (0x2) 225s Serial Number: 5 (0x5) 225s Signature Algorithm: sha256WithRSAEncryption 225s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 225s Validity 225s Not Before: Jan 19 11:56:57 2025 GMT 225s Not After : Jan 19 11:56:57 2026 GMT 225s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 225s Subject Public Key Info: 225s Public Key Algorithm: rsaEncryption 225s Public-Key: (1024 bit) 225s Modulus: 225s 00:9b:75:2c:7f:7c:2d:ba:f4:d2:aa:90:78:70:ed: 225s 82:36:62:c9:25:28:ca:0b:a1:82:d9:6e:9e:1f:92: 225s 8e:c1:47:bc:25:5f:7a:38:b2:f1:05:76:9b:87:b5: 225s 5d:c9:62:ec:79:ca:db:8b:26:fd:90:87:a3:1c:f2: 225s c6:28:78:42:32:9a:c7:73:25:25:54:f3:07:2f:dc: 225s 73:98:91:a7:50:a2:52:b5:88:22:69:25:b1:a7:13: 225s 91:8d:67:fd:01:db:93:9d:80:72:a1:ca:b3:a4:c0: 225s 67:b1:bb:32:47:42:a7:1e:d8:01:c0:96:ba:9d:e7: 225s 2e:1f:d1:6f:ba:90:fd:9b:c5 225s Exponent: 65537 (0x10001) 225s X509v3 extensions: 225s X509v3 Authority Key Identifier: 225s 99:83:7A:2A:E5:A6:5E:71:AB:EC:EC:15:96:A0:28:36:55:04:98:9A 225s X509v3 Basic Constraints: 225s CA:FALSE 225s Netscape Cert Type: 225s SSL Client, S/MIME 225s Netscape Comment: 225s Test Organization Sub Intermediate CA trusted Certificate 225s X509v3 Subject Key Identifier: 225s 48:29:1A:4A:6B:F6:5C:9B:43:14:D3:FB:06:77:53:24:69:DA:CB:67 225s X509v3 Key Usage: critical 225s Digital Signature, Non Repudiation, Key Encipherment 225s X509v3 Extended Key Usage: 225s TLS Web Client Authentication, E-mail Protection 225s X509v3 Subject Alternative Name: 225s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 225s Signature Algorithm: sha256WithRSAEncryption 225s Signature Value: 225s 7e:89:c4:02:59:ba:bc:aa:d6:73:3d:9b:82:1d:32:70:11:84: 225s 3a:b9:37:1f:59:43:0c:00:c9:a0:c7:66:07:5e:73:61:9d:9a: 225s 22:c4:b6:89:7c:78:7e:4c:23:fe:ee:22:f3:2b:a7:83:0b:c5: 225s 90:47:21:96:13:61:f5:d2:23:51:a9:ad:79:c9:a1:a2:93:2f: 225s 79:47:55:7a:cb:56:bd:1d:d4:e8:1f:0e:10:ec:76:8d:e1:dc: 225s 7a:85:10:30:ca:26:d0:ec:b8:83:3a:fd:59:37:bc:e2:8d:90: 225s 56:51:9b:23:57:3c:9a:98:38:a6:3a:39:f9:38:f7:58:b2:e1: 225s 0f:c6 225s + local found_md5 expected_md5 225s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/test-sub-intermediate-CA-trusted-certificate-0001.pem 225s + expected_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 225s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422.pem 225s + found_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 225s + '[' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 '!=' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 ']' 225s + output_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422-auth.output 225s ++ basename /tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422-auth.output .output 225s + output_cert_file=/tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422-auth.pem 225s + echo -n 053350 225s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-XHwNZk/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 225s [p11_child[3545]] [main] (0x0400): p11_child started. 225s [p11_child[3545]] [main] (0x2000): Running in [auth] mode. 225s [p11_child[3545]] [main] (0x2000): Running with effective IDs: [0][0]. 225s [p11_child[3545]] [main] (0x2000): Running with real IDs [0][0]. 225s [p11_child[3545]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 225s [p11_child[3545]] [do_card] (0x4000): Module List: 225s [p11_child[3545]] [do_card] (0x4000): common name: [softhsm2]. 225s [p11_child[3545]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 225s [p11_child[3545]] [do_card] (0x4000): Description [SoftHSM slot ID 0x21ba9474] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 225s [p11_child[3545]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 225s [p11_child[3545]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x21ba9474][565875828] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 225s [p11_child[3545]] [do_card] (0x4000): Login required. 225s [p11_child[3545]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 225s [p11_child[3545]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 225s [p11_child[3545]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 225s [p11_child[3545]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x21ba9474;slot-manufacturer=SoftHSM%20project;slot-id=565875828;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0fc0fb2e21ba9474;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 225s [p11_child[3545]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 225s [p11_child[3545]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 225s [p11_child[3545]] [do_card] (0x4000): Certificate verified and validated. 225s [p11_child[3545]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 225s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422-auth.output 225s + echo '-----BEGIN CERTIFICATE-----' 225s + tail -n1 /tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422-auth.output 225s + echo '-----END CERTIFICATE-----' 225s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422-auth.pem 225s Certificate: 225s Data: 225s Version: 3 (0x2) 225s Serial Number: 5 (0x5) 225s Signature Algorithm: sha256WithRSAEncryption 225s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 225s Validity 225s Not Before: Jan 19 11:56:57 2025 GMT 225s Not After : Jan 19 11:56:57 2026 GMT 225s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 225s Subject Public Key Info: 225s Public Key Algorithm: rsaEncryption 225s Public-Key: (1024 bit) 225s Modulus: 225s 00:9b:75:2c:7f:7c:2d:ba:f4:d2:aa:90:78:70:ed: 225s 82:36:62:c9:25:28:ca:0b:a1:82:d9:6e:9e:1f:92: 225s 8e:c1:47:bc:25:5f:7a:38:b2:f1:05:76:9b:87:b5: 225s 5d:c9:62:ec:79:ca:db:8b:26:fd:90:87:a3:1c:f2: 225s c6:28:78:42:32:9a:c7:73:25:25:54:f3:07:2f:dc: 225s 73:98:91:a7:50:a2:52:b5:88:22:69:25:b1:a7:13: 225s 91:8d:67:fd:01:db:93:9d:80:72:a1:ca:b3:a4:c0: 225s 67:b1:bb:32:47:42:a7:1e:d8:01:c0:96:ba:9d:e7: 225s 2e:1f:d1:6f:ba:90:fd:9b:c5 225s Exponent: 65537 (0x10001) 225s X509v3 extensions: 225s X509v3 Authority Key Identifier: 225s 99:83:7A:2A:E5:A6:5E:71:AB:EC:EC:15:96:A0:28:36:55:04:98:9A 225s X509v3 Basic Constraints: 225s CA:FALSE 225s Netscape Cert Type: 225s SSL Client, S/MIME 225s Netscape Comment: 225s Test Organization Sub Intermediate CA trusted Certificate 225s X509v3 Subject Key Identifier: 225s 48:29:1A:4A:6B:F6:5C:9B:43:14:D3:FB:06:77:53:24:69:DA:CB:67 225s X509v3 Key Usage: critical 225s Digital Signature, Non Repudiation, Key Encipherment 225s X509v3 Extended Key Usage: 225s TLS Web Client Authentication, E-mail Protection 225s X509v3 Subject Alternative Name: 225s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 225s Signature Algorithm: sha256WithRSAEncryption 225s Signature Value: 225s 7e:89:c4:02:59:ba:bc:aa:d6:73:3d:9b:82:1d:32:70:11:84: 225s 3a:b9:37:1f:59:43:0c:00:c9:a0:c7:66:07:5e:73:61:9d:9a: 225s 22:c4:b6:89:7c:78:7e:4c:23:fe:ee:22:f3:2b:a7:83:0b:c5: 225s 90:47:21:96:13:61:f5:d2:23:51:a9:ad:79:c9:a1:a2:93:2f: 225s 79:47:55:7a:cb:56:bd:1d:d4:e8:1f:0e:10:ec:76:8d:e1:dc: 225s 7a:85:10:30:ca:26:d0:ec:b8:83:3a:fd:59:37:bc:e2:8d:90: 225s 56:51:9b:23:57:3c:9a:98:38:a6:3a:39:f9:38:f7:58:b2:e1: 225s 0f:c6 225s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-XHwNZk/SSSD-child-20422-auth.pem 225s 225s Test completed, Root CA and intermediate issued certificates verified! 225s + found_md5=Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 225s + '[' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 '!=' Modulus=9B752C7F7C2DBAF4D2AA907870ED823662C92528CA0BA182D96E9E1F928EC147BC255F7A38B2F105769B87B55DC962EC79CADB8B26FD9087A31CF2C6287842329AC773252554F3072FDC739891A750A252B588226925B1A713918D67FD01DB939D8072A1CAB3A4C067B1BB324742A71ED801C096BA9DE72E1FD16FBA90FD9BC5 ']' 225s + set +x 225s autopkgtest [11:56:59]: test sssd-softhism2-certificates-tests.sh: -----------------------] 226s sssd-softhism2-certificates-tests.sh PASS 226s autopkgtest [11:57:00]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 226s autopkgtest [11:57:00]: test sssd-smart-card-pam-auth-configs: preparing testbed 226s Reading package lists... 226s Building dependency tree... 226s Reading state information... 227s Starting pkgProblemResolver with broken count: 0 227s Starting 2 pkgProblemResolver with broken count: 0 227s Done 227s The following NEW packages will be installed: 227s pamtester 228s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 228s Need to get 12.7 kB of archives. 228s After this operation, 36.9 kB of additional disk space will be used. 228s Get:1 http://ftpmaster.internal/ubuntu plucky/universe amd64 pamtester amd64 0.1.2-4 [12.7 kB] 228s Fetched 12.7 kB in 0s (82.4 kB/s) 228s Selecting previously unselected package pamtester. 228s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 90037 files and directories currently installed.) 