0s autopkgtest [14:11:13]: starting date and time: 2025-01-17 14:11:13+0000 0s autopkgtest [14:11:13]: git checkout: 325255d2 Merge branch 'pin-any-arch' into 'ubuntu/production' 0s autopkgtest [14:11:13]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.ppktdqs3/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:openldap --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=openldap/2.6.9+dfsg-1~exp2ubuntu1' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos03-arm64-20.secgroup --name adt-plucky-arm64-sssd-20250117-141113-juju-7f2275-prod-proposed-migration-environment-2-108afe42-4572-4c1c-bf97-83a68265a4ff --image adt/ubuntu-plucky-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com,radosgw.ps5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 171s autopkgtest [14:14:04]: testbed dpkg architecture: arm64 171s autopkgtest [14:14:04]: testbed apt version: 2.9.18 172s autopkgtest [14:14:05]: @@@@@@@@@@@@@@@@@@@@ test bed setup 172s autopkgtest [14:14:05]: testbed release detected to be: None 173s autopkgtest [14:14:06]: updating testbed package index (apt update) 173s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 173s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 173s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 174s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 174s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 174s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [177 kB] 174s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [15.7 kB] 174s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [877 kB] 174s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 Packages [318 kB] 174s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted arm64 Packages [57.8 kB] 174s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 Packages [1079 kB] 174s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse arm64 Packages [11.2 kB] 174s Fetched 2618 kB in 1s (2443 kB/s) 176s Reading package lists... 176s + lsb_release --codename --short 176s + RELEASE=plucky 176s + cat 176s + [ plucky != trusty ] 176s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y --allow-downgrades -o Dpkg::Options::=--force-confnew dist-upgrade 177s Reading package lists... 177s Building dependency tree... 177s Reading state information... 178s Calculating upgrade... 179s The following packages will be upgraded: 179s libgudev-1.0-0 usb.ids 179s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 179s Need to get 238 kB of archives. 179s After this operation, 1024 B of additional disk space will be used. 179s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 usb.ids all 2025.01.14-1 [223 kB] 179s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 libgudev-1.0-0 arm64 1:238-6 [14.9 kB] 180s Fetched 238 kB in 1s (467 kB/s) 181s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80204 files and directories currently installed.) 181s Preparing to unpack .../usb.ids_2025.01.14-1_all.deb ... 181s Unpacking usb.ids (2025.01.14-1) over (2024.12.04-1) ... 181s Preparing to unpack .../libgudev-1.0-0_1%3a238-6_arm64.deb ... 181s Unpacking libgudev-1.0-0:arm64 (1:238-6) over (1:238-5ubuntu1) ... 181s Setting up usb.ids (2025.01.14-1) ... 181s Setting up libgudev-1.0-0:arm64 (1:238-6) ... 181s Processing triggers for libc-bin (2.40-4ubuntu1) ... 181s + rm /etc/apt/preferences.d/force-downgrade-to-release.pref 181s + /usr/lib/apt/apt-helper analyze-pattern ?true 181s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y purge --autoremove ?obsolete 181s Reading package lists... 181s Building dependency tree... 181s Reading state information... 182s 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. 182s + grep -q trusty /etc/lsb-release 182s + [ ! -d /usr/share/doc/unattended-upgrades ] 182s + [ ! -d /usr/share/doc/lxd ] 182s + [ ! -d /usr/share/doc/lxd-client ] 182s + [ ! -d /usr/share/doc/snapd ] 182s + type iptables 182s + cat 182s + chmod 755 /etc/rc.local 182s + . /etc/rc.local 182s + iptables -w -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 182s + iptables -A OUTPUT -d 10.255.255.1/32 -p tcp -j DROP 182s + iptables -A OUTPUT -d 10.255.255.2/32 -p tcp -j DROP 182s + uname -m 182s + [ aarch64 = ppc64le ] 182s + [ -d /run/systemd/system ] 182s + systemd-detect-virt --quiet --vm 182s + mkdir -p /etc/systemd/system/systemd-random-seed.service.d/ 182s + cat 182s + grep -q lz4 /etc/initramfs-tools/initramfs.conf 182s + echo COMPRESS=lz4 182s + sync 182s autopkgtest [14:14:15]: upgrading testbed (apt dist-upgrade and autopurge) 183s Reading package lists... 183s Building dependency tree... 183s Reading state information... 184s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 185s Starting 2 pkgProblemResolver with broken count: 0 185s Done 186s Entering ResolveByKeep 187s 188s The following packages will be upgraded: 188s libldap-common libldap2 188s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 188s Need to get 232 kB of archives. 188s After this operation, 1024 B of additional disk space will be used. 188s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libldap-common all 2.6.9+dfsg-1~exp2ubuntu1 [33.2 kB] 188s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libldap2 arm64 2.6.9+dfsg-1~exp2ubuntu1 [198 kB] 188s Fetched 232 kB in 0s (524 kB/s) 189s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80204 files and directories currently installed.) 189s Preparing to unpack .../libldap-common_2.6.9+dfsg-1~exp2ubuntu1_all.deb ... 189s Unpacking libldap-common (2.6.9+dfsg-1~exp2ubuntu1) over (2.6.8+dfsg-1~exp4ubuntu3) ... 189s Preparing to unpack .../libldap2_2.6.9+dfsg-1~exp2ubuntu1_arm64.deb ... 189s Unpacking libldap2:arm64 (2.6.9+dfsg-1~exp2ubuntu1) over (2.6.8+dfsg-1~exp4ubuntu3) ... 189s Setting up libldap-common (2.6.9+dfsg-1~exp2ubuntu1) ... 189s Installing new version of config file /etc/ldap/ldap.conf ... 189s Setting up libldap2:arm64 (2.6.9+dfsg-1~exp2ubuntu1) ... 189s Processing triggers for man-db (2.13.0-1) ... 189s Processing triggers for libc-bin (2.40-4ubuntu1) ... 189s Reading package lists... 190s Building dependency tree... 190s Reading state information... 190s Starting pkgProblemResolver with broken count: 0 190s Starting 2 pkgProblemResolver with broken count: 0 190s Done 191s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 194s autopkgtest [14:14:27]: testbed running kernel: Linux 6.11.0-8-generic #8-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 16 14:19:41 UTC 2024 194s autopkgtest [14:14:27]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 213s Get:1 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (dsc) [5048 B] 213s Get:2 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (tar) [8002 kB] 213s Get:3 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (diff) [49.2 kB] 213s gpgv: Signature made Wed Jul 3 23:54:05 2024 UTC 213s gpgv: using RSA key 8AFD08D3D1B817B2DF8982F501AC4B4083590A98 213s gpgv: Can't check signature: No public key 213s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.5-3ubuntu2.dsc: no acceptable signature found 214s autopkgtest [14:14:47]: testing package sssd version 2.9.5-3ubuntu2 220s autopkgtest [14:14:53]: build not needed 233s autopkgtest [14:15:06]: test ldap-user-group-ldap-auth: preparing testbed 233s Reading package lists... 233s Building dependency tree... 233s Reading state information... 234s Starting pkgProblemResolver with broken count: 1 234s Starting 2 pkgProblemResolver with broken count: 1 234s Investigating (0) slapd:arm64 < none -> 2.6.9+dfsg-1~exp2ubuntu1 @un puN Ib > 234s Broken slapd:arm64 Depends on libargon2-1:arm64 < none | 0~20190702+dfsg-4build1 @un uH > (>= 0~20171227) 234s Considering libargon2-1:arm64 0 as a solution to slapd:arm64 0 234s Re-Instated libargon2-1:arm64 234s Broken slapd:arm64 Depends on libltdl7:arm64 < none | 2.4.7-8 @un uH > (>= 2.5.4) 234s Considering libltdl7:arm64 0 as a solution to slapd:arm64 0 234s Re-Instated libltdl7:arm64 234s Broken slapd:arm64 Depends on libodbc2:arm64 < none | 2.3.12-1ubuntu1 @un uH > (>= 2.3.1) 234s Considering libodbc2:arm64 0 as a solution to slapd:arm64 0 234s Re-Instated libodbc2:arm64 234s Done 234s Some packages could not be installed. This may mean that you have 234s requested an impossible situation or if you are using the unstable 234s distribution that some required packages have not yet been created 234s or been moved out of Incoming. 