0s autopkgtest [03:24:13]: starting date and time: 2025-01-17 03:24:13+0000 0s autopkgtest [03:24:13]: git checkout: 325255d2 Merge branch 'pin-any-arch' into 'ubuntu/production' 0s autopkgtest [03:24:13]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.br9la3ds/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:krb5 --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=krb5/1.21.3-4 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos03-arm64-42.secgroup --name adt-plucky-arm64-sssd-20250117-032412-juju-7f2275-prod-proposed-migration-environment-2-0b1d71e1-cafb-434d-a541-1690197f9f4a --image adt/ubuntu-plucky-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com,radosgw.ps5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 134s autopkgtest [03:26:27]: testbed dpkg architecture: arm64 134s autopkgtest [03:26:27]: testbed apt version: 2.9.18 135s autopkgtest [03:26:28]: @@@@@@@@@@@@@@@@@@@@ test bed setup 135s autopkgtest [03:26:28]: testbed release detected to be: None 136s autopkgtest [03:26:29]: updating testbed package index (apt update) 136s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 136s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 136s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 137s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 137s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [921 kB] 137s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [15.4 kB] 137s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [170 kB] 137s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 137s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 Packages [312 kB] 137s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted arm64 Packages [57.8 kB] 137s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 Packages [1078 kB] 137s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse arm64 Packages [12.7 kB] 137s Fetched 2650 kB in 1s (2495 kB/s) 139s Reading package lists... 139s + lsb_release --codename --short 139s + RELEASE=plucky 139s + cat 139s + [ plucky != trusty ] 139s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y --allow-downgrades -o Dpkg::Options::=--force-confnew dist-upgrade 139s Reading package lists... 140s Building dependency tree... 140s Reading state information... 141s Calculating upgrade... 142s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 142s + rm /etc/apt/preferences.d/force-downgrade-to-release.pref 142s + /usr/lib/apt/apt-helper analyze-pattern ?true 142s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y purge --autoremove ?obsolete 142s Reading package lists... 143s Building dependency tree... 143s Reading state information... 144s 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. 144s + grep -q trusty /etc/lsb-release 144s + [ ! -d /usr/share/doc/unattended-upgrades ] 144s + [ ! -d /usr/share/doc/lxd ] 144s + [ ! -d /usr/share/doc/lxd-client ] 144s + [ ! -d /usr/share/doc/snapd ] 144s + type iptables 144s + cat 144s + chmod 755 /etc/rc.local 144s + . /etc/rc.local 144s + iptables -w -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 145s + iptables -A OUTPUT -d 10.255.255.1/32 -p tcp -j DROP 145s + iptables -A OUTPUT -d 10.255.255.2/32 -p tcp -j DROP 145s + uname -m 145s + [ aarch64 = ppc64le ] 145s + [ -d /run/systemd/system ] 145s + systemd-detect-virt --quiet --vm 145s + mkdir -p /etc/systemd/system/systemd-random-seed.service.d/ 145s + cat 145s + grep -q lz4 /etc/initramfs-tools/initramfs.conf 145s + echo COMPRESS=lz4 145s + sync 145s autopkgtest [03:26:38]: upgrading testbed (apt dist-upgrade and autopurge) 145s Reading package lists... 146s Building dependency tree... 146s Reading state information... 147s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 147s Starting 2 pkgProblemResolver with broken count: 0 147s Done 148s Entering ResolveByKeep 149s 150s The following packages will be upgraded: 150s krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 150s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 150s Need to get 629 kB of archives. 150s After this operation, 73.7 kB of additional disk space will be used. 150s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 krb5-locales all 1.21.3-4 [14.5 kB] 150s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libgssapi-krb5-2 arm64 1.21.3-4 [144 kB] 150s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkrb5-3 arm64 1.21.3-4 [350 kB] 150s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkrb5support0 arm64 1.21.3-4 [34.4 kB] 150s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libk5crypto3 arm64 1.21.3-4 [86.1 kB] 151s Fetched 629 kB in 1s (1096 kB/s) 152s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80204 files and directories currently installed.) 152s Preparing to unpack .../krb5-locales_1.21.3-4_all.deb ... 152s Unpacking krb5-locales (1.21.3-4) over (1.21.3-3) ... 152s Preparing to unpack .../libgssapi-krb5-2_1.21.3-4_arm64.deb ... 152s Unpacking libgssapi-krb5-2:arm64 (1.21.3-4) over (1.21.3-3) ... 152s Preparing to unpack .../libkrb5-3_1.21.3-4_arm64.deb ... 152s Unpacking libkrb5-3:arm64 (1.21.3-4) over (1.21.3-3) ... 152s Preparing to unpack .../libkrb5support0_1.21.3-4_arm64.deb ... 152s Unpacking libkrb5support0:arm64 (1.21.3-4) over (1.21.3-3) ... 152s Preparing to unpack .../libk5crypto3_1.21.3-4_arm64.deb ... 152s Unpacking libk5crypto3:arm64 (1.21.3-4) over (1.21.3-3) ... 152s Setting up krb5-locales (1.21.3-4) ... 152s Setting up libkrb5support0:arm64 (1.21.3-4) ... 152s Setting up libk5crypto3:arm64 (1.21.3-4) ... 152s Setting up libkrb5-3:arm64 (1.21.3-4) ... 152s Setting up libgssapi-krb5-2:arm64 (1.21.3-4) ... 152s Processing triggers for libc-bin (2.40-4ubuntu1) ... 152s Reading package lists... 153s Building dependency tree... 153s Reading state information... 153s Starting pkgProblemResolver with broken count: 0 154s Starting 2 pkgProblemResolver with broken count: 0 154s Done 155s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 158s autopkgtest [03:26:51]: testbed running kernel: Linux 6.11.0-8-generic #8-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 16 14:19:41 UTC 2024 158s autopkgtest [03:26:51]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 176s Get:1 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (dsc) [5048 B] 176s Get:2 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (tar) [8002 kB] 176s Get:3 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (diff) [49.2 kB] 177s gpgv: Signature made Wed Jul 3 23:54:05 2024 UTC 177s gpgv: using RSA key 8AFD08D3D1B817B2DF8982F501AC4B4083590A98 177s gpgv: Can't check signature: No public key 177s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.5-3ubuntu2.dsc: no acceptable signature found 177s autopkgtest [03:27:10]: testing package sssd version 2.9.5-3ubuntu2 183s autopkgtest [03:27:16]: build not needed 194s autopkgtest [03:27:27]: test ldap-user-group-ldap-auth: preparing testbed 194s Reading package lists... 195s Building dependency tree... 195s Reading state information... 195s Starting pkgProblemResolver with broken count: 0 195s Starting 2 pkgProblemResolver with broken count: 0 195s Done 196s The following NEW packages will be installed: 196s expect ldap-utils libargon2-1 libavahi-client3 libavahi-common-data 196s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 196s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 196s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 196s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 196s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 196s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 196s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 196s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 196s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 196s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 196s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 196s tcl-expect tcl8.6 196s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 196s Need to get 13.0 MB of archives. 196s After this operation, 61.5 MB of additional disk space will be used. 196s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 libargon2-1 arm64 0~20190702+dfsg-4build1 [20.5 kB] 196s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 libltdl7 arm64 2.4.7-8 [40.6 kB] 197s Get:3 http://ftpmaster.internal/ubuntu plucky/main arm64 libodbc2 arm64 2.3.12-1ubuntu1 [145 kB] 197s Get:4 http://ftpmaster.internal/ubuntu plucky/main arm64 slapd arm64 2.6.8+dfsg-1~exp4ubuntu3 [1532 kB] 197s Get:5 http://ftpmaster.internal/ubuntu plucky/main arm64 libtcl8.6 arm64 8.6.15+dfsg-2 [987 kB] 197s Get:6 http://ftpmaster.internal/ubuntu plucky/main arm64 tcl8.6 arm64 8.6.15+dfsg-2 [14.7 kB] 197s Get:7 http://ftpmaster.internal/ubuntu plucky/universe arm64 tcl-expect arm64 5.45.4-3 [112 kB] 197s Get:8 http://ftpmaster.internal/ubuntu plucky/universe arm64 expect arm64 5.45.4-3 [137 kB] 197s Get:9 http://ftpmaster.internal/ubuntu plucky/main arm64 ldap-utils arm64 2.6.8+dfsg-1~exp4ubuntu3 [148 kB] 197s Get:10 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common-data arm64 0.8-14ubuntu1 [30.5 kB] 197s Get:11 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common3 arm64 0.8-14ubuntu1 [23.1 kB] 197s Get:12 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-client3 arm64 0.8-14ubuntu1 [27.3 kB] 197s Get:13 http://ftpmaster.internal/ubuntu plucky/main arm64 libbasicobjects0t64 arm64 0.6.2-3 [5882 B] 197s Get:14 http://ftpmaster.internal/ubuntu plucky/main arm64 libcares2 arm64 1.34.4-2.1 [100 kB] 197s Get:15 http://ftpmaster.internal/ubuntu plucky/main arm64 libcollection4t64 arm64 0.6.2-3 [23.6 kB] 197s Get:16 http://ftpmaster.internal/ubuntu plucky/main arm64 libcrack2 arm64 2.9.6-5.2 [28.9 kB] 197s Get:17 http://ftpmaster.internal/ubuntu plucky/main arm64 libdhash1t64 arm64 0.6.2-3 [8914 B] 197s Get:18 http://ftpmaster.internal/ubuntu plucky/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-10 [140 kB] 197s Get:19 http://ftpmaster.internal/ubuntu plucky/main arm64 libpath-utils1t64 arm64 0.6.2-3 [9088 B] 197s Get:20 http://ftpmaster.internal/ubuntu plucky/main arm64 libref-array1t64 arm64 0.6.2-3 [7312 B] 197s Get:21 http://ftpmaster.internal/ubuntu plucky/main arm64 libini-config5t64 arm64 0.6.2-3 [44.4 kB] 197s Get:22 http://ftpmaster.internal/ubuntu plucky/main arm64 libipa-hbac0t64 arm64 2.9.5-3ubuntu2 [17.6 kB] 197s Get:23 http://ftpmaster.internal/ubuntu plucky/universe arm64 libjose0 arm64 14-1 [44.9 kB] 197s Get:24 http://ftpmaster.internal/ubuntu plucky/main arm64 libverto-libevent1t64 arm64 0.3.1-1.2ubuntu3 [6328 B] 197s Get:25 http://ftpmaster.internal/ubuntu plucky/main arm64 libverto1t64 arm64 0.3.1-1.2ubuntu3 [10.4 kB] 197s Get:26 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkrad0 arm64 1.21.3-4 [22.3 kB] 197s Get:27 http://ftpmaster.internal/ubuntu plucky/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 197s Get:28 http://ftpmaster.internal/ubuntu plucky/main arm64 libtdb1 arm64 1.4.12-1 [48.9 kB] 197s Get:29 http://ftpmaster.internal/ubuntu plucky/main arm64 libtevent0t64 arm64 0.16.1-3 [42.3 kB] 197s Get:30 http://ftpmaster.internal/ubuntu plucky/main arm64 libldb2 arm64 2:2.9.1+samba4.20.4+dfsg-1ubuntu3 [193 kB] 197s Get:31 http://ftpmaster.internal/ubuntu plucky/main arm64 libnfsidmap1 arm64 1:2.6.4-4ubuntu1 [48.3 kB] 197s Get:32 http://ftpmaster.internal/ubuntu plucky/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 197s Get:33 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality-common all 1.4.5-3build1 [7748 B] 197s Get:34 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality1 arm64 1.4.5-3build1 [13.3 kB] 197s Get:35 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-pwquality arm64 1.4.5-3build1 [11.7 kB] 197s Get:36 http://ftpmaster.internal/ubuntu plucky/main arm64 libwbclient0 arm64 2:4.20.4+dfsg-1ubuntu3 [76.6 kB] 197s Get:37 http://ftpmaster.internal/ubuntu plucky/main arm64 samba-libs arm64 2:4.20.4+dfsg-1ubuntu3 [6306 kB] 197s Get:38 http://ftpmaster.internal/ubuntu plucky/main arm64 libsmbclient0 arm64 2:4.20.4+dfsg-1ubuntu3 [62.8 kB] 197s Get:39 http://ftpmaster.internal/ubuntu plucky/main arm64 libnss-sss arm64 2.9.5-3ubuntu2 [32.5 kB] 197s Get:40 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-sss arm64 2.9.5-3ubuntu2 [49.6 kB] 197s Get:41 http://ftpmaster.internal/ubuntu plucky/main arm64 python3-sss arm64 2.9.5-3ubuntu2 [47.5 kB] 197s Get:42 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-certmap0 arm64 2.9.5-3ubuntu2 [46.6 kB] 197s Get:43 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-idmap0 arm64 2.9.5-3ubuntu2 [22.8 kB] 197s Get:44 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-nss-idmap0 arm64 2.9.5-3ubuntu2 [31.2 kB] 197s Get:45 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-common arm64 2.9.5-3ubuntu2 [1148 kB] 197s Get:46 http://ftpmaster.internal/ubuntu plucky/universe arm64 sssd-idp arm64 2.9.5-3ubuntu2 [28.0 kB] 198s Get:47 http://ftpmaster.internal/ubuntu plucky/universe arm64 sssd-passkey arm64 2.9.5-3ubuntu2 [32.9 kB] 198s Get:48 http://ftpmaster.internal/ubuntu plucky/main arm64 libipa-hbac-dev arm64 2.9.5-3ubuntu2 [6666 B] 198s Get:49 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-certmap-dev arm64 2.9.5-3ubuntu2 [5726 B] 198s Get:50 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-idmap-dev arm64 2.9.5-3ubuntu2 [8384 B] 198s Get:51 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-nss-idmap-dev arm64 2.9.5-3ubuntu2 [6710 B] 198s Get:52 http://ftpmaster.internal/ubuntu plucky/universe arm64 libsss-sudo arm64 2.9.5-3ubuntu2 [21.3 kB] 198s Get:53 http://ftpmaster.internal/ubuntu plucky/universe arm64 python3-libipa-hbac arm64 2.9.5-3ubuntu2 [16.7 kB] 198s Get:54 http://ftpmaster.internal/ubuntu plucky/universe arm64 python3-libsss-nss-idmap arm64 2.9.5-3ubuntu2 [9238 B] 198s Get:55 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ad-common arm64 2.9.5-3ubuntu2 [75.5 kB] 198s Get:56 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-krb5-common arm64 2.9.5-3ubuntu2 [88.5 kB] 198s Get:57 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ad arm64 2.9.5-3ubuntu2 [135 kB] 198s Get:58 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ipa arm64 2.9.5-3ubuntu2 [219 kB] 198s Get:59 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-krb5 arm64 2.9.5-3ubuntu2 [14.4 kB] 198s Get:60 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ldap arm64 2.9.5-3ubuntu2 [31.4 kB] 198s Get:61 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-proxy arm64 2.9.5-3ubuntu2 [44.5 kB] 198s Get:62 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd arm64 2.9.5-3ubuntu2 [4118 B] 198s Get:63 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-dbus arm64 2.9.5-3ubuntu2 [103 kB] 198s Get:64 http://ftpmaster.internal/ubuntu plucky/universe arm64 sssd-kcm arm64 2.9.5-3ubuntu2 [139 kB] 198s Get:65 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-tools arm64 2.9.5-3ubuntu2 [97.6 kB] 198s Preconfiguring packages ... 198s Fetched 13.0 MB in 2s (8373 kB/s) 198s Selecting previously unselected package libargon2-1:arm64. 198s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80204 files and directories currently installed.) 198s Preparing to unpack .../00-libargon2-1_0~20190702+dfsg-4build1_arm64.deb ... 198s Unpacking libargon2-1:arm64 (0~20190702+dfsg-4build1) ... 198s Selecting previously unselected package libltdl7:arm64. 199s Preparing to unpack .../01-libltdl7_2.4.7-8_arm64.deb ... 199s Unpacking libltdl7:arm64 (2.4.7-8) ... 199s Selecting previously unselected package libodbc2:arm64. 199s Preparing to unpack .../02-libodbc2_2.3.12-1ubuntu1_arm64.deb ... 199s Unpacking libodbc2:arm64 (2.3.12-1ubuntu1) ... 199s Selecting previously unselected package slapd. 199s Preparing to unpack .../03-slapd_2.6.8+dfsg-1~exp4ubuntu3_arm64.deb ... 199s Unpacking slapd (2.6.8+dfsg-1~exp4ubuntu3) ... 199s Selecting previously unselected package libtcl8.6:arm64. 199s Preparing to unpack .../04-libtcl8.6_8.6.15+dfsg-2_arm64.deb ... 199s Unpacking libtcl8.6:arm64 (8.6.15+dfsg-2) ... 199s Selecting previously unselected package tcl8.6. 199s Preparing to unpack .../05-tcl8.6_8.6.15+dfsg-2_arm64.deb ... 199s Unpacking tcl8.6 (8.6.15+dfsg-2) ... 199s Selecting previously unselected package tcl-expect:arm64. 199s Preparing to unpack .../06-tcl-expect_5.45.4-3_arm64.deb ... 199s Unpacking tcl-expect:arm64 (5.45.4-3) ... 199s Selecting previously unselected package expect. 199s Preparing to unpack .../07-expect_5.45.4-3_arm64.deb ... 199s Unpacking expect (5.45.4-3) ... 199s Selecting previously unselected package ldap-utils. 199s Preparing to unpack .../08-ldap-utils_2.6.8+dfsg-1~exp4ubuntu3_arm64.deb ... 199s Unpacking ldap-utils (2.6.8+dfsg-1~exp4ubuntu3) ... 199s Selecting previously unselected package libavahi-common-data:arm64. 199s Preparing to unpack .../09-libavahi-common-data_0.8-14ubuntu1_arm64.deb ... 199s Unpacking libavahi-common-data:arm64 (0.8-14ubuntu1) ... 200s Selecting previously unselected package libavahi-common3:arm64. 200s Preparing to unpack .../10-libavahi-common3_0.8-14ubuntu1_arm64.deb ... 200s Unpacking libavahi-common3:arm64 (0.8-14ubuntu1) ... 200s Selecting previously unselected package libavahi-client3:arm64. 200s Preparing to unpack .../11-libavahi-client3_0.8-14ubuntu1_arm64.deb ... 200s Unpacking libavahi-client3:arm64 (0.8-14ubuntu1) ... 200s Selecting previously unselected package libbasicobjects0t64:arm64. 200s Preparing to unpack .../12-libbasicobjects0t64_0.6.2-3_arm64.deb ... 200s Unpacking libbasicobjects0t64:arm64 (0.6.2-3) ... 200s Selecting previously unselected package libcares2:arm64. 200s Preparing to unpack .../13-libcares2_1.34.4-2.1_arm64.deb ... 200s Unpacking libcares2:arm64 (1.34.4-2.1) ... 200s Selecting previously unselected package libcollection4t64:arm64. 200s Preparing to unpack .../14-libcollection4t64_0.6.2-3_arm64.deb ... 200s Unpacking libcollection4t64:arm64 (0.6.2-3) ... 200s Selecting previously unselected package libcrack2:arm64. 200s Preparing to unpack .../15-libcrack2_2.9.6-5.2_arm64.deb ... 200s Unpacking libcrack2:arm64 (2.9.6-5.2) ... 200s Selecting previously unselected package libdhash1t64:arm64. 200s Preparing to unpack .../16-libdhash1t64_0.6.2-3_arm64.deb ... 200s Unpacking libdhash1t64:arm64 (0.6.2-3) ... 200s Selecting previously unselected package libevent-2.1-7t64:arm64. 200s Preparing to unpack .../17-libevent-2.1-7t64_2.1.12-stable-10_arm64.deb ... 200s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 200s Selecting previously unselected package libpath-utils1t64:arm64. 200s Preparing to unpack .../18-libpath-utils1t64_0.6.2-3_arm64.deb ... 200s Unpacking libpath-utils1t64:arm64 (0.6.2-3) ... 200s Selecting previously unselected package libref-array1t64:arm64. 200s Preparing to unpack .../19-libref-array1t64_0.6.2-3_arm64.deb ... 200s Unpacking libref-array1t64:arm64 (0.6.2-3) ... 200s Selecting previously unselected package libini-config5t64:arm64. 200s Preparing to unpack .../20-libini-config5t64_0.6.2-3_arm64.deb ... 200s Unpacking libini-config5t64:arm64 (0.6.2-3) ... 200s Selecting previously unselected package libipa-hbac0t64. 200s Preparing to unpack .../21-libipa-hbac0t64_2.9.5-3ubuntu2_arm64.deb ... 200s Unpacking libipa-hbac0t64 (2.9.5-3ubuntu2) ... 200s Selecting previously unselected package libjose0:arm64. 200s Preparing to unpack .../22-libjose0_14-1_arm64.deb ... 200s Unpacking libjose0:arm64 (14-1) ... 200s Selecting previously unselected package libverto-libevent1t64:arm64. 200s Preparing to unpack .../23-libverto-libevent1t64_0.3.1-1.2ubuntu3_arm64.deb ... 200s Unpacking libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 200s Selecting previously unselected package libverto1t64:arm64. 200s Preparing to unpack .../24-libverto1t64_0.3.1-1.2ubuntu3_arm64.deb ... 200s Unpacking libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 200s Selecting previously unselected package libkrad0:arm64. 200s Preparing to unpack .../25-libkrad0_1.21.3-4_arm64.deb ... 200s Unpacking libkrad0:arm64 (1.21.3-4) ... 201s Selecting previously unselected package libtalloc2:arm64. 201s Preparing to unpack .../26-libtalloc2_2.4.2-1build2_arm64.deb ... 201s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 201s Selecting previously unselected package libtdb1:arm64. 201s Preparing to unpack .../27-libtdb1_1.4.12-1_arm64.deb ... 201s Unpacking libtdb1:arm64 (1.4.12-1) ... 201s Selecting previously unselected package libtevent0t64:arm64. 201s Preparing to unpack .../28-libtevent0t64_0.16.1-3_arm64.deb ... 201s Unpacking libtevent0t64:arm64 (0.16.1-3) ... 201s Selecting previously unselected package libldb2:arm64. 201s Preparing to unpack .../29-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu3_arm64.deb ... 201s Unpacking libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 201s Selecting previously unselected package libnfsidmap1:arm64. 201s Preparing to unpack .../30-libnfsidmap1_1%3a2.6.4-4ubuntu1_arm64.deb ... 201s Unpacking libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 201s Selecting previously unselected package libnss-sudo. 201s Preparing to unpack .../31-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 201s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 201s Selecting previously unselected package libpwquality-common. 201s Preparing to unpack .../32-libpwquality-common_1.4.5-3build1_all.deb ... 201s Unpacking libpwquality-common (1.4.5-3build1) ... 201s Selecting previously unselected package libpwquality1:arm64. 201s Preparing to unpack .../33-libpwquality1_1.4.5-3build1_arm64.deb ... 201s Unpacking libpwquality1:arm64 (1.4.5-3build1) ... 201s Selecting previously unselected package libpam-pwquality:arm64. 201s Preparing to unpack .../34-libpam-pwquality_1.4.5-3build1_arm64.deb ... 201s Unpacking libpam-pwquality:arm64 (1.4.5-3build1) ... 201s Selecting previously unselected package libwbclient0:arm64. 201s Preparing to unpack .../35-libwbclient0_2%3a4.20.4+dfsg-1ubuntu3_arm64.deb ... 201s Unpacking libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 201s Selecting previously unselected package samba-libs:arm64. 201s Preparing to unpack .../36-samba-libs_2%3a4.20.4+dfsg-1ubuntu3_arm64.deb ... 201s Unpacking samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 202s Selecting previously unselected package libsmbclient0:arm64. 202s Preparing to unpack .../37-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu3_arm64.deb ... 202s Unpacking libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 202s Selecting previously unselected package libnss-sss:arm64. 202s Preparing to unpack .../38-libnss-sss_2.9.5-3ubuntu2_arm64.deb ... 202s Unpacking libnss-sss:arm64 (2.9.5-3ubuntu2) ... 202s Selecting previously unselected package libpam-sss:arm64. 202s Preparing to unpack .../39-libpam-sss_2.9.5-3ubuntu2_arm64.deb ... 202s Unpacking libpam-sss:arm64 (2.9.5-3ubuntu2) ... 202s Selecting previously unselected package python3-sss. 202s Preparing to unpack .../40-python3-sss_2.9.5-3ubuntu2_arm64.deb ... 202s Unpacking python3-sss (2.9.5-3ubuntu2) ... 202s Selecting previously unselected package libsss-certmap0. 202s Preparing to unpack .../41-libsss-certmap0_2.9.5-3ubuntu2_arm64.deb ... 202s Unpacking libsss-certmap0 (2.9.5-3ubuntu2) ... 202s Selecting previously unselected package libsss-idmap0. 202s Preparing to unpack .../42-libsss-idmap0_2.9.5-3ubuntu2_arm64.deb ... 202s Unpacking libsss-idmap0 (2.9.5-3ubuntu2) ... 202s Selecting previously unselected package libsss-nss-idmap0. 202s Preparing to unpack .../43-libsss-nss-idmap0_2.9.5-3ubuntu2_arm64.deb ... 202s Unpacking libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 202s Selecting previously unselected package sssd-common. 202s Preparing to unpack .../44-sssd-common_2.9.5-3ubuntu2_arm64.deb ... 202s Unpacking sssd-common (2.9.5-3ubuntu2) ... 202s Selecting previously unselected package sssd-idp. 202s Preparing to unpack .../45-sssd-idp_2.9.5-3ubuntu2_arm64.deb ... 202s Unpacking sssd-idp (2.9.5-3ubuntu2) ... 202s Selecting previously unselected package sssd-passkey. 202s Preparing to unpack .../46-sssd-passkey_2.9.5-3ubuntu2_arm64.deb ... 202s Unpacking sssd-passkey (2.9.5-3ubuntu2) ... 202s Selecting previously unselected package libipa-hbac-dev. 202s Preparing to unpack .../47-libipa-hbac-dev_2.9.5-3ubuntu2_arm64.deb ... 202s Unpacking libipa-hbac-dev (2.9.5-3ubuntu2) ... 202s Selecting previously unselected package libsss-certmap-dev. 202s Preparing to unpack .../48-libsss-certmap-dev_2.9.5-3ubuntu2_arm64.deb ... 202s Unpacking libsss-certmap-dev (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package libsss-idmap-dev. 203s Preparing to unpack .../49-libsss-idmap-dev_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking libsss-idmap-dev (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package libsss-nss-idmap-dev. 203s Preparing to unpack .../50-libsss-nss-idmap-dev_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking libsss-nss-idmap-dev (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package libsss-sudo. 203s Preparing to unpack .../51-libsss-sudo_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking libsss-sudo (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package python3-libipa-hbac. 203s Preparing to unpack .../52-python3-libipa-hbac_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking python3-libipa-hbac (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package python3-libsss-nss-idmap. 203s Preparing to unpack .../53-python3-libsss-nss-idmap_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking python3-libsss-nss-idmap (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package sssd-ad-common. 203s Preparing to unpack .../54-sssd-ad-common_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking sssd-ad-common (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package sssd-krb5-common. 203s Preparing to unpack .../55-sssd-krb5-common_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking sssd-krb5-common (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package sssd-ad. 203s Preparing to unpack .../56-sssd-ad_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking sssd-ad (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package sssd-ipa. 203s Preparing to unpack .../57-sssd-ipa_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking sssd-ipa (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package sssd-krb5. 203s Preparing to unpack .../58-sssd-krb5_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking sssd-krb5 (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package sssd-ldap. 203s Preparing to unpack .../59-sssd-ldap_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking sssd-ldap (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package sssd-proxy. 203s Preparing to unpack .../60-sssd-proxy_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking sssd-proxy (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package sssd. 203s Preparing to unpack .../61-sssd_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking sssd (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package sssd-dbus. 203s Preparing to unpack .../62-sssd-dbus_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking sssd-dbus (2.9.5-3ubuntu2) ... 203s Selecting previously unselected package sssd-kcm. 203s Preparing to unpack .../63-sssd-kcm_2.9.5-3ubuntu2_arm64.deb ... 203s Unpacking sssd-kcm (2.9.5-3ubuntu2) ... 204s Selecting previously unselected package sssd-tools. 204s Preparing to unpack .../64-sssd-tools_2.9.5-3ubuntu2_arm64.deb ... 204s Unpacking sssd-tools (2.9.5-3ubuntu2) ... 204s Setting up libpwquality-common (1.4.5-3build1) ... 204s Setting up libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 204s Setting up libsss-idmap0 (2.9.5-3ubuntu2) ... 204s Setting up libbasicobjects0t64:arm64 (0.6.2-3) ... 204s Setting up libipa-hbac0t64 (2.9.5-3ubuntu2) ... 204s Setting up libsss-idmap-dev (2.9.5-3ubuntu2) ... 204s Setting up libref-array1t64:arm64 (0.6.2-3) ... 204s Setting up libipa-hbac-dev (2.9.5-3ubuntu2) ... 204s Setting up libtdb1:arm64 (1.4.12-1) ... 204s Setting up libargon2-1:arm64 (0~20190702+dfsg-4build1) ... 204s Setting up libcollection4t64:arm64 (0.6.2-3) ... 204s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 204s Setting up ldap-utils (2.6.8+dfsg-1~exp4ubuntu3) ... 204s Setting up libjose0:arm64 (14-1) ... 204s Setting up libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 204s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 204s Setting up libpath-utils1t64:arm64 (0.6.2-3) ... 204s Setting up libavahi-common-data:arm64 (0.8-14ubuntu1) ... 204s Setting up libcares2:arm64 (1.34.4-2.1) ... 204s Setting up libdhash1t64:arm64 (0.6.2-3) ... 204s Setting up libtcl8.6:arm64 (8.6.15+dfsg-2) ... 204s Setting up libltdl7:arm64 (2.4.7-8) ... 204s Setting up libcrack2:arm64 (2.9.6-5.2) ... 204s Setting up libodbc2:arm64 (2.3.12-1ubuntu1) ... 204s Setting up python3-libipa-hbac (2.9.5-3ubuntu2) ... 204s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 204s Setting up libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 204s Setting up libini-config5t64:arm64 (0.6.2-3) ... 204s Setting up libtevent0t64:arm64 (0.16.1-3) ... 204s Setting up libnss-sss:arm64 (2.9.5-3ubuntu2) ... 204s Setting up slapd (2.6.8+dfsg-1~exp4ubuntu3) ... 204s Creating new user openldap... done. 204s Creating initial configuration... done. 204s Creating LDAP directory... done. 205s Setting up tcl8.6 (8.6.15+dfsg-2) ... 205s Setting up libsss-sudo (2.9.5-3ubuntu2) ... 205s Setting up libsss-nss-idmap-dev (2.9.5-3ubuntu2) ... 205s Setting up libavahi-common3:arm64 (0.8-14ubuntu1) ... 205s Setting up tcl-expect:arm64 (5.45.4-3) ... 205s Setting up libsss-certmap0 (2.9.5-3ubuntu2) ... 205s Setting up libpwquality1:arm64 (1.4.5-3build1) ... 205s Setting up python3-libsss-nss-idmap (2.9.5-3ubuntu2) ... 205s Setting up libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 205s Setting up libavahi-client3:arm64 (0.8-14ubuntu1) ... 205s Setting up expect (5.45.4-3) ... 205s Setting up libpam-pwquality:arm64 (1.4.5-3build1) ... 205s Setting up samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 205s Setting up libsss-certmap-dev (2.9.5-3ubuntu2) ... 205s Setting up python3-sss (2.9.5-3ubuntu2) ... 205s Setting up libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 205s Setting up libpam-sss:arm64 (2.9.5-3ubuntu2) ... 206s Setting up sssd-common (2.9.5-3ubuntu2) ... 206s Creating SSSD system user & group... 206s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 206s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 206s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 206s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 207s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 207s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 207s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 208s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 208s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 208s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 209s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 209s sssd-autofs.service is a disabled or a static unit, not starting it. 209s sssd-nss.service is a disabled or a static unit, not starting it. 209s sssd-pam.service is a disabled or a static unit, not starting it. 209s sssd-ssh.service is a disabled or a static unit, not starting it. 209s sssd-sudo.service is a disabled or a static unit, not starting it. 209s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 209s Setting up sssd-proxy (2.9.5-3ubuntu2) ... 209s Setting up sssd-kcm (2.9.5-3ubuntu2) ... 209s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 210s sssd-kcm.service is a disabled or a static unit, not starting it. 210s Setting up sssd-dbus (2.9.5-3ubuntu2) ... 210s sssd-ifp.service is a disabled or a static unit, not starting it. 210s Setting up sssd-ad-common (2.9.5-3ubuntu2) ... 211s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 211s sssd-pac.service is a disabled or a static unit, not starting it. 211s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 211s Setting up sssd-krb5-common (2.9.5-3ubuntu2) ... 211s Setting up sssd-krb5 (2.9.5-3ubuntu2) ... 211s Setting up sssd-ldap (2.9.5-3ubuntu2) ... 211s Setting up sssd-ad (2.9.5-3ubuntu2) ... 211s Setting up sssd-tools (2.9.5-3ubuntu2) ... 211s Setting up sssd-ipa (2.9.5-3ubuntu2) ... 211s Setting up sssd (2.9.5-3ubuntu2) ... 211s Setting up libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 211s Setting up libkrad0:arm64 (1.21.3-4) ... 211s Setting up libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 211s Setting up sssd-passkey (2.9.5-3ubuntu2) ... 211s Setting up sssd-idp (2.9.5-3ubuntu2) ... 211s Processing triggers for libc-bin (2.40-4ubuntu1) ... 211s Processing triggers for ufw (0.36.2-8) ... 211s Processing triggers for man-db (2.13.0-1) ... 213s Processing triggers for dbus (1.14.10-4ubuntu5) ... 220s autopkgtest [03:27:53]: test ldap-user-group-ldap-auth: [----------------------- 220s + . debian/tests/util 220s + . debian/tests/common-tests 220s + mydomain=example.com 220s + myhostname=ldap.example.com 220s + mysuffix=dc=example,dc=com 220s + admin_dn=cn=admin,dc=example,dc=com 220s + admin_pw=secret 220s + ldap_user=testuser1 220s + ldap_user_pw=testuser1secret 220s + ldap_group=ldapusers 220s + adjust_hostname ldap.example.com 220s + local myhostname=ldap.example.com 220s + echo ldap.example.com 220s + hostname ldap.example.com 220s + grep -qE ldap.example.com /etc/hosts 220s + echo 127.0.1.10 ldap.example.com 220s + reconfigure_slapd 220s + debconf-set-selections 220s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 220s + dpkg-reconfigure -fnoninteractive -pcritical slapd 221s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3... done. 221s Moving old database directory to /var/backups: 221s - directory unknown... done. 221s Creating initial configuration... done. 221s Creating LDAP directory... done. 221s + generate_certs ldap.example.com 221s + local cn=ldap.example.com 221s + local cert=/etc/ldap/server.pem 221s + local key=/etc/ldap/server.key 221s + local cnf=/etc/ldap/openssl.cnf 221s + cat 221s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 222s ..................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 222s ............................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 222s ----- 222s + chmod 0640 /etc/ldap/server.key 222s + chgrp openldap /etc/ldap/server.key 222s + [ ! -f /etc/ldap/server.pem ] 222s + [ ! -f /etc/ldap/server.key ] 222s + enable_ldap_ssl 222s + cat 222s + cat 222s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 222s modifying entry "cn=config" 222s 222s + populate_ldap_rfc2307 222s + cat 222s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 222s adding new entry "ou=People,dc=example,dc=com" 222s 222s adding new entry "ou=Group,dc=example,dc=com" 222s 222s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 222s 222s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 222s 222s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 222s 222s + configure_sssd_ldap_rfc2307 222s + cat 222s + chmod 0600 /etc/sssd/sssd.conf 222s + systemctl restart sssd 222s + enable_pam_mkhomedir 222s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 222s + echo session optional pam_mkhomedir.so 222s + run_common_tests 222s + echo Assert local user databases do not have our LDAP test data 222s + check_local_user testuser1 222s + local local_user=testuser1 222s + grep -q ^testuser1 /etc/passwd 222s Assert local user databases do not have our LDAP test data 222s + check_local_group testuser1 222s + local local_group=testuser1 222s + grep -q ^testuser1 /etc/group 222s + check_local_group ldapusers 222s + local local_group=ldapusers 222s + grep -q ^ldapusers /etc/group 222s + echo The LDAP user is known to the system via getent 222s + check_getent_user testuser1 222s + local getent_user=testuser1 222s + local output 222s The LDAP user is known to the system via getent 222s + getent passwd testuser1 222s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 222s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 222s + echo The LDAP user's private group is known to the system via getent 222s + check_getent_group testuser1 222s + local getent_group=testuser1 222s + local output 222s + getent group testuser1 222s The LDAP user's private group is known to the system via getent 222s + output=testuser1:*:10001:testuser1 222s + [ -z testuser1:*:10001:testuser1 ] 222s + echo The LDAP group ldapusers is known to the system via getent 222s + check_getent_group ldapusers 222s + local getent_group=ldapusers 222s + local output 222s The LDAP group ldapusers is known to the system via getent 222s + getent group ldapusers 222s + output=ldapusers:*:10100:testuser1 222s + [ -z ldapusers:*:10100:testuser1 ] 222s + echo The id(1) command can resolve the group membership of the LDAP user 222s The id(1) command can resolve the group membership of the LDAP user 222s + id -Gn testuser1 222s + output=testuser1 ldapusers 222s + [ testuser1 ldapusers != testuser1 ldapusers ] 222s + echo The LDAP user can login on a terminal 222s The LDAP user can login on a terminal 222s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 222s spawn login 222s ldap.example.com login: testuser1 222s Password: 222s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.11.0-8-generic aarch64) 222s 222s * Documentation: https://help.ubuntu.com 222s * Management: https://landscape.canonical.com 222s * Support: https://ubuntu.com/pro 222s 222s 222s The programs included with the Ubuntu system are free software; 222s the exact distribution terms for each program are described in the 222s individual files in /usr/share/doc/*/copyright. 222s 222s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 222s applicable law. 222s 222s 222s The programs included with the Ubuntu system are free software; 222s the exact distribution terms for each program are described in the 222s individual files in /usr/share/doc/*/copyright. 222s 222s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 222s applicable law. 222s 222s Creating directory '/home/testuser1'. 222s [?2004htestuser1@ldap:~$ id -un 222s [?2004l testuser1 223s [?2004htestuser1@ldap:~$ autopkgtest [03:27:56]: test ldap-user-group-ldap-auth: -----------------------] 223s ldap-user-group-ldap-auth PASS 223s autopkgtest [03:27:56]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 224s autopkgtest [03:27:57]: test ldap-user-group-krb5-auth: preparing testbed 224s Reading package lists... 224s Building dependency tree... 224s Reading state information... 225s Starting pkgProblemResolver with broken count: 0 225s Starting 2 pkgProblemResolver with broken count: 0 225s Done 226s The following NEW packages will be installed: 226s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 226s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 226s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 226s Need to get 609 kB of archives. 226s After this operation, 2994 kB of additional disk space will be used. 226s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 krb5-config all 2.7 [22.0 kB] 226s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libgssrpc4t64 arm64 1.21.3-4 [58.4 kB] 226s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkadm5clnt-mit12 arm64 1.21.3-4 [40.3 kB] 226s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkdb5-10t64 arm64 1.21.3-4 [40.8 kB] 226s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkadm5srv-mit12 arm64 1.21.3-4 [53.8 kB] 226s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 krb5-user arm64 1.21.3-4 [109 kB] 226s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 krb5-kdc arm64 1.21.3-4 [190 kB] 226s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 krb5-admin-server arm64 1.21.3-4 [95.1 kB] 227s Preconfiguring packages ... 227s Fetched 609 kB in 1s (1042 kB/s) 227s Selecting previously unselected package krb5-config. 227s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81497 files and directories currently installed.) 227s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 227s Unpacking krb5-config (2.7) ... 227s Selecting previously unselected package libgssrpc4t64:arm64. 227s Preparing to unpack .../1-libgssrpc4t64_1.21.3-4_arm64.deb ... 227s Unpacking libgssrpc4t64:arm64 (1.21.3-4) ... 227s Selecting previously unselected package libkadm5clnt-mit12:arm64. 