228s Preparing to unpack .../pamtester_0.1.2-4_amd64.deb ... 228s Unpacking pamtester (0.1.2-4) ... 228s Setting up pamtester (0.1.2-4) ... 228s Processing triggers for man-db (2.13.0-1) ... 229s 229s Running kernel seems to be up-to-date. 229s 229s No services need to be restarted. 229s 229s No containers need to be restarted. 229s 229s User sessions running outdated binaries: 229s ubuntu @ session #4: sshd-session[1202] 229s 229s No VM guests are running outdated hypervisor (qemu) binaries on this host. 231s autopkgtest [11:57:05]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 231s autopkgtest [11:57:05]: test sssd-smart-card-pam-auth-configs: [----------------------- 231s + '[' -z ubuntu ']' 231s + export DEBIAN_FRONTEND=noninteractive 231s + DEBIAN_FRONTEND=noninteractive 231s + required_tools=(pamtester softhsm2-util sssd) 231s + [[ ! -v OFFLINE_MODE ]] 231s + for cmd in "${required_tools[@]}" 231s + command -v pamtester 231s + for cmd in "${required_tools[@]}" 231s + command -v softhsm2-util 231s + for cmd in "${required_tools[@]}" 231s + command -v sssd 231s + PIN=123456 231s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 231s + tmpdir=/tmp/sssd-softhsm2-certs-fv5Q20 231s + backupsdir= 231s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 231s + declare -a restore_paths 231s + declare -a delete_paths 231s + trap handle_exit EXIT 231s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 231s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 231s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 231s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 231s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-fv5Q20 GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 231s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-fv5Q20 231s + GENERATE_SMART_CARDS=1 231s + KEEP_TEMPORARY_FILES=1 231s + NO_SSSD_TESTS=1 231s + bash debian/tests/sssd-softhism2-certificates-tests.sh 231s + '[' -z ubuntu ']' 231s + required_tools=(p11tool openssl softhsm2-util) 231s + for cmd in "${required_tools[@]}" 231s + command -v p11tool 231s + for cmd in "${required_tools[@]}" 231s + command -v openssl 231s + for cmd in "${required_tools[@]}" 231s + command -v softhsm2-util 231s + PIN=123456 231s +++ find /usr/lib/softhsm/libsofthsm2.so 231s +++ head -n 1 231s ++ realpath /usr/lib/softhsm/libsofthsm2.so 231s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 231s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 231s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 231s + '[' '!' -v NO_SSSD_TESTS ']' 231s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 231s + tmpdir=/tmp/sssd-softhsm2-certs-fv5Q20 231s + keys_size=1024 231s + [[ ! -v KEEP_TEMPORARY_FILES ]] 231s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 231s + echo -n 01 231s + touch /tmp/sssd-softhsm2-certs-fv5Q20/index.txt 231s + mkdir -p /tmp/sssd-softhsm2-certs-fv5Q20/new_certs 231s + cat 231s + root_ca_key_pass=pass:random-root-CA-password-30509 231s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-key.pem -passout pass:random-root-CA-password-30509 1024 231s + openssl req -passin pass:random-root-CA-password-30509 -batch -config /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.pem 231s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.pem 231s + cat 231s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-32741 231s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-32741 1024 231s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-32741 -config /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-30509 -sha256 -out /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-certificate-request.pem 231s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-certificate-request.pem 231s Certificate Request: 231s Data: 231s Version: 1 (0x0) 231s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 231s Subject Public Key Info: 231s Public Key Algorithm: rsaEncryption 231s Public-Key: (1024 bit) 231s Modulus: 231s 00:dd:93:ab:58:c2:11:89:75:56:ff:f2:e3:82:66: 231s a3:4e:b2:f3:97:08:10:1a:ee:cc:e9:43:d1:c0:23: 231s c4:ac:1b:b1:d3:85:2e:44:c8:be:de:b1:e1:79:be: 231s f7:a0:2a:8f:61:5d:4c:52:61:2c:44:f2:61:a2:a4: 231s 28:f5:62:ed:a5:2a:83:61:ea:b5:4b:41:61:84:d0: 231s d7:9e:ee:d7:ef:25:79:06:d0:59:90:b7:21:cc:30: 231s fc:68:37:ce:b0:3a:f6:6e:46:14:31:7a:67:34:e4: 231s 5f:68:02:e9:90:f8:68:df:0f:0f:23:fe:7c:62:47: 231s 1b:73:86:6b:2b:df:b0:37:59 231s Exponent: 65537 (0x10001) 231s Attributes: 231s (none) 231s Requested Extensions: 231s Signature Algorithm: sha256WithRSAEncryption 231s Signature Value: 231s 6e:f9:61:fb:14:a8:4a:dc:ce:a1:e9:48:a2:34:8d:c4:80:e3: 231s 59:0f:dd:2e:57:9b:11:7e:af:d7:82:32:0d:5e:a2:0c:72:e3: 231s 0b:14:42:72:cb:09:0b:03:ec:35:a3:e4:7c:31:4b:a6:1f:db: 231s b9:cf:f0:69:06:21:30:31:7b:90:c7:cf:5b:cd:fe:14:c7:39: 231s e3:22:af:dd:3f:d9:b4:36:98:0f:15:e0:af:e6:5b:d8:d4:57: 231s 4a:d9:be:96:10:76:e9:ec:ad:06:da:16:d6:e6:71:bf:9a:90: 231s c9:e9:c2:b8:9c:de:be:0c:cb:f8:c3:7f:68:e7:6d:db:12:7e: 231s 6d:79 231s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.config -passin pass:random-root-CA-password-30509 -keyfile /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem 231s Using configuration from /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.config 231s Check that the request matches the signature 231s Signature ok 231s Certificate Details: 231s Serial Number: 1 (0x1) 231s Validity 231s Not Before: Jan 19 11:57:05 2025 GMT 231s Not After : Jan 19 11:57:05 2026 GMT 231s Subject: 231s organizationName = Test Organization 231s organizationalUnitName = Test Organization Unit 231s commonName = Test Organization Intermediate CA 231s X509v3 extensions: 231s X509v3 Subject Key Identifier: 231s B1:E4:A6:0B:1A:AF:DE:42:73:35:FA:0D:8D:90:9A:14:5F:07:A2:79 231s X509v3 Authority Key Identifier: 231s keyid:91:C8:31:22:3A:32:64:A9:35:7B:D7:5A:4B:21:72:6D:F9:1A:D1:D5 231s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 231s serial:00 231s X509v3 Basic Constraints: 231s CA:TRUE 231s X509v3 Key Usage: critical 231s Digital Signature, Certificate Sign, CRL Sign 231s Certificate is to be certified until Jan 19 11:57:05 2026 GMT (365 days) 231s 231s Write out database with 1 new entries 231s Database updated 231s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem 231s /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem: OK 231s + cat 231s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-15832 231s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-15832 1024 231s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-15832 -config /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-32741 -sha256 -out /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-certificate-request.pem 231s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-certificate-request.pem 231s Certificate Request: 231s Data: 231s Version: 1 (0x0) 231s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 231s Subject Public Key Info: 231s Public Key Algorithm: rsaEncryption 231s Public-Key: (1024 bit) 231s Modulus: 231s 00:d7:6a:22:04:30:85:bb:6f:13:2d:24:bf:62:78: 231s 9a:b6:47:ca:53:0b:5b:91:f3:39:60:0d:9e:e9:80: 231s 81:d1:f5:75:a0:19:96:37:2b:79:33:11:29:37:6a: 231s ff:cb:d5:af:5d:d1:3d:87:9e:fe:74:92:94:37:29: 231s fd:f1:79:22:38:10:39:42:7f:3a:12:db:95:93:0f: 231s 52:cf:5a:f5:04:0c:09:3b:fa:4c:a1:0a:5a:6a:00: 231s 60:07:57:15:7e:82:b4:75:8b:5e:8a:26:89:e2:82: 231s 07:22:92:ce:95:6b:24:e5:cc:52:85:db:3a:e3:5d: 231s d0:71:c8:eb:5c:9c:d0:65:51 231s Exponent: 65537 (0x10001) 231s Attributes: 231s (none) 231s Requested Extensions: 231s Signature Algorithm: sha256WithRSAEncryption 231s Signature Value: 231s 5b:cc:0e:13:ef:dd:18:3a:5a:2a:ec:65:cb:43:86:8d:36:e1: 231s dc:54:15:49:34:80:66:e0:ee:31:70:de:a4:ae:d7:42:32:67: 231s 82:a2:98:2f:d9:2f:92:1c:c5:91:e8:d0:fe:3b:d3:8c:59:59: 231s 7b:8e:1c:66:e6:af:cd:7d:cb:97:84:e4:2c:f6:29:6d:04:da: 231s da:03:9d:e7:e4:09:7a:12:dd:5a:db:61:6f:58:52:1f:23:53: 231s e7:db:18:8f:07:21:8d:ee:a2:9b:e6:d0:37:ed:93:58:1d:be: 231s 3d:c6:47:36:c1:86:cd:76:f4:8b:a3:23:d8:34:0e:40:b3:51: 231s bc:ce 231s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-32741 -keyfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem 231s Using configuration from /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.config 231s Check that the request matches the signature 231s Signature ok 231s Certificate Details: 231s Serial Number: 2 (0x2) 231s Validity 231s Not Before: Jan 19 11:57:05 2025 GMT 231s Not After : Jan 19 11:57:05 2026 GMT 231s Subject: 231s organizationName = Test Organization 231s organizationalUnitName = Test Organization Unit 231s commonName = Test Organization Sub Intermediate CA 231s X509v3 extensions: 231s X509v3 Subject