234s The following information may help to resolve the situation: 234s 234s The following packages have unmet dependencies: 234s slapd : Depends: libltdl7 (>= 2.5.4) but 2.4.7-8 is to be installed 234s E: Unable to correct problems, you have held broken packages. 234s autopkgtest: WARNING: Test dependencies are unsatisfiable with using apt pinning. Retrying with using all packages from plucky-proposed 235s Reading package lists... 235s Building dependency tree... 235s Reading state information... 236s Starting pkgProblemResolver with broken count: 0 236s Starting 2 pkgProblemResolver with broken count: 0 236s Done 237s The following packages were automatically installed and are no longer required: 237s python3.12 python3.12-minimal 237s Use 'sudo apt autoremove' to remove them. 237s The following NEW packages will be installed: 237s expect ldap-utils libargon2-1 libavahi-client3 libavahi-common-data 237s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 237s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 237s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 237s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 237s libpwquality-common libpwquality1 libpython3.13-minimal libpython3.13-stdlib 237s libref-array1t64 libsmbclient0 libsss-certmap-dev libsss-certmap0 237s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 237s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 libverto-libevent1t64 237s libverto1t64 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 237s python3-sss python3.13 python3.13-minimal samba-libs slapd sssd sssd-ad 237s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 237s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 237s tcl8.6 237s The following packages will be upgraded: 237s krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 237s libpython3-stdlib python3 python3-minimal python3.13-gdbm 237s 9 upgraded, 69 newly installed, 0 to remove and 120 not upgraded. 237s Need to get 19.7 MB of archives. 237s After this operation, 86.1 MB of additional disk space will be used. 237s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpython3.13-minimal arm64 3.13.1-3 [879 kB] 237s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3.13-minimal arm64 3.13.1-3 [2262 kB] 238s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3-minimal arm64 3.13.1-1~exp2 [27.6 kB] 238s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3 arm64 3.13.1-1~exp2 [23.9 kB] 238s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpython3.13-stdlib arm64 3.13.1-3 [2061 kB] 238s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3.13 arm64 3.13.1-3 [729 kB] 238s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpython3-stdlib arm64 3.13.1-1~exp2 [10.2 kB] 238s Get:8 http://ftpmaster.internal/ubuntu plucky/main arm64 libargon2-1 arm64 0~20190702+dfsg-4build1 [20.5 kB] 238s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libltdl7 arm64 2.5.4-2 [42.8 kB] 238s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libodbc2 arm64 2.3.12-2ubuntu1 [147 kB] 238s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 slapd arm64 2.6.9+dfsg-1~exp2ubuntu1 [1530 kB] 238s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 krb5-locales all 1.21.3-4 [14.5 kB] 238s Get:13 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libgssapi-krb5-2 arm64 1.21.3-4 [144 kB] 238s Get:14 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkrb5-3 arm64 1.21.3-4 [350 kB] 238s Get:15 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkrb5support0 arm64 1.21.3-4 [34.4 kB] 238s Get:16 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libk5crypto3 arm64 1.21.3-4 [86.1 kB] 238s Get:17 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libtcl8.6 arm64 8.6.16+dfsg-1 [987 kB] 238s Get:18 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 tcl8.6 arm64 8.6.16+dfsg-1 [14.8 kB] 238s Get:19 http://ftpmaster.internal/ubuntu plucky/universe arm64 tcl-expect arm64 5.45.4-3 [112 kB] 238s Get:20 http://ftpmaster.internal/ubuntu plucky/universe arm64 expect arm64 5.45.4-3 [137 kB] 238s Get:21 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 ldap-utils arm64 2.6.9+dfsg-1~exp2ubuntu1 [149 kB] 238s Get:22 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common-data arm64 0.8-14ubuntu1 [30.5 kB] 238s Get:23 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common3 arm64 0.8-14ubuntu1 [23.1 kB] 238s Get:24 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-client3 arm64 0.8-14ubuntu1 [27.3 kB] 238s Get:25 http://ftpmaster.internal/ubuntu plucky/main arm64 libbasicobjects0t64 arm64 0.6.2-3 [5882 B] 238s Get:26 http://ftpmaster.internal/ubuntu plucky/main arm64 libcares2 arm64 1.34.4-2.1 [100 kB] 238s Get:27 http://ftpmaster.internal/ubuntu plucky/main arm64 libcollection4t64 arm64 0.6.2-3 [23.6 kB] 238s Get:28 http://ftpmaster.internal/ubuntu plucky/main arm64 libcrack2 arm64 2.9.6-5.2 [28.9 kB] 238s Get:29 http://ftpmaster.internal/ubuntu plucky/main arm64 libdhash1t64 arm64 0.6.2-3 [8914 B] 238s Get:30 http://ftpmaster.internal/ubuntu plucky/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-10 [140 kB] 238s Get:31 http://ftpmaster.internal/ubuntu plucky/main arm64 libpath-utils1t64 arm64 0.6.2-3 [9088 B] 238s Get:32 http://ftpmaster.internal/ubuntu plucky/main arm64 libref-array1t64 arm64 0.6.2-3 [7312 B] 238s Get:33 http://ftpmaster.internal/ubuntu plucky/main arm64 libini-config5t64 arm64 0.6.2-3 [44.4 kB] 238s Get:34 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libipa-hbac0t64 arm64 2.10.1-2ubuntu1 [18.4 kB] 238s Get:35 http://ftpmaster.internal/ubuntu plucky/universe arm64 libjose0 arm64 14-1 [44.9 kB] 238s Get:36 http://ftpmaster.internal/ubuntu plucky/main arm64 libverto-libevent1t64 arm64 0.3.1-1.2ubuntu3 [6328 B] 238s Get:37 http://ftpmaster.internal/ubuntu plucky/main arm64 libverto1t64 arm64 0.3.1-1.2ubuntu3 [10.4 kB] 238s Get:38 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkrad0 arm64 1.21.3-4 [22.3 kB] 238s Get:39 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libtalloc2 arm64 2.4.2-2build1 [27.2 kB] 238s Get:40 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libtdb1 arm64 1.4.12-1build1 [49.0 kB] 238s Get:41 http://ftpmaster.internal/ubuntu plucky/main arm64 libtevent0t64 arm64 0.16.1-3 [42.3 kB] 238s Get:42 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libldb2 arm64 2:2.9.1+samba4.20.4+dfsg-1ubuntu5 [193 kB] 238s Get:43 http://ftpmaster.internal/ubuntu plucky/main arm64 libnfsidmap1 arm64 1:2.6.4-4ubuntu1 [48.3 kB] 238s Get:44 http://ftpmaster.internal/ubuntu plucky/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 238s Get:45 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpwquality-common all 1.4.5-3build2 [7820 B] 238s Get:46 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpwquality1 arm64 1.4.5-3build2 [13.7 kB] 238s Get:47 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpam-pwquality arm64 1.4.5-3build2 [11.9 kB] 239s Get:48 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libwbclient0 arm64 2:4.20.4+dfsg-1ubuntu5 [76.7 kB] 239s Get:49 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 samba-libs arm64 2:4.20.4+dfsg-1ubuntu5 [6307 kB] 239s Get:50 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsmbclient0 arm64 2:4.20.4+dfsg-1ubuntu5 [62.8 kB] 239s Get:51 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3.13-gdbm arm64 3.13.1-3 [31.1 kB] 239s Get:52 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libnss-sss