227s Preparing to unpack .../2-libkadm5clnt-mit12_1.21.3-4_arm64.deb ... 227s Unpacking libkadm5clnt-mit12:arm64 (1.21.3-4) ... 227s Selecting previously unselected package libkdb5-10t64:arm64. 227s Preparing to unpack .../3-libkdb5-10t64_1.21.3-4_arm64.deb ... 227s Unpacking libkdb5-10t64:arm64 (1.21.3-4) ... 227s Selecting previously unselected package libkadm5srv-mit12:arm64. 227s Preparing to unpack .../4-libkadm5srv-mit12_1.21.3-4_arm64.deb ... 227s Unpacking libkadm5srv-mit12:arm64 (1.21.3-4) ... 227s Selecting previously unselected package krb5-user. 227s Preparing to unpack .../5-krb5-user_1.21.3-4_arm64.deb ... 227s Unpacking krb5-user (1.21.3-4) ... 227s Selecting previously unselected package krb5-kdc. 227s Preparing to unpack .../6-krb5-kdc_1.21.3-4_arm64.deb ... 227s Unpacking krb5-kdc (1.21.3-4) ... 227s Selecting previously unselected package krb5-admin-server. 227s Preparing to unpack .../7-krb5-admin-server_1.21.3-4_arm64.deb ... 227s Unpacking krb5-admin-server (1.21.3-4) ... 227s Setting up libgssrpc4t64:arm64 (1.21.3-4) ... 227s Setting up krb5-config (2.7) ... 228s Setting up libkadm5clnt-mit12:arm64 (1.21.3-4) ... 228s Setting up libkdb5-10t64:arm64 (1.21.3-4) ... 228s Setting up libkadm5srv-mit12:arm64 (1.21.3-4) ... 228s Setting up krb5-user (1.21.3-4) ... 228s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 228s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 228s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 228s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 228s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 228s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 228s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 228s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 228s Setting up krb5-kdc (1.21.3-4) ... 228s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 229s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 229s Setting up krb5-admin-server (1.21.3-4) ... 230s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 230s Processing triggers for man-db (2.13.0-1) ... 231s Processing triggers for libc-bin (2.40-4ubuntu1) ... 238s autopkgtest [03:28:11]: test ldap-user-group-krb5-auth: [----------------------- 238s + . debian/tests/util 238s + . debian/tests/common-tests 238s + mydomain=example.com 238s + myhostname=ldap.example.com 238s + mysuffix=dc=example,dc=com 238s + myrealm=EXAMPLE.COM 238s + admin_dn=cn=admin,dc=example,dc=com 238s + admin_pw=secret 238s + ldap_user=testuser1 238s + ldap_user_pw=testuser1secret 238s + kerberos_principal_pw=testuser1kerberos 238s + ldap_group=ldapusers 238s + adjust_hostname ldap.example.com 238s + local myhostname=ldap.example.com 238s + echo ldap.example.com 238s + hostname ldap.example.com 238s + grep -qE ldap.example.com /etc/hosts 238s + reconfigure_slapd 238s + debconf-set-selections 238s + rm -rf /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3 /var/backups/unknown-2.6.8+dfsg-1~exp4ubuntu3-20250117-032754.ldapdb 238s + dpkg-reconfigure -fnoninteractive -pcritical slapd 239s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3... done. 239s Moving old database directory to /var/backups: 239s - directory unknown... done. 239s Creating initial configuration... done. 239s Creating LDAP directory... done. 240s + generate_certs ldap.example.com 240s + local cn=ldap.example.com 240s + local cert=/etc/ldap/server.pem 240s + local key=/etc/ldap/server.key 240s + local cnf=/etc/ldap/openssl.cnf 240s + cat 240s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 240s .....................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 240s ............++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 240s ----- 240s + chmod 0640 /etc/ldap/server.key 240s + chgrp openldap /etc/ldap/server.key 240s + [ ! -f /etc/ldap/server.pem ] 240s + [ ! -f /etc/ldap/server.key ] 240s + enable_ldap_ssl 240s + cat 240s + cat 240s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 240s modifying entry "cn=config" 240s 240s + populate_ldap_rfc2307 240s + cat 240s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 240s adding new entry "ou=People,dc=example,dc=com" 240s 240s adding new entry "ou=Group,dc=example,dc=com" 240s 240s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 240s 240s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 240s 240s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 240s 240s + create_realm EXAMPLE.COM ldap.example.com 240s + local realm_name=EXAMPLE.COM 240s + local kerberos_server=ldap.example.com 240s + rm -rf /var/lib/krb5kdc/* 240s + rm -rf /etc/krb5kdc/kdc.conf 240s + rm -f /etc/krb5.keytab 240s + cat 240s + cat 240s + echo # */admin * 240s + kdb5_util create -s -P secretpassword 240s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 240s master key name 'K/M@EXAMPLE.COM' 240s + systemctl restart krb5-kdc.service krb5-admin-server.service 240s + create_krb_principal testuser1 testuser1kerberos 240s + local principal=testuser1 240s + local password=testuser1kerberos 240s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 240s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 240s Authenticating as principal root/admin@EXAMPLE.COM with password. 240s Principal "testuser1@EXAMPLE.COM" created. 240s + configure_sssd_ldap_rfc2307_krb5_auth 240s + cat 240s + chmod 0600 /etc/sssd/sssd.conf 240s + systemctl restart sssd 240s + enable_pam_mkhomedir 240s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 240s Assert local user databases do not have our LDAP test data 240s + run_common_tests 240s + echo Assert local user databases do not have our LDAP test data 240s + check_local_user testuser1 240s + local local_user=testuser1 240s + grep -q ^testuser1 /etc/passwd 240s + check_local_group testuser1 240s + local local_group=testuser1 240s + grep -q ^testuser1 /etc/group 240s + check_local_group ldapusers 240s + local local_group=ldapusers 240s + grep -q ^ldapusers /etc/group 240s The LDAP user is known to the system via getent 240s + echo The LDAP user is known to the system via getent 240s + check_getent_user testuser1 240s + local getent_user=testuser1 240s + local output 240s + getent passwd testuser1 240s + The LDAP user's private group is known to the system via getent 240s output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 240s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 240s + echo The LDAP user's private group is known to the system via getent 240s + check_getent_group testuser1 240s + local getent_group=testuser1 240s + local output 240s + getent group testuser1 240s + The LDAP group ldapusers is known to the system via getent 240s output=testuser1:*:10001:testuser1 240s + [ -z testuser1:*:10001:testuser1 ] 240s + echo The LDAP group ldapusers is known to the system via getent 240s + check_getent_group ldapusers 240s + local getent_group=ldapusers 240s + local output 240s + getent group ldapusers 240s + output=ldapusers:*:10100:testuser1 240s + [ -z ldapusers:*:10100:testuser1 ] 240s + echo The id(1) command can resolve the group membership of the LDAP userThe id(1) command can resolve the group membership of the LDAP user 240s 240s + id -Gn testuser1 240s The Kerberos principal can login on a terminal 240s + output=testuser1 ldapusers 240s + [ testuser1 ldapusers != testuser1 ldapusers ] 240s + echo The Kerberos principal can login on a terminal 240s + kdestroy 240s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 240s spawn login 240s ldap.example.com login: testuser1 240s Password: 241s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.11.0-8-generic aarch64) 241s 241s * Documentation: https://help.ubuntu.com 241s * Management: https://landscape.canonical.com 241s * Support: https://ubuntu.com/pro 241s 241s 241s The programs included with the Ubuntu system are free software; 241s the exact distribution terms for each program are described in the 241s individual files in /usr/share/doc/*/copyright. 241s 241s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 241s applicable law. 241s 241s [?2004htestuser1@ldap:~$ id -un 241s [?2004l testuser1 241s [?2004htestuser1@ldap:~$ klist 241s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_6NaWGS 241s Default principal: testuser1@EXAMPLE.COM 241s 241s Valid starting Expires Service principal 241s 01/17/25 03:28:13 01/17/25 13:28:13 krbtgt/EXAMPLE.COM@EXAMPLE.COM 241s autopkgtest [03:28:14]: test ldap-user-group-krb5-auth: -----------------------] 242s autopkgtest [03:28:15]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 242s ldap-user-group-krb5-auth PASS 242s autopkgtest [03:28:15]: test sssd-softhism2-certificates-tests.sh: preparing testbed 364s autopkgtest [03:30:17]: testbed dpkg architecture: arm64 364s autopkgtest [03:30:17]: testbed apt version: 2.9.18 364s autopkgtest [03:30:17]: @@@@@@@@@@@@@@@@@@@@ test bed setup 364s autopkgtest [03:30:17]: testbed release detected to be: plucky 365s autopkgtest [03:30:18]: updating testbed package index (apt update) 366s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 366s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 366s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 366s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 366s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 366s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [170 kB] 366s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [15.4 kB] 366s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [921 kB] 366s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 Packages [312 kB] 366s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted arm64 Packages [57.8 kB] 366s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 Packages [1078 kB] 366s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse arm64 Packages [12.7 kB] 366s Fetched 2650 kB in 1s (2599 kB/s) 368s Reading package lists... 368s + lsb_release --codename --short 368s + RELEASE=plucky 368s + cat 368s + [ plucky != trusty ] 368s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y --allow-downgrades -o Dpkg::Options::=--force-confnew dist-upgrade 368s Reading package lists... 369s Building dependency tree... 369s Reading state information... 370s Calculating upgrade... 370s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 370s + rm /etc/apt/preferences.d/force-downgrade-to-release.pref 370s + /usr/lib/apt/apt-helper analyze-pattern ?true 370s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y purge --autoremove ?obsolete 370s Reading package lists... 371s Building dependency tree... 371s Reading state information... 373s 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. 373s + grep -q trusty /etc/lsb-release 373s + [ ! -d /usr/share/doc/unattended-upgrades ] 373s + [ ! -d /usr/share/doc/lxd ] 373s + [ ! -d /usr/share/doc/lxd-client ] 373s + [ ! -d /usr/share/doc/snapd ] 373s + type iptables 373s + cat 373s + chmod 755 /etc/rc.local 373s + . /etc/rc.local 373s + iptables -w -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 373s + iptables -A OUTPUT -d 10.255.255.1/32 -p tcp -j DROP 373s + iptables -A OUTPUT -d 10.255.255.2/32 -p tcp -j DROP 373s + uname -m 373s + [ aarch64 = ppc64le ] 373s + [ -d /run/systemd/system ] 373s + systemd-detect-virt --quiet --vm 373s + mkdir -p /etc/systemd/system/systemd-random-seed.service.d/ 373s + cat 373s + grep -q lz4 /etc/initramfs-tools/initramfs.conf 373s + echo COMPRESS=lz4 373s + sync 373s autopkgtest [03:30:26]: upgrading testbed (apt dist-upgrade and autopurge) 373s Reading package lists... 374s Building dependency tree... 374s Reading state information... 374s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 374s Starting 2 pkgProblemResolver with broken count: 0 374s Done 375s Entering ResolveByKeep 375s 376s The following packages will be upgraded: 376s krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 376s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 376s Need to get 629 kB of archives. 376s After this operation, 73.7 kB of additional disk space will be used. 376s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 krb5-locales all 1.21.3-4 [14.5 kB] 376s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libgssapi-krb5-2 arm64 1.21.3-4 [144 kB] 376s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkrb5-3 arm64 1.21.3-4 [350 kB] 376s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkrb5support0 arm64 1.21.3-4 [34.4 kB] 376s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libk5crypto3 arm64 1.21.3-4 [86.1 kB] 377s Fetched 629 kB in 1s (1113 kB/s) 377s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80204 files and directories currently installed.) 377s Preparing to unpack .../krb5-locales_1.21.3-4_all.deb ... 377s Unpacking krb5-locales (1.21.3-4) over (1.21.3-3) ... 377s Preparing to unpack .../libgssapi-krb5-2_1.21.3-4_arm64.deb ... 377s Unpacking libgssapi-krb5-2:arm64 (1.21.3-4) over (1.21.3-3) ... 378s Preparing to unpack .../libkrb5-3_1.21.3-4_arm64.deb ... 378s Unpacking libkrb5-3:arm64 (1.21.3-4) over (1.21.3-3) ... 378s Preparing to unpack .../libkrb5support0_1.21.3-4_arm64.deb ... 378s Unpacking libkrb5support0:arm64 (1.21.3-4) over (1.21.3-3) ... 378s Preparing to unpack .../libk5crypto3_1.21.3-4_arm64.deb ... 378s Unpacking libk5crypto3:arm64 (1.21.3-4) over (1.21.3-3) ... 378s Setting up krb5-locales (1.21.3-4) ... 378s Setting up libkrb5support0:arm64 (1.21.3-4) ... 378s Setting up libk5crypto3:arm64 (1.21.3-4) ... 378s Setting up libkrb5-3:arm64 (1.21.3-4) ... 378s Setting up libgssapi-krb5-2:arm64 (1.21.3-4) ... 378s Processing triggers for libc-bin (2.40-4ubuntu1) ... 378s Reading package lists... 379s Building dependency tree... 379s Reading state information... 379s Starting pkgProblemResolver with broken count: 0 379s Starting 2 pkgProblemResolver with broken count: 0 379s Done 381s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 384s Reading package lists... 384s Building dependency tree... 384s Reading state information... 385s Starting pkgProblemResolver with broken count: 0 385s Starting 2 pkgProblemResolver with broken count: 0 385s Done 386s The following NEW packages will be installed: 386s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 386s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 386s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 386s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 386s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 386s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 386s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 386s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 386s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 386s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 386s Need to get 10.4 MB of archives. 386s After this operation, 50.0 MB of additional disk space will be used. 386s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-10 [140 kB] 387s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 libunbound8 arm64 1.20.0-1ubuntu2.1 [431 kB] 387s Get:3 http://ftpmaster.internal/ubuntu plucky/main arm64 libgnutls-dane0t64 arm64 3.8.8-2ubuntu1 [24.3 kB] 387s Get:4 http://ftpmaster.internal/ubuntu plucky/universe arm64 gnutls-bin arm64 3.8.8-2ubuntu1 [269 kB] 387s Get:5 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common-data arm64 0.8-14ubuntu1 [30.5 kB] 387s Get:6 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common3 arm64 0.8-14ubuntu1 [23.1 kB] 387s Get:7 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-client3 arm64 0.8-14ubuntu1 [27.3 kB] 387s Get:8 http://ftpmaster.internal/ubuntu plucky/main arm64 libbasicobjects0t64 arm64 0.6.2-3 [5882 B] 387s Get:9 http://ftpmaster.internal/ubuntu plucky/main arm64 libcares2 arm64 1.34.4-2.1 [100 kB] 387s Get:10 http://ftpmaster.internal/ubuntu plucky/main arm64 libcollection4t64 arm64 0.6.2-3 [23.6 kB] 387s Get:11 http://ftpmaster.internal/ubuntu plucky/main arm64 libcrack2 arm64 2.9.6-5.2 [28.9 kB] 387s Get:12 http://ftpmaster.internal/ubuntu plucky/main arm64 libdhash1t64 arm64 0.6.2-3 [8914 B] 387s Get:13 http://ftpmaster.internal/ubuntu plucky/main arm64 libpath-utils1t64 arm64 0.6.2-3 [9088 B] 387s Get:14 http://ftpmaster.internal/ubuntu plucky/main arm64 libref-array1t64 arm64 0.6.2-3 [7312 B] 387s Get:15 http://ftpmaster.internal/ubuntu plucky/main arm64 libini-config5t64 arm64 0.6.2-3 [44.4 kB] 387s Get:16 http://ftpmaster.internal/ubuntu plucky/main arm64 libipa-hbac0t64 arm64 2.9.5-3ubuntu2 [17.6 kB] 387s Get:17 http://ftpmaster.internal/ubuntu plucky/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 387s Get:18 http://ftpmaster.internal/ubuntu plucky/main arm64 libtdb1 arm64 1.4.12-1 [48.9 kB] 387s Get:19 http://ftpmaster.internal/ubuntu plucky/main arm64 libtevent0t64 arm64 0.16.1-3 [42.3 kB] 387s Get:20 http://ftpmaster.internal/ubuntu plucky/main arm64 libldb2 arm64 2:2.9.1+samba4.20.4+dfsg-1ubuntu3 [193 kB] 387s Get:21 http://ftpmaster.internal/ubuntu plucky/main arm64 libnfsidmap1 arm64 1:2.6.4-4ubuntu1 [48.3 kB] 387s Get:22 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality-common all 1.4.5-3build1 [7748 B] 387s Get:23 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality1 arm64 1.4.5-3build1 [13.3 kB] 387s Get:24 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-pwquality arm64 1.4.5-3build1 [11.7 kB] 387s Get:25 http://ftpmaster.internal/ubuntu plucky/main arm64 libwbclient0 arm64 2:4.20.4+dfsg-1ubuntu3 [76.6 kB] 387s Get:26 http://ftpmaster.internal/ubuntu plucky/main arm64 samba-libs arm64 2:4.20.4+dfsg-1ubuntu3 [6306 kB] 387s Get:27 http://ftpmaster.internal/ubuntu plucky/main arm64 libsmbclient0 arm64 2:4.20.4+dfsg-1ubuntu3 [62.8 kB] 387s Get:28 http://ftpmaster.internal/ubuntu plucky/main arm64 libnss-sss arm64 2.9.5-3ubuntu2 [32.5 kB] 387s Get:29 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-sss arm64 2.9.5-3ubuntu2 [49.6 kB] 387s Get:30 http://ftpmaster.internal/ubuntu plucky/universe arm64 softhsm2-common arm64 2.6.1-2.2ubuntu3 [6196 B] 387s Get:31 http://ftpmaster.internal/ubuntu plucky/universe arm64 libsofthsm2 arm64 2.6.1-2.2ubuntu3 [247 kB] 387s Get:32 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-certmap0 arm64 2.9.5-3ubuntu2 [46.6 kB] 387s Get:33 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-idmap0 arm64 2.9.5-3ubuntu2 [22.8 kB] 387s Get:34 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-nss-idmap0 arm64 2.9.5-3ubuntu2 [31.2 kB] 387s Get:35 http://ftpmaster.internal/ubuntu plucky/main arm64 python3-sss arm64 2.9.5-3ubuntu2 [47.5 kB] 387s Get:36 http://ftpmaster.internal/ubuntu plucky/universe arm64 softhsm2 arm64 2.6.1-2.2ubuntu3 [167 kB] 387s Get:37 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-common arm64 2.9.5-3ubuntu2 [1148 kB] 387s Get:38 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ad-common arm64 2.9.5-3ubuntu2 [75.5 kB] 387s Get:39 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-krb5-common arm64 2.9.5-3ubuntu2 [88.5 kB] 387s Get:40 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ad arm64 2.9.5-3ubuntu2 [135 kB] 387s Get:41 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ipa arm64 2.9.5-3ubuntu2 [219 kB] 387s Get:42 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-krb5 arm64 2.9.5-3ubuntu2 [14.4 kB] 387s Get:43 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ldap arm64 2.9.5-3ubuntu2 [31.4 kB] 387s Get:44 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-proxy arm64 2.9.5-3ubuntu2 [44.5 kB] 388s Get:45 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd arm64 2.9.5-3ubuntu2 [4118 B] 388s Fetched 10.4 MB in 1s (8182 kB/s) 388s Selecting previously unselected package libevent-2.1-7t64:arm64. 388s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80204 files and directories currently installed.) 388s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10_arm64.deb ... 388s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 388s Selecting previously unselected package libunbound8:arm64. 388s Preparing to unpack .../01-libunbound8_1.20.0-1ubuntu2.1_arm64.deb ... 388s Unpacking libunbound8:arm64 (1.20.0-1ubuntu2.1) ... 388s Selecting previously unselected package libgnutls-dane0t64:arm64. 388s Preparing to unpack .../02-libgnutls-dane0t64_3.8.8-2ubuntu1_arm64.deb ... 388s Unpacking libgnutls-dane0t64:arm64 (3.8.8-2ubuntu1) ... 388s Selecting previously unselected package gnutls-bin. 388s Preparing to unpack .../03-gnutls-bin_3.8.8-2ubuntu1_arm64.deb ... 388s Unpacking gnutls-bin (3.8.8-2ubuntu1) ... 389s Selecting previously unselected package libavahi-common-data:arm64. 389s Preparing to unpack .../04-libavahi-common-data_0.8-14ubuntu1_arm64.deb ... 389s Unpacking libavahi-common-data:arm64 (0.8-14ubuntu1) ... 389s Selecting previously unselected package libavahi-common3:arm64. 389s Preparing to unpack .../05-libavahi-common3_0.8-14ubuntu1_arm64.deb ... 389s Unpacking libavahi-common3:arm64 (0.8-14ubuntu1) ... 389s Selecting previously unselected package libavahi-client3:arm64. 389s Preparing to unpack .../06-libavahi-client3_0.8-14ubuntu1_arm64.deb ... 389s Unpacking libavahi-client3:arm64 (0.8-14ubuntu1) ... 389s Selecting previously unselected package libbasicobjects0t64:arm64. 389s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-3_arm64.deb ... 389s Unpacking libbasicobjects0t64:arm64 (0.6.2-3) ... 389s Selecting previously unselected package libcares2:arm64. 389s Preparing to unpack .../08-libcares2_1.34.4-2.1_arm64.deb ... 389s Unpacking libcares2:arm64 (1.34.4-2.1) ... 389s Selecting previously unselected package libcollection4t64:arm64. 389s Preparing to unpack .../09-libcollection4t64_0.6.2-3_arm64.deb ... 389s Unpacking libcollection4t64:arm64 (0.6.2-3) ... 389s Selecting previously unselected package libcrack2:arm64. 389s Preparing to unpack .../10-libcrack2_2.9.6-5.2_arm64.deb ... 389s Unpacking libcrack2:arm64 (2.9.6-5.2) ... 389s Selecting previously unselected package libdhash1t64:arm64. 389s Preparing to unpack .../11-libdhash1t64_0.6.2-3_arm64.deb ... 389s Unpacking libdhash1t64:arm64 (0.6.2-3) ... 389s Selecting previously unselected package libpath-utils1t64:arm64. 389s Preparing to unpack .../12-libpath-utils1t64_0.6.2-3_arm64.deb ... 389s Unpacking libpath-utils1t64:arm64 (0.6.2-3) ... 389s Selecting previously unselected package libref-array1t64:arm64. 389s Preparing to unpack .../13-libref-array1t64_0.6.2-3_arm64.deb ... 389s Unpacking libref-array1t64:arm64 (0.6.2-3) ... 389s Selecting previously unselected package libini-config5t64:arm64. 389s Preparing to unpack .../14-libini-config5t64_0.6.2-3_arm64.deb ... 389s Unpacking libini-config5t64:arm64 (0.6.2-3) ... 389s Selecting previously unselected package libipa-hbac0t64. 389s Preparing to unpack .../15-libipa-hbac0t64_2.9.5-3ubuntu2_arm64.deb ... 389s Unpacking libipa-hbac0t64 (2.9.5-3ubuntu2) ... 389s Selecting previously unselected package libtalloc2:arm64. 389s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_arm64.deb ... 389s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 389s Selecting previously unselected package libtdb1:arm64. 389s Preparing to unpack .../17-libtdb1_1.4.12-1_arm64.deb ... 389s Unpacking libtdb1:arm64 (1.4.12-1) ... 389s Selecting previously unselected package libtevent0t64:arm64. 389s Preparing to unpack .../18-libtevent0t64_0.16.1-3_arm64.deb ... 389s Unpacking libtevent0t64:arm64 (0.16.1-3) ... 389s Selecting previously unselected package libldb2:arm64. 389s Preparing to unpack .../19-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu3_arm64.deb ... 389s Unpacking libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 389s Selecting previously unselected package libnfsidmap1:arm64. 389s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-4ubuntu1_arm64.deb ... 389s Unpacking libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 389s Selecting previously unselected package libpwquality-common. 389s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 389s Unpacking libpwquality-common (1.4.5-3build1) ... 389s Selecting previously unselected package libpwquality1:arm64. 389s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_arm64.deb ... 389s Unpacking libpwquality1:arm64 (1.4.5-3build1) ... 389s Selecting previously unselected package libpam-pwquality:arm64. 389s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_arm64.deb ... 389s Unpacking libpam-pwquality:arm64 (1.4.5-3build1) ... 389s Selecting previously unselected package libwbclient0:arm64. 389s Preparing to unpack .../24-libwbclient0_2%3a4.20.4+dfsg-1ubuntu3_arm64.deb ... 389s Unpacking libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 389s Selecting previously unselected package samba-libs:arm64. 389s Preparing to unpack .../25-samba-libs_2%3a4.20.4+dfsg-1ubuntu3_arm64.deb ... 389s Unpacking samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 390s Selecting previously unselected package libsmbclient0:arm64. 390s Preparing to unpack .../26-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu3_arm64.deb ... 390s Unpacking libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 390s Selecting previously unselected package libnss-sss:arm64. 390s Preparing to unpack .../27-libnss-sss_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking libnss-sss:arm64 (2.9.5-3ubuntu2) ... 390s Selecting previously unselected package libpam-sss:arm64. 390s Preparing to unpack .../28-libpam-sss_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking libpam-sss:arm64 (2.9.5-3ubuntu2) ... 390s Selecting previously unselected package softhsm2-common. 390s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_arm64.deb ... 390s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 390s Selecting previously unselected package libsofthsm2. 390s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_arm64.deb ... 390s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 390s Selecting previously unselected package libsss-certmap0. 390s Preparing to unpack .../31-libsss-certmap0_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking libsss-certmap0 (2.9.5-3ubuntu2) ... 390s Selecting previously unselected package libsss-idmap0. 390s Preparing to unpack .../32-libsss-idmap0_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking libsss-idmap0 (2.9.5-3ubuntu2) ... 390s Selecting previously unselected package libsss-nss-idmap0. 390s Preparing to unpack .../33-libsss-nss-idmap0_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 390s Selecting previously unselected package python3-sss. 390s Preparing to unpack .../34-python3-sss_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking python3-sss (2.9.5-3ubuntu2) ... 390s Selecting previously unselected package softhsm2. 390s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_arm64.deb ... 390s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 390s Selecting previously unselected package sssd-common. 390s Preparing to unpack .../36-sssd-common_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking sssd-common (2.9.5-3ubuntu2) ... 390s Selecting previously unselected package sssd-ad-common. 390s Preparing to unpack .../37-sssd-ad-common_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking sssd-ad-common (2.9.5-3ubuntu2) ... 390s Selecting previously unselected package sssd-krb5-common. 390s Preparing to unpack .../38-sssd-krb5-common_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking sssd-krb5-common (2.9.5-3ubuntu2) ... 390s Selecting previously unselected package sssd-ad. 390s Preparing to unpack .../39-sssd-ad_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking sssd-ad (2.9.5-3ubuntu2) ... 390s Selecting previously unselected package sssd-ipa. 390s Preparing to unpack .../40-sssd-ipa_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking sssd-ipa (2.9.5-3ubuntu2) ... 390s Selecting previously unselected package sssd-krb5. 390s Preparing to unpack .../41-sssd-krb5_2.9.5-3ubuntu2_arm64.deb ... 390s Unpacking sssd-krb5 (2.9.5-3ubuntu2) ... 391s Selecting previously unselected package sssd-ldap. 391s Preparing to unpack .../42-sssd-ldap_2.9.5-3ubuntu2_arm64.deb ... 391s Unpacking sssd-ldap (2.9.5-3ubuntu2) ... 391s Selecting previously unselected package sssd-proxy. 391s Preparing to unpack .../43-sssd-proxy_2.9.5-3ubuntu2_arm64.deb ... 391s Unpacking sssd-proxy (2.9.5-3ubuntu2) ... 391s Selecting previously unselected package sssd. 391s Preparing to unpack .../44-sssd_2.9.5-3ubuntu2_arm64.deb ... 391s Unpacking sssd (2.9.5-3ubuntu2) ... 391s Setting up libpwquality-common (1.4.5-3build1) ... 391s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 391s Creating config file /etc/softhsm/softhsm2.conf with new version 391s Setting up libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 391s Setting up libsss-idmap0 (2.9.5-3ubuntu2) ... 391s Setting up libbasicobjects0t64:arm64 (0.6.2-3) ... 391s Setting up libipa-hbac0t64 (2.9.5-3ubuntu2) ... 391s Setting up libref-array1t64:arm64 (0.6.2-3) ... 391s Setting up libtdb1:arm64 (1.4.12-1) ... 391s Setting up libcollection4t64:arm64 (0.6.2-3) ... 391s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 391s Setting up libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 391s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 391s Setting up libpath-utils1t64:arm64 (0.6.2-3) ... 391s Setting up libunbound8:arm64 (1.20.0-1ubuntu2.1) ... 391s Setting up libgnutls-dane0t64:arm64 (3.8.8-2ubuntu1) ... 391s Setting up libavahi-common-data:arm64 (0.8-14ubuntu1) ... 391s Setting up libcares2:arm64 (1.34.4-2.1) ... 391s Setting up libdhash1t64:arm64 (0.6.2-3) ... 391s Setting up libcrack2:arm64 (2.9.6-5.2) ... 391s Setting up libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 391s Setting up libini-config5t64:arm64 (0.6.2-3) ... 391s Setting up libtevent0t64:arm64 (0.16.1-3) ... 391s Setting up libnss-sss:arm64 (2.9.5-3ubuntu2) ... 391s Setting up gnutls-bin (3.8.8-2ubuntu1) ... 391s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 391s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 391s Setting up libavahi-common3:arm64 (0.8-14ubuntu1) ... 391s Setting up libsss-certmap0 (2.9.5-3ubuntu2) ... 391s Setting up libpwquality1:arm64 (1.4.5-3build1) ... 391s Setting up libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 391s Setting up libavahi-client3:arm64 (0.8-14ubuntu1) ... 391s Setting up libpam-pwquality:arm64 (1.4.5-3build1) ... 391s Setting up samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 391s Setting up python3-sss (2.9.5-3ubuntu2) ... 392s Setting up libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 392s Setting up libpam-sss:arm64 (2.9.5-3ubuntu2) ... 392s Setting up sssd-common (2.9.5-3ubuntu2) ... 392s Creating SSSD system user & group... 392s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 392s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 392s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 392s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 393s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 393s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 393s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 394s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 394s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 394s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 395s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 395s sssd-autofs.service is a disabled or a static unit, not starting it. 395s sssd-nss.service is a disabled or a static unit, not starting it. 395s sssd-pam.service is a disabled or a static unit, not starting it. 395s sssd-ssh.service is a disabled or a static unit, not starting it. 395s sssd-sudo.service is a disabled or a static unit, not starting it. 395s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 395s Setting up sssd-proxy (2.9.5-3ubuntu2) ... 395s Setting up sssd-ad-common (2.9.5-3ubuntu2) ... 395s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 396s sssd-pac.service is a disabled or a static unit, not starting it. 396s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 396s Setting up sssd-krb5-common (2.9.5-3ubuntu2) ... 396s Setting up sssd-krb5 (2.9.5-3ubuntu2) ... 396s Setting up sssd-ldap (2.9.5-3ubuntu2) ... 396s Setting up sssd-ad (2.9.5-3ubuntu2) ... 396s Setting up sssd-ipa (2.9.5-3ubuntu2) ... 396s Setting up sssd (2.9.5-3ubuntu2) ... 396s Processing triggers for man-db (2.13.0-1) ... 398s Processing triggers for libc-bin (2.40-4ubuntu1) ... 402s autopkgtest [03:30:55]: test sssd-softhism2-certificates-tests.sh: [----------------------- 402s + '[' -z ubuntu ']' 402s + required_tools=(p11tool openssl softhsm2-util) 402s + for cmd in "${required_tools[@]}" 402s + command -v p11tool 402s + for cmd in "${required_tools[@]}" 402s + command -v openssl 402s + for cmd in "${required_tools[@]}" 402s + command -v softhsm2-util 402s + PIN=053350 402s +++ find /usr/lib/softhsm/libsofthsm2.so 402s +++ head -n 1 402s ++ realpath /usr/lib/softhsm/libsofthsm2.so 402s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 402s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 402s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 402s + '[' '!' -v NO_SSSD_TESTS ']' 402s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 402s + ca_db_arg=ca_db 402s ++ /usr/libexec/sssd/p11_child --help 402s + p11_child_help='Usage: p11_child [OPTION...] 402s -d, --debug-level=INT Debug level 402s --debug-timestamps=INT Add debug timestamps 402s --debug-microseconds=INT Show timestamps with microseconds 402s --dumpable=INT Allow core dumps 402s --debug-fd=INT An open file descriptor for the debug 402s logs 402s --logger=stderr|files|journald Set logger 402s --auth Run in auth mode 402s --pre Run in pre-auth mode 402s --wait_for_card Wait until card is available 402s --verification Run in verification mode 402s --pin Expect PIN on stdin 402s --keypad Expect PIN on keypad 402s --verify=STRING Tune validation 402s --ca_db=STRING CA DB to use 402s --module_name=STRING Module name for authentication 402s --token_name=STRING Token name for authentication 402s --key_id=STRING Key ID for authentication 402s --label=STRING Label for authentication 402s --certificate=STRING certificate to verify, base64 encoded 402s --uri=STRING PKCS#11 URI to restrict selection 402s --chain-id=LONG Tevent chain ID used for logging 402s purposes 402s 402s Help options: 402s -?, --help Show this help message 402s --usage Display brief usage message' 402s + echo 'Usage: p11_child [OPTION...] 402s -d, --debug-level=INT Debug level 402s --debug-timestamps=INT Add debug timestamps 402s --debug-microseconds=INT Show timestamps with microseconds 402s --dumpable=INT Allow core dumps 402s --debug-fd=INT An open file descriptor for the debug 402s logs 402s --logger=stderr|files|journald Set logger 402s --auth Run in auth mode 402s --pre Run in pre-auth mode 402s --wait_for_card Wait until card is available 402s --verification Run in verification mode 402s --pin Expect PIN on stdin 402s --keypad Expect PIN on keypad 402s --verify=STRING Tune validation 402s --ca_db=STRING CA DB to use 402s --module_name=STRING Module name for authentication 402s --token_name=STRING Token name for authentication 402s --key_id=STRING Key ID for authentication 402s --label=STRING Label for authentication 402s --certificate=STRING certificate to verify, base64 encoded 402s --uri=STRING PKCS#11 URI to restrict selection 402s --chain-id=LONG Tevent chain ID used for logging 402s purposes 402s 402s Help options: 402s -?, --help Show this help message 402s --usage Display brief usage message' 402s + grep nssdb -qs 402s + echo 'Usage: p11_child [OPTION...] 