Key Identifier: 231s C9:40:6B:1B:E9:C0:40:BE:DD:47:8B:CC:27:13:1F:EB:4E:D4:42:DC 231s X509v3 Authority Key Identifier: 231s keyid:B1:E4:A6:0B:1A:AF:DE:42:73:35:FA:0D:8D:90:9A:14:5F:07:A2:79 231s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 231s serial:01 231s X509v3 Basic Constraints: 231s CA:TRUE 231s X509v3 Key Usage: critical 231s Digital Signature, Certificate Sign, CRL Sign 231s Certificate is to be certified until Jan 19 11:57:05 2026 GMT (365 days) 231s 231s Write out database with 1 new entries 231s Database updated 231s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem 231s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem 231s /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem: OK 231s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem 231s + local cmd=openssl 231s + shift 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem 231s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 231s error 20 at 0 depth lookup: unable to get local issuer certificate 231s error /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem: verification failed 231s + cat 231s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-1853 231s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-1853 1024 231s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-1853 -key /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001-request.pem 231s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001-request.pem 231s Certificate Request: 231s Data: 231s Version: 1 (0x0) 231s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 231s Subject Public Key Info: 231s Public Key Algorithm: rsaEncryption 231s Public-Key: (1024 bit) 231s Modulus: 231s 00:bd:4b:f3:49:21:90:7a:89:6b:f6:8c:e4:b4:00: 231s 8b:bd:27:30:8d:e5:81:6e:48:5f:65:92:fa:6a:b8: 231s b2:4b:29:37:bf:2c:9b:30:0d:df:26:99:81:dc:61: 231s bd:fb:6a:65:5e:f8:1a:f6:00:b7:fe:95:8a:41:0d: 231s b9:e5:46:02:d3:2e:ca:4a:5e:03:03:a6:17:e9:f0: 231s 0e:cf:a4:43:cc:73:c2:47:77:63:5f:d3:c7:e2:db: 231s 63:2a:45:bc:bc:d4:15:db:14:18:78:25:72:b9:89: 231s bc:4f:93:64:52:02:bb:a7:ad:d3:d8:41:c3:4d:b4: 231s b2:e8:89:48:de:73:fe:53:6f 231s Exponent: 65537 (0x10001) 231s Attributes: 231s Requested Extensions: 231s X509v3 Basic Constraints: 231s CA:FALSE 231s Netscape Cert Type: 231s SSL Client, S/MIME 231s Netscape Comment: 231s Test Organization Root CA trusted Certificate 231s X509v3 Subject Key Identifier: 231s 15:BE:FE:79:96:F2:D3:CB:07:F1:A0:93:A3:0D:52:3B:E8:DB:8E:20 231s X509v3 Key Usage: critical 231s Digital Signature, Non Repudiation, Key Encipherment 231s X509v3 Extended Key Usage: 231s TLS Web Client Authentication, E-mail Protection 231s X509v3 Subject Alternative Name: 231s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 231s Signature Algorithm: sha256WithRSAEncryption 231s Signature Value: 231s 6d:88:52:d8:4a:d6:f1:cd:f0:66:d9:71:f8:f9:a6:78:70:98: 231s cf:09:34:a6:8f:fa:d5:0a:c0:f9:2f:40:47:e0:45:49:4d:77: 231s 06:7b:a8:30:c0:ff:76:7b:ac:17:ac:92:67:15:50:9e:ca:51: 231s 95:0c:85:cd:5c:ed:65:f9:92:c3:7e:f0:9d:1d:cc:9a:89:34: 231s 29:bb:e9:88:6e:d5:15:fe:ca:f4:e1:f5:50:6b:27:68:af:37: 231s 5e:23:07:46:db:24:5d:75:e5:e9:2e:a7:14:96:3a:af:59:fd: 231s 62:7b:0a:7c:90:53:b7:31:f3:02:85:dc:de:a2:00:19:75:d8: 231s 21:f7 231s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.config -passin pass:random-root-CA-password-30509 -keyfile /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem 231s Using configuration from /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.config 231s Check that the request matches the signature 231s Signature ok 231s Certificate Details: 231s Serial Number: 3 (0x3) 231s Validity 231s Not Before: Jan 19 11:57:05 2025 GMT 231s Not After : Jan 19 11:57:05 2026 GMT 231s Subject: 231s organizationName = Test Organization 231s organizationalUnitName = Test Organization Unit 231s commonName = Test Organization Root Trusted Certificate 0001 231s X509v3 extensions: 231s X509v3 Authority Key Identifier: 231s 91:C8:31:22:3A:32:64:A9:35:7B:D7:5A:4B:21:72:6D:F9:1A:D1:D5 231s X509v3 Basic Constraints: 231s CA:FALSE 231s Netscape Cert Type: 231s SSL Client, S/MIME 231s Netscape Comment: 231s Test Organization Root CA trusted Certificate 231s X509v3 Subject Key Identifier: 231s 15:BE:FE:79:96:F2:D3:CB:07:F1:A0:93:A3:0D:52:3B:E8:DB:8E:20 231s X509v3 Key Usage: critical 231s Digital Signature, Non Repudiation, Key Encipherment 231s X509v3 Extended Key Usage: 231s TLS Web Client Authentication, E-mail Protection 231s X509v3 Subject Alternative Name: 231s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 231s Certificate is to be certified until Jan 19 11:57:05 2026 GMT (365 days) 231s 231s Write out database with 1 new entries 231s Database updated 231s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem 231s /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem: OK 231s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem 231s + local cmd=openssl 231s + shift 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem 231s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 231s error 20 at 0 depth lookup: unable to get local issuer certificate 231s error /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem: verification failed 231s + cat 231s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-12425 231s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-12425 1024 231s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-12425 -key /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001-request.pem 231s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001-request.pem 231s Certificate Request: 231s Data: 231s Version: 1 (0x0) 231s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 231s Subject Public Key Info: 231s Public Key Algorithm: rsaEncryption 231s Public-Key: (1024 bit) 231s Modulus: 231s 00:e4:d4:5e:71:b8:01:08:1b:6b:46:6c:92:4a:fd: 231s 60:25:fb:13:7f:40:f3:56:de:fc:ef:89:68:2f:32: 231s d7:30:3e:ff:ad:71:fb:66:3f:56:36:e2:dc:6c:5e: 231s c7:7e:67:e3:e0:56:ab:3e:a8:8a:b1:d3:69:f1:bd: 231s b9:95:10:35:f6:fb:2c:9a:b8:19:9d:e5:65:83:5b: 231s 88:72:10:de:c1:05:8c:4e:fc:7b:49:60:5c:d2:0b: 231s c9:f0:6e:c6:70:5f:8e:81:76:b3:bf:69:3b:2e:f0: 231s c0:1c:6f:99:93:07:8c:d5:56:c3:36:c3:8e:48:e8: 231s 55:ca:94:6c:d9:f6:57:7d:41 231s Exponent: 65537 (0x10001) 231s Attributes: 231s Requested Extensions: 231s X509v3 Basic Constraints: 231s CA:FALSE 231s Netscape Cert Type: 231s SSL Client, S/MIME 231s Netscape Comment: 231s Test Organization Intermediate CA trusted Certificate 231s X509v3 Subject Key Identifier: 231s 5F:44:52:2C:D0:0C:FA:28:FD:AA:84:D4:D5:48:47:67:D0:A6:C0:8C 231s X509v3 Key Usage: critical 231s Digital Signature, Non Repudiation, Key Encipherment 231s X509v3 Extended Key Usage: 231s TLS Web Client Authentication, E-mail Protection 231s X509v3 Subject Alternative Name: 231s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 231s Signature Algorithm: sha256WithRSAEncryption 231s Signature Value: 231s 9d:e9:3d:07:65:f5:c7:ab:24:7c:c9:cc:e8:34:6a:80:23:78: 231s f2:9b:ee:44:70:40:cb:ef:f0:b7:3a:40:77:eb:f9:6e:55:f8: 231s 46:c2:b6:36:54:72:bf:60:9b:da:9b:c1:23:26:41:08:1c:33: 231s c3:a4:50:ba:a7:a2:90:4f:33:f4:c2:e4:25:7b:30:ce:94:d3: 231s 57:c8:f2:6a:6e:0c:61:b5:9e:e1:bd:b2:14:9a:b1:c8:14:90: 231s 0a:d4:96:31:73:6e:bc:ea:5a:0a:f2:29:4b:5b:1a:36:3f:1d: 231s a6:94:73:b2:1c:ac:fe:d0:7d:60:eb:6f:f6:74:02:42:d5:56: 231s fa:a8 231s + openssl ca -passin pass:random-intermediate-CA-password-32741 -config /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem 231s Using configuration from /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.config 231s Check that the request matches the signature 231s Signature ok 231s Certificate Details: 231s Serial Number: 4 (0x4) 231s Validity 231s Not Before: Jan 19 11:57:05 2025 GMT 231s Not After : Jan 19 11:57:05 2026 GMT 231s Subject: 231s organizationName = Test Organization 231s organizationalUnitName = Test Organization Unit 231s commonName = Test Organization Intermediate Trusted Certificate 0001 231s X509v3 extensions: 231s X509v3 Authority Key Identifier: 231s B1:E4:A6:0B:1A:AF:DE:42:73:35:FA:0D:8D:90:9A:14:5F:07:A2:79 231s X509v3 Basic Constraints: 231s CA:FALSE 231s Netscape Cert Type: 231s SSL Client, S/MIME 231s Netscape Comment: 231s Test Organization Intermediate CA trusted Certificate 231s X509v3 Subject Key Identifier: 231s 5F:44:52:2C:D0:0C:FA:28:FD:AA:84:D4:D5:48:47:67:D0:A6:C0:8C 231s X509v3 Key Usage: critical 231s Digital Signature, Non Repudiation, Key Encipherment 231s X509v3 Extended Key Usage: 231s TLS Web Client Authentication, E-mail Protection 231s X509v3 Subject Alternative Name: 231s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 231s Certificate is to be certified until Jan 19 11:57:05 2026 GMT (365 days) 231s 