arm64 2.10.1-2ubuntu1 [33.1 kB] 239s Get:53 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpam-sss arm64 2.10.1-2ubuntu1 [50.4 kB] 239s Get:54 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3-sss arm64 2.10.1-2ubuntu1 [46.6 kB] 239s Get:55 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-certmap0 arm64 2.10.1-2ubuntu1 [47.7 kB] 239s Get:56 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-idmap0 arm64 2.10.1-2ubuntu1 [23.5 kB] 239s Get:57 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-nss-idmap0 arm64 2.10.1-2ubuntu1 [31.8 kB] 239s Get:58 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-common arm64 2.10.1-2ubuntu1 [1134 kB] 239s Get:59 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 sssd-idp arm64 2.10.1-2ubuntu1 [28.3 kB] 239s Get:60 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 sssd-passkey arm64 2.10.1-2ubuntu1 [32.8 kB] 239s Get:61 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libipa-hbac-dev arm64 2.10.1-2ubuntu1 [6666 B] 239s Get:62 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-certmap-dev arm64 2.10.1-2ubuntu1 [5726 B] 239s Get:63 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-idmap-dev arm64 2.10.1-2ubuntu1 [8380 B] 239s Get:64 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-nss-idmap-dev arm64 2.10.1-2ubuntu1 [6712 B] 239s Get:65 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 libsss-sudo arm64 2.10.1-2ubuntu1 [22.0 kB] 239s Get:66 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 python3-libipa-hbac arm64 2.10.1-2ubuntu1 [16.8 kB] 239s Get:67 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 python3-libsss-nss-idmap arm64 2.10.1-2ubuntu1 [9286 B] 239s Get:68 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ad-common arm64 2.10.1-2ubuntu1 [74.2 kB] 239s Get:69 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-krb5-common arm64 2.10.1-2ubuntu1 [90.0 kB] 239s Get:70 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ad arm64 2.10.1-2ubuntu1 [136 kB] 239s Get:71 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ipa arm64 2.10.1-2ubuntu1 [222 kB] 239s Get:72 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-krb5 arm64 2.10.1-2ubuntu1 [14.4 kB] 239s Get:73 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ldap arm64 2.10.1-2ubuntu1 [31.8 kB] 239s Get:74 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-proxy arm64 2.10.1-2ubuntu1 [44.3 kB] 239s Get:75 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd arm64 2.10.1-2ubuntu1 [4118 B] 239s Get:76 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-dbus arm64 2.10.1-2ubuntu1 [101 kB] 239s Get:77 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 sssd-kcm arm64 2.10.1-2ubuntu1 [138 kB] 239s Get:78 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-tools arm64 2.10.1-2ubuntu1 [98.8 kB] 240s Preconfiguring packages ... 240s Fetched 19.7 MB in 3s (7384 kB/s) 240s Selecting previously unselected package libpython3.13-minimal:arm64. 240s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80203 files and directories currently installed.) 240s Preparing to unpack .../libpython3.13-minimal_3.13.1-3_arm64.deb ... 240s Unpacking libpython3.13-minimal:arm64 (3.13.1-3) ... 240s Selecting previously unselected package python3.13-minimal. 240s Preparing to unpack .../python3.13-minimal_3.13.1-3_arm64.deb ... 240s Unpacking python3.13-minimal (3.13.1-3) ... 240s Setting up libpython3.13-minimal:arm64 (3.13.1-3) ... 240s Setting up python3.13-minimal (3.13.1-3) ... 242s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80524 files and directories currently installed.) 242s Preparing to unpack .../python3-minimal_3.13.1-1~exp2_arm64.deb ... 242s Unpacking python3-minimal (3.13.1-1~exp2) over (3.12.8-1) ... 242s Setting up python3-minimal (3.13.1-1~exp2) ... 242s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80524 files and directories currently installed.) 242s Preparing to unpack .../00-python3_3.13.1-1~exp2_arm64.deb ... 242s Unpacking python3 (3.13.1-1~exp2) over (3.12.8-1) ... 242s Selecting previously unselected package libpython3.13-stdlib:arm64. 242s Preparing to unpack .../01-libpython3.13-stdlib_3.13.1-3_arm64.deb ... 242s Unpacking libpython3.13-stdlib:arm64 (3.13.1-3) ... 242s Selecting previously unselected package python3.13. 242s Preparing to unpack .../02-python3.13_3.13.1-3_arm64.deb ... 242s Unpacking python3.13 (3.13.1-3) ... 242s Preparing to unpack .../03-libpython3-stdlib_3.13.1-1~exp2_arm64.deb ... 242s Unpacking libpython3-stdlib:arm64 (3.13.1-1~exp2) over (3.12.8-1) ... 242s Selecting previously unselected package libargon2-1:arm64. 242s Preparing to unpack .../04-libargon2-1_0~20190702+dfsg-4build1_arm64.deb ... 242s Unpacking libargon2-1:arm64 (0~20190702+dfsg-4build1) ... 242s Selecting previously unselected package libltdl7:arm64. 242s Preparing to unpack .../05-libltdl7_2.5.4-2_arm64.deb ... 242s Unpacking libltdl7:arm64 (2.5.4-2) ... 242s Selecting previously unselected package libodbc2:arm64. 242s Preparing to unpack .../06-libodbc2_2.3.12-2ubuntu1_arm64.deb ... 242s Unpacking libodbc2:arm64 (2.3.12-2ubuntu1) ... 242s Selecting previously unselected package slapd. 242s Preparing to unpack .../07-slapd_2.6.9+dfsg-1~exp2ubuntu1_arm64.deb ... 242s Unpacking slapd (2.6.9+dfsg-1~exp2ubuntu1) ... 243s Preparing to unpack .../08-krb5-locales_1.21.3-4_all.deb ... 243s Unpacking krb5-locales (1.21.3-4) over (1.21.3-3) ... 243s Preparing to unpack .../09-libgssapi-krb5-2_1.21.3-4_arm64.deb ... 243s Unpacking libgssapi-krb5-2:arm64 (1.21.3-4) over (1.21.3-3) ... 243s Preparing to unpack .../10-libkrb5-3_1.21.3-4_arm64.deb ... 243s Unpacking libkrb5-3:arm64 (1.21.3-4) over (1.21.3-3) ... 243s Preparing to unpack .../11-libkrb5support0_1.21.3-4_arm64.deb ... 243s Unpacking libkrb5support0:arm64 (1.21.3-4) over (1.21.3-3) ... 243s Preparing to unpack .../12-libk5crypto3_1.21.3-4_arm64.deb ... 243s Unpacking libk5crypto3:arm64 (1.21.3-4) over (1.21.3-3) ... 243s Selecting previously unselected package libtcl8.6:arm64. 243s Preparing to unpack .../13-libtcl8.6_8.6.16+dfsg-1_arm64.deb ... 243s Unpacking libtcl8.6:arm64 (8.6.16+dfsg-1) ... 243s Selecting previously unselected package tcl8.6. 243s Preparing to unpack .../14-tcl8.6_8.6.16+dfsg-1_arm64.deb ... 243s Unpacking tcl8.6 (8.6.16+dfsg-1) ... 243s Selecting previously unselected package tcl-expect:arm64. 243s Preparing to unpack .../15-tcl-expect_5.45.4-3_arm64.deb ... 243s Unpacking tcl-expect:arm64 (5.45.4-3) ... 243s Selecting previously unselected package expect. 243s Preparing to unpack .../16-expect_5.45.4-3_arm64.deb ... 243s Unpacking expect (5.45.4-3) ... 243s Selecting previously unselected package ldap-utils. 243s Preparing to unpack .../17-ldap-utils_2.6.9+dfsg-1~exp2ubuntu1_arm64.deb ... 243s Unpacking ldap-utils (2.6.9+dfsg-1~exp2ubuntu1) ... 243s Selecting previously unselected package libavahi-common-data:arm64. 243s Preparing to unpack .../18-libavahi-common-data_0.8-14ubuntu1_arm64.deb ... 243s Unpacking libavahi-common-data:arm64 (0.8-14ubuntu1) ... 243s Selecting previously unselected package libavahi-common3:arm64. 243s Preparing to unpack .../19-libavahi-common3_0.8-14ubuntu1_arm64.deb ... 243s Unpacking libavahi-common3:arm64 (0.8-14ubuntu1) ... 243s Selecting previously unselected package libavahi-client3:arm64. 243s Preparing to unpack .../20-libavahi-client3_0.8-14ubuntu1_arm64.deb ... 243s Unpacking libavahi-client3:arm64 (0.8-14ubuntu1) ... 243s Selecting previously unselected package libbasicobjects0t64:arm64. 243s Preparing to unpack .../21-libbasicobjects0t64_0.6.2-3_arm64.deb ... 243s Unpacking libbasicobjects0t64:arm64 (0.6.2-3) ... 243s Selecting previously unselected package libcares2:arm64. 243s Preparing to unpack .../22-libcares2_1.34.4-2.1_arm64.deb ... 243s Unpacking libcares2:arm64 (1.34.4-2.1) ... 243s Selecting previously unselected package libcollection4t64:arm64. 