402s -d, --debug-level=INT Debug level 402s --debug-timestamps=INT Add debug timestamps 402s --debug-microseconds=INT Show timestamps with microseconds 402s --dumpable=INT Allow core dumps 402s --debug-fd=INT An open file descriptor for the debug 402s logs 402s --logger=stderr|files|journald Set logger 402s --auth Run in auth mode 402s --pre Run in pre-auth mode 402s --wait_for_card Wait until card is available 402s --verification Run in verification mode 402s --pin Expect PIN on stdin 402s --keypad Expect PIN on keypad 402s --verify=STRING Tune validation 402s --ca_db=STRING CA DB to use 402s --module_name=STRING Module name for authentication 402s --token_name=STRING Token name for authentication 402s --key_id=STRING Key ID for authentication 402s --label=STRING Label for authentication 402s --certificate=STRING certificate to verify, base64 encoded 402s --uri=STRING PKCS#11 URI to restrict selection 402s --chain-id=LONG Tevent chain ID used for logging 402s purposes 402s 402s Help options: 402s -?, --help Show this help message 402s --usage Display brief usage message' 402s + grep -qs -- --ca_db 402s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 402s ++ mktemp -d -t sssd-softhsm2-XXXXXX 402s + tmpdir=/tmp/sssd-softhsm2-SWqhbE 402s + keys_size=1024 402s + [[ ! -v KEEP_TEMPORARY_FILES ]] 402s + trap 'rm -rf "$tmpdir"' EXIT 402s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 402s + echo -n 01 402s + touch /tmp/sssd-softhsm2-SWqhbE/index.txt 402s + mkdir -p /tmp/sssd-softhsm2-SWqhbE/new_certs 402s + cat 402s + root_ca_key_pass=pass:random-root-CA-password-5809 402s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-SWqhbE/test-root-CA-key.pem -passout pass:random-root-CA-password-5809 1024 402s + openssl req -passin pass:random-root-CA-password-5809 -batch -config /tmp/sssd-softhsm2-SWqhbE/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-SWqhbE/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 402s + openssl x509 -noout -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 402s + cat 402s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-23668 402s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-23668 1024 402s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-23668 -config /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.config -key /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-5809 -sha256 -out /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-certificate-request.pem 402s + openssl req -text -noout -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-certificate-request.pem 402s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-SWqhbE/test-root-CA.config -passin pass:random-root-CA-password-5809 -keyfile /tmp/sssd-softhsm2-SWqhbE/test-root-CA-key.pem -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 402s Using configuration from /tmp/sssd-softhsm2-SWqhbE/test-root-CA.config 402s Certificate Request: 402s Data: 402s Version: 1 (0x0) 402s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 402s Subject Public Key Info: 402s Public Key Algorithm: rsaEncryption 402s Public-Key: (1024 bit) 402s Modulus: 402s 00:b9:38:06:af:59:19:d7:63:85:02:ad:7a:92:ab: 402s 77:88:0f:fc:36:4e:29:2b:f7:5d:25:83:8d:e6:02: 402s bb:e3:8f:ef:63:76:08:6c:fe:03:da:88:20:5e:97: 402s e1:6c:52:2f:0f:fb:ec:50:d6:b1:02:47:c2:64:f5: 402s b9:5a:7c:7d:57:85:e4:35:71:a6:9c:cf:62:85:bc: 402s d2:09:a8:11:f1:ad:da:c6:48:b5:f7:f9:37:7b:4b: 402s 97:da:bf:16:05:a6:82:e7:3d:5a:ad:b5:41:23:0d: 402s 90:da:62:1c:26:ee:52:c3:8b:db:a1:28:05:c9:c3: 402s 78:25:e6:30:d0:fe:3d:41:a1 402s Exponent: 65537 (0x10001) 402s Attributes: 402s (none) 402s Requested Extensions: 402s Signature Algorithm: sha256WithRSAEncryption 402s Signature Value: 402s 14:ec:d9:6d:20:db:6a:3e:8c:0a:b5:c6:bf:44:16:6e:70:39: 402s 04:26:6c:09:f2:6a:1a:fc:09:b9:99:18:8c:1f:8c:cd:4e:28: 402s a1:30:4e:c4:b5:53:ae:36:3e:a5:c3:3d:fd:a5:c7:d8:2a:ed: 402s 07:54:34:1a:db:6a:2f:42:63:ea:46:65:0f:a4:25:4a:f3:2f: 402s e1:6e:f1:de:56:4f:af:c9:e6:c4:a8:3c:ea:1a:4f:f4:9f:5c: 402s 5f:da:08:3c:37:92:68:be:29:2e:58:84:da:9b:ca:9e:e5:96: 402s 26:a8:df:86:a1:7d:68:40:6f:61:6b:24:93:21:5b:cf:a0:54: 402s 4a:54 402s Check that the request matches the signature 402s Signature ok 402s Certificate Details: 402s Serial Number: 1 (0x1) 402s Validity 402s Not Before: Jan 17 03:30:55 2025 GMT 402s Not After : Jan 17 03:30:55 2026 GMT 402s Subject: 402s organizationName = Test Organization 402s organizationalUnitName = Test Organization Unit 402s commonName = Test Organization Intermediate CA 402s X509v3 extensions: 402s X509v3 Subject Key Identifier: 402s 80:5E:81:38:AC:F9:95:13:1D:38:4F:50:F3:C9:90:0F:AA:DD:DE:9D 402s X509v3 Authority Key Identifier: 402s keyid:8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 402s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 402s serial:00 402s X509v3 Basic Constraints: 402s CA:TRUE 402s X509v3 Key Usage: critical 402s Digital Signature, Certificate Sign, CRL Sign 402s Certificate is to be certified until Jan 17 03:30:55 2026 GMT (365 days) 402s 402s Write out database with 1 new entries 402s Database updated 402s + openssl x509 -noout -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 402s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 402s /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem: OK 402s + cat 402s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-32539 402s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-32539 1024 402s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-32539 -config /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-23668 -sha256 -out /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-certificate-request.pem 402s + openssl req -text -noout -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-certificate-request.pem 402s Certificate Request: 402s Data: 402s Version: 1 (0x0) 402s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 402s Subject Public Key Info: 402s Public Key Algorithm: rsaEncryption 402s Public-Key: (1024 bit) 402s Modulus: 402s 00:c3:a5:9d:45:81:f7:7e:47:1b:25:55:cd:53:6b: 402s 63:be:70:18:75:b3:dc:5e:0a:ad:7b:a4:34:c7:c2: 402s 1c:83:79:59:9e:45:de:1e:40:ab:bf:47:b9:69:5f: 402s a1:fa:03:cb:69:fc:21:fb:3c:4e:58:4e:d7:e4:70: 402s 47:16:4c:f3:ba:ed:4d:14:de:01:1c:80:00:77:e7: 402s 5e:fa:02:41:8e:59:2f:50:59:b5:73:59:21:bc:86: 402s 83:7c:23:62:fd:f2:2a:1e:68:38:6a:c1:0f:09:a6: 402s cc:48:03:a2:eb:76:4d:56:c0:23:2a:0d:59:81:a3: 402s ca:f4:60:08:a8:09:87:fb:97 402s Exponent: 65537 (0x10001) 402s Attributes: 402s (none) 402s Requested Extensions: 402s Signature Algorithm: sha256WithRSAEncryption 402s Signature Value: 402s 50:85:59:db:ba:8d:22:16:40:7a:b2:46:91:ff:fb:60:2e:47: 402s 43:0a:57:15:05:00:cb:d9:c7:ac:60:13:90:54:8a:89:5a:98: 402s 49:c0:c7:98:23:f0:72:fe:72:53:ed:d0:d3:4b:a5:e2:46:73: 402s fd:72:bc:59:d2:cf:12:54:0c:fe:03:0d:86:3f:9b:99:29:ad: 402s fb:73:05:17:06:40:9d:84:e5:77:e1:6f:3c:c6:20:82:c7:85: 402s b8:25:75:64:60:29:d4:58:50:54:6e:5b:14:b0:15:0b:ff:a7: 402s 92:7d:b1:0c:57:b1:49:a5:cc:1c:fa:20:13:99:b2:11:9c:65: 402s ec:e7 402s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-23668 -keyfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 402s Using configuration from /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.config 402s Check that the request matches the signature 402s Signature ok 402s Certificate Details: 402s Serial Number: 2 (0x2) 402s Validity 402s Not Before: Jan 17 03:30:55 2025 GMT 402s Not After : Jan 17 03:30:55 2026 GMT 402s Subject: 402s organizationName = Test Organization 402s organizationalUnitName = Test Organization Unit 402s commonName = Test Organization Sub Intermediate CA 402s X509v3 extensions: 402s X509v3 Subject Key Identifier: 402s A9:7A:1B:9D:60:12:3C:77:E5:81:CE:7C:91:51:B8:51:89:60:99:1C 402s X509v3 Authority Key Identifier: 402s keyid:80:5E:81:38:AC:F9:95:13:1D:38:4F:50:F3:C9:90:0F:AA:DD:DE:9D 402s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 402s serial:01 402s X509v3 Basic Constraints: 402s CA:TRUE 402s X509v3 Key Usage: critical 402s Digital Signature, Certificate Sign, CRL Sign 402s Certificate is to be certified until Jan 17 03:30:55 2026 GMT (365 days) 402s 402s Write out database with 1 new entries 402s Database updated 402s + openssl x509 -noout -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 402s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 402s /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem: OK 402s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 402s + local cmd=openssl 402s + shift 402s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 402s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 402s error 20 at 0 depth lookup: unable to get local issuer certificate 402s error /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem: verification failed 402s + cat 402s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-10662 402s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-10662 1024 402s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-10662 -key /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001-request.pem 403s + openssl req -text -noout -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001-request.pem 403s Certificate Request: 403s Data: 403s Version: 1 (0x0) 403s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 403s Subject Public Key Info: 403s Public Key Algorithm: rsaEncryption 403s Public-Key: (1024 bit) 403s Modulus: 403s 00:f4:9a:5b:10:81:2c:68:31:7f:02:e3:6d:5b:f6: 403s e1:50:e6:fc:ff:d2:10:db:e6:ff:43:ee:12:51:9c: 403s fe:c0:50:f9:51:b4:34:fb:64:12:7c:96:8f:ec:67: 403s 00:3f:d3:8e:31:90:8b:e6:f7:4b:b2:81:8d:86:67: 403s 43:31:71:15:b4:3f:37:34:e1:5d:1d:20:be:f8:2a: 403s a3:2e:76:83:d4:7d:17:db:fa:65:70:fd:ec:a9:a6: 403s 62:c8:4c:a0:89:a9:61:93:0c:68:95:f0:11:5a:b6: 403s 22:d2:55:a7:43:c2:03:85:88:d6:23:b3:7a:51:ae: 403s b5:f7:7f:d6:b3:cd:67:f9:e9 403s Exponent: 65537 (0x10001) 403s Attributes: 403s Requested Extensions: 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Root CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Signature Algorithm: sha256WithRSAEncryption 403s Signature Value: 403s b0:cc:03:d1:8c:5c:03:1a:06:5b:00:06:e1:1e:2f:24:f7:5a: 403s bd:de:95:96:bf:b7:91:5e:00:c6:73:28:bb:ca:06:96:04:9f: 403s 67:03:c4:a8:ad:83:83:e1:ab:6e:33:bd:90:dd:c3:3e:3c:a9: 403s 1f:62:ff:5f:50:e2:30:18:d5:d6:e1:c2:91:e3:a6:f1:7a:d9: 403s 03:9f:92:e3:3a:0e:17:06:98:d0:d5:a2:8d:19:60:35:8b:12: 403s e6:8f:51:b2:31:27:3b:92:00:e5:9e:0f:3a:89:a9:d0:18:57: 403s 1c:68:c7:91:24:66:d8:21:08:79:2d:88:11:5d:eb:bf:4b:88: 403s 66:6c 403s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-SWqhbE/test-root-CA.config -passin pass:random-root-CA-password-5809 -keyfile /tmp/sssd-softhsm2-SWqhbE/test-root-CA-key.pem -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s Using configuration from /tmp/sssd-softhsm2-SWqhbE/test-root-CA.config 403s Check that the request matches the signature 403s Signature ok 403s Certificate Details: 403s Serial Number: 3 (0x3) 403s Validity 403s Not Before: Jan 17 03:30:55 2025 GMT 403s Not After : Jan 17 03:30:55 2026 GMT 403s Subject: 403s organizationName = Test Organization 403s organizationalUnitName = Test Organization Unit 403s commonName = Test Organization Root Trusted Certificate 0001 403s X509v3 extensions: 403s X509v3 Authority Key Identifier: 403s 8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Root CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Certificate is to be certified until Jan 17 03:30:55 2026 GMT (365 days) 403s 403s Write out database with 1 new entries 403s Database updated 403s + openssl x509 -noout -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem: OK 403s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + local cmd=openssl 403s + shift 403s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 403s error 20 at 0 depth lookup: unable to get local issuer certificate 403s error /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem: verification failed 403s + cat 403s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 403s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-14602 1024 403s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-14602 -key /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001-request.pem 403s + openssl req -text -noout -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001-request.pem 403s Certificate Request: 403s Data: 403s Version: 1 (0x0) 403s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 403s Subject Public Key Info: 403s Public Key Algorithm: rsaEncryption 403s Public-Key: (1024 bit) 403s Modulus: 403s 00:b6:ce:ec:c3:5c:9c:3c:b7:24:ef:6e:f5:f9:65: 403s b8:7f:c9:8f:ad:f5:24:3c:6e:5c:d1:43:47:ce:67: 403s b4:5d:bd:76:3c:2a:aa:b5:eb:59:f1:3b:15:43:83: 403s f1:4c:7c:33:2a:b6:ce:f3:81:a2:48:c4:76:b9:43: 403s 4e:16:9c:7c:f2:59:8c:fb:d2:d9:58:70:e3:da:74: 403s 96:df:e5:9b:0f:b0:de:41:61:0c:63:8b:1b:79:c2: 403s e5:43:55:59:fa:0b:0b:22:cc:dd:b8:33:a3:84:ce: 403s 48:0a:d9:9c:4b:5e:d6:f5:06:01:36:7a:17:26:92: 403s c0:15:e9:8f:43:8f:8b:3b:df 403s Exponent: 65537 (0x10001) 403s Attributes: 403s Requested Extensions: 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Intermediate CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s 91:44:2A:64:63:0E:8D:D1:81:02:6C:5F:FC:F0:58:1C:6F:EB:AB:59 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Signature Algorithm: sha256WithRSAEncryption 403s Signature Value: 403s 3c:86:6d:44:a4:71:f6:82:68:7a:5b:e0:0a:bd:38:2d:60:a5: 403s cf:3d:55:a3:10:cb:5d:cd:00:a1:0e:ae:15:da:9c:7a:08:97: 403s 7e:a7:e5:24:48:03:9e:36:4a:64:f0:fa:df:73:95:6b:8f:27: 403s 0f:ce:31:50:74:56:64:1f:f0:6a:cc:39:6b:d8:fc:da:fd:7e: 403s 59:6d:a7:76:02:61:c7:9d:6b:90:fd:bd:42:c0:c6:79:76:b9: 403s c8:2e:48:5e:f1:0f:05:02:ee:c2:43:0b:5d:76:3b:35:51:31: 403s bc:87:d0:d5:e5:b4:d1:47:5d:8a:14:84:40:2d:a8:9a:2e:97: 403s 40:6f 403s + openssl ca -passin pass:random-intermediate-CA-password-23668 -config /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 403s Using configuration from /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.config 403s Check that the request matches the signature 403s Signature ok 403s Certificate Details: 403s Serial Number: 4 (0x4) 403s Validity 403s Not Before: Jan 17 03:30:56 2025 GMT 403s Not After : Jan 17 03:30:56 2026 GMT 403s Subject: 403s organizationName = Test Organization 403s organizationalUnitName = Test Organization Unit 403s commonName = Test Organization Intermediate Trusted Certificate 0001 403s X509v3 extensions: 403s X509v3 Authority Key Identifier: 403s 80:5E:81:38:AC:F9:95:13:1D:38:4F:50:F3:C9:90:0F:AA:DD:DE:9D 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Intermediate CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s 91:44:2A:64:63:0E:8D:D1:81:02:6C:5F:FC:F0:58:1C:6F:EB:AB:59 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Certificate is to be certified until Jan 17 03:30:56 2026 GMT (365 days) 403s 403s Write out database with 1 new entries 403s Database updated 403s + openssl x509 -noout -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 403s This certificate should not be trusted fully 403s + echo 'This certificate should not be trusted fully' 403s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 403s + local cmd=openssl 403s + shift 403s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 403s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 403s error 2 at 1 depth lookup: unable to get issuer certificate 403s error /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 403s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 403s /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem: OK 403s + cat 403s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 403s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-31572 1024 403s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-31572 -key /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 403s + openssl req -text -noout -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 403s Certificate Request: 403s Data: 403s Version: 1 (0x0) 403s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 403s Subject Public Key Info: 403s Public Key Algorithm: rsaEncryption 403s Public-Key: (1024 bit) 403s Modulus: 403s 00:e3:10:55:a8:5d:d7:a6:7b:e2:75:85:a6:9d:19: 403s aa:b5:ed:18:68:14:69:ba:27:55:9a:ee:e1:f5:19: 403s b3:ae:e0:7b:19:79:6f:ae:d8:fa:65:5f:01:f9:d1: 403s 0b:75:06:86:fc:32:01:95:e3:fe:82:03:14:b1:95: 403s d7:5d:04:c4:80:d3:71:7a:53:2f:ca:a1:10:a7:57: 403s 3e:9a:9a:31:d7:7f:37:5c:aa:0e:cb:22:d8:93:39: 403s e6:03:a4:c8:11:db:eb:cf:b9:de:22:6a:2c:92:bc: 403s 15:e3:01:7e:91:0d:a7:d1:15:18:27:ab:02:d6:2f: 403s 4e:ae:6b:ca:b3:61:f8:36:f9 403s Exponent: 65537 (0x10001) 403s Attributes: 403s Requested Extensions: 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Sub Intermediate CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s 77:59:14:CC:C2:F3:A8:32:2B:B3:EC:C7:EE:FD:5C:82:DE:C5:B3:DF 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Signature Algorithm: sha256WithRSAEncryption 403s Signature Value: 403s 84:bc:d0:53:44:7c:28:9e:34:69:09:0f:6f:ae:06:ae:69:5e: 403s 6f:7e:9d:76:d4:70:e6:cb:b1:98:0f:9e:ee:be:c2:90:1d:92: 403s 05:c3:31:bd:1e:55:ae:b8:31:96:a6:bb:e4:3c:18:e2:da:9f: 403s 9e:f5:15:b1:fe:b1:6e:23:8f:77:ba:09:4e:53:6d:c6:a9:a7: 403s 85:c9:f9:3a:13:34:56:35:bb:de:79:5e:df:c2:85:6d:0b:ca: 403s f5:42:92:dd:f1:0f:7a:e9:5e:91:cf:bd:b6:08:8c:ad:6a:40: 403s 46:74:9b:32:46:62:3a:6c:a4:0a:c1:44:6a:54:b8:6d:5f:17: 403s 1c:31 403s + openssl ca -passin pass:random-sub-intermediate-CA-password-32539 -config /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 403s Using configuration from /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.config 403s Check that the request matches the signature 403s Signature ok 403s Certificate Details: 403s Serial Number: 5 (0x5) 403s Validity 403s Not Before: Jan 17 03:30:56 2025 GMT 403s Not After : Jan 17 03:30:56 2026 GMT 403s Subject: 403s organizationName = Test Organization 403s organizationalUnitName = Test Organization Unit 403s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 403s X509v3 extensions: 403s X509v3 Authority Key Identifier: 403s A9:7A:1B:9D:60:12:3C:77:E5:81:CE:7C:91:51:B8:51:89:60:99:1C 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Sub Intermediate CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s 77:59:14:CC:C2:F3:A8:32:2B:B3:EC:C7:EE:FD:5C:82:DE:C5:B3:DF 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Certificate is to be certified until Jan 17 03:30:56 2026 GMT (365 days) 403s 403s Write out database with 1 new entries 403s Database updated 403s + openssl x509 -noout -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 403s + echo 'This certificate should not be trusted fully' 403s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 403s + local cmd=openssl 403s + shift 403s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 403s This certificate should not be trusted fully 403s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 403s error 2 at 1 depth lookup: unable to get issuer certificate 403s error /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 403s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 403s + local cmd=openssl 403s + shift 403s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 403s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 403s error 20 at 0 depth lookup: unable to get local issuer certificate 403s error /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 403s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 403s /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 403s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 403s + local cmd=openssl 403s + shift 403s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 403s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 403s error 20 at 0 depth lookup: unable to get local issuer certificate 403s error /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 403s + echo 'Building a the full-chain CA file...' 403s Building a the full-chain CA file... 403s + cat /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 403s + cat /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 403s + cat /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 403s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 403s + openssl pkcs7 -print_certs -noout 403s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 403s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 403s 403s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 403s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 403s 403s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 403s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 403s 403s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 403s /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem: OK 403s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem: OK 403s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 403s /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem: OK 403s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-root-intermediate-chain-CA.pem 403s /tmp/sssd-softhsm2-SWqhbE/test-root-intermediate-chain-CA.pem: OK 403s + openssl verify -CAfile /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 403s /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 403s Certificates generation completed! 403s + echo 'Certificates generation completed!' 403s + [[ -v NO_SSSD_TESTS ]] 403s + invalid_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /dev/null 403s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /dev/null 403s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 403s + local key_ring=/dev/null 403s + local verify_option= 403s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 403s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 403s + local key_cn 403s + local key_name 403s + local tokens_dir 403s + local output_cert_file 403s + token_name= 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem .pem 403s + key_name=test-root-CA-trusted-certificate-0001 403s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s ++ sed -n 's/ *commonName *= //p' 403s + key_cn='Test Organization Root Trusted Certificate 0001' 403s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 403s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 403s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 403s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 403s + token_name='Test Organization Root Tr Token' 403s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 403s + local key_file 403s + local decrypted_key 403s + mkdir -p /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 403s + key_file=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001-key.pem 403s + decrypted_key=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001-key-decrypted.pem 403s + cat 403s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 403s Slot 0 has a free/uninitialized token. 403s The token has been initialized and is reassigned to slot 1138667745 403s + softhsm2-util --show-slots 403s Available slots: 403s Slot 1138667745 403s Slot info: 403s Description: SoftHSM slot ID 0x43deb0e1 403s Manufacturer ID: SoftHSM project 403s Hardware version: 2.6 403s Firmware version: 2.6 403s Token present: yes 403s Token info: 403s Manufacturer ID: SoftHSM project 403s Model: SoftHSM v2 403s Hardware version: 2.6 403s Firmware version: 2.6 403s Serial number: 21507ad443deb0e1 403s Initialized: yes 403s User PIN init.: yes 403s Label: Test Organization Root Tr Token 403s Slot 1 403s Slot info: 403s Description: SoftHSM slot ID 0x1 403s Manufacturer ID: SoftHSM project 403s Hardware version: 2.6 403s Firmware version: 2.6 403s Token present: yes 403s Token info: 403s Manufacturer ID: SoftHSM project 403s Model: SoftHSM v2 403s Hardware version: 2.6 403s Firmware version: 2.6 403s Serial number: 403s Initialized: no 403s User PIN init.: no 403s Label: 403s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 403s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-10662 -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001-key-decrypted.pem 403s writing RSA key 403s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 403s + rm /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001-key-decrypted.pem 403s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 403s Object 0: 403s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=21507ad443deb0e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 403s Type: X.509 Certificate (RSA-1024) 403s Expires: Sat Jan 17 03:30:55 2026 403s Label: Test Organization Root Trusted Certificate 0001 403s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 403s 403s Test Organization Root Tr Token 403s + echo 'Test Organization Root Tr Token' 403s + '[' -n '' ']' 403s + local output_base_name=SSSD-child-16512 403s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-16512.output 403s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-16512.pem 403s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 403s [p11_child[2600]] [main] (0x0400): p11_child started. 403s [p11_child[2600]] [main] (0x2000): Running in [pre-auth] mode. 403s [p11_child[2600]] [main] (0x2000): Running with effective IDs: [0][0]. 403s [p11_child[2600]] [main] (0x2000): Running with real IDs [0][0]. 403s [p11_child[2600]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 403s [p11_child[2600]] [do_work] (0x0040): init_verification failed. 403s [p11_child[2600]] [main] (0x0020): p11_child failed (5) 403s + return 2 403s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /dev/null no_verification 403s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /dev/null no_verification 403s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 403s + local key_ring=/dev/null 403s + local verify_option=no_verification 403s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 403s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 403s + local key_cn 403s + local key_name 403s + local tokens_dir 403s + local output_cert_file 403s + token_name= 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem .pem 403s + key_name=test-root-CA-trusted-certificate-0001 403s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s ++ sed -n 's/ *commonName *= //p' 403s + key_cn='Test Organization Root Trusted Certificate 0001' 403s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 403s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 403s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 403s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 403s + token_name='Test Organization Root Tr Token' 403s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 403s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 ']' 403s Test Organization Root Tr Token 403s + echo 'Test Organization Root Tr Token' 403s + '[' -n no_verification ']' 403s + local verify_arg=--verify=no_verification 403s + local output_base_name=SSSD-child-30449 403s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449.output 403s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449.pem 403s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 403s [p11_child[2606]] [main] (0x0400): p11_child started. 403s [p11_child[2606]] [main] (0x2000): Running in [pre-auth] mode. 403s [p11_child[2606]] [main] (0x2000): Running with effective IDs: [0][0]. 403s [p11_child[2606]] [main] (0x2000): Running with real IDs [0][0]. 403s [p11_child[2606]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 403s [p11_child[2606]] [do_card] (0x4000): Module List: 403s [p11_child[2606]] [do_card] (0x4000): common name: [softhsm2]. 403s [p11_child[2606]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2606]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 403s [p11_child[2606]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 403s [p11_child[2606]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2606]] [do_card] (0x4000): Login NOT required. 403s [p11_child[2606]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 403s [p11_child[2606]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 403s [p11_child[2606]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x43deb0e1;slot-manufacturer=SoftHSM%20project;slot-id=1138667745;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=21507ad443deb0e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 403s [p11_child[2606]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 403s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449.output 403s + echo '-----BEGIN CERTIFICATE-----' 403s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449.output 403s + echo '-----END CERTIFICATE-----' 403s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449.pem 403s Certificate: 403s Data: 403s Version: 3 (0x2) 403s Serial Number: 3 (0x3) 403s Signature Algorithm: sha256WithRSAEncryption 403s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 403s Validity 403s Not Before: Jan 17 03:30:55 2025 GMT 403s Not After : Jan 17 03:30:55 2026 GMT 403s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 403s Subject Public Key Info: 403s Public Key Algorithm: rsaEncryption 403s Public-Key: (1024 bit) 403s Modulus: 403s 00:f4:9a:5b:10:81:2c:68:31:7f:02:e3:6d:5b:f6: 403s e1:50:e6:fc:ff:d2:10:db:e6:ff:43:ee:12:51:9c: 403s fe:c0:50:f9:51:b4:34:fb:64:12:7c:96:8f:ec:67: 403s 00:3f:d3:8e:31:90:8b:e6:f7:4b:b2:81:8d:86:67: 403s 43:31:71:15:b4:3f:37:34:e1:5d:1d:20:be:f8:2a: 403s a3:2e:76:83:d4:7d:17:db:fa:65:70:fd:ec:a9:a6: 403s 62:c8:4c:a0:89:a9:61:93:0c:68:95:f0:11:5a:b6: 403s 22:d2:55:a7:43:c2:03:85:88:d6:23:b3:7a:51:ae: 403s b5:f7:7f:d6:b3:cd:67:f9:e9 403s Exponent: 65537 (0x10001) 403s X509v3 extensions: 403s X509v3 Authority Key Identifier: 403s 8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Root CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Signature Algorithm: sha256WithRSAEncryption 403s Signature Value: 403s a6:6e:99:7f:66:49:24:80:43:6d:c0:41:41:8f:f2:4a:9e:b2: 403s 79:ae:e1:6e:ed:9e:d1:bc:3f:1e:71:2d:b7:92:53:37:26:61: 403s 6f:ff:f1:01:df:6b:ce:ce:17:18:7d:a5:d3:dc:4b:de:58:f3: 403s 80:78:f5:6f:ed:b0:44:72:68:79:b2:99:3c:86:d1:35:d1:14: 403s 3b:2e:4c:6e:68:a5:1a:d2:fe:53:ce:b5:05:49:fe:87:93:a1: 403s f7:5b:87:64:5c:e4:9f:e8:e4:7b:19:f5:00:96:32:09:3e:0c: 403s f7:b6:65:43:5f:8b:6d:4e:0a:f8:8e:94:70:7f:5c:94:04:98: 403s b2:a6 403s + local found_md5 expected_md5 403s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + expected_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 403s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449.pem 403s + found_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 403s + '[' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 '!=' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 ']' 403s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449-auth.output 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449-auth.output .output 403s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449-auth.pem 403s + echo -n 053350 403s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 403s [p11_child[2614]] [main] (0x0400): p11_child started. 403s [p11_child[2614]] [main] (0x2000): Running in [auth] mode. 403s [p11_child[2614]] [main] (0x2000): Running with effective IDs: [0][0]. 403s [p11_child[2614]] [main] (0x2000): Running with real IDs [0][0]. 403s [p11_child[2614]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 403s [p11_child[2614]] [do_card] (0x4000): Module List: 403s [p11_child[2614]] [do_card] (0x4000): common name: [softhsm2]. 403s [p11_child[2614]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2614]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 403s [p11_child[2614]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 403s [p11_child[2614]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2614]] [do_card] (0x4000): Login required. 403s [p11_child[2614]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 403s [p11_child[2614]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 403s [p11_child[2614]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x43deb0e1;slot-manufacturer=SoftHSM%20project;slot-id=1138667745;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=21507ad443deb0e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 403s [p11_child[2614]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 403s [p11_child[2614]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 403s [p11_child[2614]] [do_card] (0x4000): Certificate verified and validated. 403s [p11_child[2614]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 403s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449-auth.output 403s + echo '-----BEGIN CERTIFICATE-----' 403s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449-auth.output 403s + echo '-----END CERTIFICATE-----' 403s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449-auth.pem 403s Certificate: 403s Data: 403s Version: 3 (0x2) 403s Serial Number: 3 (0x3) 403s Signature Algorithm: sha256WithRSAEncryption 403s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 403s Validity 403s Not Before: Jan 17 03:30:55 2025 GMT 403s Not After : Jan 17 03:30:55 2026 GMT 403s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 403s Subject Public Key Info: 403s Public Key Algorithm: rsaEncryption 403s Public-Key: (1024 bit) 403s Modulus: 403s 00:f4:9a:5b:10:81:2c:68:31:7f:02:e3:6d:5b:f6: 403s e1:50:e6:fc:ff:d2:10:db:e6:ff:43:ee:12:51:9c: 403s fe:c0:50:f9:51:b4:34:fb:64:12:7c:96:8f:ec:67: 403s 00:3f:d3:8e:31:90:8b:e6:f7:4b:b2:81:8d:86:67: 403s 43:31:71:15:b4:3f:37:34:e1:5d:1d:20:be:f8:2a: 403s a3:2e:76:83:d4:7d:17:db:fa:65:70:fd:ec:a9:a6: 403s 62:c8:4c:a0:89:a9:61:93:0c:68:95:f0:11:5a:b6: 403s 22:d2:55:a7:43:c2:03:85:88:d6:23:b3:7a:51:ae: 403s b5:f7:7f:d6:b3:cd:67:f9:e9 403s Exponent: 65537 (0x10001) 403s X509v3 extensions: 403s X509v3 Authority Key Identifier: 403s 8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Root CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Signature Algorithm: sha256WithRSAEncryption 403s Signature Value: 403s a6:6e:99:7f:66:49:24:80:43:6d:c0:41:41:8f:f2:4a:9e:b2: 403s 79:ae:e1:6e:ed:9e:d1:bc:3f:1e:71:2d:b7:92:53:37:26:61: 403s 6f:ff:f1:01:df:6b:ce:ce:17:18:7d:a5:d3:dc:4b:de:58:f3: 403s 80:78:f5:6f:ed:b0:44:72:68:79:b2:99:3c:86:d1:35:d1:14: 403s 3b:2e:4c:6e:68:a5:1a:d2:fe:53:ce:b5:05:49:fe:87:93:a1: 403s f7:5b:87:64:5c:e4:9f:e8:e4:7b:19:f5:00:96:32:09:3e:0c: 403s f7:b6:65:43:5f:8b:6d:4e:0a:f8:8e:94:70:7f:5c:94:04:98: 403s b2:a6 403s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-30449-auth.pem 403s + found_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 403s + '[' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 '!=' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 ']' 403s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 403s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 403s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 403s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 403s + local verify_option= 403s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 403s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 403s + local key_cn 403s + local key_name 403s + local tokens_dir 403s + local output_cert_file 403s + token_name= 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem .pem 403s + key_name=test-root-CA-trusted-certificate-0001 403s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s ++ sed -n 's/ *commonName *= //p' 403s + key_cn='Test Organization Root Trusted Certificate 0001' 403s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 403s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 403s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 403s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 403s + token_name='Test Organization Root Tr Token' 403s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 403s Test Organization Root Tr Token 403s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 ']' 403s + echo 'Test Organization Root Tr Token' 403s + '[' -n '' ']' 403s + local output_base_name=SSSD-child-24189 403s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189.output 403s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189.pem 403s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 403s [p11_child[2624]] [main] (0x0400): p11_child started. 403s [p11_child[2624]] [main] (0x2000): Running in [pre-auth] mode. 403s [p11_child[2624]] [main] (0x2000): Running with effective IDs: [0][0]. 403s [p11_child[2624]] [main] (0x2000): Running with real IDs [0][0]. 403s [p11_child[2624]] [do_card] (0x4000): Module List: 403s [p11_child[2624]] [do_card] (0x4000): common name: [softhsm2]. 403s [p11_child[2624]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2624]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 403s [p11_child[2624]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 403s [p11_child[2624]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2624]] [do_card] (0x4000): Login NOT required. 403s [p11_child[2624]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 403s [p11_child[2624]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 403s [p11_child[2624]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 403s [p11_child[2624]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x43deb0e1;slot-manufacturer=SoftHSM%20project;slot-id=1138667745;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=21507ad443deb0e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 403s [p11_child[2624]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 403s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189.output 403s + echo '-----BEGIN CERTIFICATE-----' 403s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189.output 403s + echo '-----END CERTIFICATE-----' 403s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189.pem 403s Certificate: 403s Data: 403s Version: 3 (0x2) 403s Serial Number: 3 (0x3) 403s Signature Algorithm: sha256WithRSAEncryption 403s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 403s Validity 403s Not Before: Jan 17 03:30:55 2025 GMT 403s Not After : Jan 17 03:30:55 2026 GMT 403s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 403s Subject Public Key Info: 403s Public Key Algorithm: rsaEncryption 403s Public-Key: (1024 bit) 403s Modulus: 403s 00:f4:9a:5b:10:81:2c:68:31:7f:02:e3:6d:5b:f6: 403s e1:50:e6:fc:ff:d2:10:db:e6:ff:43:ee:12:51:9c: 403s fe:c0:50:f9:51:b4:34:fb:64:12:7c:96:8f:ec:67: 403s 00:3f:d3:8e:31:90:8b:e6:f7:4b:b2:81:8d:86:67: 403s 43:31:71:15:b4:3f:37:34:e1:5d:1d:20:be:f8:2a: 403s a3:2e:76:83:d4:7d:17:db:fa:65:70:fd:ec:a9:a6: 403s 62:c8:4c:a0:89:a9:61:93:0c:68:95:f0:11:5a:b6: 403s 22:d2:55:a7:43:c2:03:85:88:d6:23:b3:7a:51:ae: 403s b5:f7:7f:d6:b3:cd:67:f9:e9 403s Exponent: 65537 (0x10001) 403s X509v3 extensions: 403s X509v3 Authority Key Identifier: 403s 8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Root CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Signature Algorithm: sha256WithRSAEncryption 403s Signature Value: 403s a6:6e:99:7f:66:49:24:80:43:6d:c0:41:41:8f:f2:4a:9e:b2: 403s 79:ae:e1:6e:ed:9e:d1:bc:3f:1e:71:2d:b7:92:53:37:26:61: 403s 6f:ff:f1:01:df:6b:ce:ce:17:18:7d:a5:d3:dc:4b:de:58:f3: 403s 80:78:f5:6f:ed:b0:44:72:68:79:b2:99:3c:86:d1:35:d1:14: 403s 3b:2e:4c:6e:68:a5:1a:d2:fe:53:ce:b5:05:49:fe:87:93:a1: 403s f7:5b:87:64:5c:e4:9f:e8:e4:7b:19:f5:00:96:32:09:3e:0c: 403s f7:b6:65:43:5f:8b:6d:4e:0a:f8:8e:94:70:7f:5c:94:04:98: 403s b2:a6 403s + local found_md5 expected_md5 403s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + expected_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 403s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189.pem 403s + found_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 403s + '[' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 '!=' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 ']' 403s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189-auth.output 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189-auth.output .output 403s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189-auth.pem 403s + echo -n 053350 403s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 403s [p11_child[2632]] [main] (0x0400): p11_child started. 403s [p11_child[2632]] [main] (0x2000): Running in [auth] mode. 403s [p11_child[2632]] [main] (0x2000): Running with effective IDs: [0][0]. 403s [p11_child[2632]] [main] (0x2000): Running with real IDs [0][0]. 403s [p11_child[2632]] [do_card] (0x4000): Module List: 403s [p11_child[2632]] [do_card] (0x4000): common name: [softhsm2]. 403s [p11_child[2632]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2632]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 403s [p11_child[2632]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 403s [p11_child[2632]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2632]] [do_card] (0x4000): Login required. 403s [p11_child[2632]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 403s [p11_child[2632]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 403s [p11_child[2632]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 403s [p11_child[2632]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x43deb0e1;slot-manufacturer=SoftHSM%20project;slot-id=1138667745;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=21507ad443deb0e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 403s [p11_child[2632]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 403s [p11_child[2632]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 403s [p11_child[2632]] [do_card] (0x4000): Certificate verified and validated. 403s [p11_child[2632]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 403s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189-auth.output 403s + echo '-----BEGIN CERTIFICATE-----' 403s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189-auth.output 403s + echo '-----END CERTIFICATE-----' 403s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189-auth.pem 403s Certificate: 403s Data: 403s Version: 3 (0x2) 403s Serial Number: 3 (0x3) 403s Signature Algorithm: sha256WithRSAEncryption 403s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 403s Validity 403s Not Before: Jan 17 03:30:55 2025 GMT 403s Not After : Jan 17 03:30:55 2026 GMT 403s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 403s Subject Public Key Info: 403s Public Key Algorithm: rsaEncryption 403s Public-Key: (1024 bit) 403s Modulus: 403s 00:f4:9a:5b:10:81:2c:68:31:7f:02:e3:6d:5b:f6: 403s e1:50:e6:fc:ff:d2:10:db:e6:ff:43:ee:12:51:9c: 403s fe:c0:50:f9:51:b4:34:fb:64:12:7c:96:8f:ec:67: 403s 00:3f:d3:8e:31:90:8b:e6:f7:4b:b2:81:8d:86:67: 403s 43:31:71:15:b4:3f:37:34:e1:5d:1d:20:be:f8:2a: 403s a3:2e:76:83:d4:7d:17:db:fa:65:70:fd:ec:a9:a6: 403s 62:c8:4c:a0:89:a9:61:93:0c:68:95:f0:11:5a:b6: 403s 22:d2:55:a7:43:c2:03:85:88:d6:23:b3:7a:51:ae: 403s b5:f7:7f:d6:b3:cd:67:f9:e9 403s Exponent: 65537 (0x10001) 403s X509v3 extensions: 403s X509v3 Authority Key Identifier: 403s 8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Root CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Signature Algorithm: sha256WithRSAEncryption 403s Signature Value: 403s a6:6e:99:7f:66:49:24:80:43:6d:c0:41:41:8f:f2:4a:9e:b2: 403s 79:ae:e1:6e:ed:9e:d1:bc:3f:1e:71:2d:b7:92:53:37:26:61: 403s 6f:ff:f1:01:df:6b:ce:ce:17:18:7d:a5:d3:dc:4b:de:58:f3: 403s 80:78:f5:6f:ed:b0:44:72:68:79:b2:99:3c:86:d1:35:d1:14: 403s 3b:2e:4c:6e:68:a5:1a:d2:fe:53:ce:b5:05:49:fe:87:93:a1: 403s f7:5b:87:64:5c:e4:9f:e8:e4:7b:19:f5:00:96:32:09:3e:0c: 403s f7:b6:65:43:5f:8b:6d:4e:0a:f8:8e:94:70:7f:5c:94:04:98: 403s b2:a6 403s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24189-auth.pem 403s + found_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 403s + '[' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 '!=' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 ']' 403s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem partial_chain 403s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem partial_chain 403s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 403s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 403s + local verify_option=partial_chain 403s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 403s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 403s + local key_cn 403s + local key_name 403s + local tokens_dir 403s + local output_cert_file 403s + token_name= 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem .pem 403s + key_name=test-root-CA-trusted-certificate-0001 403s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s ++ sed -n 's/ *commonName *= //p' 403s + key_cn='Test Organization Root Trusted Certificate 0001' 403s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 403s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 403s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 403s Test Organization Root Tr Token 403s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 403s + token_name='Test Organization Root Tr Token' 403s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 403s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 ']' 403s + echo 'Test Organization Root Tr Token' 403s + '[' -n partial_chain ']' 403s + local verify_arg=--verify=partial_chain 403s + local output_base_name=SSSD-child-12844 403s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844.output 403s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844.pem 403s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 403s [p11_child[2642]] [main] (0x0400): p11_child started. 403s [p11_child[2642]] [main] (0x2000): Running in [pre-auth] mode. 403s [p11_child[2642]] [main] (0x2000): Running with effective IDs: [0][0]. 