231s Write out database with 1 new entries 231s Database updated 231s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem 231s This certificate should not be trusted fully 231s + echo 'This certificate should not be trusted fully' 231s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem 231s + local cmd=openssl 231s + shift 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem 231s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 231s error 2 at 1 depth lookup: unable to get issuer certificate 231s error /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 231s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem 231s /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem: OK 231s + cat 231s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16015 231s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-16015 1024 231s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-16015 -key /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 231s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 231s Certificate Request: 231s Data: 231s Version: 1 (0x0) 231s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 231s Subject Public Key Info: 231s Public Key Algorithm: rsaEncryption 231s Public-Key: (1024 bit) 231s Modulus: 231s 00:c3:e6:87:27:4a:68:3f:42:17:59:38:5d:36:67: 231s 5d:47:61:33:b8:ef:e0:85:c4:19:e0:76:c1:60:20: 231s 24:7f:fa:75:4b:dd:2f:91:47:52:cc:c3:37:8f:09: 231s bb:f7:f3:dc:07:ca:39:c3:b4:b1:ec:6b:88:1e:21: 231s 50:ef:fd:d4:46:91:37:5a:80:d3:57:98:14:05:12: 231s 91:0d:40:74:ef:a5:c4:49:a3:96:b5:9b:ef:8d:f6: 231s 5d:f6:52:13:03:b0:24:6a:d0:88:2e:c3:ea:4e:91: 231s 01:ba:b5:2e:43:63:04:e8:01:b1:55:38:6b:17:dc: 231s 97:20:54:f5:e6:aa:14:8c:97 231s Exponent: 65537 (0x10001) 231s Attributes: 231s Requested Extensions: 231s X509v3 Basic Constraints: 231s CA:FALSE 231s Netscape Cert Type: 231s SSL Client, S/MIME 231s Netscape Comment: 231s Test Organization Sub Intermediate CA trusted Certificate 231s X509v3 Subject Key Identifier: 231s 7D:87:01:A9:72:A0:49:1A:F6:A0:1B:B9:55:6A:56:0F:C6:0D:15:2D 231s X509v3 Key Usage: critical 231s Digital Signature, Non Repudiation, Key Encipherment 231s X509v3 Extended Key Usage: 231s TLS Web Client Authentication, E-mail Protection 231s X509v3 Subject Alternative Name: 231s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 231s Signature Algorithm: sha256WithRSAEncryption 231s Signature Value: 231s b7:9c:53:2c:6a:cf:7d:35:01:6d:68:b8:3f:23:c5:d4:a1:af: 231s 98:06:d8:25:4f:86:ae:af:52:57:02:9a:1d:f4:e2:e8:8d:46: 231s 12:dd:fd:3d:b6:f4:f9:1f:4e:17:de:11:cd:5b:7d:49:ff:48: 231s aa:22:c4:e7:f6:08:42:5d:52:76:8b:95:c4:97:a1:f5:8a:f7: 231s e1:d6:40:cb:00:e5:ad:19:e8:d0:76:ec:d1:f1:1c:b6:f4:7c: 231s 38:f7:bf:47:c9:19:d8:12:5e:02:03:cf:c2:e8:42:38:f3:46: 231s ad:e6:ff:82:f7:b6:3d:f4:58:f5:d8:c5:e5:8b:bb:64:1f:f2: 231s 1e:93 231s + openssl ca -passin pass:random-sub-intermediate-CA-password-15832 -config /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s Using configuration from /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.config 231s Check that the request matches the signature 231s Signature ok 231s Certificate Details: 231s Serial Number: 5 (0x5) 231s Validity 231s Not Before: Jan 19 11:57:05 2025 GMT 231s Not After : Jan 19 11:57:05 2026 GMT 231s Subject: 231s organizationName = Test Organization 231s organizationalUnitName = Test Organization Unit 231s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 231s X509v3 extensions: 231s X509v3 Authority Key Identifier: 231s C9:40:6B:1B:E9:C0:40:BE:DD:47:8B:CC:27:13:1F:EB:4E:D4:42:DC 231s X509v3 Basic Constraints: 231s CA:FALSE 231s Netscape Cert Type: 231s SSL Client, S/MIME 231s Netscape Comment: 231s Test Organization Sub Intermediate CA trusted Certificate 231s X509v3 Subject Key Identifier: 231s 7D:87:01:A9:72:A0:49:1A:F6:A0:1B:B9:55:6A:56:0F:C6:0D:15:2D 231s X509v3 Key Usage: critical 231s Digital Signature, Non Repudiation, Key Encipherment 231s X509v3 Extended Key Usage: 231s TLS Web Client Authentication, E-mail Protection 231s X509v3 Subject Alternative Name: 231s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 231s Certificate is to be certified until Jan 19 11:57:05 2026 GMT (365 days) 231s 231s Write out database with 1 new entries 231s Database updated 231s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s This certificate should not be trusted fully 231s + echo 'This certificate should not be trusted fully' 231s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s + local cmd=openssl 231s + shift 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 231s error 2 at 1 depth lookup: unable to get issuer certificate 231s error /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 231s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s + local cmd=openssl 231s + shift 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 231s error 20 at 0 depth lookup: unable to get local issuer certificate 231s error /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 231s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 231s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s + local cmd=openssl 231s + shift 231s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 231s error 20 at 0 depth lookup: unable to get local issuer certificate 231s error /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 231s + echo 'Building a the full-chain CA file...' 231s + cat /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem 231s Building a the full-chain CA file... 231s + cat /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem 231s + cat /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem 231s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem 231s + openssl pkcs7 -print_certs -noout 231s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 231s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 231s 231s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 231s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 231s 231s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 231s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 231s 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem 231s /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA.pem: OK 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem 231s /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem: OK 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem 231s /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem: OK 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-root-intermediate-chain-CA.pem 231s /tmp/sssd-softhsm2-certs-fv5Q20/test-root-intermediate-chain-CA.pem: OK 231s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 231s + echo 'Certificates generation completed!' 231s + [[ -v NO_SSSD_TESTS ]] 231s + [[ -v GENERATE_SMART_CARDS ]] 231s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-1853 231s + local certificate=/tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem 231s + local key_pass=pass:random-root-ca-trusted-cert-0001-1853 231s + local key_cn 231s + local key_name 231s + local tokens_dir 231s + local output_cert_file 231s + token_name= 231s Certificates generation completed! 231s ++ basename /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem .pem 231s + key_name=test-root-CA-trusted-certificate-0001 231s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem 231s ++ sed -n 's/ *commonName *= //p' 231s + key_cn='Test Organization Root Trusted Certificate 0001' 231s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 231s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-root-CA-trusted-certificate-0001.conf 231s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-root-CA-trusted-certificate-0001.conf 231s ++ basename /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 231s + tokens_dir=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-root-CA-trusted-certificate-0001 231s + token_name='Test Organization Root Tr Token' 231s + '[' '!' -e /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 231s + local key_file 231s + local decrypted_key 231s + mkdir -p /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-root-CA-trusted-certificate-0001 231s + key_file=/tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001-key.pem 231s + decrypted_key=/tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001-key-decrypted.pem 231s + cat 231s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 231s Slot 0 has a free/uninitialized token. 