243s Preparing to unpack .../23-libcollection4t64_0.6.2-3_arm64.deb ... 243s Unpacking libcollection4t64:arm64 (0.6.2-3) ... 243s Selecting previously unselected package libcrack2:arm64. 243s Preparing to unpack .../24-libcrack2_2.9.6-5.2_arm64.deb ... 243s Unpacking libcrack2:arm64 (2.9.6-5.2) ... 243s Selecting previously unselected package libdhash1t64:arm64. 243s Preparing to unpack .../25-libdhash1t64_0.6.2-3_arm64.deb ... 243s Unpacking libdhash1t64:arm64 (0.6.2-3) ... 243s Selecting previously unselected package libevent-2.1-7t64:arm64. 243s Preparing to unpack .../26-libevent-2.1-7t64_2.1.12-stable-10_arm64.deb ... 243s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 243s Selecting previously unselected package libpath-utils1t64:arm64. 243s Preparing to unpack .../27-libpath-utils1t64_0.6.2-3_arm64.deb ... 243s Unpacking libpath-utils1t64:arm64 (0.6.2-3) ... 243s Selecting previously unselected package libref-array1t64:arm64. 243s Preparing to unpack .../28-libref-array1t64_0.6.2-3_arm64.deb ... 243s Unpacking libref-array1t64:arm64 (0.6.2-3) ... 244s Selecting previously unselected package libini-config5t64:arm64. 244s Preparing to unpack .../29-libini-config5t64_0.6.2-3_arm64.deb ... 244s Unpacking libini-config5t64:arm64 (0.6.2-3) ... 244s Selecting previously unselected package libipa-hbac0t64. 244s Preparing to unpack .../30-libipa-hbac0t64_2.10.1-2ubuntu1_arm64.deb ... 244s Unpacking libipa-hbac0t64 (2.10.1-2ubuntu1) ... 244s Selecting previously unselected package libjose0:arm64. 244s Preparing to unpack .../31-libjose0_14-1_arm64.deb ... 244s Unpacking libjose0:arm64 (14-1) ... 244s Selecting previously unselected package libverto-libevent1t64:arm64. 244s Preparing to unpack .../32-libverto-libevent1t64_0.3.1-1.2ubuntu3_arm64.deb ... 244s Unpacking libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 244s Selecting previously unselected package libverto1t64:arm64. 244s Preparing to unpack .../33-libverto1t64_0.3.1-1.2ubuntu3_arm64.deb ... 244s Unpacking libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 244s Selecting previously unselected package libkrad0:arm64. 244s Preparing to unpack .../34-libkrad0_1.21.3-4_arm64.deb ... 244s Unpacking libkrad0:arm64 (1.21.3-4) ... 244s Selecting previously unselected package libtalloc2:arm64. 244s Preparing to unpack .../35-libtalloc2_2.4.2-2build1_arm64.deb ... 244s Unpacking libtalloc2:arm64 (2.4.2-2build1) ... 244s Selecting previously unselected package libtdb1:arm64. 244s Preparing to unpack .../36-libtdb1_1.4.12-1build1_arm64.deb ... 244s Unpacking libtdb1:arm64 (1.4.12-1build1) ... 244s Selecting previously unselected package libtevent0t64:arm64. 244s Preparing to unpack .../37-libtevent0t64_0.16.1-3_arm64.deb ... 244s Unpacking libtevent0t64:arm64 (0.16.1-3) ... 244s Selecting previously unselected package libldb2:arm64. 244s Preparing to unpack .../38-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu5_arm64.deb ... 244s Unpacking libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu5) ... 244s Selecting previously unselected package libnfsidmap1:arm64. 244s Preparing to unpack .../39-libnfsidmap1_1%3a2.6.4-4ubuntu1_arm64.deb ... 244s Unpacking libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 244s Selecting previously unselected package libnss-sudo. 244s Preparing to unpack .../40-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 244s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 244s Selecting previously unselected package libpwquality-common. 244s Preparing to unpack .../41-libpwquality-common_1.4.5-3build2_all.deb ... 244s Unpacking libpwquality-common (1.4.5-3build2) ... 244s Selecting previously unselected package libpwquality1:arm64. 244s Preparing to unpack .../42-libpwquality1_1.4.5-3build2_arm64.deb ... 244s Unpacking libpwquality1:arm64 (1.4.5-3build2) ... 244s Selecting previously unselected package libpam-pwquality:arm64. 244s Preparing to unpack .../43-libpam-pwquality_1.4.5-3build2_arm64.deb ... 244s Unpacking libpam-pwquality:arm64 (1.4.5-3build2) ... 244s Selecting previously unselected package libwbclient0:arm64. 244s Preparing to unpack .../44-libwbclient0_2%3a4.20.4+dfsg-1ubuntu5_arm64.deb ... 244s Unpacking libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 244s Selecting previously unselected package samba-libs:arm64. 244s Preparing to unpack .../45-samba-libs_2%3a4.20.4+dfsg-1ubuntu5_arm64.deb ... 244s Unpacking samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 244s Selecting previously unselected package libsmbclient0:arm64. 244s Preparing to unpack .../46-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu5_arm64.deb ... 244s Unpacking libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 245s Preparing to unpack .../47-python3.13-gdbm_3.13.1-3_arm64.deb ... 245s Unpacking python3.13-gdbm (3.13.1-3) over (3.13.1-2) ... 245s Selecting previously unselected package libnss-sss:arm64. 245s Preparing to unpack .../48-libnss-sss_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking libnss-sss:arm64 (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package libpam-sss:arm64. 245s Preparing to unpack .../49-libpam-sss_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking libpam-sss:arm64 (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package python3-sss. 245s Preparing to unpack .../50-python3-sss_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking python3-sss (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package libsss-certmap0. 245s Preparing to unpack .../51-libsss-certmap0_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking libsss-certmap0 (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package libsss-idmap0. 245s Preparing to unpack .../52-libsss-idmap0_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking libsss-idmap0 (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package libsss-nss-idmap0. 245s Preparing to unpack .../53-libsss-nss-idmap0_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking libsss-nss-idmap0 (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package sssd-common. 245s Preparing to unpack .../54-sssd-common_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking sssd-common (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package sssd-idp. 245s Preparing to unpack .../55-sssd-idp_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking sssd-idp (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package sssd-passkey. 245s Preparing to unpack .../56-sssd-passkey_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking sssd-passkey (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package libipa-hbac-dev. 245s Preparing to unpack .../57-libipa-hbac-dev_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking libipa-hbac-dev (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package libsss-certmap-dev. 245s Preparing to unpack .../58-libsss-certmap-dev_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking libsss-certmap-dev (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package libsss-idmap-dev. 245s Preparing to unpack .../59-libsss-idmap-dev_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking libsss-idmap-dev (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package libsss-nss-idmap-dev. 245s Preparing to unpack .../60-libsss-nss-idmap-dev_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking libsss-nss-idmap-dev (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package libsss-sudo. 245s Preparing to unpack .../61-libsss-sudo_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking libsss-sudo (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package python3-libipa-hbac. 245s Preparing to unpack .../62-python3-libipa-hbac_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking python3-libipa-hbac (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package python3-libsss-nss-idmap. 