403s [p11_child[2642]] [main] (0x2000): Running with real IDs [0][0]. 403s [p11_child[2642]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 403s [p11_child[2642]] [do_card] (0x4000): Module List: 403s [p11_child[2642]] [do_card] (0x4000): common name: [softhsm2]. 403s [p11_child[2642]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2642]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 403s [p11_child[2642]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 403s [p11_child[2642]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2642]] [do_card] (0x4000): Login NOT required. 403s [p11_child[2642]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 403s [p11_child[2642]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 403s [p11_child[2642]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 403s [p11_child[2642]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x43deb0e1;slot-manufacturer=SoftHSM%20project;slot-id=1138667745;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=21507ad443deb0e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 403s [p11_child[2642]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 403s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844.output 403s + echo '-----BEGIN CERTIFICATE-----' 403s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844.output 403s + echo '-----END CERTIFICATE-----' 403s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844.pem 403s Certificate: 403s Data: 403s Version: 3 (0x2) 403s Serial Number: 3 (0x3) 403s Signature Algorithm: sha256WithRSAEncryption 403s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 403s Validity 403s Not Before: Jan 17 03:30:55 2025 GMT 403s Not After : Jan 17 03:30:55 2026 GMT 403s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 403s Subject Public Key Info: 403s Public Key Algorithm: rsaEncryption 403s Public-Key: (1024 bit) 403s Modulus: 403s 00:f4:9a:5b:10:81:2c:68:31:7f:02:e3:6d:5b:f6: 403s e1:50:e6:fc:ff:d2:10:db:e6:ff:43:ee:12:51:9c: 403s fe:c0:50:f9:51:b4:34:fb:64:12:7c:96:8f:ec:67: 403s 00:3f:d3:8e:31:90:8b:e6:f7:4b:b2:81:8d:86:67: 403s 43:31:71:15:b4:3f:37:34:e1:5d:1d:20:be:f8:2a: 403s a3:2e:76:83:d4:7d:17:db:fa:65:70:fd:ec:a9:a6: 403s 62:c8:4c:a0:89:a9:61:93:0c:68:95:f0:11:5a:b6: 403s 22:d2:55:a7:43:c2:03:85:88:d6:23:b3:7a:51:ae: 403s b5:f7:7f:d6:b3:cd:67:f9:e9 403s Exponent: 65537 (0x10001) 403s X509v3 extensions: 403s X509v3 Authority Key Identifier: 403s 8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Root CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Signature Algorithm: sha256WithRSAEncryption 403s Signature Value: 403s a6:6e:99:7f:66:49:24:80:43:6d:c0:41:41:8f:f2:4a:9e:b2: 403s 79:ae:e1:6e:ed:9e:d1:bc:3f:1e:71:2d:b7:92:53:37:26:61: 403s 6f:ff:f1:01:df:6b:ce:ce:17:18:7d:a5:d3:dc:4b:de:58:f3: 403s 80:78:f5:6f:ed:b0:44:72:68:79:b2:99:3c:86:d1:35:d1:14: 403s 3b:2e:4c:6e:68:a5:1a:d2:fe:53:ce:b5:05:49:fe:87:93:a1: 403s f7:5b:87:64:5c:e4:9f:e8:e4:7b:19:f5:00:96:32:09:3e:0c: 403s f7:b6:65:43:5f:8b:6d:4e:0a:f8:8e:94:70:7f:5c:94:04:98: 403s b2:a6 403s + local found_md5 expected_md5 403s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + expected_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 403s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844.pem 403s + found_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 403s + '[' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 '!=' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 ']' 403s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844-auth.output 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844-auth.output .output 403s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844-auth.pem 403s + echo -n 053350 403s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 403s [p11_child[2650]] [main] (0x0400): p11_child started. 403s [p11_child[2650]] [main] (0x2000): Running in [auth] mode. 403s [p11_child[2650]] [main] (0x2000): Running with effective IDs: [0][0]. 403s [p11_child[2650]] [main] (0x2000): Running with real IDs [0][0]. 403s [p11_child[2650]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 403s [p11_child[2650]] [do_card] (0x4000): Module List: 403s [p11_child[2650]] [do_card] (0x4000): common name: [softhsm2]. 403s [p11_child[2650]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2650]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 403s [p11_child[2650]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 403s [p11_child[2650]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 403s [p11_child[2650]] [do_card] (0x4000): Login required. 403s [p11_child[2650]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 403s [p11_child[2650]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 403s [p11_child[2650]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 403s [p11_child[2650]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x43deb0e1;slot-manufacturer=SoftHSM%20project;slot-id=1138667745;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=21507ad443deb0e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 403s [p11_child[2650]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 403s [p11_child[2650]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 403s [p11_child[2650]] [do_card] (0x4000): Certificate verified and validated. 403s [p11_child[2650]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 403s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844-auth.output 403s + echo '-----BEGIN CERTIFICATE-----' 403s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844-auth.output 403s + echo '-----END CERTIFICATE-----' 403s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844-auth.pem 403s Certificate: 403s Data: 403s Version: 3 (0x2) 403s Serial Number: 3 (0x3) 403s Signature Algorithm: sha256WithRSAEncryption 403s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 403s Validity 403s Not Before: Jan 17 03:30:55 2025 GMT 403s Not After : Jan 17 03:30:55 2026 GMT 403s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 403s Subject Public Key Info: 403s Public Key Algorithm: rsaEncryption 403s Public-Key: (1024 bit) 403s Modulus: 403s 00:f4:9a:5b:10:81:2c:68:31:7f:02:e3:6d:5b:f6: 403s e1:50:e6:fc:ff:d2:10:db:e6:ff:43:ee:12:51:9c: 403s fe:c0:50:f9:51:b4:34:fb:64:12:7c:96:8f:ec:67: 403s 00:3f:d3:8e:31:90:8b:e6:f7:4b:b2:81:8d:86:67: 403s 43:31:71:15:b4:3f:37:34:e1:5d:1d:20:be:f8:2a: 403s a3:2e:76:83:d4:7d:17:db:fa:65:70:fd:ec:a9:a6: 403s 62:c8:4c:a0:89:a9:61:93:0c:68:95:f0:11:5a:b6: 403s 22:d2:55:a7:43:c2:03:85:88:d6:23:b3:7a:51:ae: 403s b5:f7:7f:d6:b3:cd:67:f9:e9 403s Exponent: 65537 (0x10001) 403s X509v3 extensions: 403s X509v3 Authority Key Identifier: 403s 8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 403s X509v3 Basic Constraints: 403s CA:FALSE 403s Netscape Cert Type: 403s SSL Client, S/MIME 403s Netscape Comment: 403s Test Organization Root CA trusted Certificate 403s X509v3 Subject Key Identifier: 403s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 403s X509v3 Key Usage: critical 403s Digital Signature, Non Repudiation, Key Encipherment 403s X509v3 Extended Key Usage: 403s TLS Web Client Authentication, E-mail Protection 403s X509v3 Subject Alternative Name: 403s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 403s Signature Algorithm: sha256WithRSAEncryption 403s Signature Value: 403s a6:6e:99:7f:66:49:24:80:43:6d:c0:41:41:8f:f2:4a:9e:b2: 403s 79:ae:e1:6e:ed:9e:d1:bc:3f:1e:71:2d:b7:92:53:37:26:61: 403s 6f:ff:f1:01:df:6b:ce:ce:17:18:7d:a5:d3:dc:4b:de:58:f3: 403s 80:78:f5:6f:ed:b0:44:72:68:79:b2:99:3c:86:d1:35:d1:14: 403s 3b:2e:4c:6e:68:a5:1a:d2:fe:53:ce:b5:05:49:fe:87:93:a1: 403s f7:5b:87:64:5c:e4:9f:e8:e4:7b:19:f5:00:96:32:09:3e:0c: 403s f7:b6:65:43:5f:8b:6d:4e:0a:f8:8e:94:70:7f:5c:94:04:98: 403s b2:a6 403s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12844-auth.pem 403s + found_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 403s + '[' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 '!=' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 ']' 403s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 403s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 403s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 403s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 403s + local verify_option= 403s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 403s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 403s + local key_cn 403s + local key_name 403s + local tokens_dir 403s + local output_cert_file 403s + token_name= 403s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem .pem 403s + key_name=test-root-CA-trusted-certificate-0001 403s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 403s ++ sed -n 's/ *commonName *= //p' 404s + key_cn='Test Organization Root Trusted Certificate 0001' 404s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 404s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 404s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 404s Test Organization Root Tr Token 404s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 404s + token_name='Test Organization Root Tr Token' 404s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 404s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 ']' 404s + echo 'Test Organization Root Tr Token' 404s + '[' -n '' ']' 404s + local output_base_name=SSSD-child-1142 404s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142.output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142.pem 404s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 404s [p11_child[2660]] [main] (0x0400): p11_child started. 404s [p11_child[2660]] [main] (0x2000): Running in [pre-auth] mode. 404s [p11_child[2660]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2660]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2660]] [do_card] (0x4000): Module List: 404s [p11_child[2660]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2660]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2660]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2660]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 404s [p11_child[2660]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2660]] [do_card] (0x4000): Login NOT required. 404s [p11_child[2660]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 404s [p11_child[2660]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 404s [p11_child[2660]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 404s [p11_child[2660]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x43deb0e1;slot-manufacturer=SoftHSM%20project;slot-id=1138667745;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=21507ad443deb0e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 404s [p11_child[2660]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142.output 404s + echo '-----BEGIN CERTIFICATE-----' 404s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142.output 404s + echo '-----END CERTIFICATE-----' 404s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142.pem 404s + local found_md5 expected_md5 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 404s Certificate: 404s Data: 404s Version: 3 (0x2) 404s Serial Number: 3 (0x3) 404s Signature Algorithm: sha256WithRSAEncryption 404s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 404s Validity 404s Not Before: Jan 17 03:30:55 2025 GMT 404s Not After : Jan 17 03:30:55 2026 GMT 404s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 404s Subject Public Key Info: 404s Public Key Algorithm: rsaEncryption 404s Public-Key: (1024 bit) 404s Modulus: 404s 00:f4:9a:5b:10:81:2c:68:31:7f:02:e3:6d:5b:f6: 404s e1:50:e6:fc:ff:d2:10:db:e6:ff:43:ee:12:51:9c: 404s fe:c0:50:f9:51:b4:34:fb:64:12:7c:96:8f:ec:67: 404s 00:3f:d3:8e:31:90:8b:e6:f7:4b:b2:81:8d:86:67: 404s 43:31:71:15:b4:3f:37:34:e1:5d:1d:20:be:f8:2a: 404s a3:2e:76:83:d4:7d:17:db:fa:65:70:fd:ec:a9:a6: 404s 62:c8:4c:a0:89:a9:61:93:0c:68:95:f0:11:5a:b6: 404s 22:d2:55:a7:43:c2:03:85:88:d6:23:b3:7a:51:ae: 404s b5:f7:7f:d6:b3:cd:67:f9:e9 404s Exponent: 65537 (0x10001) 404s X509v3 extensions: 404s X509v3 Authority Key Identifier: 404s 8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 404s X509v3 Basic Constraints: 404s CA:FALSE 404s Netscape Cert Type: 404s SSL Client, S/MIME 404s Netscape Comment: 404s Test Organization Root CA trusted Certificate 404s X509v3 Subject Key Identifier: 404s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 404s X509v3 Key Usage: critical 404s Digital Signature, Non Repudiation, Key Encipherment 404s X509v3 Extended Key Usage: 404s TLS Web Client Authentication, E-mail Protection 404s X509v3 Subject Alternative Name: 404s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 404s Signature Algorithm: sha256WithRSAEncryption 404s Signature Value: 404s a6:6e:99:7f:66:49:24:80:43:6d:c0:41:41:8f:f2:4a:9e:b2: 404s 79:ae:e1:6e:ed:9e:d1:bc:3f:1e:71:2d:b7:92:53:37:26:61: 404s 6f:ff:f1:01:df:6b:ce:ce:17:18:7d:a5:d3:dc:4b:de:58:f3: 404s 80:78:f5:6f:ed:b0:44:72:68:79:b2:99:3c:86:d1:35:d1:14: 404s 3b:2e:4c:6e:68:a5:1a:d2:fe:53:ce:b5:05:49:fe:87:93:a1: 404s f7:5b:87:64:5c:e4:9f:e8:e4:7b:19:f5:00:96:32:09:3e:0c: 404s f7:b6:65:43:5f:8b:6d:4e:0a:f8:8e:94:70:7f:5c:94:04:98: 404s b2:a6 404s + expected_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142.pem 404s + found_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 404s + '[' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 '!=' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 ']' 404s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142-auth.output 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142-auth.output .output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142-auth.pem 404s + echo -n 053350 404s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 404s [p11_child[2668]] [main] (0x0400): p11_child started. 404s [p11_child[2668]] [main] (0x2000): Running in [auth] mode. 404s [p11_child[2668]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2668]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2668]] [do_card] (0x4000): Module List: 404s [p11_child[2668]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2668]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2668]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2668]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 404s [p11_child[2668]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2668]] [do_card] (0x4000): Login required. 404s [p11_child[2668]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 404s [p11_child[2668]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 404s [p11_child[2668]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 404s [p11_child[2668]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x43deb0e1;slot-manufacturer=SoftHSM%20project;slot-id=1138667745;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=21507ad443deb0e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 404s [p11_child[2668]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 404s [p11_child[2668]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 404s [p11_child[2668]] [do_card] (0x4000): Certificate verified and validated. 404s [p11_child[2668]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142-auth.output 404s + echo '-----BEGIN CERTIFICATE-----' 404s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142-auth.output 404s + echo '-----END CERTIFICATE-----' 404s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142-auth.pem 404s Certificate: 404s Data: 404s Version: 3 (0x2) 404s Serial Number: 3 (0x3) 404s Signature Algorithm: sha256WithRSAEncryption 404s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 404s Validity 404s Not Before: Jan 17 03:30:55 2025 GMT 404s Not After : Jan 17 03:30:55 2026 GMT 404s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 404s Subject Public Key Info: 404s Public Key Algorithm: rsaEncryption 404s Public-Key: (1024 bit) 404s Modulus: 404s 00:f4:9a:5b:10:81:2c:68:31:7f:02:e3:6d:5b:f6: 404s e1:50:e6:fc:ff:d2:10:db:e6:ff:43:ee:12:51:9c: 404s fe:c0:50:f9:51:b4:34:fb:64:12:7c:96:8f:ec:67: 404s 00:3f:d3:8e:31:90:8b:e6:f7:4b:b2:81:8d:86:67: 404s 43:31:71:15:b4:3f:37:34:e1:5d:1d:20:be:f8:2a: 404s a3:2e:76:83:d4:7d:17:db:fa:65:70:fd:ec:a9:a6: 404s 62:c8:4c:a0:89:a9:61:93:0c:68:95:f0:11:5a:b6: 404s 22:d2:55:a7:43:c2:03:85:88:d6:23:b3:7a:51:ae: 404s b5:f7:7f:d6:b3:cd:67:f9:e9 404s Exponent: 65537 (0x10001) 404s X509v3 extensions: 404s X509v3 Authority Key Identifier: 404s 8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 404s X509v3 Basic Constraints: 404s CA:FALSE 404s Netscape Cert Type: 404s SSL Client, S/MIME 404s Netscape Comment: 404s Test Organization Root CA trusted Certificate 404s X509v3 Subject Key Identifier: 404s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 404s X509v3 Key Usage: critical 404s Digital Signature, Non Repudiation, Key Encipherment 404s X509v3 Extended Key Usage: 404s TLS Web Client Authentication, E-mail Protection 404s X509v3 Subject Alternative Name: 404s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 404s Signature Algorithm: sha256WithRSAEncryption 404s Signature Value: 404s a6:6e:99:7f:66:49:24:80:43:6d:c0:41:41:8f:f2:4a:9e:b2: 404s 79:ae:e1:6e:ed:9e:d1:bc:3f:1e:71:2d:b7:92:53:37:26:61: 404s 6f:ff:f1:01:df:6b:ce:ce:17:18:7d:a5:d3:dc:4b:de:58:f3: 404s 80:78:f5:6f:ed:b0:44:72:68:79:b2:99:3c:86:d1:35:d1:14: 404s 3b:2e:4c:6e:68:a5:1a:d2:fe:53:ce:b5:05:49:fe:87:93:a1: 404s f7:5b:87:64:5c:e4:9f:e8:e4:7b:19:f5:00:96:32:09:3e:0c: 404s f7:b6:65:43:5f:8b:6d:4e:0a:f8:8e:94:70:7f:5c:94:04:98: 404s b2:a6 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-1142-auth.pem 404s + found_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 404s + '[' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 '!=' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 ']' 404s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem partial_chain 404s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem partial_chain 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 404s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 404s + local verify_option=partial_chain 404s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 404s + local key_cn 404s + local key_name 404s + local tokens_dir 404s + local output_cert_file 404s + token_name= 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem .pem 404s + key_name=test-root-CA-trusted-certificate-0001 404s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 404s ++ sed -n 's/ *commonName *= //p' 404s + key_cn='Test Organization Root Trusted Certificate 0001' 404s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 404s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 404s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 404s Test Organization Root Tr Token 404s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 404s + token_name='Test Organization Root Tr Token' 404s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 404s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 ']' 404s + echo 'Test Organization Root Tr Token' 404s + '[' -n partial_chain ']' 404s + local verify_arg=--verify=partial_chain 404s + local output_base_name=SSSD-child-13820 404s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820.output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820.pem 404s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 404s [p11_child[2678]] [main] (0x0400): p11_child started. 404s [p11_child[2678]] [main] (0x2000): Running in [pre-auth] mode. 404s [p11_child[2678]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2678]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2678]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 404s [p11_child[2678]] [do_card] (0x4000): Module List: 404s [p11_child[2678]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2678]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2678]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2678]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 404s [p11_child[2678]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2678]] [do_card] (0x4000): Login NOT required. 404s [p11_child[2678]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 404s [p11_child[2678]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 404s [p11_child[2678]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 404s [p11_child[2678]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x43deb0e1;slot-manufacturer=SoftHSM%20project;slot-id=1138667745;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=21507ad443deb0e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 404s [p11_child[2678]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820.output 404s + echo '-----BEGIN CERTIFICATE-----' 404s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820.output 404s + echo '-----END CERTIFICATE-----' 404s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820.pem 404s Certificate: 404s Data: 404s Version: 3 (0x2) 404s Serial Number: 3 (0x3) 404s Signature Algorithm: sha256WithRSAEncryption 404s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 404s Validity 404s Not Before: Jan 17 03:30:55 2025 GMT 404s Not After : Jan 17 03:30:55 2026 GMT 404s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 404s Subject Public Key Info: 404s Public Key Algorithm: rsaEncryption 404s Public-Key: (1024 bit) 404s Modulus: 404s 00:f4:9a:5b:10:81:2c:68:31:7f:02:e3:6d:5b:f6: 404s e1:50:e6:fc:ff:d2:10:db:e6:ff:43:ee:12:51:9c: 404s fe:c0:50:f9:51:b4:34:fb:64:12:7c:96:8f:ec:67: 404s 00:3f:d3:8e:31:90:8b:e6:f7:4b:b2:81:8d:86:67: 404s 43:31:71:15:b4:3f:37:34:e1:5d:1d:20:be:f8:2a: 404s a3:2e:76:83:d4:7d:17:db:fa:65:70:fd:ec:a9:a6: 404s 62:c8:4c:a0:89:a9:61:93:0c:68:95:f0:11:5a:b6: 404s 22:d2:55:a7:43:c2:03:85:88:d6:23:b3:7a:51:ae: 404s b5:f7:7f:d6:b3:cd:67:f9:e9 404s Exponent: 65537 (0x10001) 404s X509v3 extensions: 404s X509v3 Authority Key Identifier: 404s 8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 404s X509v3 Basic Constraints: 404s CA:FALSE 404s Netscape Cert Type: 404s SSL Client, S/MIME 404s Netscape Comment: 404s Test Organization Root CA trusted Certificate 404s X509v3 Subject Key Identifier: 404s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 404s X509v3 Key Usage: critical 404s Digital Signature, Non Repudiation, Key Encipherment 404s X509v3 Extended Key Usage: 404s TLS Web Client Authentication, E-mail Protection 404s X509v3 Subject Alternative Name: 404s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 404s Signature Algorithm: sha256WithRSAEncryption 404s Signature Value: 404s a6:6e:99:7f:66:49:24:80:43:6d:c0:41:41:8f:f2:4a:9e:b2: 404s 79:ae:e1:6e:ed:9e:d1:bc:3f:1e:71:2d:b7:92:53:37:26:61: 404s 6f:ff:f1:01:df:6b:ce:ce:17:18:7d:a5:d3:dc:4b:de:58:f3: 404s 80:78:f5:6f:ed:b0:44:72:68:79:b2:99:3c:86:d1:35:d1:14: 404s 3b:2e:4c:6e:68:a5:1a:d2:fe:53:ce:b5:05:49:fe:87:93:a1: 404s f7:5b:87:64:5c:e4:9f:e8:e4:7b:19:f5:00:96:32:09:3e:0c: 404s f7:b6:65:43:5f:8b:6d:4e:0a:f8:8e:94:70:7f:5c:94:04:98: 404s b2:a6 404s + local found_md5 expected_md5 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 404s + expected_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820.pem 404s + found_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 404s + '[' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 '!=' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 ']' 404s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820-auth.output 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820-auth.output .output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820-auth.pem 404s + echo -n 053350 404s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 404s [p11_child[2686]] [main] (0x0400): p11_child started. 404s [p11_child[2686]] [main] (0x2000): Running in [auth] mode. 404s [p11_child[2686]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2686]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2686]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 404s [p11_child[2686]] [do_card] (0x4000): Module List: 404s [p11_child[2686]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2686]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2686]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2686]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 404s [p11_child[2686]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2686]] [do_card] (0x4000): Login required. 404s [p11_child[2686]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 404s [p11_child[2686]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 404s [p11_child[2686]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 404s [p11_child[2686]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x43deb0e1;slot-manufacturer=SoftHSM%20project;slot-id=1138667745;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=21507ad443deb0e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 404s [p11_child[2686]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 404s [p11_child[2686]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 404s [p11_child[2686]] [do_card] (0x4000): Certificate verified and validated. 404s [p11_child[2686]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820-auth.output 404s + echo '-----BEGIN CERTIFICATE-----' 404s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820-auth.output 404s + echo '-----END CERTIFICATE-----' 404s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820-auth.pem 404s Certificate: 404s Data: 404s Version: 3 (0x2) 404s Serial Number: 3 (0x3) 404s Signature Algorithm: sha256WithRSAEncryption 404s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 404s Validity 404s Not Before: Jan 17 03:30:55 2025 GMT 404s Not After : Jan 17 03:30:55 2026 GMT 404s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 404s Subject Public Key Info: 404s Public Key Algorithm: rsaEncryption 404s Public-Key: (1024 bit) 404s Modulus: 404s 00:f4:9a:5b:10:81:2c:68:31:7f:02:e3:6d:5b:f6: 404s e1:50:e6:fc:ff:d2:10:db:e6:ff:43:ee:12:51:9c: 404s fe:c0:50:f9:51:b4:34:fb:64:12:7c:96:8f:ec:67: 404s 00:3f:d3:8e:31:90:8b:e6:f7:4b:b2:81:8d:86:67: 404s 43:31:71:15:b4:3f:37:34:e1:5d:1d:20:be:f8:2a: 404s a3:2e:76:83:d4:7d:17:db:fa:65:70:fd:ec:a9:a6: 404s 62:c8:4c:a0:89:a9:61:93:0c:68:95:f0:11:5a:b6: 404s 22:d2:55:a7:43:c2:03:85:88:d6:23:b3:7a:51:ae: 404s b5:f7:7f:d6:b3:cd:67:f9:e9 404s Exponent: 65537 (0x10001) 404s X509v3 extensions: 404s X509v3 Authority Key Identifier: 404s 8D:82:3F:95:C0:30:43:71:98:35:E4:F0:58:95:12:3D:26:EF:FE:12 404s X509v3 Basic Constraints: 404s CA:FALSE 404s Netscape Cert Type: 404s SSL Client, S/MIME 404s Netscape Comment: 404s Test Organization Root CA trusted Certificate 404s X509v3 Subject Key Identifier: 404s CB:4C:F5:F4:50:03:3E:9A:F7:A1:1F:9F:81:0D:35:43:39:C5:7C:E2 404s X509v3 Key Usage: critical 404s Digital Signature, Non Repudiation, Key Encipherment 404s X509v3 Extended Key Usage: 404s TLS Web Client Authentication, E-mail Protection 404s X509v3 Subject Alternative Name: 404s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 404s Signature Algorithm: sha256WithRSAEncryption 404s Signature Value: 404s a6:6e:99:7f:66:49:24:80:43:6d:c0:41:41:8f:f2:4a:9e:b2: 404s 79:ae:e1:6e:ed:9e:d1:bc:3f:1e:71:2d:b7:92:53:37:26:61: 404s 6f:ff:f1:01:df:6b:ce:ce:17:18:7d:a5:d3:dc:4b:de:58:f3: 404s 80:78:f5:6f:ed:b0:44:72:68:79:b2:99:3c:86:d1:35:d1:14: 404s 3b:2e:4c:6e:68:a5:1a:d2:fe:53:ce:b5:05:49:fe:87:93:a1: 404s f7:5b:87:64:5c:e4:9f:e8:e4:7b:19:f5:00:96:32:09:3e:0c: 404s f7:b6:65:43:5f:8b:6d:4e:0a:f8:8e:94:70:7f:5c:94:04:98: 404s b2:a6 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-13820-auth.pem 404s + found_md5=Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 404s + '[' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 '!=' Modulus=F49A5B10812C68317F02E36D5BF6E150E6FCFFD210DBE6FF43EE12519CFEC050F951B434FB64127C968FEC67003FD38E31908BE6F74BB2818D866743317115B43F3734E15D1D20BEF82AA32E7683D47D17DBFA6570FDECA9A662C84CA089A961930C6895F0115AB622D255A743C2038588D623B37A51AEB5F77FD6B3CD67F9E9 ']' 404s + invalid_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 404s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 404s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 404s + local verify_option= 404s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 404s + local key_cn 404s + local key_name 404s + local tokens_dir 404s + local output_cert_file 404s + token_name= 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem .pem 404s + key_name=test-root-CA-trusted-certificate-0001 404s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 404s ++ sed -n 's/ *commonName *= //p' 404s + key_cn='Test Organization Root Trusted Certificate 0001' 404s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 404s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 404s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 404s Test Organization Root Tr Token 404s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 404s + token_name='Test Organization Root Tr Token' 404s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 404s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 ']' 404s + echo 'Test Organization Root Tr Token' 404s + '[' -n '' ']' 404s + local output_base_name=SSSD-child-7181 404s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-7181.output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-7181.pem 404s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 404s [p11_child[2696]] [main] (0x0400): p11_child started. 404s [p11_child[2696]] [main] (0x2000): Running in [pre-auth] mode. 404s [p11_child[2696]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2696]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2696]] [do_card] (0x4000): Module List: 404s [p11_child[2696]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2696]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2696]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2696]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 404s [p11_child[2696]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2696]] [do_card] (0x4000): Login NOT required. 404s [p11_child[2696]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 404s [p11_child[2696]] [do_verification] (0x0040): X509_verify_cert failed [0]. 404s [p11_child[2696]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 404s [p11_child[2696]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 404s [p11_child[2696]] [do_card] (0x4000): No certificate found. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-7181.output 404s + return 2 404s + invalid_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem partial_chain 404s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem partial_chain 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 404s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 404s + local verify_option=partial_chain 404s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10662 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-root-ca-trusted-cert-0001-10662 404s + local key_cn 404s + local key_name 404s + local tokens_dir 404s + local output_cert_file 404s + token_name= 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem .pem 404s + key_name=test-root-CA-trusted-certificate-0001 404s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-root-CA-trusted-certificate-0001.pem 404s ++ sed -n 's/ *commonName *= //p' 404s Test Organization Root Tr Token 404s + key_cn='Test Organization Root Trusted Certificate 0001' 404s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 404s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 404s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 404s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 404s + token_name='Test Organization Root Tr Token' 404s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 404s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-root-CA-trusted-certificate-0001 ']' 404s + echo 'Test Organization Root Tr Token' 404s + '[' -n partial_chain ']' 404s + local verify_arg=--verify=partial_chain 404s + local output_base_name=SSSD-child-29602 404s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-29602.output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-29602.pem 404s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 404s [p11_child[2703]] [main] (0x0400): p11_child started. 404s [p11_child[2703]] [main] (0x2000): Running in [pre-auth] mode. 404s [p11_child[2703]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2703]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2703]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 404s [p11_child[2703]] [do_card] (0x4000): Module List: 404s [p11_child[2703]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2703]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2703]] [do_card] (0x4000): Description [SoftHSM slot ID 0x43deb0e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2703]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 404s [p11_child[2703]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x43deb0e1][1138667745] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2703]] [do_card] (0x4000): Login NOT required. 404s [p11_child[2703]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 404s [p11_child[2703]] [do_verification] (0x0040): X509_verify_cert failed [0]. 404s [p11_child[2703]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 404s [p11_child[2703]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 404s [p11_child[2703]] [do_card] (0x4000): No certificate found. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-29602.output 404s + return 2 404s + invalid_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /dev/null 404s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /dev/null 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local key_ring=/dev/null 404s + local verify_option= 404s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local key_cn 404s + local key_name 404s + local tokens_dir 404s + local output_cert_file 404s + token_name= 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem .pem 404s + key_name=test-intermediate-CA-trusted-certificate-0001 404s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s ++ sed -n 's/ *commonName *= //p' 404s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 404s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 404s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 404s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 404s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 404s + token_name='Test Organization Interme Token' 404s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 404s + local key_file 404s + local decrypted_key 404s + mkdir -p /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 404s + key_file=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001-key.pem 404s + decrypted_key=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 404s + cat 404s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 404s Slot 0 has a free/uninitialized token. 404s The token has been initialized and is reassigned to slot 1509938968 404s + softhsm2-util --show-slots 404s Available slots: 404s Slot 1509938968 404s Slot info: 404s Description: SoftHSM slot ID 0x59ffd718 404s Manufacturer ID: SoftHSM project 404s Hardware version: 2.6 404s Firmware version: 2.6 404s Token present: yes 404s Token info: 404s Manufacturer ID: SoftHSM project 404s Model: SoftHSM v2 404s Hardware version: 2.6 404s Firmware version: 2.6 404s Serial number: 65201eecd9ffd718 404s Initialized: yes 404s User PIN init.: yes 404s Label: Test Organization Interme Token 404s Slot 1 404s Slot info: 404s Description: SoftHSM slot ID 0x1 404s Manufacturer ID: SoftHSM project 404s Hardware version: 2.6 404s Firmware version: 2.6 404s Token present: yes 404s Token info: 404s Manufacturer ID: SoftHSM project 404s Model: SoftHSM v2 404s Hardware version: 2.6 404s Firmware version: 2.6 404s Serial number: 404s Initialized: no 404s User PIN init.: no 404s Label: 404s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 404s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-14602 -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 404s writing RSA key 404s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 404s + rm /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 404s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 404s Object 0: 404s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=65201eecd9ffd718;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 404s Type: X.509 Certificate (RSA-1024) 404s Expires: Sat Jan 17 03:30:56 2026 404s Label: Test Organization Intermediate Trusted Certificate 0001 404s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 404s 404s Test Organization Interme Token 404s + echo 'Test Organization Interme Token' 404s + '[' -n '' ']' 404s + local output_base_name=SSSD-child-7953 404s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-7953.output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-7953.pem 404s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 404s [p11_child[2719]] [main] (0x0400): p11_child started. 404s [p11_child[2719]] [main] (0x2000): Running in [pre-auth] mode. 404s [p11_child[2719]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2719]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2719]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 404s [p11_child[2719]] [do_work] (0x0040): init_verification failed. 404s [p11_child[2719]] [main] (0x0020): p11_child failed (5) 404s + return 2 404s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /dev/null no_verification 404s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /dev/null no_verification 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local key_ring=/dev/null 404s + local verify_option=no_verification 404s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local key_cn 404s + local key_name 404s + local tokens_dir 404s + local output_cert_file 404s + token_name= 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem .pem 404s + key_name=test-intermediate-CA-trusted-certificate-0001 404s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s ++ sed -n 's/ *commonName *= //p' 404s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 404s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 404s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 404s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 404s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 404s Test Organization Interme Token 404s + token_name='Test Organization Interme Token' 404s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 404s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 404s + echo 'Test Organization Interme Token' 404s + '[' -n no_verification ']' 404s + local verify_arg=--verify=no_verification 404s + local output_base_name=SSSD-child-3191 404s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191.output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191.pem 404s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 404s [p11_child[2725]] [main] (0x0400): p11_child started. 404s [p11_child[2725]] [main] (0x2000): Running in [pre-auth] mode. 404s [p11_child[2725]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2725]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2725]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 404s [p11_child[2725]] [do_card] (0x4000): Module List: 404s [p11_child[2725]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2725]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2725]] [do_card] (0x4000): Description [SoftHSM slot ID 0x59ffd718] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2725]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 404s [p11_child[2725]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x59ffd718][1509938968] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2725]] [do_card] (0x4000): Login NOT required. 