231s The token has been initialized and is reassigned to slot 1880945745 231s + softhsm2-util --show-slots 231s Available slots: 231s Slot 1880945745 231s Slot info: 231s Description: SoftHSM slot ID 0x701cf451 231s Manufacturer ID: SoftHSM project 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Token present: yes 231s Token info: 231s Manufacturer ID: SoftHSM project 231s Model: SoftHSM v2 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Serial number: 495de9fb701cf451 231s Initialized: yes 231s User PIN init.: yes 231s Label: Test Organization Root Tr Token 231s Slot 1 231s Slot info: 231s Description: SoftHSM slot ID 0x1 231s Manufacturer ID: SoftHSM project 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Token present: yes 231s Token info: 231s Manufacturer ID: SoftHSM project 231s Model: SoftHSM v2 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Serial number: 231s Initialized: no 231s User PIN init.: no 231s Label: 231s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 231s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-1853 -in /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001-key-decrypted.pem 231s writing RSA key 231s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 231s + rm /tmp/sssd-softhsm2-certs-fv5Q20/test-root-CA-trusted-certificate-0001-key-decrypted.pem 231s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 231s Object 0: 231s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=495de9fb701cf451;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 231s Type: X.509 Certificate (RSA-1024) 231s Expires: Mon Jan 19 11:57:05 2026 231s Label: Test Organization Root Trusted Certificate 0001 231s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 231s 231s Test Organization Root Tr Token 231s + echo 'Test Organization Root Tr Token' 231s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-12425 231s + local certificate=/tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem 231s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-12425 231s + local key_cn 231s + local key_name 231s + local tokens_dir 231s + local output_cert_file 231s + token_name= 231s ++ basename /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem .pem 231s + key_name=test-intermediate-CA-trusted-certificate-0001 231s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem 231s ++ sed -n 's/ *commonName *= //p' 231s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 231s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 231s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 231s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 231s ++ basename /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 231s + tokens_dir=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-intermediate-CA-trusted-certificate-0001 231s + token_name='Test Organization Interme Token' 231s + '[' '!' -e /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 231s + local key_file 231s + local decrypted_key 231s + mkdir -p /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-intermediate-CA-trusted-certificate-0001 231s + key_file=/tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001-key.pem 231s + decrypted_key=/tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 231s + cat 231s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 231s Slot 0 has a free/uninitialized token. 231s The token has been initialized and is reassigned to slot 238260662 231s + softhsm2-util --show-slots 231s Available slots: 231s Slot 238260662 231s Slot info: 231s Description: SoftHSM slot ID 0xe3391b6 231s Manufacturer ID: SoftHSM project 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Token present: yes 231s Token info: 231s Manufacturer ID: SoftHSM project 231s Model: SoftHSM v2 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Serial number: ffeada6a0e3391b6 231s Initialized: yes 231s User PIN init.: yes 231s Label: Test Organization Interme Token 231s Slot 1 231s Slot info: 231s Description: SoftHSM slot ID 0x1 231s Manufacturer ID: SoftHSM project 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Token present: yes 231s Token info: 231s Manufacturer ID: SoftHSM project 231s Model: SoftHSM v2 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Serial number: 231s Initialized: no 231s User PIN init.: no 231s Label: 231s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 231s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-12425 -in /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 231s writing RSA key 231s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 231s + rm /tmp/sssd-softhsm2-certs-fv5Q20/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 231s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 231s Object 0: 231s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ffeada6a0e3391b6;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 231s Type: X.509 Certificate (RSA-1024) 231s Expires: Mon Jan 19 11:57:05 2026 231s Label: Test Organization Intermediate Trusted Certificate 0001 231s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 231s 231s + echo 'Test Organization Interme Token' 231s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16015 231s + local certificate=/tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16015 231s + local key_cn 231s + local key_name 231s + local tokens_dir 231s + local output_cert_file 231s + token_name= 231s Test Organization Interme Token 231s ++ basename /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 231s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 231s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem 231s ++ sed -n 's/ *commonName *= //p' 231s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 231s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 231s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 231s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 231s ++ basename /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 231s + tokens_dir=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 231s + token_name='Test Organization Sub Int Token' 231s + '[' '!' -e /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 231s + local key_file 231s + local decrypted_key 231s + mkdir -p /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 231s + key_file=/tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 231s + decrypted_key=/tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 231s + cat 231s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 231s Slot 0 has a free/uninitialized token. 231s The token has been initialized and is reassigned to slot 1654680490 231s + softhsm2-util --show-slots 231s Available slots: 231s Slot 1654680490 231s Slot info: 231s Description: SoftHSM slot ID 0x62a06baa 231s Manufacturer ID: SoftHSM project 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Token present: yes 231s Token info: 231s Manufacturer ID: SoftHSM project 231s Model: SoftHSM v2 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Serial number: 0f0064ee62a06baa 231s Initialized: yes 231s User PIN init.: yes 231s Label: Test Organization Sub Int Token 231s Slot 1 231s Slot info: 231s Description: SoftHSM slot ID 0x1 231s Manufacturer ID: SoftHSM project 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Token present: yes 231s Token info: 231s Manufacturer ID: SoftHSM project 231s Model: SoftHSM v2 231s Hardware version: 2.6 231s Firmware version: 2.6 231s Serial number: 231s Initialized: no 231s User PIN init.: no 231s Label: 231s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 231s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-16015 -in /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 231s writing RSA key 231s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 231s + rm /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 231s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 231s Object 0: 231s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0f0064ee62a06baa;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 231s Type: X.509 Certificate (RSA-1024) 231s Expires: Mon Jan 19 11:57:05 2026 231s Label: Test Organization Sub Intermediate Trusted Certificate 0001 231s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 231s 231s + echo 'Test Organization Sub Int Token' 231s + echo 'Certificates generation completed!' 231s + exit 0 231s Test Organization Sub Int Token 231s Certificates generation completed! 