245s Preparing to unpack .../63-python3-libsss-nss-idmap_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking python3-libsss-nss-idmap (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package sssd-ad-common. 245s Preparing to unpack .../64-sssd-ad-common_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking sssd-ad-common (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package sssd-krb5-common. 245s Preparing to unpack .../65-sssd-krb5-common_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking sssd-krb5-common (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package sssd-ad. 245s Preparing to unpack .../66-sssd-ad_2.10.1-2ubuntu1_arm64.deb ... 245s Unpacking sssd-ad (2.10.1-2ubuntu1) ... 245s Selecting previously unselected package sssd-ipa. 246s Preparing to unpack .../67-sssd-ipa_2.10.1-2ubuntu1_arm64.deb ... 246s Unpacking sssd-ipa (2.10.1-2ubuntu1) ... 246s Selecting previously unselected package sssd-krb5. 246s Preparing to unpack .../68-sssd-krb5_2.10.1-2ubuntu1_arm64.deb ... 246s Unpacking sssd-krb5 (2.10.1-2ubuntu1) ... 246s Selecting previously unselected package sssd-ldap. 246s Preparing to unpack .../69-sssd-ldap_2.10.1-2ubuntu1_arm64.deb ... 246s Unpacking sssd-ldap (2.10.1-2ubuntu1) ... 246s Selecting previously unselected package sssd-proxy. 246s Preparing to unpack .../70-sssd-proxy_2.10.1-2ubuntu1_arm64.deb ... 246s Unpacking sssd-proxy (2.10.1-2ubuntu1) ... 246s Selecting previously unselected package sssd. 246s Preparing to unpack .../71-sssd_2.10.1-2ubuntu1_arm64.deb ... 246s Unpacking sssd (2.10.1-2ubuntu1) ... 246s Selecting previously unselected package sssd-dbus. 246s Preparing to unpack .../72-sssd-dbus_2.10.1-2ubuntu1_arm64.deb ... 246s Unpacking sssd-dbus (2.10.1-2ubuntu1) ... 246s Selecting previously unselected package sssd-kcm. 246s Preparing to unpack .../73-sssd-kcm_2.10.1-2ubuntu1_arm64.deb ... 246s Unpacking sssd-kcm (2.10.1-2ubuntu1) ... 246s Selecting previously unselected package sssd-tools. 246s Preparing to unpack .../74-sssd-tools_2.10.1-2ubuntu1_arm64.deb ... 246s Unpacking sssd-tools (2.10.1-2ubuntu1) ... 246s Setting up libpwquality-common (1.4.5-3build2) ... 246s Setting up libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 246s Setting up libsss-idmap0 (2.10.1-2ubuntu1) ... 246s Setting up libbasicobjects0t64:arm64 (0.6.2-3) ... 246s Setting up libipa-hbac0t64 (2.10.1-2ubuntu1) ... 246s Setting up libsss-idmap-dev (2.10.1-2ubuntu1) ... 246s Setting up libref-array1t64:arm64 (0.6.2-3) ... 246s Setting up libipa-hbac-dev (2.10.1-2ubuntu1) ... 246s Setting up libtdb1:arm64 (1.4.12-1build1) ... 246s Setting up libargon2-1:arm64 (0~20190702+dfsg-4build1) ... 246s Setting up libcollection4t64:arm64 (0.6.2-3) ... 246s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 246s Setting up krb5-locales (1.21.3-4) ... 246s Setting up ldap-utils (2.6.9+dfsg-1~exp2ubuntu1) ... 246s Setting up libjose0:arm64 (14-1) ... 246s Setting up libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 246s Setting up libkrb5support0:arm64 (1.21.3-4) ... 246s Setting up libtalloc2:arm64 (2.4.2-2build1) ... 246s Setting up libpath-utils1t64:arm64 (0.6.2-3) ... 246s Setting up libavahi-common-data:arm64 (0.8-14ubuntu1) ... 246s Setting up libcares2:arm64 (1.34.4-2.1) ... 246s Setting up libdhash1t64:arm64 (0.6.2-3) ... 246s Setting up libtcl8.6:arm64 (8.6.16+dfsg-1) ... 246s Setting up libk5crypto3:arm64 (1.21.3-4) ... 246s Setting up libltdl7:arm64 (2.5.4-2) ... 246s Setting up libcrack2:arm64 (2.9.6-5.2) ... 246s Setting up libodbc2:arm64 (2.3.12-2ubuntu1) ... 246s Setting up libkrb5-3:arm64 (1.21.3-4) ... 246s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 246s Setting up libsss-nss-idmap0 (2.10.1-2ubuntu1) ... 246s Setting up libini-config5t64:arm64 (0.6.2-3) ... 246s Setting up libpython3.13-stdlib:arm64 (3.13.1-3) ... 246s Setting up libtevent0t64:arm64 (0.16.1-3) ... 246s Setting up python3.13-gdbm (3.13.1-3) ... 246s Setting up libpython3-stdlib:arm64 (3.13.1-1~exp2) ... 246s Setting up libnss-sss:arm64 (2.10.1-2ubuntu1) ... 246s Setting up slapd (2.6.9+dfsg-1~exp2ubuntu1) ... 246s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 246s Can't find configuration db, was SSSD configured and run? 246s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 246s Can't find configuration db, was SSSD configured and run? 246s Creating new user openldap... [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 246s Can't find configuration db, was SSSD configured and run? 246s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 246s Can't find configuration db, was SSSD configured and run? 246s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 246s Can't find configuration db, was SSSD configured and run? 246s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 246s Can't find configuration db, was SSSD configured and run? 246s done. 246s Creating initial configuration... done. 246s Creating LDAP directory... done. 247s Created symlink '/etc/systemd/system/multi-user.target.wants/slapd.service' → '/usr/lib/systemd/system/slapd.service'. 247s Setting up tcl8.6 (8.6.16+dfsg-1) ... 247s Setting up libsss-sudo (2.10.1-2ubuntu1) ... 247s Setting up python3.13 (3.13.1-3) ... 248s Setting up libsss-nss-idmap-dev (2.10.1-2ubuntu1) ... 248s Setting up libavahi-common3:arm64 (0.8-14ubuntu1) ... 248s Setting up tcl-expect:arm64 (5.45.4-3) ... 248s Setting up python3 (3.13.1-1~exp2) ... 248s /usr/bin/py3clean:101: DeprecationWarning: glob.glob1 is deprecated and will be removed in Python 3.15. Use glob.glob and pass a directory to its root_dir argument instead. 248s for fn in glob1(directory, "%s.*" % fname): 249s Setting up libsss-certmap0 (2.10.1-2ubuntu1) ... 249s Setting up libpwquality1:arm64 (1.4.5-3build2) ... 249s Setting up libgssapi-krb5-2:arm64 (1.21.3-4) ... 249s Setting up python3-libsss-nss-idmap (2.10.1-2ubuntu1) ... 249s Setting up python3-libipa-hbac (2.10.1-2ubuntu1) ... 249s Setting up libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu5) ... 249s Setting up libavahi-client3:arm64 (0.8-14ubuntu1) ... 249s Setting up expect (5.45.4-3) ... 249s Setting up libpam-pwquality:arm64 (1.4.5-3build2) ... 249s Setting up samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 249s Setting up libsss-certmap-dev (2.10.1-2ubuntu1) ... 249s Setting up python3-sss (2.10.1-2ubuntu1) ... 249s Setting up libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 249s Setting up libpam-sss:arm64 (2.10.1-2ubuntu1) ... 249s Setting up sssd-common (2.10.1-2ubuntu1) ... 249s Creating SSSD system user & group... 250s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 250s Can't find configuration db, was SSSD configured and run? 250s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 250s Can't find configuration db, was SSSD configured and run? 250s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 250s Can't find configuration db, was SSSD configured and run? 250s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 250s Can't find configuration db, was SSSD configured and run? 250s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 250s Can't find configuration db, was SSSD configured and run? 250s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 250s Can't find configuration db, was SSSD configured and run? 250s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 250s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 250s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 250s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 250s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 250s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 251s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 251s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 251s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 252s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 252s sssd-autofs.service is a disabled or a static unit, not starting it. 252s sssd-nss.service is a disabled or a static unit, not starting it. 252s sssd-pam.service is a disabled or a static unit, not starting it. 252s sssd-ssh.service is a disabled or a static unit, not starting it. 252s sssd-sudo.service is a disabled or a static unit, not starting it. 252s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 252s Setting up sssd-proxy (2.10.1-2ubuntu1) ... 