404s [p11_child[2725]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 404s [p11_child[2725]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 404s [p11_child[2725]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x59ffd718;slot-manufacturer=SoftHSM%20project;slot-id=1509938968;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=65201eecd9ffd718;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 404s [p11_child[2725]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191.output 404s + echo '-----BEGIN CERTIFICATE-----' 404s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191.output 404s + echo '-----END CERTIFICATE-----' 404s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191.pem 404s Certificate: 404s Data: 404s Version: 3 (0x2) 404s Serial Number: 4 (0x4) 404s Signature Algorithm: sha256WithRSAEncryption 404s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 404s Validity 404s Not Before: Jan 17 03:30:56 2025 GMT 404s Not After : Jan 17 03:30:56 2026 GMT 404s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 404s Subject Public Key Info: 404s Public Key Algorithm: rsaEncryption 404s Public-Key: (1024 bit) 404s Modulus: 404s 00:b6:ce:ec:c3:5c:9c:3c:b7:24:ef:6e:f5:f9:65: 404s b8:7f:c9:8f:ad:f5:24:3c:6e:5c:d1:43:47:ce:67: 404s b4:5d:bd:76:3c:2a:aa:b5:eb:59:f1:3b:15:43:83: 404s f1:4c:7c:33:2a:b6:ce:f3:81:a2:48:c4:76:b9:43: 404s 4e:16:9c:7c:f2:59:8c:fb:d2:d9:58:70:e3:da:74: 404s 96:df:e5:9b:0f:b0:de:41:61:0c:63:8b:1b:79:c2: 404s e5:43:55:59:fa:0b:0b:22:cc:dd:b8:33:a3:84:ce: 404s 48:0a:d9:9c:4b:5e:d6:f5:06:01:36:7a:17:26:92: 404s c0:15:e9:8f:43:8f:8b:3b:df 404s Exponent: 65537 (0x10001) 404s X509v3 extensions: 404s X509v3 Authority Key Identifier: 404s 80:5E:81:38:AC:F9:95:13:1D:38:4F:50:F3:C9:90:0F:AA:DD:DE:9D 404s X509v3 Basic Constraints: 404s CA:FALSE 404s Netscape Cert Type: 404s SSL Client, S/MIME 404s Netscape Comment: 404s Test Organization Intermediate CA trusted Certificate 404s X509v3 Subject Key Identifier: 404s 91:44:2A:64:63:0E:8D:D1:81:02:6C:5F:FC:F0:58:1C:6F:EB:AB:59 404s X509v3 Key Usage: critical 404s Digital Signature, Non Repudiation, Key Encipherment 404s X509v3 Extended Key Usage: 404s TLS Web Client Authentication, E-mail Protection 404s X509v3 Subject Alternative Name: 404s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 404s Signature Algorithm: sha256WithRSAEncryption 404s Signature Value: 404s 95:38:b5:f4:90:db:64:bc:bd:22:be:20:0f:88:eb:40:06:a8: 404s 01:b5:c2:61:83:79:ad:df:75:fb:cb:36:e2:77:99:cf:8d:bd: 404s f0:6a:34:26:74:7a:86:d4:66:b1:ec:fa:f0:2d:12:49:78:a9: 404s 6c:93:7e:4d:56:c1:cf:63:0b:47:8b:70:b5:dc:bb:08:dc:c0: 404s ab:2f:ad:eb:e3:87:d3:09:7d:27:8b:a3:86:49:c8:cc:04:1d: 404s c4:5e:5c:12:fb:f6:af:12:53:f4:19:37:69:6a:a6:56:b6:23: 404s c1:ea:88:c2:e9:da:92:ab:58:aa:0c:11:4d:3c:b7:cc:9f:74: 404s 31:51 404s + local found_md5 expected_md5 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + expected_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191.pem 404s + found_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 404s + '[' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF '!=' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF ']' 404s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191-auth.output 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191-auth.output .output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191-auth.pem 404s + echo -n 053350 404s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 404s [p11_child[2733]] [main] (0x0400): p11_child started. 404s [p11_child[2733]] [main] (0x2000): Running in [auth] mode. 404s [p11_child[2733]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2733]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2733]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 404s [p11_child[2733]] [do_card] (0x4000): Module List: 404s [p11_child[2733]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2733]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2733]] [do_card] (0x4000): Description [SoftHSM slot ID 0x59ffd718] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2733]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 404s [p11_child[2733]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x59ffd718][1509938968] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2733]] [do_card] (0x4000): Login required. 404s [p11_child[2733]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 404s [p11_child[2733]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 404s [p11_child[2733]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x59ffd718;slot-manufacturer=SoftHSM%20project;slot-id=1509938968;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=65201eecd9ffd718;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 404s [p11_child[2733]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 404s [p11_child[2733]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 404s [p11_child[2733]] [do_card] (0x4000): Certificate verified and validated. 404s [p11_child[2733]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191-auth.output 404s + echo '-----BEGIN CERTIFICATE-----' 404s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191-auth.output 404s + echo '-----END CERTIFICATE-----' 404s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191-auth.pem 404s Certificate: 404s Data: 404s Version: 3 (0x2) 404s Serial Number: 4 (0x4) 404s Signature Algorithm: sha256WithRSAEncryption 404s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 404s Validity 404s Not Before: Jan 17 03:30:56 2025 GMT 404s Not After : Jan 17 03:30:56 2026 GMT 404s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 404s Subject Public Key Info: 404s Public Key Algorithm: rsaEncryption 404s Public-Key: (1024 bit) 404s Modulus: 404s 00:b6:ce:ec:c3:5c:9c:3c:b7:24:ef:6e:f5:f9:65: 404s b8:7f:c9:8f:ad:f5:24:3c:6e:5c:d1:43:47:ce:67: 404s b4:5d:bd:76:3c:2a:aa:b5:eb:59:f1:3b:15:43:83: 404s f1:4c:7c:33:2a:b6:ce:f3:81:a2:48:c4:76:b9:43: 404s 4e:16:9c:7c:f2:59:8c:fb:d2:d9:58:70:e3:da:74: 404s 96:df:e5:9b:0f:b0:de:41:61:0c:63:8b:1b:79:c2: 404s e5:43:55:59:fa:0b:0b:22:cc:dd:b8:33:a3:84:ce: 404s 48:0a:d9:9c:4b:5e:d6:f5:06:01:36:7a:17:26:92: 404s c0:15:e9:8f:43:8f:8b:3b:df 404s Exponent: 65537 (0x10001) 404s X509v3 extensions: 404s X509v3 Authority Key Identifier: 404s 80:5E:81:38:AC:F9:95:13:1D:38:4F:50:F3:C9:90:0F:AA:DD:DE:9D 404s X509v3 Basic Constraints: 404s CA:FALSE 404s Netscape Cert Type: 404s SSL Client, S/MIME 404s Netscape Comment: 404s Test Organization Intermediate CA trusted Certificate 404s X509v3 Subject Key Identifier: 404s 91:44:2A:64:63:0E:8D:D1:81:02:6C:5F:FC:F0:58:1C:6F:EB:AB:59 404s X509v3 Key Usage: critical 404s Digital Signature, Non Repudiation, Key Encipherment 404s X509v3 Extended Key Usage: 404s TLS Web Client Authentication, E-mail Protection 404s X509v3 Subject Alternative Name: 404s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 404s Signature Algorithm: sha256WithRSAEncryption 404s Signature Value: 404s 95:38:b5:f4:90:db:64:bc:bd:22:be:20:0f:88:eb:40:06:a8: 404s 01:b5:c2:61:83:79:ad:df:75:fb:cb:36:e2:77:99:cf:8d:bd: 404s f0:6a:34:26:74:7a:86:d4:66:b1:ec:fa:f0:2d:12:49:78:a9: 404s 6c:93:7e:4d:56:c1:cf:63:0b:47:8b:70:b5:dc:bb:08:dc:c0: 404s ab:2f:ad:eb:e3:87:d3:09:7d:27:8b:a3:86:49:c8:cc:04:1d: 404s c4:5e:5c:12:fb:f6:af:12:53:f4:19:37:69:6a:a6:56:b6:23: 404s c1:ea:88:c2:e9:da:92:ab:58:aa:0c:11:4d:3c:b7:cc:9f:74: 404s 31:51 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-3191-auth.pem 404s + found_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 404s + '[' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF '!=' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF ']' 404s + invalid_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 404s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 404s + local verify_option= 404s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local key_cn 404s + local key_name 404s + local tokens_dir 404s + local output_cert_file 404s + token_name= 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem .pem 404s + key_name=test-intermediate-CA-trusted-certificate-0001 404s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s ++ sed -n 's/ *commonName *= //p' 404s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 404s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 404s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 404s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 404s Test Organization Interme Token 404s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 404s + token_name='Test Organization Interme Token' 404s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 404s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 404s + echo 'Test Organization Interme Token' 404s + '[' -n '' ']' 404s + local output_base_name=SSSD-child-22717 404s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-22717.output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-22717.pem 404s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 404s [p11_child[2743]] [main] (0x0400): p11_child started. 404s [p11_child[2743]] [main] (0x2000): Running in [pre-auth] mode. 404s [p11_child[2743]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2743]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2743]] [do_card] (0x4000): Module List: 404s [p11_child[2743]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2743]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2743]] [do_card] (0x4000): Description [SoftHSM slot ID 0x59ffd718] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2743]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 404s [p11_child[2743]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x59ffd718][1509938968] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2743]] [do_card] (0x4000): Login NOT required. 404s [p11_child[2743]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 404s [p11_child[2743]] [do_verification] (0x0040): X509_verify_cert failed [0]. 404s [p11_child[2743]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 404s [p11_child[2743]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 404s [p11_child[2743]] [do_card] (0x4000): No certificate found. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-22717.output 404s + return 2 404s + invalid_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem partial_chain 404s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem partial_chain 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 404s + local verify_option=partial_chain 404s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local key_cn 404s + local key_name 404s + local tokens_dir 404s + local output_cert_file 404s + token_name= 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem .pem 404s + key_name=test-intermediate-CA-trusted-certificate-0001 404s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s ++ sed -n 's/ *commonName *= //p' 404s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 404s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 404s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 404s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 404s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 404s + token_name='Test Organization Interme Token' 404s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 404s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 404s + echo 'Test Organization Interme Token' 404s Test Organization Interme Token 404s + '[' -n partial_chain ']' 404s + local verify_arg=--verify=partial_chain 404s + local output_base_name=SSSD-child-8862 404s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-8862.output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-8862.pem 404s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 404s [p11_child[2750]] [main] (0x0400): p11_child started. 404s [p11_child[2750]] [main] (0x2000): Running in [pre-auth] mode. 404s [p11_child[2750]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2750]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2750]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 404s [p11_child[2750]] [do_card] (0x4000): Module List: 404s [p11_child[2750]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2750]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2750]] [do_card] (0x4000): Description [SoftHSM slot ID 0x59ffd718] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2750]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 404s [p11_child[2750]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x59ffd718][1509938968] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2750]] [do_card] (0x4000): Login NOT required. 404s [p11_child[2750]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 404s [p11_child[2750]] [do_verification] (0x0040): X509_verify_cert failed [0]. 404s [p11_child[2750]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 404s [p11_child[2750]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 404s [p11_child[2750]] [do_card] (0x4000): No certificate found. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-8862.output 404s + return 2 404s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 404s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 404s + local verify_option= 404s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 404s + local key_cn 404s + local key_name 404s + local tokens_dir 404s + local output_cert_file 404s + token_name= 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem .pem 404s + key_name=test-intermediate-CA-trusted-certificate-0001 404s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s ++ sed -n 's/ *commonName *= //p' 404s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 404s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 404s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 404s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 404s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 404s + token_name='Test Organization Interme Token' 404s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 404s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 404s Test Organization Interme Token 404s + echo 'Test Organization Interme Token' 404s + '[' -n '' ']' 404s + local output_base_name=SSSD-child-19255 404s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255.output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255.pem 404s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 404s [p11_child[2757]] [main] (0x0400): p11_child started. 404s [p11_child[2757]] [main] (0x2000): Running in [pre-auth] mode. 404s [p11_child[2757]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2757]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2757]] [do_card] (0x4000): Module List: 404s [p11_child[2757]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2757]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2757]] [do_card] (0x4000): Description [SoftHSM slot ID 0x59ffd718] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2757]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 404s [p11_child[2757]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x59ffd718][1509938968] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2757]] [do_card] (0x4000): Login NOT required. 404s [p11_child[2757]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 404s [p11_child[2757]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 404s [p11_child[2757]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 404s [p11_child[2757]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x59ffd718;slot-manufacturer=SoftHSM%20project;slot-id=1509938968;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=65201eecd9ffd718;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 404s [p11_child[2757]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255.output 404s + echo '-----BEGIN CERTIFICATE-----' 404s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255.output 404s + echo '-----END CERTIFICATE-----' 404s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255.pem 404s Certificate: 404s Data: 404s Version: 3 (0x2) 404s Serial Number: 4 (0x4) 404s Signature Algorithm: sha256WithRSAEncryption 404s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 404s Validity 404s Not Before: Jan 17 03:30:56 2025 GMT 404s Not After : Jan 17 03:30:56 2026 GMT 404s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 404s Subject Public Key Info: 404s Public Key Algorithm: rsaEncryption 404s Public-Key: (1024 bit) 404s Modulus: 404s 00:b6:ce:ec:c3:5c:9c:3c:b7:24:ef:6e:f5:f9:65: 404s b8:7f:c9:8f:ad:f5:24:3c:6e:5c:d1:43:47:ce:67: 404s b4:5d:bd:76:3c:2a:aa:b5:eb:59:f1:3b:15:43:83: 404s f1:4c:7c:33:2a:b6:ce:f3:81:a2:48:c4:76:b9:43: 404s 4e:16:9c:7c:f2:59:8c:fb:d2:d9:58:70:e3:da:74: 404s 96:df:e5:9b:0f:b0:de:41:61:0c:63:8b:1b:79:c2: 404s e5:43:55:59:fa:0b:0b:22:cc:dd:b8:33:a3:84:ce: 404s 48:0a:d9:9c:4b:5e:d6:f5:06:01:36:7a:17:26:92: 404s c0:15:e9:8f:43:8f:8b:3b:df 404s Exponent: 65537 (0x10001) 404s X509v3 extensions: 404s X509v3 Authority Key Identifier: 404s 80:5E:81:38:AC:F9:95:13:1D:38:4F:50:F3:C9:90:0F:AA:DD:DE:9D 404s X509v3 Basic Constraints: 404s CA:FALSE 404s Netscape Cert Type: 404s SSL Client, S/MIME 404s Netscape Comment: 404s Test Organization Intermediate CA trusted Certificate 404s X509v3 Subject Key Identifier: 404s 91:44:2A:64:63:0E:8D:D1:81:02:6C:5F:FC:F0:58:1C:6F:EB:AB:59 404s X509v3 Key Usage: critical 404s Digital Signature, Non Repudiation, Key Encipherment 404s X509v3 Extended Key Usage: 404s TLS Web Client Authentication, E-mail Protection 404s X509v3 Subject Alternative Name: 404s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 404s Signature Algorithm: sha256WithRSAEncryption 404s Signature Value: 404s 95:38:b5:f4:90:db:64:bc:bd:22:be:20:0f:88:eb:40:06:a8: 404s 01:b5:c2:61:83:79:ad:df:75:fb:cb:36:e2:77:99:cf:8d:bd: 404s f0:6a:34:26:74:7a:86:d4:66:b1:ec:fa:f0:2d:12:49:78:a9: 404s 6c:93:7e:4d:56:c1:cf:63:0b:47:8b:70:b5:dc:bb:08:dc:c0: 404s ab:2f:ad:eb:e3:87:d3:09:7d:27:8b:a3:86:49:c8:cc:04:1d: 404s c4:5e:5c:12:fb:f6:af:12:53:f4:19:37:69:6a:a6:56:b6:23: 404s c1:ea:88:c2:e9:da:92:ab:58:aa:0c:11:4d:3c:b7:cc:9f:74: 404s 31:51 404s + local found_md5 expected_md5 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 404s + expected_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255.pem 404s + found_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 404s + '[' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF '!=' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF ']' 404s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255-auth.output 404s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255-auth.output .output 404s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255-auth.pem 404s + echo -n 053350 404s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 404s [p11_child[2765]] [main] (0x0400): p11_child started. 404s [p11_child[2765]] [main] (0x2000): Running in [auth] mode. 404s [p11_child[2765]] [main] (0x2000): Running with effective IDs: [0][0]. 404s [p11_child[2765]] [main] (0x2000): Running with real IDs [0][0]. 404s [p11_child[2765]] [do_card] (0x4000): Module List: 404s [p11_child[2765]] [do_card] (0x4000): common name: [softhsm2]. 404s [p11_child[2765]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2765]] [do_card] (0x4000): Description [SoftHSM slot ID 0x59ffd718] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 404s [p11_child[2765]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 404s [p11_child[2765]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x59ffd718][1509938968] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 404s [p11_child[2765]] [do_card] (0x4000): Login required. 404s [p11_child[2765]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 404s [p11_child[2765]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 404s [p11_child[2765]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 404s [p11_child[2765]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x59ffd718;slot-manufacturer=SoftHSM%20project;slot-id=1509938968;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=65201eecd9ffd718;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 404s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 404s [p11_child[2765]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 404s [p11_child[2765]] [do_card] (0x4000): Certificate verified and validated. 404s [p11_child[2765]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 404s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255-auth.output 404s + echo '-----BEGIN CERTIFICATE-----' 404s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255-auth.output 404s + echo '-----END CERTIFICATE-----' 404s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255-auth.pem 404s Certificate: 404s Data: 404s Version: 3 (0x2) 404s Serial Number: 4 (0x4) 404s Signature Algorithm: sha256WithRSAEncryption 404s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 404s Validity 404s Not Before: Jan 17 03:30:56 2025 GMT 404s Not After : Jan 17 03:30:56 2026 GMT 404s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 404s Subject Public Key Info: 404s Public Key Algorithm: rsaEncryption 404s Public-Key: (1024 bit) 404s Modulus: 404s 00:b6:ce:ec:c3:5c:9c:3c:b7:24:ef:6e:f5:f9:65: 404s b8:7f:c9:8f:ad:f5:24:3c:6e:5c:d1:43:47:ce:67: 404s b4:5d:bd:76:3c:2a:aa:b5:eb:59:f1:3b:15:43:83: 404s f1:4c:7c:33:2a:b6:ce:f3:81:a2:48:c4:76:b9:43: 404s 4e:16:9c:7c:f2:59:8c:fb:d2:d9:58:70:e3:da:74: 404s 96:df:e5:9b:0f:b0:de:41:61:0c:63:8b:1b:79:c2: 404s e5:43:55:59:fa:0b:0b:22:cc:dd:b8:33:a3:84:ce: 404s 48:0a:d9:9c:4b:5e:d6:f5:06:01:36:7a:17:26:92: 404s c0:15:e9:8f:43:8f:8b:3b:df 404s Exponent: 65537 (0x10001) 404s X509v3 extensions: 404s X509v3 Authority Key Identifier: 404s 80:5E:81:38:AC:F9:95:13:1D:38:4F:50:F3:C9:90:0F:AA:DD:DE:9D 404s X509v3 Basic Constraints: 404s CA:FALSE 404s Netscape Cert Type: 404s SSL Client, S/MIME 404s Netscape Comment: 404s Test Organization Intermediate CA trusted Certificate 404s X509v3 Subject Key Identifier: 404s 91:44:2A:64:63:0E:8D:D1:81:02:6C:5F:FC:F0:58:1C:6F:EB:AB:59 404s X509v3 Key Usage: critical 404s Digital Signature, Non Repudiation, Key Encipherment 404s X509v3 Extended Key Usage: 404s TLS Web Client Authentication, E-mail Protection 404s X509v3 Subject Alternative Name: 404s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 404s Signature Algorithm: sha256WithRSAEncryption 404s Signature Value: 404s 95:38:b5:f4:90:db:64:bc:bd:22:be:20:0f:88:eb:40:06:a8: 404s 01:b5:c2:61:83:79:ad:df:75:fb:cb:36:e2:77:99:cf:8d:bd: 404s f0:6a:34:26:74:7a:86:d4:66:b1:ec:fa:f0:2d:12:49:78:a9: 404s 6c:93:7e:4d:56:c1:cf:63:0b:47:8b:70:b5:dc:bb:08:dc:c0: 404s ab:2f:ad:eb:e3:87:d3:09:7d:27:8b:a3:86:49:c8:cc:04:1d: 404s c4:5e:5c:12:fb:f6:af:12:53:f4:19:37:69:6a:a6:56:b6:23: 404s c1:ea:88:c2:e9:da:92:ab:58:aa:0c:11:4d:3c:b7:cc:9f:74: 404s 31:51 404s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-19255-auth.pem 405s + found_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 405s + '[' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF '!=' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF ']' 405s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem partial_chain 405s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem partial_chain 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 405s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 405s + local verify_option=partial_chain 405s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 405s + local key_cn 405s + local key_name 405s + local tokens_dir 405s + local output_cert_file 405s + token_name= 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem .pem 405s + key_name=test-intermediate-CA-trusted-certificate-0001 405s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 405s ++ sed -n 's/ *commonName *= //p' 405s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 405s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 405s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 405s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 405s Test Organization Interme Token 405s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 405s + token_name='Test Organization Interme Token' 405s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 405s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 405s + echo 'Test Organization Interme Token' 405s + '[' -n partial_chain ']' 405s + local verify_arg=--verify=partial_chain 405s + local output_base_name=SSSD-child-14075 405s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075.output 405s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075.pem 405s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 405s [p11_child[2775]] [main] (0x0400): p11_child started. 405s [p11_child[2775]] [main] (0x2000): Running in [pre-auth] mode. 405s [p11_child[2775]] [main] (0x2000): Running with effective IDs: [0][0]. 405s [p11_child[2775]] [main] (0x2000): Running with real IDs [0][0]. 405s [p11_child[2775]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 405s [p11_child[2775]] [do_card] (0x4000): Module List: 405s [p11_child[2775]] [do_card] (0x4000): common name: [softhsm2]. 405s [p11_child[2775]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2775]] [do_card] (0x4000): Description [SoftHSM slot ID 0x59ffd718] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 405s [p11_child[2775]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 405s [p11_child[2775]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x59ffd718][1509938968] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2775]] [do_card] (0x4000): Login NOT required. 405s [p11_child[2775]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 405s [p11_child[2775]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 405s [p11_child[2775]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 405s [p11_child[2775]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x59ffd718;slot-manufacturer=SoftHSM%20project;slot-id=1509938968;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=65201eecd9ffd718;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 405s [p11_child[2775]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 405s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075.output 405s + echo '-----BEGIN CERTIFICATE-----' 405s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075.output 405s + echo '-----END CERTIFICATE-----' 405s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075.pem 405s Certificate: 405s Data: 405s Version: 3 (0x2) 405s Serial Number: 4 (0x4) 405s Signature Algorithm: sha256WithRSAEncryption 405s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 405s Validity 405s Not Before: Jan 17 03:30:56 2025 GMT 405s Not After : Jan 17 03:30:56 2026 GMT 405s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 405s Subject Public Key Info: 405s Public Key Algorithm: rsaEncryption 405s Public-Key: (1024 bit) 405s Modulus: 405s 00:b6:ce:ec:c3:5c:9c:3c:b7:24:ef:6e:f5:f9:65: 405s b8:7f:c9:8f:ad:f5:24:3c:6e:5c:d1:43:47:ce:67: 405s b4:5d:bd:76:3c:2a:aa:b5:eb:59:f1:3b:15:43:83: 405s f1:4c:7c:33:2a:b6:ce:f3:81:a2:48:c4:76:b9:43: 405s 4e:16:9c:7c:f2:59:8c:fb:d2:d9:58:70:e3:da:74: 405s 96:df:e5:9b:0f:b0:de:41:61:0c:63:8b:1b:79:c2: 405s e5:43:55:59:fa:0b:0b:22:cc:dd:b8:33:a3:84:ce: 405s 48:0a:d9:9c:4b:5e:d6:f5:06:01:36:7a:17:26:92: 405s c0:15:e9:8f:43:8f:8b:3b:df 405s Exponent: 65537 (0x10001) 405s X509v3 extensions: 405s X509v3 Authority Key Identifier: 405s 80:5E:81:38:AC:F9:95:13:1D:38:4F:50:F3:C9:90:0F:AA:DD:DE:9D 405s X509v3 Basic Constraints: 405s CA:FALSE 405s Netscape Cert Type: 405s SSL Client, S/MIME 405s Netscape Comment: 405s Test Organization Intermediate CA trusted Certificate 405s X509v3 Subject Key Identifier: 405s 91:44:2A:64:63:0E:8D:D1:81:02:6C:5F:FC:F0:58:1C:6F:EB:AB:59 405s X509v3 Key Usage: critical 405s Digital Signature, Non Repudiation, Key Encipherment 405s X509v3 Extended Key Usage: 405s TLS Web Client Authentication, E-mail Protection 405s X509v3 Subject Alternative Name: 405s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 405s Signature Algorithm: sha256WithRSAEncryption 405s Signature Value: 405s 95:38:b5:f4:90:db:64:bc:bd:22:be:20:0f:88:eb:40:06:a8: 405s 01:b5:c2:61:83:79:ad:df:75:fb:cb:36:e2:77:99:cf:8d:bd: 405s f0:6a:34:26:74:7a:86:d4:66:b1:ec:fa:f0:2d:12:49:78:a9: 405s 6c:93:7e:4d:56:c1:cf:63:0b:47:8b:70:b5:dc:bb:08:dc:c0: 405s ab:2f:ad:eb:e3:87:d3:09:7d:27:8b:a3:86:49:c8:cc:04:1d: 405s c4:5e:5c:12:fb:f6:af:12:53:f4:19:37:69:6a:a6:56:b6:23: 405s c1:ea:88:c2:e9:da:92:ab:58:aa:0c:11:4d:3c:b7:cc:9f:74: 405s 31:51 405s + local found_md5 expected_md5 405s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 405s + expected_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 405s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075.pem 405s + found_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 405s + '[' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF '!=' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF ']' 405s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075-auth.output 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075-auth.output .output 405s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075-auth.pem 405s + echo -n 053350 405s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 405s [p11_child[2783]] [main] (0x0400): p11_child started. 405s [p11_child[2783]] [main] (0x2000): Running in [auth] mode. 405s [p11_child[2783]] [main] (0x2000): Running with effective IDs: [0][0]. 405s [p11_child[2783]] [main] (0x2000): Running with real IDs [0][0]. 405s [p11_child[2783]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 405s [p11_child[2783]] [do_card] (0x4000): Module List: 405s [p11_child[2783]] [do_card] (0x4000): common name: [softhsm2]. 405s [p11_child[2783]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2783]] [do_card] (0x4000): Description [SoftHSM slot ID 0x59ffd718] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 405s [p11_child[2783]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 405s [p11_child[2783]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x59ffd718][1509938968] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2783]] [do_card] (0x4000): Login required. 405s [p11_child[2783]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 405s [p11_child[2783]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 405s [p11_child[2783]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 405s [p11_child[2783]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x59ffd718;slot-manufacturer=SoftHSM%20project;slot-id=1509938968;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=65201eecd9ffd718;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 405s [p11_child[2783]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 405s [p11_child[2783]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 405s [p11_child[2783]] [do_card] (0x4000): Certificate verified and validated. 405s [p11_child[2783]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 405s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075-auth.output 405s + echo '-----BEGIN CERTIFICATE-----' 405s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075-auth.output 405s + echo '-----END CERTIFICATE-----' 405s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075-auth.pem 405s Certificate: 405s Data: 405s Version: 3 (0x2) 405s Serial Number: 4 (0x4) 405s Signature Algorithm: sha256WithRSAEncryption 405s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 405s Validity 405s Not Before: Jan 17 03:30:56 2025 GMT 405s Not After : Jan 17 03:30:56 2026 GMT 405s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 405s Subject Public Key Info: 405s Public Key Algorithm: rsaEncryption 405s Public-Key: (1024 bit) 405s Modulus: 405s 00:b6:ce:ec:c3:5c:9c:3c:b7:24:ef:6e:f5:f9:65: 405s b8:7f:c9:8f:ad:f5:24:3c:6e:5c:d1:43:47:ce:67: 405s b4:5d:bd:76:3c:2a:aa:b5:eb:59:f1:3b:15:43:83: 405s f1:4c:7c:33:2a:b6:ce:f3:81:a2:48:c4:76:b9:43: 405s 4e:16:9c:7c:f2:59:8c:fb:d2:d9:58:70:e3:da:74: 405s 96:df:e5:9b:0f:b0:de:41:61:0c:63:8b:1b:79:c2: 405s e5:43:55:59:fa:0b:0b:22:cc:dd:b8:33:a3:84:ce: 405s 48:0a:d9:9c:4b:5e:d6:f5:06:01:36:7a:17:26:92: 405s c0:15:e9:8f:43:8f:8b:3b:df 405s Exponent: 65537 (0x10001) 405s X509v3 extensions: 405s X509v3 Authority Key Identifier: 405s 80:5E:81:38:AC:F9:95:13:1D:38:4F:50:F3:C9:90:0F:AA:DD:DE:9D 405s X509v3 Basic Constraints: 405s CA:FALSE 405s Netscape Cert Type: 405s SSL Client, S/MIME 405s Netscape Comment: 405s Test Organization Intermediate CA trusted Certificate 405s X509v3 Subject Key Identifier: 405s 91:44:2A:64:63:0E:8D:D1:81:02:6C:5F:FC:F0:58:1C:6F:EB:AB:59 405s X509v3 Key Usage: critical 405s Digital Signature, Non Repudiation, Key Encipherment 405s X509v3 Extended Key Usage: 405s TLS Web Client Authentication, E-mail Protection 405s X509v3 Subject Alternative Name: 405s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 405s Signature Algorithm: sha256WithRSAEncryption 405s Signature Value: 405s 95:38:b5:f4:90:db:64:bc:bd:22:be:20:0f:88:eb:40:06:a8: 405s 01:b5:c2:61:83:79:ad:df:75:fb:cb:36:e2:77:99:cf:8d:bd: 405s f0:6a:34:26:74:7a:86:d4:66:b1:ec:fa:f0:2d:12:49:78:a9: 405s 6c:93:7e:4d:56:c1:cf:63:0b:47:8b:70:b5:dc:bb:08:dc:c0: 405s ab:2f:ad:eb:e3:87:d3:09:7d:27:8b:a3:86:49:c8:cc:04:1d: 405s c4:5e:5c:12:fb:f6:af:12:53:f4:19:37:69:6a:a6:56:b6:23: 405s c1:ea:88:c2:e9:da:92:ab:58:aa:0c:11:4d:3c:b7:cc:9f:74: 405s 31:51 405s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-14075-auth.pem 405s + found_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 405s + '[' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF '!=' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF ']' 405s + invalid_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 405s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 405s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 405s + local verify_option= 405s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 405s + local key_cn 405s + local key_name 405s + local tokens_dir 405s + local output_cert_file 405s + token_name= 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem .pem 405s + key_name=test-intermediate-CA-trusted-certificate-0001 405s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 405s ++ sed -n 's/ *commonName *= //p' 405s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 405s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 405s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 405s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 405s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 405s + token_name='Test Organization Interme Token' 405s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 405s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 405s + echo 'Test Organization Interme Token' 405s Test Organization Interme Token 405s + '[' -n '' ']' 405s + local output_base_name=SSSD-child-14687 405s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-14687.output 405s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-14687.pem 405s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 405s [p11_child[2793]] [main] (0x0400): p11_child started. 405s [p11_child[2793]] [main] (0x2000): Running in [pre-auth] mode. 405s [p11_child[2793]] [main] (0x2000): Running with effective IDs: [0][0]. 405s [p11_child[2793]] [main] (0x2000): Running with real IDs [0][0]. 405s [p11_child[2793]] [do_card] (0x4000): Module List: 405s [p11_child[2793]] [do_card] (0x4000): common name: [softhsm2]. 405s [p11_child[2793]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2793]] [do_card] (0x4000): Description [SoftHSM slot ID 0x59ffd718] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 405s [p11_child[2793]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 405s [p11_child[2793]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x59ffd718][1509938968] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2793]] [do_card] (0x4000): Login NOT required. 405s [p11_child[2793]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 405s [p11_child[2793]] [do_verification] (0x0040): X509_verify_cert failed [0]. 405s [p11_child[2793]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 405s [p11_child[2793]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 405s [p11_child[2793]] [do_card] (0x4000): No certificate found. 405s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-14687.output 405s + return 2 405s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem partial_chain 405s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem partial_chain 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 405s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 405s + local verify_option=partial_chain 405s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14602 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14602 405s + local key_cn 405s + local key_name 405s + local tokens_dir 405s + local output_cert_file 405s + token_name= 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem .pem 405s + key_name=test-intermediate-CA-trusted-certificate-0001 405s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 405s ++ sed -n 's/ *commonName *= //p' 405s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 405s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 405s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 405s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 405s Test Organization Interme Token 405s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 405s + token_name='Test Organization Interme Token' 405s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 405s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 405s + echo 'Test Organization Interme Token' 405s + '[' -n partial_chain ']' 405s + local verify_arg=--verify=partial_chain 405s + local output_base_name=SSSD-child-24434 405s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434.output 405s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434.pem 405s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem 405s [p11_child[2800]] [main] (0x0400): p11_child started. 405s [p11_child[2800]] [main] (0x2000): Running in [pre-auth] mode. 405s [p11_child[2800]] [main] (0x2000): Running with effective IDs: [0][0]. 405s [p11_child[2800]] [main] (0x2000): Running with real IDs [0][0]. 405s [p11_child[2800]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 405s [p11_child[2800]] [do_card] (0x4000): Module List: 405s [p11_child[2800]] [do_card] (0x4000): common name: [softhsm2]. 405s [p11_child[2800]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2800]] [do_card] (0x4000): Description [SoftHSM slot ID 0x59ffd718] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 405s [p11_child[2800]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 405s [p11_child[2800]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x59ffd718][1509938968] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2800]] [do_card] (0x4000): Login NOT required. 405s [p11_child[2800]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 405s [p11_child[2800]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 405s [p11_child[2800]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 405s [p11_child[2800]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x59ffd718;slot-manufacturer=SoftHSM%20project;slot-id=1509938968;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=65201eecd9ffd718;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 405s [p11_child[2800]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 405s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434.output 405s + echo '-----BEGIN CERTIFICATE-----' 405s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434.output 405s + echo '-----END CERTIFICATE-----' 405s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434.pem 405s Certificate: 405s Data: 405s Version: 3 (0x2) 405s Serial Number: 4 (0x4) 405s Signature Algorithm: sha256WithRSAEncryption 405s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 405s Validity 405s Not Before: Jan 17 03:30:56 2025 GMT 405s Not After : Jan 17 03:30:56 2026 GMT 405s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 405s Subject Public Key Info: 405s Public Key Algorithm: rsaEncryption 405s Public-Key: (1024 bit) 405s Modulus: 405s 00:b6:ce:ec:c3:5c:9c:3c:b7:24:ef:6e:f5:f9:65: 405s b8:7f:c9:8f:ad:f5:24:3c:6e:5c:d1:43:47:ce:67: 405s b4:5d:bd:76:3c:2a:aa:b5:eb:59:f1:3b:15:43:83: 405s f1:4c:7c:33:2a:b6:ce:f3:81:a2:48:c4:76:b9:43: 405s 4e:16:9c:7c:f2:59:8c:fb:d2:d9:58:70:e3:da:74: 405s 96:df:e5:9b:0f:b0:de:41:61:0c:63:8b:1b:79:c2: 405s e5:43:55:59:fa:0b:0b:22:cc:dd:b8:33:a3:84:ce: 405s 48:0a:d9:9c:4b:5e:d6:f5:06:01:36:7a:17:26:92: 405s c0:15:e9:8f:43:8f:8b:3b:df 405s Exponent: 65537 (0x10001) 405s X509v3 extensions: 405s X509v3 Authority Key Identifier: 405s 80:5E:81:38:AC:F9:95:13:1D:38:4F:50:F3:C9:90:0F:AA:DD:DE:9D 405s X509v3 Basic Constraints: 405s CA:FALSE 405s Netscape Cert Type: 405s SSL Client, S/MIME 405s Netscape Comment: 405s Test Organization Intermediate CA trusted Certificate 405s X509v3 Subject Key Identifier: 405s 91:44:2A:64:63:0E:8D:D1:81:02:6C:5F:FC:F0:58:1C:6F:EB:AB:59 405s X509v3 Key Usage: critical 405s Digital Signature, Non Repudiation, Key Encipherment 405s X509v3 Extended Key Usage: 405s TLS Web Client Authentication, E-mail Protection 405s X509v3 Subject Alternative Name: 405s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 405s Signature Algorithm: sha256WithRSAEncryption 405s Signature Value: 405s 95:38:b5:f4:90:db:64:bc:bd:22:be:20:0f:88:eb:40:06:a8: 405s 01:b5:c2:61:83:79:ad:df:75:fb:cb:36:e2:77:99:cf:8d:bd: 405s f0:6a:34:26:74:7a:86:d4:66:b1:ec:fa:f0:2d:12:49:78:a9: 405s 6c:93:7e:4d:56:c1:cf:63:0b:47:8b:70:b5:dc:bb:08:dc:c0: 405s ab:2f:ad:eb:e3:87:d3:09:7d:27:8b:a3:86:49:c8:cc:04:1d: 405s c4:5e:5c:12:fb:f6:af:12:53:f4:19:37:69:6a:a6:56:b6:23: 405s c1:ea:88:c2:e9:da:92:ab:58:aa:0c:11:4d:3c:b7:cc:9f:74: 405s 31:51 405s + local found_md5 expected_md5 405s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA-trusted-certificate-0001.pem 405s + expected_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 405s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434.pem 405s + found_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 405s + '[' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF '!=' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF ']' 405s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434-auth.output 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434-auth.output .output 405s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434-auth.pem 405s + echo -n 053350 405s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 405s [p11_child[2808]] [main] (0x0400): p11_child started. 405s [p11_child[2808]] [main] (0x2000): Running in [auth] mode. 405s [p11_child[2808]] [main] (0x2000): Running with effective IDs: [0][0]. 405s [p11_child[2808]] [main] (0x2000): Running with real IDs [0][0]. 405s [p11_child[2808]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 405s [p11_child[2808]] [do_card] (0x4000): Module List: 405s [p11_child[2808]] [do_card] (0x4000): common name: [softhsm2]. 405s [p11_child[2808]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2808]] [do_card] (0x4000): Description [SoftHSM slot ID 0x59ffd718] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 405s [p11_child[2808]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 405s [p11_child[2808]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x59ffd718][1509938968] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2808]] [do_card] (0x4000): Login required. 405s [p11_child[2808]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 405s [p11_child[2808]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 405s [p11_child[2808]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 405s [p11_child[2808]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x59ffd718;slot-manufacturer=SoftHSM%20project;slot-id=1509938968;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=65201eecd9ffd718;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 405s [p11_child[2808]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 405s [p11_child[2808]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 405s [p11_child[2808]] [do_card] (0x4000): Certificate verified and validated. 405s [p11_child[2808]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 405s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434-auth.output 405s + echo '-----BEGIN CERTIFICATE-----' 405s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434-auth.output 405s + echo '-----END CERTIFICATE-----' 405s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434-auth.pem 405s Certificate: 405s Data: 405s Version: 3 (0x2) 405s Serial Number: 4 (0x4) 405s Signature Algorithm: sha256WithRSAEncryption 405s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 405s Validity 405s Not Before: Jan 17 03:30:56 2025 GMT 405s Not After : Jan 17 03:30:56 2026 GMT 405s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 405s Subject Public Key Info: 405s Public Key Algorithm: rsaEncryption 405s Public-Key: (1024 bit) 405s Modulus: 405s 00:b6:ce:ec:c3:5c:9c:3c:b7:24:ef:6e:f5:f9:65: 405s b8:7f:c9:8f:ad:f5:24:3c:6e:5c:d1:43:47:ce:67: 405s b4:5d:bd:76:3c:2a:aa:b5:eb:59:f1:3b:15:43:83: 405s f1:4c:7c:33:2a:b6:ce:f3:81:a2:48:c4:76:b9:43: 405s 4e:16:9c:7c:f2:59:8c:fb:d2:d9:58:70:e3:da:74: 405s 96:df:e5:9b:0f:b0:de:41:61:0c:63:8b:1b:79:c2: 405s e5:43:55:59:fa:0b:0b:22:cc:dd:b8:33:a3:84:ce: 405s 48:0a:d9:9c:4b:5e:d6:f5:06:01:36:7a:17:26:92: 405s c0:15:e9:8f:43:8f:8b:3b:df 405s Exponent: 65537 (0x10001) 405s X509v3 extensions: 405s X509v3 Authority Key Identifier: 405s 80:5E:81:38:AC:F9:95:13:1D:38:4F:50:F3:C9:90:0F:AA:DD:DE:9D 405s X509v3 Basic Constraints: 405s CA:FALSE 405s Netscape Cert Type: 405s SSL Client, S/MIME 405s Netscape Comment: 405s Test Organization Intermediate CA trusted Certificate 405s X509v3 Subject Key Identifier: 405s 91:44:2A:64:63:0E:8D:D1:81:02:6C:5F:FC:F0:58:1C:6F:EB:AB:59 405s X509v3 Key Usage: critical 405s Digital Signature, Non Repudiation, Key Encipherment 405s X509v3 Extended Key Usage: 405s TLS Web Client Authentication, E-mail Protection 405s X509v3 Subject Alternative Name: 405s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 405s Signature Algorithm: sha256WithRSAEncryption 405s Signature Value: 405s 95:38:b5:f4:90:db:64:bc:bd:22:be:20:0f:88:eb:40:06:a8: 405s 01:b5:c2:61:83:79:ad:df:75:fb:cb:36:e2:77:99:cf:8d:bd: 405s f0:6a:34:26:74:7a:86:d4:66:b1:ec:fa:f0:2d:12:49:78:a9: 405s 6c:93:7e:4d:56:c1:cf:63:0b:47:8b:70:b5:dc:bb:08:dc:c0: 405s ab:2f:ad:eb:e3:87:d3:09:7d:27:8b:a3:86:49:c8:cc:04:1d: 405s c4:5e:5c:12:fb:f6:af:12:53:f4:19:37:69:6a:a6:56:b6:23: 405s c1:ea:88:c2:e9:da:92:ab:58:aa:0c:11:4d:3c:b7:cc:9f:74: 405s 31:51 405s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-24434-auth.pem 405s + found_md5=Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF 405s + '[' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF '!=' Modulus=B6CEECC35C9C3CB724EF6EF5F965B87FC98FADF5243C6E5CD14347CE67B45DBD763C2AAAB5EB59F13B154383F14C7C332AB6CEF381A248C476B9434E169C7CF2598CFBD2D95870E3DA7496DFE59B0FB0DE41610C638B1B79C2E5435559FA0B0B22CCDDB833A384CE480AD99C4B5ED6F50601367A172692C015E98F438F8B3BDF ']' 405s + invalid_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 405s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 405s + local verify_option= 405s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local key_cn 405s + local key_name 405s + local tokens_dir 405s + local output_cert_file 405s + token_name= 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 405s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 405s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s ++ sed -n 's/ *commonName *= //p' 405s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 405s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 405s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 405s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 405s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 405s + token_name='Test Organization Sub Int Token' 405s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 405s + local key_file 405s + local decrypted_key 405s + mkdir -p /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 405s + key_file=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 405s + decrypted_key=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 405s + cat 405s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 405s Slot 0 has a free/uninitialized token. 405s The token has been initialized and is reassigned to slot 645155074 405s Available slots: 405s Slot 645155074 405s Slot info: 405s Description: SoftHSM slot ID 0x26744902 405s Manufacturer ID: SoftHSM project 405s Hardware version: 2.6 405s Firmware version: 2.6 405s Token present: yes 405s Token info: 405s Manufacturer ID: SoftHSM project 405s Model: SoftHSM v2 405s Hardware version: 2.6 405s Firmware version: 2.6 405s Serial number: 63358872a6744902 405s Initialized: yes 405s User PIN init.: yes 405s Label: Test Organization Sub Int Token 405s Slot 1 405s Slot info: 405s Description: SoftHSM slot ID 0x1 405s Manufacturer ID: SoftHSM project 405s Hardware version: 2.6 405s Firmware version: 2.6 405s Token present: yes 405s Token info: 405s Manufacturer ID: SoftHSM project 405s Model: SoftHSM v2 405s Hardware version: 2.6 405s Firmware version: 2.6 405s Serial number: 405s Initialized: no 405s User PIN init.: no 405s Label: 405s + softhsm2-util --show-slots 405s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 405s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-31572 -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 405s writing RSA key 405s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 405s + rm /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 405s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 405s Object 0: 405s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=63358872a6744902;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 405s Type: X.509 Certificate (RSA-1024) 405s Expires: Sat Jan 17 03:30:56 2026 405s Label: Test Organization Sub Intermediate Trusted Certificate 0001 405s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 405s 405s + echo 'Test Organization Sub Int Token' 405s + '[' -n '' ']' 405s + local output_base_name=SSSD-child-11190 405s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-11190.output 405s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-11190.pem 405s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 405s Test Organization Sub Int Token 405s [p11_child[2827]] [main] (0x0400): p11_child started. 405s [p11_child[2827]] [main] (0x2000): Running in [pre-auth] mode. 405s [p11_child[2827]] [main] (0x2000): Running with effective IDs: [0][0]. 405s [p11_child[2827]] [main] (0x2000): Running with real IDs [0][0]. 405s [p11_child[2827]] [do_card] (0x4000): Module List: 405s [p11_child[2827]] [do_card] (0x4000): common name: [softhsm2]. 405s [p11_child[2827]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2827]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 405s [p11_child[2827]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 405s [p11_child[2827]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2827]] [do_card] (0x4000): Login NOT required. 405s [p11_child[2827]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 405s [p11_child[2827]] [do_verification] (0x0040): X509_verify_cert failed [0]. 405s [p11_child[2827]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 405s [p11_child[2827]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 405s [p11_child[2827]] [do_card] (0x4000): No certificate found. 405s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-11190.output 405s + return 2 405s + invalid_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem partial_chain 405s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem partial_chain 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 405s + local verify_option=partial_chain 405s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local key_cn 405s + local key_name 405s + local tokens_dir 405s + local output_cert_file 405s + token_name= 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 405s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 405s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s ++ sed -n 's/ *commonName *= //p' 405s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 405s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 405s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 405s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 405s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 405s + token_name='Test Organization Sub Int Token' 405s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 405s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 405s + echo 'Test Organization Sub Int Token' 405s Test Organization Sub Int Token 405s + '[' -n partial_chain ']' 405s + local verify_arg=--verify=partial_chain 405s + local output_base_name=SSSD-child-3956 405s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-3956.output 405s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-3956.pem 405s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-root-CA.pem 405s [p11_child[2834]] [main] (0x0400): p11_child started. 405s [p11_child[2834]] [main] (0x2000): Running in [pre-auth] mode. 405s [p11_child[2834]] [main] (0x2000): Running with effective IDs: [0][0]. 405s [p11_child[2834]] [main] (0x2000): Running with real IDs [0][0]. 405s [p11_child[2834]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 405s [p11_child[2834]] [do_card] (0x4000): Module List: 405s [p11_child[2834]] [do_card] (0x4000): common name: [softhsm2]. 405s [p11_child[2834]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2834]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 405s [p11_child[2834]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 405s [p11_child[2834]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2834]] [do_card] (0x4000): Login NOT required. 405s [p11_child[2834]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 405s [p11_child[2834]] [do_verification] (0x0040): X509_verify_cert failed [0]. 405s [p11_child[2834]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 405s [p11_child[2834]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 405s [p11_child[2834]] [do_card] (0x4000): No certificate found. 405s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-3956.output 405s + return 2 405s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 405s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 405s + local verify_option= 405s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local key_cn 405s + local key_name 405s + local tokens_dir 405s + local output_cert_file 405s + token_name= 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 405s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 405s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s ++ sed -n 's/ *commonName *= //p' 405s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 405s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 405s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 405s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 405s Test Organization Sub Int Token 405s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 405s + token_name='Test Organization Sub Int Token' 405s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 405s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 405s + echo 'Test Organization Sub Int Token' 405s + '[' -n '' ']' 405s + local output_base_name=SSSD-child-5240 405s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240.output 405s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240.pem 405s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 405s [p11_child[2841]] [main] (0x0400): p11_child started. 405s [p11_child[2841]] [main] (0x2000): Running in [pre-auth] mode. 405s [p11_child[2841]] [main] (0x2000): Running with effective IDs: [0][0]. 405s [p11_child[2841]] [main] (0x2000): Running with real IDs [0][0]. 405s [p11_child[2841]] [do_card] (0x4000): Module List: 405s [p11_child[2841]] [do_card] (0x4000): common name: [softhsm2]. 405s [p11_child[2841]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2841]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 405s [p11_child[2841]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 405s [p11_child[2841]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2841]] [do_card] (0x4000): Login NOT required. 405s [p11_child[2841]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 405s [p11_child[2841]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 405s [p11_child[2841]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 405s [p11_child[2841]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x26744902;slot-manufacturer=SoftHSM%20project;slot-id=645155074;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=63358872a6744902;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 405s [p11_child[2841]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 405s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240.output 405s + echo '-----BEGIN CERTIFICATE-----' 405s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240.output 405s + echo '-----END CERTIFICATE-----' 405s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240.pem 405s Certificate: 405s Data: 405s Version: 3 (0x2) 405s Serial Number: 5 (0x5) 405s Signature Algorithm: sha256WithRSAEncryption 405s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 405s Validity 405s Not Before: Jan 17 03:30:56 2025 GMT 405s Not After : Jan 17 03:30:56 2026 GMT 405s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 405s Subject Public Key Info: 405s Public Key Algorithm: rsaEncryption 405s Public-Key: (1024 bit) 405s Modulus: 405s 00:e3:10:55:a8:5d:d7:a6:7b:e2:75:85:a6:9d:19: 405s aa:b5:ed:18:68:14:69:ba:27:55:9a:ee:e1:f5:19: 405s b3:ae:e0:7b:19:79:6f:ae:d8:fa:65:5f:01:f9:d1: 405s 0b:75:06:86:fc:32:01:95:e3:fe:82:03:14:b1:95: 405s d7:5d:04:c4:80:d3:71:7a:53:2f:ca:a1:10:a7:57: 405s 3e:9a:9a:31:d7:7f:37:5c:aa:0e:cb:22:d8:93:39: 405s e6:03:a4:c8:11:db:eb:cf:b9:de:22:6a:2c:92:bc: 405s 15:e3:01:7e:91:0d:a7:d1:15:18:27:ab:02:d6:2f: 405s 4e:ae:6b:ca:b3:61:f8:36:f9 405s Exponent: 65537 (0x10001) 405s X509v3 extensions: 405s X509v3 Authority Key Identifier: 405s A9:7A:1B:9D:60:12:3C:77:E5:81:CE:7C:91:51:B8:51:89:60:99:1C 405s X509v3 Basic Constraints: 405s CA:FALSE 405s Netscape Cert Type: 405s SSL Client, S/MIME 405s Netscape Comment: 405s Test Organization Sub Intermediate CA trusted Certificate 405s X509v3 Subject Key Identifier: 405s 77:59:14:CC:C2:F3:A8:32:2B:B3:EC:C7:EE:FD:5C:82:DE:C5:B3:DF 405s X509v3 Key Usage: critical 405s Digital Signature, Non Repudiation, Key Encipherment 405s X509v3 Extended Key Usage: 405s TLS Web Client Authentication, E-mail Protection 405s X509v3 Subject Alternative Name: 405s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 405s Signature Algorithm: sha256WithRSAEncryption 405s Signature Value: 405s 65:47:08:1c:7c:bb:50:7d:9b:6d:b3:f1:be:34:73:17:5c:42: 405s 81:b0:9b:13:72:6f:ee:e7:3b:24:a6:05:3a:49:2b:63:ee:ef: 405s 2c:b2:fa:be:ef:fd:72:de:b7:58:19:67:0e:4f:df:60:b9:17: 405s cb:1f:7c:85:c4:4c:3c:83:e8:3a:ff:d9:f7:a2:0d:cd:c2:ba: 405s 63:f5:15:fe:e5:9d:a1:83:03:06:1e:e4:99:3e:ab:94:c3:0e: 405s bc:3a:1d:75:ee:c0:e5:2b:e7:9f:95:44:e4:e5:9a:7d:86:72: 405s f7:ad:94:bd:7c:88:06:76:d5:c9:9f:9a:c2:00:05:5b:d6:29: 405s 22:22 405s + local found_md5 expected_md5 405s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s + expected_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 405s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240.pem 405s + found_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 405s + '[' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 '!=' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 ']' 405s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240-auth.output 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240-auth.output .output 405s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240-auth.pem 405s + echo -n 053350 405s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 405s [p11_child[2849]] [main] (0x0400): p11_child started. 405s [p11_child[2849]] [main] (0x2000): Running in [auth] mode. 405s [p11_child[2849]] [main] (0x2000): Running with effective IDs: [0][0]. 405s [p11_child[2849]] [main] (0x2000): Running with real IDs [0][0]. 405s [p11_child[2849]] [do_card] (0x4000): Module List: 405s [p11_child[2849]] [do_card] (0x4000): common name: [softhsm2]. 405s [p11_child[2849]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2849]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 405s [p11_child[2849]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 405s [p11_child[2849]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2849]] [do_card] (0x4000): Login required. 405s [p11_child[2849]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 405s [p11_child[2849]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 405s [p11_child[2849]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 405s [p11_child[2849]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x26744902;slot-manufacturer=SoftHSM%20project;slot-id=645155074;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=63358872a6744902;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 405s [p11_child[2849]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 405s [p11_child[2849]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 405s [p11_child[2849]] [do_card] (0x4000): Certificate verified and validated. 405s [p11_child[2849]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 405s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240-auth.output 405s + echo '-----BEGIN CERTIFICATE-----' 405s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240-auth.output 405s + echo '-----END CERTIFICATE-----' 405s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240-auth.pem 405s Certificate: 405s Data: 405s Version: 3 (0x2) 405s Serial Number: 5 (0x5) 405s Signature Algorithm: sha256WithRSAEncryption 405s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 405s Validity 405s Not Before: Jan 17 03:30:56 2025 GMT 405s Not After : Jan 17 03:30:56 2026 GMT 405s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 405s Subject Public Key Info: 405s Public Key Algorithm: rsaEncryption 405s Public-Key: (1024 bit) 405s Modulus: 405s 00:e3:10:55:a8:5d:d7:a6:7b:e2:75:85:a6:9d:19: 405s aa:b5:ed:18:68:14:69:ba:27:55:9a:ee:e1:f5:19: 405s b3:ae:e0:7b:19:79:6f:ae:d8:fa:65:5f:01:f9:d1: 405s 0b:75:06:86:fc:32:01:95:e3:fe:82:03:14:b1:95: 405s d7:5d:04:c4:80:d3:71:7a:53:2f:ca:a1:10:a7:57: 405s 3e:9a:9a:31:d7:7f:37:5c:aa:0e:cb:22:d8:93:39: 405s e6:03:a4:c8:11:db:eb:cf:b9:de:22:6a:2c:92:bc: 405s 15:e3:01:7e:91:0d:a7:d1:15:18:27:ab:02:d6:2f: 405s 4e:ae:6b:ca:b3:61:f8:36:f9 405s Exponent: 65537 (0x10001) 405s X509v3 extensions: 405s X509v3 Authority Key Identifier: 405s A9:7A:1B:9D:60:12:3C:77:E5:81:CE:7C:91:51:B8:51:89:60:99:1C 405s X509v3 Basic Constraints: 405s CA:FALSE 405s Netscape Cert Type: 405s SSL Client, S/MIME 405s Netscape Comment: 405s Test Organization Sub Intermediate CA trusted Certificate 405s X509v3 Subject Key Identifier: 405s 77:59:14:CC:C2:F3:A8:32:2B:B3:EC:C7:EE:FD:5C:82:DE:C5:B3:DF 405s X509v3 Key Usage: critical 405s Digital Signature, Non Repudiation, Key Encipherment 405s X509v3 Extended Key Usage: 405s TLS Web Client Authentication, E-mail Protection 405s X509v3 Subject Alternative Name: 405s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 405s Signature Algorithm: sha256WithRSAEncryption 405s Signature Value: 405s 65:47:08:1c:7c:bb:50:7d:9b:6d:b3:f1:be:34:73:17:5c:42: 405s 81:b0:9b:13:72:6f:ee:e7:3b:24:a6:05:3a:49:2b:63:ee:ef: 405s 2c:b2:fa:be:ef:fd:72:de:b7:58:19:67:0e:4f:df:60:b9:17: 405s cb:1f:7c:85:c4:4c:3c:83:e8:3a:ff:d9:f7:a2:0d:cd:c2:ba: 405s 63:f5:15:fe:e5:9d:a1:83:03:06:1e:e4:99:3e:ab:94:c3:0e: 405s bc:3a:1d:75:ee:c0:e5:2b:e7:9f:95:44:e4:e5:9a:7d:86:72: 405s f7:ad:94:bd:7c:88:06:76:d5:c9:9f:9a:c2:00:05:5b:d6:29: 405s 22:22 405s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-5240-auth.pem 405s + found_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 405s + '[' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 '!=' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 ']' 405s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem partial_chain 405s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem partial_chain 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 405s + local verify_option=partial_chain 405s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 405s + local key_cn 405s + local key_name 405s + local tokens_dir 405s + local output_cert_file 405s + token_name= 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 405s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 405s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 405s ++ sed -n 's/ *commonName *= //p' 405s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 405s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 405s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 405s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 405s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 405s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 405s + token_name='Test Organization Sub Int Token' 405s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 405s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 405s + echo 'Test Organization Sub Int Token' 405s Test Organization Sub Int Token 405s + '[' -n partial_chain ']' 405s + local verify_arg=--verify=partial_chain 405s + local output_base_name=SSSD-child-16570 405s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570.output 405s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570.pem 405s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem 405s [p11_child[2859]] [main] (0x0400): p11_child started. 405s [p11_child[2859]] [main] (0x2000): Running in [pre-auth] mode. 405s [p11_child[2859]] [main] (0x2000): Running with effective IDs: [0][0]. 405s [p11_child[2859]] [main] (0x2000): Running with real IDs [0][0]. 405s [p11_child[2859]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 405s [p11_child[2859]] [do_card] (0x4000): Module List: 405s [p11_child[2859]] [do_card] (0x4000): common name: [softhsm2]. 405s [p11_child[2859]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2859]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 405s [p11_child[2859]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 405s [p11_child[2859]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 405s [p11_child[2859]] [do_card] (0x4000): Login NOT required. 405s [p11_child[2859]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 405s [p11_child[2859]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 405s [p11_child[2859]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 405s [p11_child[2859]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x26744902;slot-manufacturer=SoftHSM%20project;slot-id=645155074;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=63358872a6744902;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 405s [p11_child[2859]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 405s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570.output 405s + echo '-----BEGIN CERTIFICATE-----' 405s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570.output 405s + echo '-----END CERTIFICATE-----' 405s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570.pem 406s Certificate: 406s Data: 406s Version: 3 (0x2) 406s Serial Number: 5 (0x5) 406s Signature Algorithm: sha256WithRSAEncryption 406s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 406s Validity 406s Not Before: Jan 17 03:30:56 2025 GMT 406s Not After : Jan 17 03:30:56 2026 GMT 406s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 406s Subject Public Key Info: 406s Public Key Algorithm: rsaEncryption 406s Public-Key: (1024 bit) 406s Modulus: 406s 00:e3:10:55:a8:5d:d7:a6:7b:e2:75:85:a6:9d:19: 406s aa:b5:ed:18:68:14:69:ba:27:55:9a:ee:e1:f5:19: 406s b3:ae:e0:7b:19:79:6f:ae:d8:fa:65:5f:01:f9:d1: 406s 0b:75:06:86:fc:32:01:95:e3:fe:82:03:14:b1:95: 406s d7:5d:04:c4:80:d3:71:7a:53:2f:ca:a1:10:a7:57: 406s 3e:9a:9a:31:d7:7f:37:5c:aa:0e:cb:22:d8:93:39: 406s e6:03:a4:c8:11:db:eb:cf:b9:de:22:6a:2c:92:bc: 406s 15:e3:01:7e:91:0d:a7:d1:15:18:27:ab:02:d6:2f: 406s 4e:ae:6b:ca:b3:61:f8:36:f9 406s Exponent: 65537 (0x10001) 406s X509v3 extensions: 406s X509v3 Authority Key Identifier: 406s A9:7A:1B:9D:60:12:3C:77:E5:81:CE:7C:91:51:B8:51:89:60:99:1C 406s X509v3 Basic Constraints: 406s CA:FALSE 406s Netscape Cert Type: 406s SSL Client, S/MIME 406s Netscape Comment: 406s Test Organization Sub Intermediate CA trusted Certificate 406s X509v3 Subject Key Identifier: 406s 77:59:14:CC:C2:F3:A8:32:2B:B3:EC:C7:EE:FD:5C:82:DE:C5:B3:DF 406s X509v3 Key Usage: critical 406s Digital Signature, Non Repudiation, Key Encipherment 406s X509v3 Extended Key Usage: 406s TLS Web Client Authentication, E-mail Protection 406s X509v3 Subject Alternative Name: 406s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 406s Signature Algorithm: sha256WithRSAEncryption 406s Signature Value: 406s 65:47:08:1c:7c:bb:50:7d:9b:6d:b3:f1:be:34:73:17:5c:42: 406s 81:b0:9b:13:72:6f:ee:e7:3b:24:a6:05:3a:49:2b:63:ee:ef: 406s 2c:b2:fa:be:ef:fd:72:de:b7:58:19:67:0e:4f:df:60:b9:17: 406s cb:1f:7c:85:c4:4c:3c:83:e8:3a:ff:d9:f7:a2:0d:cd:c2:ba: 406s 63:f5:15:fe:e5:9d:a1:83:03:06:1e:e4:99:3e:ab:94:c3:0e: 406s bc:3a:1d:75:ee:c0:e5:2b:e7:9f:95:44:e4:e5:9a:7d:86:72: 406s f7:ad:94:bd:7c:88:06:76:d5:c9:9f:9a:c2:00:05:5b:d6:29: 406s 22:22 406s + local found_md5 expected_md5 406s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s + expected_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 406s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570.pem 406s + found_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 406s + '[' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 '!=' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 ']' 406s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570-auth.output 406s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570-auth.output .output 406s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570-auth.pem 406s + echo -n 053350 406s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 406s [p11_child[2867]] [main] (0x0400): p11_child started. 406s [p11_child[2867]] [main] (0x2000): Running in [auth] mode. 406s [p11_child[2867]] [main] (0x2000): Running with effective IDs: [0][0]. 406s [p11_child[2867]] [main] (0x2000): Running with real IDs [0][0]. 406s [p11_child[2867]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 406s [p11_child[2867]] [do_card] (0x4000): Module List: 406s [p11_child[2867]] [do_card] (0x4000): common name: [softhsm2]. 406s [p11_child[2867]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2867]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 406s [p11_child[2867]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 406s [p11_child[2867]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2867]] [do_card] (0x4000): Login required. 406s [p11_child[2867]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 406s [p11_child[2867]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 406s [p11_child[2867]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 406s [p11_child[2867]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x26744902;slot-manufacturer=SoftHSM%20project;slot-id=645155074;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=63358872a6744902;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 406s [p11_child[2867]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 406s [p11_child[2867]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 406s [p11_child[2867]] [do_card] (0x4000): Certificate verified and validated. 406s [p11_child[2867]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 406s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570-auth.output 406s + echo '-----BEGIN CERTIFICATE-----' 406s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570-auth.output 406s + echo '-----END CERTIFICATE-----' 406s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570-auth.pem 406s Certificate: 406s Data: 406s Version: 3 (0x2) 406s Serial Number: 5 (0x5) 406s Signature Algorithm: sha256WithRSAEncryption 406s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 406s Validity 406s Not Before: Jan 17 03:30:56 2025 GMT 406s Not After : Jan 17 03:30:56 2026 GMT 406s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 406s Subject Public Key Info: 406s Public Key Algorithm: rsaEncryption 406s Public-Key: (1024 bit) 406s Modulus: 406s 00:e3:10:55:a8:5d:d7:a6:7b:e2:75:85:a6:9d:19: 406s aa:b5:ed:18:68:14:69:ba:27:55:9a:ee:e1:f5:19: 406s b3:ae:e0:7b:19:79:6f:ae:d8:fa:65:5f:01:f9:d1: 406s 0b:75:06:86:fc:32:01:95:e3:fe:82:03:14:b1:95: 406s d7:5d:04:c4:80:d3:71:7a:53:2f:ca:a1:10:a7:57: 406s 3e:9a:9a:31:d7:7f:37:5c:aa:0e:cb:22:d8:93:39: 406s e6:03:a4:c8:11:db:eb:cf:b9:de:22:6a:2c:92:bc: 406s 15:e3:01:7e:91:0d:a7:d1:15:18:27:ab:02:d6:2f: 406s 4e:ae:6b:ca:b3:61:f8:36:f9 406s Exponent: 65537 (0x10001) 406s X509v3 extensions: 406s X509v3 Authority Key Identifier: 406s A9:7A:1B:9D:60:12:3C:77:E5:81:CE:7C:91:51:B8:51:89:60:99:1C 406s X509v3 Basic Constraints: 406s CA:FALSE 406s Netscape Cert Type: 406s SSL Client, S/MIME 406s Netscape Comment: 406s Test Organization Sub Intermediate CA trusted Certificate 406s X509v3 Subject Key Identifier: 406s 77:59:14:CC:C2:F3:A8:32:2B:B3:EC:C7:EE:FD:5C:82:DE:C5:B3:DF 406s X509v3 Key Usage: critical 406s Digital Signature, Non Repudiation, Key Encipherment 406s X509v3 Extended Key Usage: 406s TLS Web Client Authentication, E-mail Protection 406s X509v3 Subject Alternative Name: 406s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 406s Signature Algorithm: sha256WithRSAEncryption 406s Signature Value: 406s 65:47:08:1c:7c:bb:50:7d:9b:6d:b3:f1:be:34:73:17:5c:42: 406s 81:b0:9b:13:72:6f:ee:e7:3b:24:a6:05:3a:49:2b:63:ee:ef: 406s 2c:b2:fa:be:ef:fd:72:de:b7:58:19:67:0e:4f:df:60:b9:17: 406s cb:1f:7c:85:c4:4c:3c:83:e8:3a:ff:d9:f7:a2:0d:cd:c2:ba: 406s 63:f5:15:fe:e5:9d:a1:83:03:06:1e:e4:99:3e:ab:94:c3:0e: 406s bc:3a:1d:75:ee:c0:e5:2b:e7:9f:95:44:e4:e5:9a:7d:86:72: 406s f7:ad:94:bd:7c:88:06:76:d5:c9:9f:9a:c2:00:05:5b:d6:29: 406s 22:22 406s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-16570-auth.pem 406s + found_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 406s + '[' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 '!=' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 ']' 406s + invalid_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 406s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 406s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 406s + local verify_option= 406s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local key_cn 406s + local key_name 406s + local tokens_dir 406s + local output_cert_file 406s + token_name= 406s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 406s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 406s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s ++ sed -n 's/ *commonName *= //p' 406s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 406s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 406s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 406s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 406s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 406s Test Organization Sub Int Token 406s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 406s + token_name='Test Organization Sub Int Token' 406s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 406s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 406s + echo 'Test Organization Sub Int Token' 406s + '[' -n '' ']' 406s + local output_base_name=SSSD-child-28527 406s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-28527.output 406s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-28527.pem 406s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 406s [p11_child[2877]] [main] (0x0400): p11_child started. 406s [p11_child[2877]] [main] (0x2000): Running in [pre-auth] mode. 406s [p11_child[2877]] [main] (0x2000): Running with effective IDs: [0][0]. 406s [p11_child[2877]] [main] (0x2000): Running with real IDs [0][0]. 406s [p11_child[2877]] [do_card] (0x4000): Module List: 406s [p11_child[2877]] [do_card] (0x4000): common name: [softhsm2]. 406s [p11_child[2877]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2877]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 406s [p11_child[2877]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 406s [p11_child[2877]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2877]] [do_card] (0x4000): Login NOT required. 406s [p11_child[2877]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 406s [p11_child[2877]] [do_verification] (0x0040): X509_verify_cert failed [0]. 406s [p11_child[2877]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 406s [p11_child[2877]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 406s [p11_child[2877]] [do_card] (0x4000): No certificate found. 406s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-28527.output 406s + return 2 406s + invalid_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-root-intermediate-chain-CA.pem partial_chain 406s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-root-intermediate-chain-CA.pem partial_chain 406s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-root-intermediate-chain-CA.pem 406s + local verify_option=partial_chain 406s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local key_cn 406s + local key_name 406s + local tokens_dir 406s + local output_cert_file 406s + token_name= 406s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 406s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 406s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s ++ sed -n 's/ *commonName *= //p' 406s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 406s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 406s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 406s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 406s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 406s Test Organization Sub Int Token 406s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 406s + token_name='Test Organization Sub Int Token' 406s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 406s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 406s + echo 'Test Organization Sub Int Token' 406s + '[' -n partial_chain ']' 406s + local verify_arg=--verify=partial_chain 406s + local output_base_name=SSSD-child-8861 406s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-8861.output 406s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-8861.pem 406s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-root-intermediate-chain-CA.pem 406s [p11_child[2884]] [main] (0x0400): p11_child started. 406s [p11_child[2884]] [main] (0x2000): Running in [pre-auth] mode. 406s [p11_child[2884]] [main] (0x2000): Running with effective IDs: [0][0]. 406s [p11_child[2884]] [main] (0x2000): Running with real IDs [0][0]. 406s [p11_child[2884]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 406s [p11_child[2884]] [do_card] (0x4000): Module List: 406s [p11_child[2884]] [do_card] (0x4000): common name: [softhsm2]. 406s [p11_child[2884]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2884]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 406s [p11_child[2884]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 406s [p11_child[2884]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2884]] [do_card] (0x4000): Login NOT required. 406s [p11_child[2884]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 406s [p11_child[2884]] [do_verification] (0x0040): X509_verify_cert failed [0]. 406s [p11_child[2884]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 406s [p11_child[2884]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 406s [p11_child[2884]] [do_card] (0x4000): No certificate found. 406s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-8861.output 406s + return 2 406s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem partial_chain 406s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem partial_chain 406s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 406s + local verify_option=partial_chain 406s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local key_cn 406s + local key_name 406s + local tokens_dir 406s + local output_cert_file 406s + token_name= 406s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 406s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 406s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s ++ sed -n 's/ *commonName *= //p' 406s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 406s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 406s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 406s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 406s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 406s Test Organization Sub Int Token 406s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 406s + token_name='Test Organization Sub Int Token' 406s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 406s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 406s + echo 'Test Organization Sub Int Token' 406s + '[' -n partial_chain ']' 406s + local verify_arg=--verify=partial_chain 406s + local output_base_name=SSSD-child-10326 406s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326.output 406s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326.pem 406s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem 406s [p11_child[2891]] [main] (0x0400): p11_child started. 