231s + find /tmp/sssd-softhsm2-certs-fv5Q20 -type d -exec chmod 777 '{}' ';' 231s + find /tmp/sssd-softhsm2-certs-fv5Q20 -type f -exec chmod 666 '{}' ';' 231s + backup_file /etc/sssd/sssd.conf 231s + '[' -z '' ']' 231s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 231s + backupsdir=/tmp/sssd-softhsm2-backups-KmSuY3 231s + '[' -e /etc/sssd/sssd.conf ']' 231s + delete_paths+=("$1") 231s + rm -f /etc/sssd/sssd.conf 231s ++ runuser -u ubuntu -- sh -c 'echo ~' 231s + user_home=/home/ubuntu 231s + mkdir -p /home/ubuntu 231s + chown ubuntu:ubuntu /home/ubuntu 231s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 231s + user_config=/home/ubuntu/.config 231s + system_config=/etc 231s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 231s + for path_pair in "${softhsm2_conf_paths[@]}" 231s + IFS=: 231s + read -r -a path 231s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 231s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 231s + '[' -z /tmp/sssd-softhsm2-backups-KmSuY3 ']' 231s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 231s + delete_paths+=("$1") 231s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 231s + for path_pair in "${softhsm2_conf_paths[@]}" 231s + IFS=: 231s + read -r -a path 231s + path=/etc/softhsm/softhsm2.conf 231s + backup_file /etc/softhsm/softhsm2.conf 231s + '[' -z /tmp/sssd-softhsm2-backups-KmSuY3 ']' 231s + '[' -e /etc/softhsm/softhsm2.conf ']' 231s ++ dirname /etc/softhsm/softhsm2.conf 231s + local back_dir=/tmp/sssd-softhsm2-backups-KmSuY3//etc/softhsm 231s ++ basename /etc/softhsm/softhsm2.conf 231s + local back_path=/tmp/sssd-softhsm2-backups-KmSuY3//etc/softhsm/softhsm2.conf 231s + '[' '!' -e /tmp/sssd-softhsm2-backups-KmSuY3//etc/softhsm/softhsm2.conf ']' 231s + mkdir -p /tmp/sssd-softhsm2-backups-KmSuY3//etc/softhsm 231s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-KmSuY3//etc/softhsm/softhsm2.conf 231s + restore_paths+=("$back_path") 231s + rm -f /etc/softhsm/softhsm2.conf 231s + test_authentication login /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem 231s + pam_service=login 231s + certificate_config=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-root-CA-trusted-certificate-0001.conf 231s + ca_db=/tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem 231s + verification_options= 231s + mkdir -p -m 700 /etc/sssd 231s Using CA DB '/tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem' with verification options: '' 231s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 231s + cat 231s + chmod 600 /etc/sssd/sssd.conf 231s + for path_pair in "${softhsm2_conf_paths[@]}" 231s + IFS=: 231s + read -r -a path 231s + user=ubuntu 231s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 231s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 231s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 231s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 231s + runuser -u ubuntu -- softhsm2-util --show-slots 231s + grep 'Test Organization' 231s Label: Test Organization Root Tr Token 231s + for path_pair in "${softhsm2_conf_paths[@]}" 231s + IFS=: 231s + read -r -a path 231s + user=root 231s + path=/etc/softhsm/softhsm2.conf 231s ++ dirname /etc/softhsm/softhsm2.conf 231s + runuser -u root -- mkdir -p /etc/softhsm 231s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 231s + runuser -u root -- softhsm2-util --show-slots 231s + grep 'Test Organization' 231s Label: Test Organization Root Tr Token 231s + systemctl restart sssd 232s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 232s + for alternative in "${alternative_pam_configs[@]}" 232s + pam-auth-update --enable sss-smart-card-optional 232s + cat /etc/pam.d/common-auth 232s # 232s # /etc/pam.d/common-auth - authentication settings common to all services 232s # 232s # This file is included from other service-specific PAM config files, 232s # and should contain a list of the authentication modules that define 232s # the central authentication scheme for use on the system 232s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 232s # traditional Unix authentication mechanisms. 232s # 232s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 232s # To take advantage of this, it is recommended that you configure any 232s # local modules either before or after the default block, and use 232s # pam-auth-update to manage selection of other modules. See 232s # pam-auth-update(8) for details. 232s 232s # here are the per-package modules (the "Primary" block) 232s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 232s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 232s auth [success=1 default=ignore] pam_sss.so use_first_pass 232s # here's the fallback if no module succeeds 232s auth requisite pam_deny.so 232s # prime the stack with a positive return value if there isn't one already; 232s # this avoids us returning an error just because nothing sets a success code 232s # since the modules above will each just jump around 232s auth required pam_permit.so 232s # and here are more per-package modules (the "Additional" block) 232s auth optional pam_cap.so 232s # end of pam-auth-update config 232s + echo -n -e 123456 232s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 232s pamtester: invoking pam_start(login, ubuntu, ...) 232s pamtester: performing operation - authenticate 232s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 232s + echo -n -e 123456 232s + runuser -u ubuntu -- pamtester -v login '' authenticate 232s pamtester: invoking pam_start(login, , ...) 232s pamtester: performing operation - authenticate 232s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 232s + echo -n -e wrong123456 232s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 232s pamtester: invoking pam_start(login, ubuntu, ...) 232s pamtester: performing operation - authenticate 235s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 235s + echo -n -e wrong123456 235s + runuser -u ubuntu -- pamtester -v login '' authenticate 235s pamtester: invoking pam_start(login, , ...) 235s pamtester: performing operation - authenticate 238s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 238s + echo -n -e 123456 238s + pamtester -v login root authenticate 238s pamtester: invoking pam_start(login, root, ...) 238s pamtester: performing operation - authenticate 240s Password: pamtester: Authentication failure 240s + for alternative in "${alternative_pam_configs[@]}" 240s + pam-auth-update --enable sss-smart-card-required 240s PAM configuration 240s ----------------- 240s 240s Incompatible PAM profiles selected. 240s 240s The following PAM profiles cannot be used together: 240s 240s SSS required smart card authentication, SSS optional smart card 240s authentication 240s 240s Please select a different set of modules to enable. 240s 240s + cat /etc/pam.d/common-auth 240s # 240s # /etc/pam.d/common-auth - authentication settings common to all services 240s # 240s # This file is included from other service-specific PAM config files, 240s # and should contain a list of the authentication modules that define 240s # the central authentication scheme for use on the system 240s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 240s # traditional Unix authentication mechanisms. 240s # 240s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 240s # To take advantage of this, it is recommended that you configure any 240s # local modules either before or after the default block, and use 240s # pam-auth-update to manage selection of other modules. See 240s # pam-auth-update(8) for details. 240s 240s # here are the per-package modules (the "Primary" block) 240s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 240s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 240s auth [success=1 default=ignore] pam_sss.so use_first_pass 240s # here's the fallback if no module succeeds 240s auth requisite pam_deny.so 240s # prime the stack with a positive return value if there isn't one already; 240s # this avoids us returning an error just because nothing sets a success code 240s # since the modules above will each just jump around 240s auth required pam_permit.so 240s # and here are more per-package modules (the "Additional" block) 240s auth optional pam_cap.so 240s # end of pam-auth-update config 240s + echo -n -e 123456 240s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 241s pamtester: invoking pam_start(login, ubuntu, ...) 241s pamtester: performing operation - authenticate 241s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 241s + echo -n -e 123456 241s + runuser -u ubuntu -- pamtester -v login '' authenticate 241s pamtester: invoking pam_start(login, , ...) 241s pamtester: performing operation - authenticate 241s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 241s + echo -n -e wrong123456 241s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 241s pamtester: invoking pam_start(login, ubuntu, ...) 241s pamtester: performing operation - authenticate 244s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 244s + echo -n -e wrong123456 244s + runuser -u ubuntu -- pamtester -v login '' authenticate 244s pamtester: invoking pam_start(login, , ...) 244s pamtester: performing operation - authenticate 247s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 247s + echo -n -e 123456 247s + pamtester -v login root authenticate 247s pamtester: invoking pam_start(login, root, ...) 