252s Setting up sssd-kcm (2.10.1-2ubuntu1) ... 252s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 253s sssd-kcm.service is a disabled or a static unit, not starting it. 253s Setting up sssd-dbus (2.10.1-2ubuntu1) ... 253s sssd-ifp.service is a disabled or a static unit, not starting it. 253s Setting up sssd-ad-common (2.10.1-2ubuntu1) ... 253s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 254s sssd-pac.service is a disabled or a static unit, not starting it. 254s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 254s Setting up sssd-krb5-common (2.10.1-2ubuntu1) ... 254s Setting up sssd-krb5 (2.10.1-2ubuntu1) ... 254s Setting up sssd-ldap (2.10.1-2ubuntu1) ... 254s Setting up sssd-ad (2.10.1-2ubuntu1) ... 254s Setting up sssd-tools (2.10.1-2ubuntu1) ... 254s Setting up sssd-ipa (2.10.1-2ubuntu1) ... 254s Setting up sssd (2.10.1-2ubuntu1) ... 254s Setting up libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 254s Setting up libkrad0:arm64 (1.21.3-4) ... 254s Setting up libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 254s Setting up sssd-passkey (2.10.1-2ubuntu1) ... 254s Setting up sssd-idp (2.10.1-2ubuntu1) ... 254s Processing triggers for libc-bin (2.40-4ubuntu1) ... 254s Processing triggers for systemd (257-2ubuntu1) ... 254s Processing triggers for man-db (2.13.0-1) ... 255s Processing triggers for dbus (1.14.10-4ubuntu5) ... 262s autopkgtest [14:15:35]: test ldap-user-group-ldap-auth: [----------------------- 262s + . debian/tests/util 262s + . debian/tests/common-tests 262s + mydomain=example.com 262s + myhostname=ldap.example.com 262s + mysuffix=dc=example,dc=com 262s + admin_dn=cn=admin,dc=example,dc=com 262s + admin_pw=secret 262s + ldap_user=testuser1 262s + ldap_user_pw=testuser1secret 262s + ldap_group=ldapusers 262s + adjust_hostname ldap.example.com 262s + local myhostname=ldap.example.com 262s + echo ldap.example.com 262s + hostname ldap.example.com 262s + grep -qE ldap.example.com /etc/hosts 262s + echo 127.0.1.10 ldap.example.com 262s + reconfigure_slapd 262s + debconf-set-selections 263s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 263s + dpkg-reconfigure -fnoninteractive -pcritical slapd 263s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1... done. 263s Moving old database directory to /var/backups: 263s - directory unknown... done. 263s Creating initial configuration... done. 263s Creating LDAP directory... done. 264s + generate_certs ldap.example.com 264s + local cn=ldap.example.com 264s + local cert=/etc/ldap/server.pem 264s + local key=/etc/ldap/server.key 264s + local cnf=/etc/ldap/openssl.cnf 264s + cat 264s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 264s .......++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 264s .++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 264s ----- 264s + chmod 0640 /etc/ldap/server.key 264s + chgrp openldap /etc/ldap/server.key 264s + [ ! -f /etc/ldap/server.pem ] 264s + [ ! -f /etc/ldap/server.key ] 264s + enable_ldap_ssl 264s + cat 264s + cat 264s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 264s ldap_modify: Other (e.g., implementation specific) error (80) 264s modifying entry "cn=config" 264s 264s autopkgtest [14:15:37]: test ldap-user-group-ldap-auth: -----------------------] 265s ldap-user-group-ldap-auth FAIL non-zero exit status 80 265s autopkgtest [14:15:38]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 265s autopkgtest [14:15:38]: test ldap-user-group-krb5-auth: preparing testbed 265s Reading package lists... 266s Building dependency tree... 266s Reading state information... 266s Starting pkgProblemResolver with broken count: 0 266s Starting 2 pkgProblemResolver with broken count: 0 266s Done 267s The following packages were automatically installed and are no longer required: 267s python3.12 python3.12-minimal 267s Use 'sudo apt autoremove' to remove them. 267s The following NEW packages will be installed: 267s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 267s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 267s 0 upgraded, 8 newly installed, 0 to remove and 120 not upgraded. 267s Need to get 609 kB of archives. 267s After this operation, 2994 kB of additional disk space will be used. 267s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 krb5-config all 2.7 [22.0 kB] 267s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libgssrpc4t64 arm64 1.21.3-4 [58.4 kB] 267s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkadm5clnt-mit12 arm64 1.21.3-4 [40.3 kB] 267s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkdb5-10t64 arm64 1.21.3-4 [40.8 kB] 267s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libkadm5srv-mit12 arm64 1.21.3-4 [53.8 kB] 267s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 krb5-user arm64 1.21.3-4 [109 kB] 267s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 krb5-kdc arm64 1.21.3-4 [190 kB] 267s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 krb5-admin-server arm64 1.21.3-4 [95.1 kB] 268s Preconfiguring packages ... 268s Fetched 609 kB in 1s (971 kB/s) 268s Selecting previously unselected package krb5-config. 268s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 82229 files and directories currently installed.) 268s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 268s Unpacking krb5-config (2.7) ... 268s Selecting previously unselected package libgssrpc4t64:arm64. 268s Preparing to unpack .../1-libgssrpc4t64_1.21.3-4_arm64.deb ... 268s Unpacking libgssrpc4t64:arm64 (1.21.3-4) ... 268s Selecting previously unselected package libkadm5clnt-mit12:arm64. 268s Preparing to unpack .../2-libkadm5clnt-mit12_1.21.3-4_arm64.deb ... 268s Unpacking libkadm5clnt-mit12:arm64 (1.21.3-4) ... 268s Selecting previously unselected package libkdb5-10t64:arm64. 268s Preparing to unpack .../3-libkdb5-10t64_1.21.3-4_arm64.deb ... 268s Unpacking libkdb5-10t64:arm64 (1.21.3-4) ... 268s Selecting previously unselected package libkadm5srv-mit12:arm64. 268s Preparing to unpack .../4-libkadm5srv-mit12_1.21.3-4_arm64.deb ... 268s Unpacking libkadm5srv-mit12:arm64 (1.21.3-4) ... 268s Selecting previously unselected package krb5-user. 268s Preparing to unpack .../5-krb5-user_1.21.3-4_arm64.deb ... 268s Unpacking krb5-user (1.21.3-4) ... 268s Selecting previously unselected package krb5-kdc. 268s Preparing to unpack .../6-krb5-kdc_1.21.3-4_arm64.deb ... 268s Unpacking krb5-kdc (1.21.3-4) ... 268s Selecting previously unselected package krb5-admin-server. 268s Preparing to unpack .../7-krb5-admin-server_1.21.3-4_arm64.deb ... 268s Unpacking krb5-admin-server (1.21.3-4) ... 268s Setting up libgssrpc4t64:arm64 (1.21.3-4) ... 268s Setting up krb5-config (2.7) ... 269s Setting up libkadm5clnt-mit12:arm64 (1.21.3-4) ... 269s Setting up libkdb5-10t64:arm64 (1.21.3-4) ... 269s Setting up libkadm5srv-mit12:arm64 (1.21.3-4) ... 269s Setting up krb5-user (1.21.3-4) ... 269s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 269s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 269s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 269s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 269s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 269s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 269s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 269s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 269s Setting up krb5-kdc (1.21.3-4) ... 269s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 270s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 270s Setting up krb5-admin-server (1.21.3-4) ... 