406s [p11_child[2891]] [main] (0x2000): Running in [pre-auth] mode. 406s [p11_child[2891]] [main] (0x2000): Running with effective IDs: [0][0]. 406s [p11_child[2891]] [main] (0x2000): Running with real IDs [0][0]. 406s [p11_child[2891]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 406s [p11_child[2891]] [do_card] (0x4000): Module List: 406s [p11_child[2891]] [do_card] (0x4000): common name: [softhsm2]. 406s [p11_child[2891]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2891]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 406s [p11_child[2891]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 406s [p11_child[2891]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2891]] [do_card] (0x4000): Login NOT required. 406s [p11_child[2891]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 406s [p11_child[2891]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 406s [p11_child[2891]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 406s [p11_child[2891]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x26744902;slot-manufacturer=SoftHSM%20project;slot-id=645155074;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=63358872a6744902;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 406s [p11_child[2891]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 406s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326.output 406s + echo '-----BEGIN CERTIFICATE-----' 406s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326.output 406s + echo '-----END CERTIFICATE-----' 406s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326.pem 406s Certificate: 406s Data: 406s Version: 3 (0x2) 406s Serial Number: 5 (0x5) 406s Signature Algorithm: sha256WithRSAEncryption 406s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 406s Validity 406s Not Before: Jan 17 03:30:56 2025 GMT 406s Not After : Jan 17 03:30:56 2026 GMT 406s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 406s Subject Public Key Info: 406s Public Key Algorithm: rsaEncryption 406s Public-Key: (1024 bit) 406s Modulus: 406s 00:e3:10:55:a8:5d:d7:a6:7b:e2:75:85:a6:9d:19: 406s aa:b5:ed:18:68:14:69:ba:27:55:9a:ee:e1:f5:19: 406s b3:ae:e0:7b:19:79:6f:ae:d8:fa:65:5f:01:f9:d1: 406s 0b:75:06:86:fc:32:01:95:e3:fe:82:03:14:b1:95: 406s d7:5d:04:c4:80:d3:71:7a:53:2f:ca:a1:10:a7:57: 406s 3e:9a:9a:31:d7:7f:37:5c:aa:0e:cb:22:d8:93:39: 406s e6:03:a4:c8:11:db:eb:cf:b9:de:22:6a:2c:92:bc: 406s 15:e3:01:7e:91:0d:a7:d1:15:18:27:ab:02:d6:2f: 406s 4e:ae:6b:ca:b3:61:f8:36:f9 406s Exponent: 65537 (0x10001) 406s X509v3 extensions: 406s X509v3 Authority Key Identifier: 406s A9:7A:1B:9D:60:12:3C:77:E5:81:CE:7C:91:51:B8:51:89:60:99:1C 406s X509v3 Basic Constraints: 406s CA:FALSE 406s Netscape Cert Type: 406s SSL Client, S/MIME 406s Netscape Comment: 406s Test Organization Sub Intermediate CA trusted Certificate 406s X509v3 Subject Key Identifier: 406s 77:59:14:CC:C2:F3:A8:32:2B:B3:EC:C7:EE:FD:5C:82:DE:C5:B3:DF 406s X509v3 Key Usage: critical 406s Digital Signature, Non Repudiation, Key Encipherment 406s X509v3 Extended Key Usage: 406s TLS Web Client Authentication, E-mail Protection 406s X509v3 Subject Alternative Name: 406s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 406s Signature Algorithm: sha256WithRSAEncryption 406s Signature Value: 406s 65:47:08:1c:7c:bb:50:7d:9b:6d:b3:f1:be:34:73:17:5c:42: 406s 81:b0:9b:13:72:6f:ee:e7:3b:24:a6:05:3a:49:2b:63:ee:ef: 406s 2c:b2:fa:be:ef:fd:72:de:b7:58:19:67:0e:4f:df:60:b9:17: 406s cb:1f:7c:85:c4:4c:3c:83:e8:3a:ff:d9:f7:a2:0d:cd:c2:ba: 406s 63:f5:15:fe:e5:9d:a1:83:03:06:1e:e4:99:3e:ab:94:c3:0e: 406s bc:3a:1d:75:ee:c0:e5:2b:e7:9f:95:44:e4:e5:9a:7d:86:72: 406s f7:ad:94:bd:7c:88:06:76:d5:c9:9f:9a:c2:00:05:5b:d6:29: 406s 22:22 406s + local found_md5 expected_md5 406s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s + expected_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 406s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326.pem 406s + found_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 406s + '[' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 '!=' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 ']' 406s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326-auth.output 406s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326-auth.output .output 406s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326-auth.pem 406s + echo -n 053350 406s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 406s [p11_child[2899]] [main] (0x0400): p11_child started. 406s [p11_child[2899]] [main] (0x2000): Running in [auth] mode. 406s [p11_child[2899]] [main] (0x2000): Running with effective IDs: [0][0]. 406s [p11_child[2899]] [main] (0x2000): Running with real IDs [0][0]. 406s [p11_child[2899]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 406s [p11_child[2899]] [do_card] (0x4000): Module List: 406s [p11_child[2899]] [do_card] (0x4000): common name: [softhsm2]. 406s [p11_child[2899]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2899]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 406s [p11_child[2899]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 406s [p11_child[2899]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2899]] [do_card] (0x4000): Login required. 406s [p11_child[2899]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 406s [p11_child[2899]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 406s [p11_child[2899]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 406s [p11_child[2899]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x26744902;slot-manufacturer=SoftHSM%20project;slot-id=645155074;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=63358872a6744902;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 406s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 406s [p11_child[2899]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 406s [p11_child[2899]] [do_card] (0x4000): Certificate verified and validated. 406s [p11_child[2899]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 406s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326-auth.output 406s + echo '-----BEGIN CERTIFICATE-----' 406s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326-auth.output 406s + echo '-----END CERTIFICATE-----' 406s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326-auth.pem 406s Certificate: 406s Data: 406s Version: 3 (0x2) 406s Serial Number: 5 (0x5) 406s Signature Algorithm: sha256WithRSAEncryption 406s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 406s Validity 406s Not Before: Jan 17 03:30:56 2025 GMT 406s Not After : Jan 17 03:30:56 2026 GMT 406s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 406s Subject Public Key Info: 406s Public Key Algorithm: rsaEncryption 406s Public-Key: (1024 bit) 406s Modulus: 406s 00:e3:10:55:a8:5d:d7:a6:7b:e2:75:85:a6:9d:19: 406s aa:b5:ed:18:68:14:69:ba:27:55:9a:ee:e1:f5:19: 406s b3:ae:e0:7b:19:79:6f:ae:d8:fa:65:5f:01:f9:d1: 406s 0b:75:06:86:fc:32:01:95:e3:fe:82:03:14:b1:95: 406s d7:5d:04:c4:80:d3:71:7a:53:2f:ca:a1:10:a7:57: 406s 3e:9a:9a:31:d7:7f:37:5c:aa:0e:cb:22:d8:93:39: 406s e6:03:a4:c8:11:db:eb:cf:b9:de:22:6a:2c:92:bc: 406s 15:e3:01:7e:91:0d:a7:d1:15:18:27:ab:02:d6:2f: 406s 4e:ae:6b:ca:b3:61:f8:36:f9 406s Exponent: 65537 (0x10001) 406s X509v3 extensions: 406s X509v3 Authority Key Identifier: 406s A9:7A:1B:9D:60:12:3C:77:E5:81:CE:7C:91:51:B8:51:89:60:99:1C 406s X509v3 Basic Constraints: 406s CA:FALSE 406s Netscape Cert Type: 406s SSL Client, S/MIME 406s Netscape Comment: 406s Test Organization Sub Intermediate CA trusted Certificate 406s X509v3 Subject Key Identifier: 406s 77:59:14:CC:C2:F3:A8:32:2B:B3:EC:C7:EE:FD:5C:82:DE:C5:B3:DF 406s X509v3 Key Usage: critical 406s Digital Signature, Non Repudiation, Key Encipherment 406s X509v3 Extended Key Usage: 406s TLS Web Client Authentication, E-mail Protection 406s X509v3 Subject Alternative Name: 406s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 406s Signature Algorithm: sha256WithRSAEncryption 406s Signature Value: 406s 65:47:08:1c:7c:bb:50:7d:9b:6d:b3:f1:be:34:73:17:5c:42: 406s 81:b0:9b:13:72:6f:ee:e7:3b:24:a6:05:3a:49:2b:63:ee:ef: 406s 2c:b2:fa:be:ef:fd:72:de:b7:58:19:67:0e:4f:df:60:b9:17: 406s cb:1f:7c:85:c4:4c:3c:83:e8:3a:ff:d9:f7:a2:0d:cd:c2:ba: 406s 63:f5:15:fe:e5:9d:a1:83:03:06:1e:e4:99:3e:ab:94:c3:0e: 406s bc:3a:1d:75:ee:c0:e5:2b:e7:9f:95:44:e4:e5:9a:7d:86:72: 406s f7:ad:94:bd:7c:88:06:76:d5:c9:9f:9a:c2:00:05:5b:d6:29: 406s 22:22 406s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-10326-auth.pem 406s + found_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 406s + '[' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 '!=' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 ']' 406s + valid_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-intermediate-sub-chain-CA.pem partial_chain 406s + check_certificate /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 /tmp/sssd-softhsm2-SWqhbE/test-intermediate-sub-chain-CA.pem partial_chain 406s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local key_ring=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-sub-chain-CA.pem 406s + local verify_option=partial_chain 406s + prepare_softhsm2_card /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local certificate=/tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31572 406s + local key_cn 406s + local key_name 406s + local tokens_dir 406s + local output_cert_file 406s + token_name= 406s ++ basename /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 406s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 406s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s ++ sed -n 's/ *commonName *= //p' 406s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 406s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 406s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 406s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 406s ++ basename /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 406s Test Organization Sub Int Token 406s + tokens_dir=/tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 406s + token_name='Test Organization Sub Int Token' 406s + '[' '!' -e /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 406s + '[' '!' -d /tmp/sssd-softhsm2-SWqhbE/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 406s + echo 'Test Organization Sub Int Token' 406s + '[' -n partial_chain ']' 406s + local verify_arg=--verify=partial_chain 406s + local output_base_name=SSSD-child-12722 406s + local output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722.output 406s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722.pem 406s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-sub-chain-CA.pem 406s [p11_child[2909]] [main] (0x0400): p11_child started. 406s [p11_child[2909]] [main] (0x2000): Running in [pre-auth] mode. 406s [p11_child[2909]] [main] (0x2000): Running with effective IDs: [0][0]. 406s [p11_child[2909]] [main] (0x2000): Running with real IDs [0][0]. 406s [p11_child[2909]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 406s [p11_child[2909]] [do_card] (0x4000): Module List: 406s [p11_child[2909]] [do_card] (0x4000): common name: [softhsm2]. 406s [p11_child[2909]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2909]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 406s [p11_child[2909]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 406s [p11_child[2909]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2909]] [do_card] (0x4000): Login NOT required. 406s [p11_child[2909]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 406s [p11_child[2909]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 406s [p11_child[2909]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 406s [p11_child[2909]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x26744902;slot-manufacturer=SoftHSM%20project;slot-id=645155074;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=63358872a6744902;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 406s [p11_child[2909]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 406s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722.output 406s + echo '-----BEGIN CERTIFICATE-----' 406s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722.output 406s + echo '-----END CERTIFICATE-----' 406s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722.pem 406s Certificate: 406s Data: 406s Version: 3 (0x2) 406s Serial Number: 5 (0x5) 406s Signature Algorithm: sha256WithRSAEncryption 406s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 406s Validity 406s Not Before: Jan 17 03:30:56 2025 GMT 406s Not After : Jan 17 03:30:56 2026 GMT 406s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 406s Subject Public Key Info: 406s Public Key Algorithm: rsaEncryption 406s Public-Key: (1024 bit) 406s Modulus: 406s 00:e3:10:55:a8:5d:d7:a6:7b:e2:75:85:a6:9d:19: 406s aa:b5:ed:18:68:14:69:ba:27:55:9a:ee:e1:f5:19: 406s b3:ae:e0:7b:19:79:6f:ae:d8:fa:65:5f:01:f9:d1: 406s 0b:75:06:86:fc:32:01:95:e3:fe:82:03:14:b1:95: 406s d7:5d:04:c4:80:d3:71:7a:53:2f:ca:a1:10:a7:57: 406s 3e:9a:9a:31:d7:7f:37:5c:aa:0e:cb:22:d8:93:39: 406s e6:03:a4:c8:11:db:eb:cf:b9:de:22:6a:2c:92:bc: 406s 15:e3:01:7e:91:0d:a7:d1:15:18:27:ab:02:d6:2f: 406s 4e:ae:6b:ca:b3:61:f8:36:f9 406s Exponent: 65537 (0x10001) 406s X509v3 extensions: 406s X509v3 Authority Key Identifier: 406s A9:7A:1B:9D:60:12:3C:77:E5:81:CE:7C:91:51:B8:51:89:60:99:1C 406s X509v3 Basic Constraints: 406s CA:FALSE 406s Netscape Cert Type: 406s SSL Client, S/MIME 406s Netscape Comment: 406s Test Organization Sub Intermediate CA trusted Certificate 406s X509v3 Subject Key Identifier: 406s 77:59:14:CC:C2:F3:A8:32:2B:B3:EC:C7:EE:FD:5C:82:DE:C5:B3:DF 406s X509v3 Key Usage: critical 406s Digital Signature, Non Repudiation, Key Encipherment 406s X509v3 Extended Key Usage: 406s TLS Web Client Authentication, E-mail Protection 406s X509v3 Subject Alternative Name: 406s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 406s Signature Algorithm: sha256WithRSAEncryption 406s Signature Value: 406s 65:47:08:1c:7c:bb:50:7d:9b:6d:b3:f1:be:34:73:17:5c:42: 406s 81:b0:9b:13:72:6f:ee:e7:3b:24:a6:05:3a:49:2b:63:ee:ef: 406s 2c:b2:fa:be:ef:fd:72:de:b7:58:19:67:0e:4f:df:60:b9:17: 406s cb:1f:7c:85:c4:4c:3c:83:e8:3a:ff:d9:f7:a2:0d:cd:c2:ba: 406s 63:f5:15:fe:e5:9d:a1:83:03:06:1e:e4:99:3e:ab:94:c3:0e: 406s bc:3a:1d:75:ee:c0:e5:2b:e7:9f:95:44:e4:e5:9a:7d:86:72: 406s f7:ad:94:bd:7c:88:06:76:d5:c9:9f:9a:c2:00:05:5b:d6:29: 406s 22:22 406s + local found_md5 expected_md5 406s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/test-sub-intermediate-CA-trusted-certificate-0001.pem 406s + expected_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 406s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722.pem 406s + found_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 406s + '[' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 '!=' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 ']' 406s + output_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722-auth.output 406s ++ basename /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722-auth.output .output 406s + output_cert_file=/tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722-auth.pem 406s + echo -n 053350 406s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-SWqhbE/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 406s [p11_child[2917]] [main] (0x0400): p11_child started. 406s [p11_child[2917]] [main] (0x2000): Running in [auth] mode. 406s [p11_child[2917]] [main] (0x2000): Running with effective IDs: [0][0]. 406s [p11_child[2917]] [main] (0x2000): Running with real IDs [0][0]. 406s [p11_child[2917]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 406s [p11_child[2917]] [do_card] (0x4000): Module List: 406s [p11_child[2917]] [do_card] (0x4000): common name: [softhsm2]. 406s [p11_child[2917]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2917]] [do_card] (0x4000): Description [SoftHSM slot ID 0x26744902] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 406s [p11_child[2917]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 406s [p11_child[2917]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x26744902][645155074] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 406s [p11_child[2917]] [do_card] (0x4000): Login required. 406s [p11_child[2917]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 406s [p11_child[2917]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 406s [p11_child[2917]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 406s [p11_child[2917]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x26744902;slot-manufacturer=SoftHSM%20project;slot-id=645155074;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=63358872a6744902;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 406s [p11_child[2917]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 406s [p11_child[2917]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 406s [p11_child[2917]] [do_card] (0x4000): Certificate verified and validated. 406s [p11_child[2917]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 406s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722-auth.output 406s + echo '-----BEGIN CERTIFICATE-----' 406s + tail -n1 /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722-auth.output 406s + echo '-----END CERTIFICATE-----' 406s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722-auth.pem 406s Certificate: 406s Data: 406s Version: 3 (0x2) 406s Serial Number: 5 (0x5) 406s Signature Algorithm: sha256WithRSAEncryption 406s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 406s Validity 406s Not Before: Jan 17 03:30:56 2025 GMT 406s Not After : Jan 17 03:30:56 2026 GMT 406s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 406s Subject Public Key Info: 406s Public Key Algorithm: rsaEncryption 406s Public-Key: (1024 bit) 406s Modulus: 406s 00:e3:10:55:a8:5d:d7:a6:7b:e2:75:85:a6:9d:19: 406s aa:b5:ed:18:68:14:69:ba:27:55:9a:ee:e1:f5:19: 406s b3:ae:e0:7b:19:79:6f:ae:d8:fa:65:5f:01:f9:d1: 406s 0b:75:06:86:fc:32:01:95:e3:fe:82:03:14:b1:95: 406s d7:5d:04:c4:80:d3:71:7a:53:2f:ca:a1:10:a7:57: 406s 3e:9a:9a:31:d7:7f:37:5c:aa:0e:cb:22:d8:93:39: 406s e6:03:a4:c8:11:db:eb:cf:b9:de:22:6a:2c:92:bc: 406s 15:e3:01:7e:91:0d:a7:d1:15:18:27:ab:02:d6:2f: 406s 4e:ae:6b:ca:b3:61:f8:36:f9 406s Exponent: 65537 (0x10001) 406s X509v3 extensions: 406s X509v3 Authority Key Identifier: 406s A9:7A:1B:9D:60:12:3C:77:E5:81:CE:7C:91:51:B8:51:89:60:99:1C 406s X509v3 Basic Constraints: 406s CA:FALSE 406s Netscape Cert Type: 406s SSL Client, S/MIME 406s Netscape Comment: 406s Test Organization Sub Intermediate CA trusted Certificate 406s X509v3 Subject Key Identifier: 406s 77:59:14:CC:C2:F3:A8:32:2B:B3:EC:C7:EE:FD:5C:82:DE:C5:B3:DF 406s X509v3 Key Usage: critical 406s Digital Signature, Non Repudiation, Key Encipherment 406s X509v3 Extended Key Usage: 406s TLS Web Client Authentication, E-mail Protection 406s X509v3 Subject Alternative Name: 406s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 406s Signature Algorithm: sha256WithRSAEncryption 406s Signature Value: 406s 65:47:08:1c:7c:bb:50:7d:9b:6d:b3:f1:be:34:73:17:5c:42: 406s 81:b0:9b:13:72:6f:ee:e7:3b:24:a6:05:3a:49:2b:63:ee:ef: 406s 2c:b2:fa:be:ef:fd:72:de:b7:58:19:67:0e:4f:df:60:b9:17: 406s cb:1f:7c:85:c4:4c:3c:83:e8:3a:ff:d9:f7:a2:0d:cd:c2:ba: 406s 63:f5:15:fe:e5:9d:a1:83:03:06:1e:e4:99:3e:ab:94:c3:0e: 406s bc:3a:1d:75:ee:c0:e5:2b:e7:9f:95:44:e4:e5:9a:7d:86:72: 406s f7:ad:94:bd:7c:88:06:76:d5:c9:9f:9a:c2:00:05:5b:d6:29: 406s 22:22 406s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-SWqhbE/SSSD-child-12722-auth.pem 406s 406s Test completed, Root CA and intermediate issued certificates verified! 406s + found_md5=Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 406s + '[' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 '!=' Modulus=E31055A85DD7A67BE27585A69D19AAB5ED18681469BA27559AEEE1F519B3AEE07B19796FAED8FA655F01F9D10B750686FC320195E3FE820314B195D75D04C480D3717A532FCAA110A7573E9A9A31D77F375CAA0ECB22D89339E603A4C811DBEBCFB9DE226A2C92BC15E3017E910DA7D1151827AB02D62F4EAE6BCAB361F836F9 ']' 406s + set +x 406s autopkgtest [03:30:59]: test sssd-softhism2-certificates-tests.sh: -----------------------] 407s autopkgtest [03:31:00]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 407s sssd-softhism2-certificates-tests.sh PASS 408s autopkgtest [03:31:01]: test sssd-smart-card-pam-auth-configs: preparing testbed 408s Reading package lists... 408s Building dependency tree... 408s Reading state information... 409s Starting pkgProblemResolver with broken count: 0 409s Starting 2 pkgProblemResolver with broken count: 0 409s Done 411s The following NEW packages will be installed: 411s pamtester 411s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 411s Need to get 12.3 kB of archives. 411s After this operation, 36.9 kB of additional disk space will be used. 411s Get:1 http://ftpmaster.internal/ubuntu plucky/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 412s Fetched 12.3 kB in 0s (66.9 kB/s) 412s Selecting previously unselected package pamtester. 412s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80792 files and directories currently installed.) 412s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 412s Unpacking pamtester (0.1.2-4) ... 412s Setting up pamtester (0.1.2-4) ... 412s Processing triggers for man-db (2.13.0-1) ... 414s autopkgtest [03:31:07]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 414s autopkgtest [03:31:07]: test sssd-smart-card-pam-auth-configs: [----------------------- 414s + '[' -z ubuntu ']' 414s + export DEBIAN_FRONTEND=noninteractive 414s + DEBIAN_FRONTEND=noninteractive 414s + required_tools=(pamtester softhsm2-util sssd) 414s + [[ ! -v OFFLINE_MODE ]] 414s + for cmd in "${required_tools[@]}" 414s + command -v pamtester 414s + for cmd in "${required_tools[@]}" 414s + command -v softhsm2-util 414s + for cmd in "${required_tools[@]}" 414s + command -v sssd 414s + PIN=123456 414s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 414s + tmpdir=/tmp/sssd-softhsm2-certs-fm0382 414s + backupsdir= 414s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 414s + declare -a restore_paths 414s + declare -a delete_paths 414s + trap handle_exit EXIT 414s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 414s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 414s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 414s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 414s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-fm0382 GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 414s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-fm0382 414s + GENERATE_SMART_CARDS=1 414s + KEEP_TEMPORARY_FILES=1 414s + NO_SSSD_TESTS=1 414s + bash debian/tests/sssd-softhism2-certificates-tests.sh 414s + '[' -z ubuntu ']' 414s + required_tools=(p11tool openssl softhsm2-util) 414s + for cmd in "${required_tools[@]}" 414s + command -v p11tool 414s + for cmd in "${required_tools[@]}" 414s + command -v openssl 414s + for cmd in "${required_tools[@]}" 414s + command -v softhsm2-util 414s + PIN=123456 414s +++ find /usr/lib/softhsm/libsofthsm2.so 414s +++ head -n 1 414s ++ realpath /usr/lib/softhsm/libsofthsm2.so 414s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 414s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 414s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 414s + '[' '!' -v NO_SSSD_TESTS ']' 414s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 414s + tmpdir=/tmp/sssd-softhsm2-certs-fm0382 414s + keys_size=1024 414s + [[ ! -v KEEP_TEMPORARY_FILES ]] 414s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 414s + echo -n 01 414s + touch /tmp/sssd-softhsm2-certs-fm0382/index.txt 414s + mkdir -p /tmp/sssd-softhsm2-certs-fm0382/new_certs 414s + cat 414s + root_ca_key_pass=pass:random-root-CA-password-26449 414s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-key.pem -passout pass:random-root-CA-password-26449 1024 414s + openssl req -passin pass:random-root-CA-password-26449 -batch -config /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.pem 414s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.pem 414s + cat 414s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-3511 414s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-3511 1024 414s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-3511 -config /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-26449 -sha256 -out /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-certificate-request.pem 414s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-certificate-request.pem 414s Certificate Request: 414s Data: 414s Version: 1 (0x0) 414s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 414s Subject Public Key Info: 414s Public Key Algorithm: rsaEncryption 414s Public-Key: (1024 bit) 414s Modulus: 414s 00:d7:78:1e:cb:01:56:9c:b3:cf:33:5b:c1:95:e8: 414s 8d:3c:39:c7:4a:d4:8f:fe:f4:15:7f:a7:ed:fe:26: 414s f8:e2:b2:ac:23:fa:be:bb:6e:0e:4a:a6:a2:bf:bd: 414s 5f:3d:b5:32:83:7d:a6:34:59:91:8e:01:d3:3f:0a: 414s 82:55:dd:b2:61:7a:ef:49:cd:e1:94:40:f8:44:0a: 414s df:78:bd:48:5d:89:28:56:d7:50:e4:6f:94:51:b8: 414s a2:3e:39:52:f1:eb:24:ce:3b:98:b6:53:d5:15:69: 414s 4a:d9:ee:13:c5:1f:f4:c1:51:88:c7:c2:b9:6b:f4: 414s 08:60:41:6d:02:15:56:14:1f 414s Exponent: 65537 (0x10001) 414s Attributes: 414s (none) 414s Requested Extensions: 414s Signature Algorithm: sha256WithRSAEncryption 414s Signature Value: 414s bd:0e:e6:3d:fd:cf:e0:4d:f7:1f:6b:52:cc:91:59:0e:46:15: 414s 86:65:50:55:fc:e3:e4:cb:6e:31:7f:ba:49:e4:8e:c2:a4:42: 414s 29:9b:b5:5e:19:aa:eb:99:a3:ef:dd:eb:c0:6e:2d:a8:86:34: 414s e1:8e:f7:73:8e:c9:f4:20:8c:70:59:f4:59:0d:0a:a2:02:c2: 414s 5d:e1:53:76:86:55:31:5b:85:ce:e1:7a:f7:ec:9f:dc:e5:07: 414s 59:1f:09:06:6d:81:70:29:85:93:79:d0:6d:7b:82:86:89:77: 414s 0f:0e:bf:36:49:c2:1c:90:1e:b1:3a:70:1e:17:1b:f3:b3:c1: 414s 95:ae 414s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.config -passin pass:random-root-CA-password-26449 -keyfile /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem 414s Using configuration from /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.config 414s Check that the request matches the signature 414s Signature ok 414s Certificate Details: 414s Serial Number: 1 (0x1) 414s Validity 414s Not Before: Jan 17 03:31:07 2025 GMT 414s Not After : Jan 17 03:31:07 2026 GMT 414s Subject: 414s organizationName = Test Organization 414s organizationalUnitName = Test Organization Unit 414s commonName = Test Organization Intermediate CA 414s X509v3 extensions: 414s X509v3 Subject Key Identifier: 414s 70:60:CB:25:21:22:D8:8B:48:12:BA:28:86:3D:8C:AD:E3:23:2A:2F 414s X509v3 Authority Key Identifier: 414s keyid:03:A1:5D:97:25:54:28:A0:EB:24:58:BF:5E:C2:8F:F4:83:D9:2E:18 414s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 414s serial:00 414s X509v3 Basic Constraints: 414s CA:TRUE 414s X509v3 Key Usage: critical 414s Digital Signature, Certificate Sign, CRL Sign 414s Certificate is to be certified until Jan 17 03:31:07 2026 GMT (365 days) 414s 414s Write out database with 1 new entries 414s Database updated 414s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem 414s /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem: OK 414s + cat 414s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-29049 414s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-29049 1024 414s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-29049 -config /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-3511 -sha256 -out /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-certificate-request.pem 414s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-certificate-request.pem 414s Certificate Request: 414s Data: 414s Version: 1 (0x0) 414s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 414s Subject Public Key Info: 414s Public Key Algorithm: rsaEncryption 414s Public-Key: (1024 bit) 414s Modulus: 414s 00:ab:9e:b3:02:8e:b5:8d:e6:75:fc:eb:0c:8b:70: 414s 06:44:1e:51:2a:6b:a4:24:d4:b9:19:51:b8:22:64: 414s 18:89:44:fe:44:90:f0:b6:f3:4e:0e:9e:58:42:34: 414s e8:41:d8:ff:0a:e5:0d:65:90:d3:87:51:25:13:86: 414s 4d:7b:22:16:00:19:a8:59:fd:7d:ff:1d:30:f4:33: 414s 06:04:6f:07:86:40:ea:5f:40:e8:92:89:05:e7:16: 414s 20:5e:f5:b7:da:48:6e:39:38:f5:99:23:b8:f7:25: 414s 6a:f1:38:19:7c:a3:90:9a:11:97:08:af:53:86:16: 414s e5:b0:62:b3:60:5a:19:97:35 414s Exponent: 65537 (0x10001) 414s Attributes: 414s (none) 414s Requested Extensions: 414s Signature Algorithm: sha256WithRSAEncryption 414s Signature Value: 414s 3e:86:cd:aa:98:5d:ff:1b:c5:9c:3a:a2:3c:3b:59:3c:32:7a: 414s 08:81:18:da:3d:0d:b2:30:3f:f6:86:c9:7f:bd:be:37:da:c5: 414s 52:1c:c2:f5:ab:89:d9:17:ac:f2:83:29:7e:5a:5e:64:f1:00: 414s 3b:84:80:27:eb:57:d3:af:e6:53:b1:a8:e3:f5:69:6f:f9:e6: 414s 46:09:ce:9b:6c:2b:56:db:0d:89:b4:8c:c3:5b:84:7c:cc:ca: 414s 42:2d:b1:6d:d9:78:fe:03:79:48:66:60:e2:e5:fd:49:90:ce: 414s 0c:94:90:ef:49:b9:cb:68:1d:d8:20:55:e6:21:b7:78:1a:75: 414s 83:3e 414s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-3511 -keyfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem 414s Using configuration from /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.config 414s Check that the request matches the signature 414s Signature ok 414s Certificate Details: 414s Serial Number: 2 (0x2) 414s Validity 414s Not Before: Jan 17 03:31:07 2025 GMT 414s Not After : Jan 17 03:31:07 2026 GMT 414s Subject: 414s organizationName = Test Organization 414s organizationalUnitName = Test Organization Unit 414s commonName = Test Organization Sub Intermediate CA 414s X509v3 extensions: 414s X509v3 Subject Key Identifier: 414s 96:61:BA:E1:98:D2:5C:3B:46:8F:AA:57:AD:43:AC:1D:6A:A9:63:F1 414s X509v3 Authority Key Identifier: 414s keyid:70:60:CB:25:21:22:D8:8B:48:12:BA:28:86:3D:8C:AD:E3:23:2A:2F 414s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 414s serial:01 414s X509v3 Basic Constraints: 414s CA:TRUE 414s X509v3 Key Usage: critical 414s Digital Signature, Certificate Sign, CRL Sign 414s Certificate is to be certified until Jan 17 03:31:07 2026 GMT (365 days) 414s 414s Write out database with 1 new entries 414s Database updated 414s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem 414s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem 414s /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem: OK 414s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem 414s + local cmd=openssl 414s + shift 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem 414s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 414s error 20 at 0 depth lookup: unable to get local issuer certificate 414s error /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem: verification failed 414s + cat 414s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-7203 414s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-7203 1024 414s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-7203 -key /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001-request.pem 414s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001-request.pem 414s Certificate Request: 414s Data: 414s Version: 1 (0x0) 414s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 414s Subject Public Key Info: 414s Public Key Algorithm: rsaEncryption 414s Public-Key: (1024 bit) 414s Modulus: 414s 00:c8:32:91:a2:3b:75:58:4b:2b:ab:59:c0:75:45: 414s 3f:70:31:02:f3:68:4f:f5:83:78:61:d6:56:68:ea: 414s a2:6b:1e:5e:95:a0:7a:1e:30:3a:c0:9e:23:9f:2d: 414s f9:8a:d6:c6:a9:bc:dc:48:82:7a:03:61:71:f6:26: 414s 26:51:c7:fe:b8:9f:56:f2:42:0d:92:4d:cf:e0:5f: 414s 6c:e0:c2:91:6a:a4:34:4e:51:d6:59:88:6d:19:b9: 414s 1f:ca:76:0d:8b:e2:fe:b7:f6:30:a5:de:dd:76:22: 414s c6:45:3a:2d:ef:88:c9:08:43:c3:47:f1:f0:1b:86: 414s 3a:e6:5a:92:03:f6:33:c0:7d 414s Exponent: 65537 (0x10001) 414s Attributes: 414s Requested Extensions: 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Root CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s E6:1F:EB:F9:69:2F:40:C0:82:F4:1B:AB:F5:54:A8:2A:C3:E5:47:DE 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Signature Algorithm: sha256WithRSAEncryption 414s Signature Value: 414s 35:18:f4:17:98:95:05:22:ca:d3:7b:c1:f3:d7:0f:3a:69:cf: 414s 70:68:8a:3b:5f:04:51:54:18:e8:b6:af:fc:53:ec:ec:a3:20: 414s fd:6f:7d:eb:5c:86:d1:8e:02:5b:9c:9c:ba:63:04:07:99:f9: 414s ce:60:c0:2d:bb:7f:59:62:2e:af:cc:86:98:f5:8d:7b:ab:4c: 414s 6f:da:66:48:a7:af:cf:72:24:17:41:05:7d:b0:0b:82:55:31: 414s 59:3e:53:9e:2d:18:f2:da:12:e0:09:1e:21:c0:51:96:29:c6: 414s b3:8f:c8:ef:a9:ae:0b:fb:98:f9:57:4d:8a:17:3f:0b:74:44: 414s 0d:40 414s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.config -passin pass:random-root-CA-password-26449 -keyfile /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem 414s Using configuration from /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.config 414s Check that the request matches the signature 414s Signature ok 414s Certificate Details: 414s Serial Number: 3 (0x3) 414s Validity 414s Not Before: Jan 17 03:31:07 2025 GMT 414s Not After : Jan 17 03:31:07 2026 GMT 414s Subject: 414s organizationName = Test Organization 414s organizationalUnitName = Test Organization Unit 414s commonName = Test Organization Root Trusted Certificate 0001 414s X509v3 extensions: 414s X509v3 Authority Key Identifier: 414s 03:A1:5D:97:25:54:28:A0:EB:24:58:BF:5E:C2:8F:F4:83:D9:2E:18 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Root CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s E6:1F:EB:F9:69:2F:40:C0:82:F4:1B:AB:F5:54:A8:2A:C3:E5:47:DE 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Certificate is to be certified until Jan 17 03:31:07 2026 GMT (365 days) 414s 414s Write out database with 1 new entries 414s Database updated 414s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem 414s /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem: OK 414s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem 414s + local cmd=openssl 414s + shift 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem 414s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 414s error 20 at 0 depth lookup: unable to get local issuer certificate 414s error /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem: verification failed 414s + cat 414s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-15469 414s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-15469 1024 414s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-15469 -key /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001-request.pem 414s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001-request.pem 414s Certificate Request: 414s Data: 414s Version: 1 (0x0) 414s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 414s Subject Public Key Info: 414s Public Key Algorithm: rsaEncryption 414s Public-Key: (1024 bit) 414s Modulus: 414s 00:de:77:97:76:bd:ab:fc:9c:c5:4c:e6:05:5c:1c: 414s 9b:65:e1:73:d8:c3:55:94:69:f7:ee:bb:3d:c7:ab: 414s 76:df:6d:18:b3:51:0f:58:a2:d3:5a:3b:64:c1:25: 414s e3:23:46:67:e0:24:a6:df:0d:4c:33:0c:6c:82:2f: 414s dd:67:77:90:c7:a1:a2:8b:25:80:b6:9f:18:a5:7d: 414s 64:81:69:1d:2c:d3:39:62:db:3d:56:11:5c:61:2b: 414s f4:00:51:d5:eb:50:aa:81:c6:32:a3:43:12:b0:ef: 414s 33:8f:79:be:7e:63:43:41:cf:de:90:5d:25:40:e3: 414s 54:2c:f9:93:ff:e2:68:38:0f 414s Exponent: 65537 (0x10001) 414s Attributes: 414s Requested Extensions: 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Intermediate CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s FD:B5:23:7F:15:65:D9:1F:E2:54:ED:59:CA:1A:9C:D7:68:17:01:A8 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Signature Algorithm: sha256WithRSAEncryption 414s Signature Value: 414s 21:20:6c:e3:8c:d3:02:44:5a:ce:ec:83:ec:3f:a6:0c:49:fc: 414s 85:fd:3f:d3:f6:eb:0e:f2:64:aa:e5:c3:55:f4:ac:dc:04:b2: 414s 2b:82:39:40:1f:08:b4:06:37:34:2f:1f:ec:81:33:9f:9e:fa: 414s 5c:90:92:58:dd:33:9f:bc:1b:3d:fc:e9:7c:4f:1a:61:cc:54: 414s 54:1c:00:0b:11:9e:0c:86:b1:05:f3:e9:25:8d:24:19:b1:1f: 414s 01:45:2d:1b:db:2b:98:aa:6c:87:56:17:ef:b3:a9:5f:4c:83: 414s d5:be:02:b4:c0:56:44:51:b1:83:d5:09:7a:79:4d:19:2a:df: 414s 53:ae 414s + openssl ca -passin pass:random-intermediate-CA-password-3511 -config /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem 414s Using configuration from /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.config 414s Check that the request matches the signature 414s Signature ok 414s Certificate Details: 414s Serial Number: 4 (0x4) 414s Validity 414s Not Before: Jan 17 03:31:07 2025 GMT 414s Not After : Jan 17 03:31:07 2026 GMT 414s Subject: 414s organizationName = Test Organization 414s organizationalUnitName = Test Organization Unit 414s commonName = Test Organization Intermediate Trusted Certificate 0001 414s X509v3 extensions: 414s X509v3 Authority Key Identifier: 414s 70:60:CB:25:21:22:D8:8B:48:12:BA:28:86:3D:8C:AD:E3:23:2A:2F 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Intermediate CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s FD:B5:23:7F:15:65:D9:1F:E2:54:ED:59:CA:1A:9C:D7:68:17:01:A8 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Certificate is to be certified until Jan 17 03:31:07 2026 GMT (365 days) 414s 414s Write out database with 1 new entries 414s Database updated 414s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem 414s This certificate should not be trusted fully 414s + echo 'This certificate should not be trusted fully' 414s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem 414s + local cmd=openssl 414s + shift 414s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem 414s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 414s error 2 at 1 depth lookup: unable to get issuer certificate 414s error /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 414s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem 414s /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem: OK 414s + cat 414s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2991 414s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-2991 1024 414s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-2991 -key /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 414s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 414s Certificate Request: 414s Data: 414s Version: 1 (0x0) 414s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 414s Subject Public Key Info: 414s Public Key Algorithm: rsaEncryption 414s Public-Key: (1024 bit) 414s Modulus: 414s 00:da:92:c1:83:a1:31:88:fe:b9:ba:69:47:dd:3e: 414s 0a:a1:f3:19:f2:c9:bd:1d:21:cf:15:35:54:45:79: 414s 0b:cd:e4:b4:1d:65:b3:69:60:98:15:52:ea:e6:45: 414s 8a:0a:98:a8:44:52:ed:29:2d:53:0b:dc:5a:4f:a6: 414s 75:3a:72:7d:8d:d8:43:b0:10:42:3c:53:1f:4b:bc: 414s ba:a5:8d:70:50:b9:5e:74:08:26:30:a7:0c:54:1a: 414s d2:b2:cb:11:05:1c:96:92:07:30:ae:6d:cc:f2:5c: 414s 9a:69:3c:8e:3c:a0:43:43:9d:11:b2:cc:d1:98:8b: 414s 88:06:ee:ba:81:f8:09:64:61 414s Exponent: 65537 (0x10001) 414s Attributes: 414s Requested Extensions: 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Sub Intermediate CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s 58:B3:5A:37:26:30:6E:0C:5B:67:8A:83:67:22:B4:21:F7:D8:CF:4F 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Signature Algorithm: sha256WithRSAEncryption 414s Signature Value: 414s ca:82:e5:f9:db:f9:33:a5:8e:5a:0b:86:6d:45:4a:22:61:05: 414s 80:bb:5d:73:c7:0e:0d:15:3c:29:e9:83:c0:7d:63:ea:93:23: 414s 37:96:78:c0:bd:fc:1f:1a:9d:b5:7d:b0:67:e5:16:0a:aa:ee: 414s 23:ae:a2:fc:d7:a7:f7:9e:fb:58:de:cd:93:e8:05:18:43:89: 414s a8:58:76:e4:8b:f4:73:b9:ce:1e:91:12:31:3c:a9:cc:4d:0b: 414s 6e:de:f9:da:93:02:c4:28:02:1c:6c:42:fa:1c:bf:69:03:34: 414s 14:ec:5e:97:7c:6d:59:de:e6:07:0d:4f:ae:2b:1b:2a:46:a9: 414s 3b:a2 414s + openssl ca -passin pass:random-sub-intermediate-CA-password-29049 -config /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 414s Using configuration from /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.config 414s Check that the request matches the signature 414s Signature ok 414s Certificate Details: 414s Serial Number: 5 (0x5) 414s Validity 414s Not Before: Jan 17 03:31:07 2025 GMT 414s Not After : Jan 17 03:31:07 2026 GMT 414s Subject: 414s organizationName = Test Organization 414s organizationalUnitName = Test Organization Unit 414s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 414s X509v3 extensions: 414s X509v3 Authority Key Identifier: 414s 96:61:BA:E1:98:D2:5C:3B:46:8F:AA:57:AD:43:AC:1D:6A:A9:63:F1 414s X509v3 Basic Constraints: 414s CA:FALSE 414s Netscape Cert Type: 414s SSL Client, S/MIME 414s Netscape Comment: 414s Test Organization Sub Intermediate CA trusted Certificate 414s X509v3 Subject Key Identifier: 414s 58:B3:5A:37:26:30:6E:0C:5B:67:8A:83:67:22:B4:21:F7:D8:CF:4F 414s X509v3 Key Usage: critical 414s Digital Signature, Non Repudiation, Key Encipherment 414s X509v3 Extended Key Usage: 414s TLS Web Client Authentication, E-mail Protection 414s X509v3 Subject Alternative Name: 414s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 414s Certificate is to be certified until Jan 17 03:31:07 2026 GMT (365 days) 414s 414s Write out database with 1 new entries 414s Database updated 414s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 415s This certificate should not be trusted fully 415s + echo 'This certificate should not be trusted fully' 415s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 415s + local cmd=openssl 415s + shift 415s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 415s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 415s error 2 at 1 depth lookup: unable to get issuer certificate 415s error /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 415s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 415s + local cmd=openssl 415s + shift 415s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 415s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 415s error 20 at 0 depth lookup: unable to get local issuer certificate 415s error /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 415s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 415s /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 415s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 415s + local cmd=openssl 415s + shift 415s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 415s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 415s error 20 at 0 depth lookup: unable to get local issuer certificate 415s error /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 415s Building a the full-chain CA file... 415s + echo 'Building a the full-chain CA file...' 415s + cat /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem 415s + cat /tmp/sssd-softhsm2-certs-fm0382/test-root-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem 415s + cat /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem 415s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem 415s + openssl pkcs7 -print_certs -noout 415s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 415s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 415s 415s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 415s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 415s 415s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 415s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 415s 415s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem 415s /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA.pem: OK 415s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem 415s /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem: OK 415s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem 415s /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem: OK 415s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-root-intermediate-chain-CA.pem 415s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 415s /tmp/sssd-softhsm2-certs-fm0382/test-root-intermediate-chain-CA.pem: OK 415s + echo 'Certificates generation completed!' 