247s pamtester: performing operation - authenticate 250s pamtester: Authentication service cannot retrieve authentication info 250s + test_authentication login /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem 250s + pam_service=login 250s + certificate_config=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 250s + ca_db=/tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem 250s + verification_options= 250s + mkdir -p -m 700 /etc/sssd 250s Using CA DB '/tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem' with verification options: '' 250s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-fv5Q20/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 250s + cat 250s + chmod 600 /etc/sssd/sssd.conf 250s + for path_pair in "${softhsm2_conf_paths[@]}" 250s + IFS=: 250s + read -r -a path 250s + user=ubuntu 250s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 250s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 250s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 250s Label: Test Organization Sub Int Token 250s Label: Test Organization Sub Int Token 250s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 250s + runuser -u ubuntu -- softhsm2-util --show-slots 250s + grep 'Test Organization' 250s + for path_pair in "${softhsm2_conf_paths[@]}" 250s + IFS=: 250s + read -r -a path 250s + user=root 250s + path=/etc/softhsm/softhsm2.conf 250s ++ dirname /etc/softhsm/softhsm2.conf 250s + runuser -u root -- mkdir -p /etc/softhsm 250s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 250s + runuser -u root -- softhsm2-util --show-slots 250s + grep 'Test Organization' 250s + systemctl restart sssd 250s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 250s + for alternative in "${alternative_pam_configs[@]}" 250s + pam-auth-update --enable sss-smart-card-optional 250s + cat /etc/pam.d/common-auth 250s # 250s # /etc/pam.d/common-auth - authentication settings common to all services 250s # 250s # This file is included from other service-specific PAM config files, 250s # and should contain a list of the authentication modules that define 250s # the central authentication scheme for use on the system 250s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 250s # traditional Unix authentication mechanisms. 250s # 250s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 250s # To take advantage of this, it is recommended that you configure any 250s # local modules either before or after the default block, and use 250s # pam-auth-update to manage selection of other modules. See 250s # pam-auth-update(8) for details. 250s 250s # here are the per-package modules (the "Primary" block) 250s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 250s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 250s auth [success=1 default=ignore] pam_sss.so use_first_pass 250s # here's the fallback if no module succeeds 250s auth requisite pam_deny.so 250s # prime the stack with a positive return value if there isn't one already; 250s # this avoids us returning an error just because nothing sets a success code 250s # since the modules above will each just jump around 250s auth required pam_permit.so 250s # and here are more per-package modules (the "Additional" block) 250s auth optional pam_cap.so 250s # end of pam-auth-update config 250s + echo -n -e 123456 250s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 250s pamtester: invoking pam_start(login, ubuntu, ...) 250s pamtester: performing operation - authenticate 250s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 250s + echo -n -e 123456 250s + runuser -u ubuntu -- pamtester -v login '' authenticate 250s pamtester: invoking pam_start(login, , ...) 250s pamtester: performing operation - authenticate 250s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 250s + echo -n -e wrong123456 250s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 250s pamtester: invoking pam_start(login, ubuntu, ...) 250s pamtester: performing operation - authenticate 253s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 253s + echo -n -e wrong123456 253s + runuser -u ubuntu -- pamtester -v login '' authenticate 253s pamtester: invoking pam_start(login, , ...) 253s pamtester: performing operation - authenticate 256s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 256s + echo -n -e 123456 256s + pamtester -v login root authenticate 256s pamtester: invoking pam_start(login, root, ...) 256s pamtester: performing operation - authenticate 259s Password: pamtester: Authentication failure 259s + for alternative in "${alternative_pam_configs[@]}" 259s + pam-auth-update --enable sss-smart-card-required 259s PAM configuration 259s ----------------- 259s 259s Incompatible PAM profiles selected. 259s 259s The following PAM profiles cannot be used together: 259s 259s SSS required smart card authentication, SSS optional smart card 259s authentication 259s 259s Please select a different set of modules to enable. 259s 259s + cat /etc/pam.d/common-auth 259s # 259s # /etc/pam.d/common-auth - authentication settings common to all services 259s # 259s # This file is included from other service-specific PAM config files, 259s # and should contain a list of the authentication modules that define 259s # the central authentication scheme for use on the system 259s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 259s # traditional Unix authentication mechanisms. 259s # 259s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 259s # To take advantage of this, it is recommended that you configure any 259s # local modules either before or after the default block, and use 259s # pam-auth-update to manage selection of other modules. See 259s # pam-auth-update(8) for details. 259s 259s # here are the per-package modules (the "Primary" block) 259s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 259s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 259s auth [success=1 default=ignore] pam_sss.so use_first_pass 259s # here's the fallback if no module succeeds 259s auth requisite pam_deny.so 259s # prime the stack with a positive return value if there isn't one already; 259s # this avoids us returning an error just because nothing sets a success code 259s # since the modules above will each just jump around 259s auth required pam_permit.so 259s # and here are more per-package modules (the "Additional" block) 259s auth optional pam_cap.so 259s # end of pam-auth-update config 259s + echo -n -e 123456 259s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 259s pamtester: invoking pam_start(login, ubuntu, ...) 259s pamtester: performing operation - authenticate 259s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 259s + echo -n -e 123456 259s + runuser -u ubuntu -- pamtester -v login '' authenticate 259s pamtester: invoking pam_start(login, , ...) 259s pamtester: performing operation - authenticate 259s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 259s + echo -n -e wrong123456 259s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 259s pamtester: invoking pam_start(login, ubuntu, ...) 259s pamtester: performing operation - authenticate 262s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 262s + echo -n -e wrong123456 262s + runuser -u ubuntu -- pamtester -v login '' authenticate 262s pamtester: invoking pam_start(login, , ...) 262s pamtester: performing operation - authenticate 265s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 265s + echo -n -e 123456 265s + pamtester -v login root authenticate 265s pamtester: invoking pam_start(login, root, ...) 265s pamtester: performing operation - authenticate 268s pamtester: Authentication service cannot retrieve authentication info 268s + test_authentication login /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem partial_chain 268s + pam_service=login 268s + certificate_config=/tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 268s + ca_db=/tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem 268s + verification_options=partial_chain 268s + mkdir -p -m 700 /etc/sssd 268s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 268s + cat 268s Using CA DB '/tmp/sssd-softhsm2-certs-fv5Q20/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 268s + chmod 600 /etc/sssd/sssd.conf 268s + for path_pair in "${softhsm2_conf_paths[@]}" 268s + IFS=: 268s + read -r -a path 268s + user=ubuntu 268s Label: Test Organization Sub Int Token 268s Label: Test Organization Sub Int Token 268s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 268s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 268s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 268s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 268s + runuser -u ubuntu -- softhsm2-util --show-slots 268s + grep 'Test Organization' 268s + for path_pair in "${softhsm2_conf_paths[@]}" 268s + IFS=: 268s + read -r -a path 268s + user=root 268s + path=/etc/softhsm/softhsm2.conf 268s ++ dirname /etc/softhsm/softhsm2.conf 268s + runuser -u root -- mkdir -p /etc/softhsm 268s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-fv5Q20/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 268s + runuser -u root -- softhsm2-util --show-slots 268s + grep 'Test Organization' 268s + systemctl restart sssd 268s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 268s + for alternative in "${alternative_pam_configs[@]}" 268s + pam-auth-update --enable sss-smart-card-optional 269s + cat /etc/pam.d/common-auth 269s # 269s # /etc/pam.d/common-auth - authentication settings common to all services 269s # 269s # This file is included from other service-specific PAM config files, 269s # and should contain a list of the authentication modules that define 269s # the central authentication scheme for use on the system 269s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 269s # traditional Unix authentication mechanisms. 