270s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 271s Processing triggers for man-db (2.13.0-1) ... 271s Processing triggers for libc-bin (2.40-4ubuntu1) ... 278s autopkgtest [14:15:51]: test ldap-user-group-krb5-auth: [----------------------- 278s + . debian/tests/util 278s + . debian/tests/common-tests 278s + mydomain=example.com 278s + myhostname=ldap.example.com 278s + mysuffix=dc=example,dc=com 278s + myrealm=EXAMPLE.COM 278s + admin_dn=cn=admin,dc=example,dc=com 278s + admin_pw=secret 278s + ldap_user=testuser1 278s + ldap_user_pw=testuser1secret 278s + kerberos_principal_pw=testuser1kerberos 278s + ldap_group=ldapusers 278s + adjust_hostname ldap.example.com 278s + local myhostname=ldap.example.com 278s + echo ldap.example.com 278s + hostname ldap.example.com 278s + grep -qE ldap.example.com /etc/hosts 278s + reconfigure_slapd 278s + debconf-set-selections 278s + rm -rf /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1 /var/backups/unknown-2.6.9+dfsg-1~exp2ubuntu1-20250117-141536.ldapdb 278s + dpkg-reconfigure -fnoninteractive -pcritical slapd 279s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1... done. 279s Moving old database directory to /var/backups: 279s - directory unknown... done. 279s Creating initial configuration... done. 279s Creating LDAP directory... done. 279s + generate_certs ldap.example.com 279s + local cn=ldap.example.com 279s + local cert=/etc/ldap/server.pem 279s + local key=/etc/ldap/server.key 279s + local cnf=/etc/ldap/openssl.cnf 279s + cat 279s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 280s ...................................................................................................................................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 280s ...++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 280s ----- 280s + chmod 0640 /etc/ldap/server.key 280s + chgrp openldap /etc/ldap/server.key 280s + [ ! -f /etc/ldap/server.pem ] 280s + [ ! -f /etc/ldap/server.key ] 280s + enable_ldap_ssl 280s + cat 280s + cat 280s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 280s ldap_modify: Other (e.g., implementation specific) error (80) 280s modifying entry "cn=config" 280s 280s autopkgtest [14:15:53]: test ldap-user-group-krb5-auth: -----------------------] 280s ldap-user-group-krb5-auth FAIL non-zero exit status 80 280s autopkgtest [14:15:53]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 281s autopkgtest [14:15:54]: test sssd-softhism2-certificates-tests.sh: preparing testbed 439s autopkgtest [14:18:32]: testbed dpkg architecture: arm64 439s autopkgtest [14:18:32]: testbed apt version: 2.9.18 440s autopkgtest [14:18:33]: @@@@@@@@@@@@@@@@@@@@ test bed setup 440s autopkgtest [14:18:33]: testbed release detected to be: plucky 441s autopkgtest [14:18:34]: updating testbed package index (apt update) 442s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 442s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 442s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 442s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 442s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [877 kB] 442s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [177 kB] 442s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [15.7 kB] 442s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 442s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 Packages [318 kB] 442s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted arm64 Packages [57.8 kB] 442s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 Packages [1079 kB] 442s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse arm64 Packages [11.2 kB] 443s Fetched 2618 kB in 1s (2397 kB/s) 443s Reading package lists... 444s + lsb_release --codename --short 444s + RELEASE=plucky 444s + cat 444s + [ plucky != trusty ] 444s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y --allow-downgrades -o Dpkg::Options::=--force-confnew dist-upgrade 444s Reading package lists... 444s Building dependency tree... 444s Reading state information... 445s Calculating upgrade... 445s The following packages will be upgraded: 445s libgudev-1.0-0 usb.ids 446s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 446s Need to get 238 kB of archives. 446s After this operation, 1024 B of additional disk space will be used. 446s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 usb.ids all 2025.01.14-1 [223 kB] 446s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 libgudev-1.0-0 arm64 1:238-6 [14.9 kB] 447s Fetched 238 kB in 0s (493 kB/s) 447s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80204 files and directories currently installed.) 447s Preparing to unpack .../usb.ids_2025.01.14-1_all.deb ... 447s Unpacking usb.ids (2025.01.14-1) over (2024.12.04-1) ... 447s Preparing to unpack .../libgudev-1.0-0_1%3a238-6_arm64.deb ... 447s Unpacking libgudev-1.0-0:arm64 (1:238-6) over (1:238-5ubuntu1) ... 447s Setting up usb.ids (2025.01.14-1) ... 447s Setting up libgudev-1.0-0:arm64 (1:238-6) ... 447s Processing triggers for libc-bin (2.40-4ubuntu1) ... 447s + rm /etc/apt/preferences.d/force-downgrade-to-release.pref 447s + /usr/lib/apt/apt-helper analyze-pattern ?true 447s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y purge --autoremove ?obsolete 447s Reading package lists... 448s Building dependency tree... 448s Reading state information... 448s 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. 448s + grep -q trusty /etc/lsb-release 448s + [ ! -d /usr/share/doc/unattended-upgrades ] 448s + [ ! -d /usr/share/doc/lxd ] 448s + [ ! -d /usr/share/doc/lxd-client ] 448s + [ ! -d /usr/share/doc/snapd ] 448s + type iptables 448s + cat 448s + chmod 755 /etc/rc.local 448s + . /etc/rc.local 448s + iptables -w -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 448s + iptables -A OUTPUT -d 10.255.255.1/32 -p tcp -j DROP 448s + iptables -A OUTPUT -d 10.255.255.2/32 -p tcp -j DROP 448s + uname -m 448s + [ aarch64 = ppc64le ] 448s + [ -d /run/systemd/system ] 448s + systemd-detect-virt --quiet --vm 448s + mkdir -p /etc/systemd/system/systemd-random-seed.service.d/ 448s + cat 448s + grep -q lz4 /etc/initramfs-tools/initramfs.conf 448s + echo COMPRESS=lz4 448s + sync 449s autopkgtest [14:18:42]: upgrading testbed (apt dist-upgrade and autopurge) 449s Reading package lists... 449s Building dependency tree... 449s Reading state information... 450s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 450s Starting 2 pkgProblemResolver with broken count: 0 450s Done 451s Entering ResolveByKeep 451s 452s The following packages will be upgraded: 452s libldap-common libldap2 452s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 452s Need to get 232 kB of archives. 452s After this operation, 1024 B of additional disk space will be used. 452s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libldap-common all 2.6.9+dfsg-1~exp2ubuntu1 [33.2 kB] 452s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libldap2 arm64 2.6.9+dfsg-1~exp2ubuntu1 [198 kB] 452s Fetched 232 kB in 0s (533 kB/s) 453s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80204 files and directories currently installed.) 453s Preparing to unpack .../libldap-common_2.6.9+dfsg-1~exp2ubuntu1_all.deb ... 453s Unpacking libldap-common (2.6.9+dfsg-1~exp2ubuntu1) over (2.6.8+dfsg-1~exp4ubuntu3) ... 453s Preparing to unpack .../libldap2_2.6.9+dfsg-1~exp2ubuntu1_arm64.deb ... 453s Unpacking libldap2:arm64 (2.6.9+dfsg-1~exp2ubuntu1) over (2.6.8+dfsg-1~exp4ubuntu3) ... 453s Setting up libldap-common (2.6.9+dfsg-1~exp2ubuntu1) ... 453s Installing new version of config file /etc/ldap/ldap.conf ... 453s Setting up libldap2:arm64 (2.6.9+dfsg-1~exp2ubuntu1) ... 453s Processing triggers for man-db (2.13.0-1) ... 453s Processing triggers for libc-bin (2.40-4ubuntu1) ... 454s Reading package lists... 454s Building dependency tree... 454s Reading state information... 