415s + [[ -v NO_SSSD_TESTS ]] 415s + [[ -v GENERATE_SMART_CARDS ]] 415s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7203 415s + local certificate=/tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem 415s + local key_pass=pass:random-root-ca-trusted-cert-0001-7203 415s + local key_cn 415s + local key_name 415s + local tokens_dir 415s + local output_cert_file 415s + token_name= 415s /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 415s Certificates generation completed! 415s ++ basename /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem .pem 415s + key_name=test-root-CA-trusted-certificate-0001 415s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem 415s ++ sed -n 's/ *commonName *= //p' 415s + key_cn='Test Organization Root Trusted Certificate 0001' 415s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 415s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-root-CA-trusted-certificate-0001.conf 415s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-root-CA-trusted-certificate-0001.conf 415s ++ basename /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 415s + tokens_dir=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-root-CA-trusted-certificate-0001 415s + token_name='Test Organization Root Tr Token' 415s + '[' '!' -e /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 415s + local key_file 415s + local decrypted_key 415s + mkdir -p /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-root-CA-trusted-certificate-0001 415s + key_file=/tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001-key.pem 415s + decrypted_key=/tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001-key-decrypted.pem 415s + cat 415s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 415s Slot 0 has a free/uninitialized token. 415s The token has been initialized and is reassigned to slot 1902715622 415s + softhsm2-util --show-slots 415s Available slots: 415s Slot 1902715622 415s Slot info: 415s Description: SoftHSM slot ID 0x716922e6 415s Manufacturer ID: SoftHSM project 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Token present: yes 415s Token info: 415s Manufacturer ID: SoftHSM project 415s Model: SoftHSM v2 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Serial number: da759c34f16922e6 415s Initialized: yes 415s User PIN init.: yes 415s Label: Test Organization Root Tr Token 415s Slot 1 415s Slot info: 415s Description: SoftHSM slot ID 0x1 415s Manufacturer ID: SoftHSM project 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Token present: yes 415s Token info: 415s Manufacturer ID: SoftHSM project 415s Model: SoftHSM v2 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Serial number: 415s Initialized: no 415s User PIN init.: no 415s Label: 415s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 415s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-7203 -in /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001-key-decrypted.pem 415s writing RSA key 415s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 415s + rm /tmp/sssd-softhsm2-certs-fm0382/test-root-CA-trusted-certificate-0001-key-decrypted.pem 415s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 415s Object 0: 415s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=da759c34f16922e6;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 415s Type: X.509 Certificate (RSA-1024) 415s Expires: Sat Jan 17 03:31:07 2026 415s Label: Test Organization Root Trusted Certificate 0001 415s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 415s 415s + echo 'Test Organization Root Tr Token' 415s Test Organization Root Tr Token 415s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15469 415s + local certificate=/tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem 415s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15469 415s + local key_cn 415s + local key_name 415s + local tokens_dir 415s + local output_cert_file 415s + token_name= 415s ++ basename /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem .pem 415s + key_name=test-intermediate-CA-trusted-certificate-0001 415s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem 415s ++ sed -n 's/ *commonName *= //p' 415s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 415s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 415s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 415s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 415s ++ basename /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 415s + tokens_dir=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-intermediate-CA-trusted-certificate-0001 415s + token_name='Test Organization Interme Token' 415s + '[' '!' -e /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 415s + local key_file 415s + local decrypted_key 415s + mkdir -p /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-intermediate-CA-trusted-certificate-0001 415s + key_file=/tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001-key.pem 415s + decrypted_key=/tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 415s + cat 415s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 415s Slot 0 has a free/uninitialized token. 415s The token has been initialized and is reassigned to slot 1755397003 415s + softhsm2-util --show-slots 415s Available slots: 415s Slot 1755397003 415s Slot info: 415s Description: SoftHSM slot ID 0x68a13b8b 415s Manufacturer ID: SoftHSM project 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Token present: yes 415s Token info: 415s Manufacturer ID: SoftHSM project 415s Model: SoftHSM v2 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Serial number: a129bcbf68a13b8b 415s Initialized: yes 415s User PIN init.: yes 415s Label: Test Organization Interme Token 415s Slot 1 415s Slot info: 415s Description: SoftHSM slot ID 0x1 415s Manufacturer ID: SoftHSM project 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Token present: yes 415s Token info: 415s Manufacturer ID: SoftHSM project 415s Model: SoftHSM v2 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Serial number: 415s Initialized: no 415s User PIN init.: no 415s Label: 415s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 415s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-15469 -in /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 415s writing RSA key 415s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 415s + rm /tmp/sssd-softhsm2-certs-fm0382/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 415s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 415s Object 0: 415s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a129bcbf68a13b8b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 415s Type: X.509 Certificate (RSA-1024) 415s Expires: Sat Jan 17 03:31:07 2026 415s Label: Test Organization Intermediate Trusted Certificate 0001 415s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 415s 415s Test Organization Interme Token 415s + echo 'Test Organization Interme Token' 415s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2991 415s + local certificate=/tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 415s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2991 415s + local key_cn 415s + local key_name 415s + local tokens_dir 415s + local output_cert_file 415s + token_name= 415s ++ basename /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 415s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 415s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem 415s ++ sed -n 's/ *commonName *= //p' 415s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 415s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 415s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 415s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 415s ++ basename /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 415s + tokens_dir=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 415s + token_name='Test Organization Sub Int Token' 415s + '[' '!' -e /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 415s + local key_file 415s + local decrypted_key 415s + mkdir -p /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 415s + key_file=/tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 415s + decrypted_key=/tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 415s + cat 415s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 415s Slot 0 has a free/uninitialized token. 415s The token has been initialized and is reassigned to slot 2047838 415s + softhsm2-util --show-slots 415s Available slots: 415s Slot 2047838 415s Slot info: 415s Description: SoftHSM slot ID 0x1f3f5e 415s Manufacturer ID: SoftHSM project 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Token present: yes 415s Token info: 415s Manufacturer ID: SoftHSM project 415s Model: SoftHSM v2 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Serial number: 2f5c3cef801f3f5e 415s Initialized: yes 415s User PIN init.: yes 415s Label: Test Organization Sub Int Token 415s Slot 1 415s Slot info: 415s Description: SoftHSM slot ID 0x1 415s Manufacturer ID: SoftHSM project 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Token present: yes 415s Token info: 415s Manufacturer ID: SoftHSM project 415s Model: SoftHSM v2 415s Hardware version: 2.6 415s Firmware version: 2.6 415s Serial number: 415s Initialized: no 415s User PIN init.: no 415s Label: 415s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 415s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-2991 -in /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 415s writing RSA key 415s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 415s + rm /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 415s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 415s Object 0: 415s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2f5c3cef801f3f5e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 415s Type: X.509 Certificate (RSA-1024) 415s Expires: Sat Jan 17 03:31:07 2026 415s Label: Test Organization Sub Intermediate Trusted Certificate 0001 415s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 415s 415s + echo 'Test Organization Sub Int Token' 415s + echo 'Certificates generation completed!' 415s + exit 0 415s Test Organization Sub Int Token 415s Certificates generation completed! 415s + find /tmp/sssd-softhsm2-certs-fm0382 -type d -exec chmod 777 '{}' ';' 415s + find /tmp/sssd-softhsm2-certs-fm0382 -type f -exec chmod 666 '{}' ';' 415s + backup_file /etc/sssd/sssd.conf 415s + '[' -z '' ']' 415s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 415s + backupsdir=/tmp/sssd-softhsm2-backups-h0f7qu 415s + '[' -e /etc/sssd/sssd.conf ']' 415s + delete_paths+=("$1") 415s + rm -f /etc/sssd/sssd.conf 415s ++ runuser -u ubuntu -- sh -c 'echo ~' 415s + user_home=/home/ubuntu 415s + mkdir -p /home/ubuntu 415s + chown ubuntu:ubuntu /home/ubuntu 415s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 415s + user_config=/home/ubuntu/.config 415s + system_config=/etc 415s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 415s + for path_pair in "${softhsm2_conf_paths[@]}" 415s + IFS=: 415s + read -r -a path 415s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 415s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 415s + '[' -z /tmp/sssd-softhsm2-backups-h0f7qu ']' 415s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 415s + delete_paths+=("$1") 415s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 415s + for path_pair in "${softhsm2_conf_paths[@]}" 415s + IFS=: 415s + read -r -a path 415s + path=/etc/softhsm/softhsm2.conf 415s + backup_file /etc/softhsm/softhsm2.conf 415s + '[' -z /tmp/sssd-softhsm2-backups-h0f7qu ']' 415s + '[' -e /etc/softhsm/softhsm2.conf ']' 415s ++ dirname /etc/softhsm/softhsm2.conf 415s + local back_dir=/tmp/sssd-softhsm2-backups-h0f7qu//etc/softhsm 415s ++ basename /etc/softhsm/softhsm2.conf 415s + local back_path=/tmp/sssd-softhsm2-backups-h0f7qu//etc/softhsm/softhsm2.conf 415s + '[' '!' -e /tmp/sssd-softhsm2-backups-h0f7qu//etc/softhsm/softhsm2.conf ']' 415s + mkdir -p /tmp/sssd-softhsm2-backups-h0f7qu//etc/softhsm 415s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-h0f7qu//etc/softhsm/softhsm2.conf 415s + restore_paths+=("$back_path") 415s + rm -f /etc/softhsm/softhsm2.conf 415s + test_authentication login /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem 415s + pam_service=login 415s + certificate_config=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-root-CA-trusted-certificate-0001.conf 415s + ca_db=/tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem 415s + verification_options= 415s + mkdir -p -m 700 /etc/sssd 415s Using CA DB '/tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem' with verification options: '' 415s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 415s + cat 415s + chmod 600 /etc/sssd/sssd.conf 415s + for path_pair in "${softhsm2_conf_paths[@]}" 415s + IFS=: 415s + read -r -a path 415s + user=ubuntu 415s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 415s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 415s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 415s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 415s + runuser -u ubuntu -- softhsm2-util --show-slots 415s + grep 'Test Organization' 415s Label: Test Organization Root Tr Token 415s + for path_pair in "${softhsm2_conf_paths[@]}" 415s + IFS=: 415s + read -r -a path 415s + user=root 415s + path=/etc/softhsm/softhsm2.conf 415s ++ dirname /etc/softhsm/softhsm2.conf 415s + runuser -u root -- mkdir -p /etc/softhsm 415s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 415s + runuser -u root -- softhsm2-util --show-slots 415s + grep 'Test Organization' 415s Label: Test Organization Root Tr Token 415s + systemctl restart sssd 416s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 416s + for alternative in "${alternative_pam_configs[@]}" 416s + pam-auth-update --enable sss-smart-card-optional 416s + cat /etc/pam.d/common-auth 416s # 416s # /etc/pam.d/common-auth - authentication settings common to all services 416s # 416s # This file is included from other service-specific PAM config files, 416s # and should contain a list of the authentication modules that define 416s # the central authentication scheme for use on the system 416s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 416s # traditional Unix authentication mechanisms. 416s # 416s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 416s # To take advantage of this, it is recommended that you configure any 416s # local modules either before or after the default block, and use 416s # pam-auth-update to manage selection of other modules. See 416s # pam-auth-update(8) for details. 416s 416s # here are the per-package modules (the "Primary" block) 416s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 416s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 416s auth [success=1 default=ignore] pam_sss.so use_first_pass 416s # here's the fallback if no module succeeds 416s auth requisite pam_deny.so 416s # prime the stack with a positive return value if there isn't one already; 416s # this avoids us returning an error just because nothing sets a success code 416s # since the modules above will each just jump around 416s auth required pam_permit.so 416s # and here are more per-package modules (the "Additional" block) 416s auth optional pam_cap.so 416s # end of pam-auth-update config 416s + echo -n -e 123456 416s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 416s pamtester: invoking pam_start(login, ubuntu, ...) 416s pamtester: performing operation - authenticate 417s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 417s + echo -n -e 123456 417s + runuser -u ubuntu -- pamtester -v login '' authenticate 417s pamtester: invoking pam_start(login, , ...) 417s pamtester: performing operation - authenticate 417s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 417s + echo -n -e wrong123456 417s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 417s pamtester: invoking pam_start(login, ubuntu, ...) 417s pamtester: performing operation - authenticate 420s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 420s + echo -n -e wrong123456 420s + runuser -u ubuntu -- pamtester -v login '' authenticate 420s pamtester: invoking pam_start(login, , ...) 420s pamtester: performing operation - authenticate 422s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 422s + echo -n -e 123456 422s + pamtester -v login root authenticate 422s pamtester: invoking pam_start(login, root, ...) 422s pamtester: performing operation - authenticate 425s Password: pamtester: Authentication failure 425s + for alternative in "${alternative_pam_configs[@]}" 425s + pam-auth-update --enable sss-smart-card-required 426s PAM configuration 426s ----------------- 426s 426s Incompatible PAM profiles selected. 426s 426s The following PAM profiles cannot be used together: 426s 426s SSS required smart card authentication, SSS optional smart card 426s authentication 426s 426s Please select a different set of modules to enable. 426s 426s + cat /etc/pam.d/common-auth 426s # 426s # /etc/pam.d/common-auth - authentication settings common to all services 426s # 426s # This file is included from other service-specific PAM config files, 426s # and should contain a list of the authentication modules that define 426s # the central authentication scheme for use on the system 426s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 426s # traditional Unix authentication mechanisms. 426s # 426s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 426s # To take advantage of this, it is recommended that you configure any 426s # local modules either before or after the default block, and use 426s # pam-auth-update to manage selection of other modules. See 426s # pam-auth-update(8) for details. 426s 426s # here are the per-package modules (the "Primary" block) 426s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 426s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 426s auth [success=1 default=ignore] pam_sss.so use_first_pass 426s # here's the fallback if no module succeeds 426s auth requisite pam_deny.so 426s # prime the stack with a positive return value if there isn't one already; 426s # this avoids us returning an error just because nothing sets a success code 426s # since the modules above will each just jump around 426s auth required pam_permit.so 426s # and here are more per-package modules (the "Additional" block) 426s auth optional pam_cap.so 426s # end of pam-auth-update config 426s + echo -n -e 123456 426s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 426s pamtester: invoking pam_start(login, ubuntu, ...) 426s pamtester: performing operation - authenticate 426s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 426s + echo -n -e 123456 426s + runuser -u ubuntu -- pamtester -v login '' authenticate 426s pamtester: invoking pam_start(login, , ...) 426s pamtester: performing operation - authenticate 426s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 426s + echo -n -e wrong123456 426s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 426s pamtester: invoking pam_start(login, ubuntu, ...) 426s pamtester: performing operation - authenticate 429s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 429s + echo -n -e wrong123456 429s + runuser -u ubuntu -- pamtester -v login '' authenticate 429s pamtester: invoking pam_start(login, , ...) 429s pamtester: performing operation - authenticate 432s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 432s + echo -n -e 123456 432s + pamtester -v login root authenticate 432s pamtester: invoking pam_start(login, root, ...) 432s pamtester: performing operation - authenticate 434s pamtester: Authentication service cannot retrieve authentication info 434s + test_authentication login /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem 434s + pam_service=login 434s + certificate_config=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 434s + ca_db=/tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem 434s + verification_options= 434s + mkdir -p -m 700 /etc/sssd 434s Using CA DB '/tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem' with verification options: '' 434s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-fm0382/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 434s + cat 434s + chmod 600 /etc/sssd/sssd.conf 434s + for path_pair in "${softhsm2_conf_paths[@]}" 434s + IFS=: 434s + read -r -a path 434s + user=ubuntu 434s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 434s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 434s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 434s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 434s + runuser -u ubuntu -- softhsm2-util --show-slots 434s + grep 'Test Organization' 434s Label: Test Organization Sub Int Token 434s + for path_pair in "${softhsm2_conf_paths[@]}" 434s + IFS=: 434s + read -r -a path 434s + user=root 434s + path=/etc/softhsm/softhsm2.conf 434s ++ dirname /etc/softhsm/softhsm2.conf 434s + runuser -u root -- mkdir -p /etc/softhsm 434s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 434s + runuser -u root -- softhsm2-util --show-slots 434s + grep 'Test Organization' 434s Label: Test Organization Sub Int Token 434s + systemctl restart sssd 435s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 435s + for alternative in "${alternative_pam_configs[@]}" 435s + pam-auth-update --enable sss-smart-card-optional 435s + cat /etc/pam.d/common-auth 435s # 435s # /etc/pam.d/common-auth - authentication settings common to all services 435s # 435s # This file is included from other service-specific PAM config files, 435s # and should contain a list of the authentication modules that define 435s # the central authentication scheme for use on the system 435s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 435s # traditional Unix authentication mechanisms. 435s # 435s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 435s # To take advantage of this, it is recommended that you configure any 435s # local modules either before or after the default block, and use 435s # pam-auth-update to manage selection of other modules. See 435s # pam-auth-update(8) for details. 435s 435s # here are the per-package modules (the "Primary" block) 435s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 435s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 435s auth [success=1 default=ignore] pam_sss.so use_first_pass 435s # here's the fallback if no module succeeds 435s auth requisite pam_deny.so 435s # prime the stack with a positive return value if there isn't one already; 435s # this avoids us returning an error just because nothing sets a success code 435s # since the modules above will each just jump around 435s auth required pam_permit.so 435s # and here are more per-package modules (the "Additional" block) 435s auth optional pam_cap.so 435s # end of pam-auth-update config 435s + echo -n -e 123456 435s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 435s pamtester: invoking pam_start(login, ubuntu, ...) 435s pamtester: performing operation - authenticate 435s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 435s + echo -n -e 123456 435s + runuser -u ubuntu -- pamtester -v login '' authenticate 435s pamtester: invoking pam_start(login, , ...) 435s pamtester: performing operation - authenticate 435s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 435s + echo -n -e wrong123456 435s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 435s pamtester: invoking pam_start(login, ubuntu, ...) 436s pamtester: performing operation - authenticate 438s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 438s + echo -n -e wrong123456 438s + runuser -u ubuntu -- pamtester -v login '' authenticate 438s pamtester: invoking pam_start(login, , ...) 438s pamtester: performing operation - authenticate 441s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 441s + echo -n -e 123456 441s + pamtester -v login root authenticate 441s pamtester: invoking pam_start(login, root, ...) 441s pamtester: performing operation - authenticate 444s Password: pamtester: Authentication failure 444s + for alternative in "${alternative_pam_configs[@]}" 444s + pam-auth-update --enable sss-smart-card-required 445s PAM configuration 445s ----------------- 445s 445s Incompatible PAM profiles selected. 445s 445s The following PAM profiles cannot be used together: 445s 445s SSS required smart card authentication, SSS optional smart card 445s authentication 445s 445s Please select a different set of modules to enable. 445s 445s + cat /etc/pam.d/common-auth 445s # 445s # /etc/pam.d/common-auth - authentication settings common to all services 445s # 445s # This file is included from other service-specific PAM config files, 445s # and should contain a list of the authentication modules that define 445s # the central authentication scheme for use on the system 445s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 445s # traditional Unix authentication mechanisms. 445s # 445s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 445s # To take advantage of this, it is recommended that you configure any 445s # local modules either before or after the default block, and use 445s # pam-auth-update to manage selection of other modules. See 445s # pam-auth-update(8) for details. 445s 445s # here are the per-package modules (the "Primary" block) 445s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 445s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 445s auth [success=1 default=ignore] pam_sss.so use_first_pass 445s # here's the fallback if no module succeeds 445s auth requisite pam_deny.so 445s # prime the stack with a positive return value if there isn't one already; 445s # this avoids us returning an error just because nothing sets a success code 445s # since the modules above will each just jump around 445s auth required pam_permit.so 445s # and here are more per-package modules (the "Additional" block) 445s auth optional pam_cap.so 445s # end of pam-auth-update config 445s + echo -n -e 123456 445s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 445s pamtester: invoking pam_start(login, ubuntu, ...) 445s pamtester: performing operation - authenticate 445s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 445s + echo -n -e 123456 445s + runuser -u ubuntu -- pamtester -v login '' authenticate 445s pamtester: invoking pam_start(login, , ...) 445s pamtester: performing operation - authenticate 445s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 445s + echo -n -e wrong123456 445s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 445s pamtester: invoking pam_start(login, ubuntu, ...) 445s pamtester: performing operation - authenticate 448s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 448s + echo -n -e wrong123456 448s + runuser -u ubuntu -- pamtester -v login '' authenticate 448s pamtester: invoking pam_start(login, , ...) 448s pamtester: performing operation - authenticate 452s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 452s + echo -n -e 123456 452s + pamtester -v login root authenticate 452s pamtester: invoking pam_start(login, root, ...) 452s pamtester: performing operation - authenticate 455s pamtester: Authentication service cannot retrieve authentication info 455s + test_authentication login /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem partial_chain 455s + pam_service=login 455s + certificate_config=/tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 455s + ca_db=/tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem 455s + verification_options=partial_chain 455s + mkdir -p -m 700 /etc/sssd 455s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 455s + cat 455s Using CA DB '/tmp/sssd-softhsm2-certs-fm0382/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 455s + chmod 600 /etc/sssd/sssd.conf 455s + for path_pair in "${softhsm2_conf_paths[@]}" 455s + IFS=: 455s + read -r -a path 455s + user=ubuntu 455s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 455s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 455s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 455s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 455s + runuser -u ubuntu -- softhsm2-util --show-slots 455s + grep 'Test Organization' 455s Label: Test Organization Sub Int Token 455s + for path_pair in "${softhsm2_conf_paths[@]}" 455s + IFS=: 455s + read -r -a path 455s + user=root 455s + path=/etc/softhsm/softhsm2.conf 455s ++ dirname /etc/softhsm/softhsm2.conf 455s + runuser -u root -- mkdir -p /etc/softhsm 455s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-fm0382/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 455s + runuser -u root -- softhsm2-util --show-slots 455s + grep 'Test Organization' 455s Label: Test Organization Sub Int Token 455s + systemctl restart sssd 455s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 456s + for alternative in "${alternative_pam_configs[@]}" 456s + pam-auth-update --enable sss-smart-card-optional 456s + cat /etc/pam.d/common-auth 456s # 456s # /etc/pam.d/common-auth - authentication settings common to all services 456s # 456s # This file is included from other service-specific PAM config files, 456s # and should contain a list of the authentication modules that define 456s # the central authentication scheme for use on the system 456s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 456s # traditional Unix authentication mechanisms. 456s # 456s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 456s # To take advantage of this, it is recommended that you configure any 456s # local modules either before or after the default block, and use 456s # pam-auth-update to manage selection of other modules. See 456s # pam-auth-update(8) for details. 456s 456s # here are the per-package modules (the "Primary" block) 456s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 456s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 456s auth [success=1 default=ignore] pam_sss.so use_first_pass 456s # here's the fallback if no module succeeds 456s auth requisite pam_deny.so 456s # prime the stack with a positive return value if there isn't one already; 456s # this avoids us returning an error just because nothing sets a success code 456s # since the modules above will each just jump around 456s auth required pam_permit.so 456s # and here are more per-package modules (the "Additional" block) 456s auth optional pam_cap.so 456s # end of pam-auth-update config 456s + echo -n -e 123456 456s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 456s pamtester: invoking pam_start(login, ubuntu, ...) 456s pamtester: performing operation - authenticate 456s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 456s + echo -n -e 123456 456s + runuser -u ubuntu -- pamtester -v login '' authenticate 456s pamtester: invoking pam_start(login, , ...) 456s pamtester: performing operation - authenticate 456s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 456s + echo -n -e wrong123456 456s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 456s pamtester: invoking pam_start(login, ubuntu, ...) 456s pamtester: performing operation - authenticate 458s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 458s + echo -n -e wrong123456 458s + runuser -u ubuntu -- pamtester -v login '' authenticate 458s pamtester: invoking pam_start(login, , ...) 458s pamtester: performing operation - authenticate 461s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 461s + echo -n -e 123456 461s + pamtester -v login root authenticate 461s pamtester: invoking pam_start(login, root, ...) 461s pamtester: performing operation - authenticate 464s Password: pamtester: Authentication failure 464s + for alternative in "${alternative_pam_configs[@]}" 464s + pam-auth-update --enable sss-smart-card-required 465s PAM configuration 465s ----------------- 465s 465s Incompatible PAM profiles selected. 465s 465s The following PAM profiles cannot be used together: 465s 465s SSS required smart card authentication, SSS optional smart card 465s authentication 465s 465s Please select a different set of modules to enable. 465s 465s + cat /etc/pam.d/common-auth 465s # 465s # /etc/pam.d/common-auth - authentication settings common to all services 465s # 465s # This file is included from other service-specific PAM config files, 465s # and should contain a list of the authentication modules that define 465s # the central authentication scheme for use on the system 465s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 465s # traditional Unix authentication mechanisms. 465s # 465s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 465s # To take advantage of this, it is recommended that you configure any 465s # local modules either before or after the default block, and use 465s # pam-auth-update to manage selection of other modules. See 465s # pam-auth-update(8) for details. 465s 465s # here are the per-package modules (the "Primary" block) 465s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 465s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 465s auth [success=1 default=ignore] pam_sss.so use_first_pass 465s # here's the fallback if no module succeeds 465s auth requisite pam_deny.so 465s # prime the stack with a positive return value if there isn't one already; 465s # this avoids us returning an error just because nothing sets a success code 465s # since the modules above will each just jump around 465s auth required pam_permit.so 465s # and here are more per-package modules (the "Additional" block) 465s auth optional pam_cap.so 465s # end of pam-auth-update config 465s + echo -n -e 123456 465s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 465s pamtester: invoking pam_start(login, ubuntu, ...) 465s pamtester: performing operation - authenticate 465s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 465s + echo -n -e 123456 465s + runuser -u ubuntu -- pamtester -v login '' authenticate 465s pamtester: invoking pam_start(login, , ...) 465s pamtester: performing operation - authenticate 465s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 465s + echo -n -e wrong123456 465s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 465s pamtester: invoking pam_start(login, ubuntu, ...) 465s pamtester: performing operation - authenticate 468s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 468s + echo -n -e wrong123456 468s + runuser -u ubuntu -- pamtester -v login '' authenticate 468s pamtester: invoking pam_start(login, , ...) 468s pamtester: performing operation - authenticate 471s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 471s + echo -n -e 123456 471s + pamtester -v login root authenticate 471s pamtester: invoking pam_start(login, root, ...) 471s pamtester: performing operation - authenticate 474s pamtester: Authentication service cannot retrieve authentication info 474s + handle_exit 474s + exit_code=0 474s + restore_changes 474s + for path in "${restore_paths[@]}" 474s + local original_path 474s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-h0f7qu /tmp/sssd-softhsm2-backups-h0f7qu//etc/softhsm/softhsm2.conf 474s + original_path=/etc/softhsm/softhsm2.conf 474s + rm /etc/softhsm/softhsm2.conf 474s + mv /tmp/sssd-softhsm2-backups-h0f7qu//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 474s + for path in "${delete_paths[@]}" 474s + rm -f /etc/sssd/sssd.conf 474s + for path in "${delete_paths[@]}" 474s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 474s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 474s + '[' -e /etc/sssd/sssd.conf ']' 474s + systemctl stop sssd 475s + '[' -e /etc/softhsm/softhsm2.conf ']' 475s + chmod 600 /etc/softhsm/softhsm2.conf 475s + rm -rf /tmp/sssd-softhsm2-certs-fm0382 475s Script completed successfully! 475s + '[' 0 = 0 ']' 475s + rm -rf /tmp/sssd-softhsm2-backups-h0f7qu 475s + set +x 475s autopkgtest [03:32:08]: test sssd-smart-card-pam-auth-configs: -----------------------] 475s autopkgtest [03:32:08]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 475s sssd-smart-card-pam-auth-configs PASS 476s autopkgtest [03:32:09]: @@@@@@@@@@@@@@@@@@@@ summary 476s ldap-user-group-ldap-auth PASS 476s ldap-user-group-krb5-auth PASS 476s sssd-softhism2-certificates-tests.sh PASS 476s sssd-smart-card-pam-auth-configs PASS 494s nova [W] Using flock in prodstack6-arm64 494s flock: timeout while waiting to get lock 494s Creating nova instance adt-plucky-arm64-sssd-20250117-032412-juju-7f2275-prod-proposed-migration-environment-2-0b1d71e1-cafb-434d-a541-1690197f9f4a from image adt/ubuntu-plucky-arm64-server-20250117.img (UUID 16a981e8-12f4-4912-806e-ebb4c2361146)... 494s nova [W] Timed out waiting for 6e878ffb-5a21-4937-9f0c-a5bc5d85f58d to get deleted. 494s nova [W] Using flock in prodstack6-arm64 494s Creating nova instance adt-plucky-arm64-sssd-20250117-032412-juju-7f2275-prod-proposed-migration-environment-2-0b1d71e1-cafb-434d-a541-1690197f9f4a from image adt/ubuntu-plucky-arm64-server-20250117.img (UUID 16a981e8-12f4-4912-806e-ebb4c2361146)... 494s nova [W] Timed out waiting for c6e91a03-c4c5-4999-999d-9eb0797d59b9 to get deleted.