269s # 269s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 269s # To take advantage of this, it is recommended that you configure any 269s # local modules either before or after the default block, and use 269s # pam-auth-update to manage selection of other modules. See 269s # pam-auth-update(8) for details. 269s 269s # here are the per-package modules (the "Primary" block) 269s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 269s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 269s auth [success=1 default=ignore] pam_sss.so use_first_pass 269s # here's the fallback if no module succeeds 269s auth requisite pam_deny.so 269s # prime the stack with a positive return value if there isn't one already; 269s # this avoids us returning an error just because nothing sets a success code 269s # since the modules above will each just jump around 269s auth required pam_permit.so 269s # and here are more per-package modules (the "Additional" block) 269s auth optional pam_cap.so 269s # end of pam-auth-update config 269s + echo -n -e 123456 269s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 269s pamtester: invoking pam_start(login, ubuntu, ...) 269s pamtester: performing operation - authenticate 269s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 269s + echo -n -e 123456 269s + runuser -u ubuntu -- pamtester -v login '' authenticate 269s pamtester: invoking pam_start(login, , ...) 269s pamtester: performing operation - authenticate 269s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 269s + echo -n -e wrong123456 269s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 269s pamtester: invoking pam_start(login, ubuntu, ...) 269s pamtester: performing operation - authenticate 272s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 272s + echo -n -e wrong123456 272s + runuser -u ubuntu -- pamtester -v login '' authenticate 272s pamtester: invoking pam_start(login, , ...) 272s pamtester: performing operation - authenticate 275s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 275s + echo -n -e 123456 275s + pamtester -v login root authenticate 275s pamtester: invoking pam_start(login, root, ...) 275s pamtester: performing operation - authenticate 278s Password: pamtester: Authentication failure 278s + for alternative in "${alternative_pam_configs[@]}" 278s + pam-auth-update --enable sss-smart-card-required 278s PAM configuration 278s ----------------- 278s 278s Incompatible PAM profiles selected. 278s 278s The following PAM profiles cannot be used together: 278s 278s SSS required smart card authentication, SSS optional smart card 278s authentication 278s 278s Please select a different set of modules to enable. 278s 278s + cat /etc/pam.d/common-auth 278s # 278s # /etc/pam.d/common-auth - authentication settings common to all services 278s # 278s # This file is included from other service-specific PAM config files, 278s # and should contain a list of the authentication modules that define 278s # the central authentication scheme for use on the system 278s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 278s # traditional Unix authentication mechanisms. 278s # 278s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 278s # To take advantage of this, it is recommended that you configure any 278s # local modules either before or after the default block, and use 278s # pam-auth-update to manage selection of other modules. See 278s # pam-auth-update(8) for details. 278s 278s # here are the per-package modules (the "Primary" block) 278s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 278s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 278s auth [success=1 default=ignore] pam_sss.so use_first_pass 278s # here's the fallback if no module succeeds 278s auth requisite pam_deny.so 278s # prime the stack with a positive return value if there isn't one already; 278s # this avoids us returning an error just because nothing sets a success code 278s # since the modules above will each just jump around 278s auth required pam_permit.so 278s # and here are more per-package modules (the "Additional" block) 278s auth optional pam_cap.so 278s # end of pam-auth-update config 278s + echo -n -e 123456 278s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 278s pamtester: invoking pam_start(login, ubuntu, ...) 278s pamtester: performing operation - authenticate 278s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 278s + echo -n -e 123456 278s + runuser -u ubuntu -- pamtester -v login '' authenticate 278s pamtester: invoking pam_start(login, , ...) 278s pamtester: performing operation - authenticate 278s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 278s + echo -n -e wrong123456 278s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 278s pamtester: invoking pam_start(login, ubuntu, ...) 278s pamtester: performing operation - authenticate 282s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 282s + echo -n -e wrong123456 282s + runuser -u ubuntu -- pamtester -v login '' authenticate 282s pamtester: invoking pam_start(login, , ...) 282s pamtester: performing operation - authenticate 284s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 284s + echo -n -e 123456 284s + pamtester -v login root authenticate 284s pamtester: invoking pam_start(login, root, ...) 284s pamtester: performing operation - authenticate 287s pamtester: Authentication service cannot retrieve authentication info 287s + handle_exit 287s + exit_code=0 287s + restore_changes 287s + for path in "${restore_paths[@]}" 287s + local original_path 287s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-KmSuY3 /tmp/sssd-softhsm2-backups-KmSuY3//etc/softhsm/softhsm2.conf 287s + original_path=/etc/softhsm/softhsm2.conf 287s + rm /etc/softhsm/softhsm2.conf 287s + mv /tmp/sssd-softhsm2-backups-KmSuY3//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 287s + for path in "${delete_paths[@]}" 287s + rm -f /etc/sssd/sssd.conf 287s + for path in "${delete_paths[@]}" 287s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 287s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 287s + '[' -e /etc/sssd/sssd.conf ']' 287s + systemctl stop sssd 287s + '[' -e /etc/softhsm/softhsm2.conf ']' 287s + chmod 600 /etc/softhsm/softhsm2.conf 287s + rm -rf /tmp/sssd-softhsm2-certs-fv5Q20 287s + '[' 0 = 0 ']' 287s + rm -rf /tmp/sssd-softhsm2-backups-KmSuY3 287s Script completed successfully! 287s + set +x 287s autopkgtest [11:58:01]: test sssd-smart-card-pam-auth-configs: -----------------------] 288s sssd-smart-card-pam-auth-configs PASS 288s autopkgtest [11:58:02]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 288s autopkgtest [11:58:02]: @@@@@@@@@@@@@@@@@@@@ summary 288s ldap-user-group-ldap-auth FAIL non-zero exit status 253 288s ldap-user-group-krb5-auth FAIL non-zero exit status 253 288s sssd-softhism2-certificates-tests.sh PASS 288s sssd-smart-card-pam-auth-configs PASS 293s nova [W] Skipping flock for amd64 293s Creating nova instance adt-plucky-amd64-sssd-20250119-115314-juju-7f2275-prod-proposed-migration-environment-20-3bd26888-70e6-4b16-925f-3a3bfd8d8493 from image adt/ubuntu-plucky-amd64-server-20250119.img (UUID 7982e7e7-53fc-4a89-b206-09501ed3ffd2)... 293s nova [W] Timed out waiting for ebc7c59d-49fe-4714-a584-e5d63f3a8c7b to get deleted. 293s nova [W] Skipping flock for amd64 293s Creating nova instance adt-plucky-amd64-sssd-20250119-115314-juju-7f2275-prod-proposed-migration-environment-20-3bd26888-70e6-4b16-925f-3a3bfd8d8493 from image adt/ubuntu-plucky-amd64-server-20250119.img (UUID 7982e7e7-53fc-4a89-b206-09501ed3ffd2)... 293s nova [W] Timed out waiting for 9f096e7f-4355-4f43-bb2e-47b611dcda2b to get deleted.