455s Starting pkgProblemResolver with broken count: 0 455s Starting 2 pkgProblemResolver with broken count: 0 455s Done 455s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 460s Reading package lists... 461s Building dependency tree... 461s Reading state information... 461s Starting pkgProblemResolver with broken count: 0 461s Starting 2 pkgProblemResolver with broken count: 0 461s Done 462s The following NEW packages will be installed: 462s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 462s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 462s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 462s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 462s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 462s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 462s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 462s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 462s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 463s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 463s Need to get 10.4 MB of archives. 463s After this operation, 50.0 MB of additional disk space will be used. 463s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-10 [140 kB] 463s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 libunbound8 arm64 1.20.0-1ubuntu2.1 [431 kB] 463s Get:3 http://ftpmaster.internal/ubuntu plucky/main arm64 libgnutls-dane0t64 arm64 3.8.8-2ubuntu1 [24.3 kB] 463s Get:4 http://ftpmaster.internal/ubuntu plucky/universe arm64 gnutls-bin arm64 3.8.8-2ubuntu1 [269 kB] 463s Get:5 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common-data arm64 0.8-14ubuntu1 [30.5 kB] 463s Get:6 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common3 arm64 0.8-14ubuntu1 [23.1 kB] 463s Get:7 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-client3 arm64 0.8-14ubuntu1 [27.3 kB] 463s Get:8 http://ftpmaster.internal/ubuntu plucky/main arm64 libbasicobjects0t64 arm64 0.6.2-3 [5882 B] 463s Get:9 http://ftpmaster.internal/ubuntu plucky/main arm64 libcares2 arm64 1.34.4-2.1 [100 kB] 463s Get:10 http://ftpmaster.internal/ubuntu plucky/main arm64 libcollection4t64 arm64 0.6.2-3 [23.6 kB] 463s Get:11 http://ftpmaster.internal/ubuntu plucky/main arm64 libcrack2 arm64 2.9.6-5.2 [28.9 kB] 463s Get:12 http://ftpmaster.internal/ubuntu plucky/main arm64 libdhash1t64 arm64 0.6.2-3 [8914 B] 463s Get:13 http://ftpmaster.internal/ubuntu plucky/main arm64 libpath-utils1t64 arm64 0.6.2-3 [9088 B] 463s Get:14 http://ftpmaster.internal/ubuntu plucky/main arm64 libref-array1t64 arm64 0.6.2-3 [7312 B] 463s Get:15 http://ftpmaster.internal/ubuntu plucky/main arm64 libini-config5t64 arm64 0.6.2-3 [44.4 kB] 463s Get:16 http://ftpmaster.internal/ubuntu plucky/main arm64 libipa-hbac0t64 arm64 2.9.5-3ubuntu2 [17.6 kB] 463s Get:17 http://ftpmaster.internal/ubuntu plucky/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 463s Get:18 http://ftpmaster.internal/ubuntu plucky/main arm64 libtdb1 arm64 1.4.12-1 [48.9 kB] 463s Get:19 http://ftpmaster.internal/ubuntu plucky/main arm64 libtevent0t64 arm64 0.16.1-3 [42.3 kB] 463s Get:20 http://ftpmaster.internal/ubuntu plucky/main arm64 libldb2 arm64 2:2.9.1+samba4.20.4+dfsg-1ubuntu3 [193 kB] 463s Get:21 http://ftpmaster.internal/ubuntu plucky/main arm64 libnfsidmap1 arm64 1:2.6.4-4ubuntu1 [48.3 kB] 463s Get:22 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality-common all 1.4.5-3build1 [7748 B] 463s Get:23 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality1 arm64 1.4.5-3build1 [13.3 kB] 463s Get:24 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-pwquality arm64 1.4.5-3build1 [11.7 kB] 463s Get:25 http://ftpmaster.internal/ubuntu plucky/main arm64 libwbclient0 arm64 2:4.20.4+dfsg-1ubuntu3 [76.6 kB] 463s Get:26 http://ftpmaster.internal/ubuntu plucky/main arm64 samba-libs arm64 2:4.20.4+dfsg-1ubuntu3 [6306 kB] 463s Get:27 http://ftpmaster.internal/ubuntu plucky/main arm64 libsmbclient0 arm64 2:4.20.4+dfsg-1ubuntu3 [62.8 kB] 463s Get:28 http://ftpmaster.internal/ubuntu plucky/main arm64 libnss-sss arm64 2.9.5-3ubuntu2 [32.5 kB] 463s Get:29 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-sss arm64 2.9.5-3ubuntu2 [49.6 kB] 463s Get:30 http://ftpmaster.internal/ubuntu plucky/universe arm64 softhsm2-common arm64 2.6.1-2.2ubuntu3 [6196 B] 463s Get:31 http://ftpmaster.internal/ubuntu plucky/universe arm64 libsofthsm2 arm64 2.6.1-2.2ubuntu3 [247 kB] 463s Get:32 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-certmap0 arm64 2.9.5-3ubuntu2 [46.6 kB] 463s Get:33 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-idmap0 arm64 2.9.5-3ubuntu2 [22.8 kB] 463s Get:34 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-nss-idmap0 arm64 2.9.5-3ubuntu2 [31.2 kB] 463s Get:35 http://ftpmaster.internal/ubuntu plucky/main arm64 python3-sss arm64 2.9.5-3ubuntu2 [47.5 kB] 463s Get:36 http://ftpmaster.internal/ubuntu plucky/universe arm64 softhsm2 arm64 2.6.1-2.2ubuntu3 [167 kB] 463s Get:37 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-common arm64 2.9.5-3ubuntu2 [1148 kB] 464s Get:38 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ad-common arm64 2.9.5-3ubuntu2 [75.5 kB] 464s Get:39 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-krb5-common arm64 2.9.5-3ubuntu2 [88.5 kB] 464s Get:40 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ad arm64 2.9.5-3ubuntu2 [135 kB] 464s Get:41 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ipa arm64 2.9.5-3ubuntu2 [219 kB] 464s Get:42 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-krb5 arm64 2.9.5-3ubuntu2 [14.4 kB] 464s Get:43 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ldap arm64 2.9.5-3ubuntu2 [31.4 kB] 464s Get:44 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-proxy arm64 2.9.5-3ubuntu2 [44.5 kB] 464s Get:45 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd arm64 2.9.5-3ubuntu2 [4118 B] 464s Fetched 10.4 MB in 1s (8844 kB/s) 464s Selecting previously unselected package libevent-2.1-7t64:arm64. 464s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80203 files and directories currently installed.) 464s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10_arm64.deb ... 464s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 464s Selecting previously unselected package libunbound8:arm64. 464s Preparing to unpack .../01-libunbound8_1.20.0-1ubuntu2.1_arm64.deb ... 464s Unpacking libunbound8:arm64 (1.20.0-1ubuntu2.1) ... 464s Selecting previously unselected package libgnutls-dane0t64:arm64. 464s Preparing to unpack .../02-libgnutls-dane0t64_3.8.8-2ubuntu1_arm64.deb ... 464s Unpacking libgnutls-dane0t64:arm64 (3.8.8-2ubuntu1) ... 464s Selecting previously unselected package gnutls-bin. 464s Preparing to unpack .../03-gnutls-bin_3.8.8-2ubuntu1_arm64.deb ... 464s Unpacking gnutls-bin (3.8.8-2ubuntu1) ... 464s Selecting previously unselected package libavahi-common-data:arm64. 464s Preparing to unpack .../04-libavahi-common-data_0.8-14ubuntu1_arm64.deb ... 464s Unpacking libavahi-common-data:arm64 (0.8-14ubuntu1) ... 464s Selecting previously unselected package libavahi-common3:arm64. 464s Preparing to unpack .../05-libavahi-common3_0.8-14ubuntu1_arm64.deb ... 464s Unpacking libavahi-common3:arm64 (0.8-14ubuntu1) ... 464s Selecting previously unselected package libavahi-client3:arm64. 464s Preparing to unpack .../06-libavahi-client3_0.8-14ubuntu1_arm64.deb ... 464s Unpacking libavahi-client3:arm64 (0.8-14ubuntu1) ... 465s Selecting previously unselected package libbasicobjects0t64:arm64. 465s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-3_arm64.deb ... 465s Unpacking libbasicobjects0t64:arm64 (0.6.2-3) ... 465s Selecting previously unselected package libcares2:arm64. 465s Preparing to unpack .../08-libcares2_1.34.4-2.1_arm64.deb ... 465s Unpacking libcares2:arm64 (1.34.4-2.1) ... 465s Selecting previously unselected package libcollection4t64:arm64. 465s Preparing to unpack .../09-libcollection4t64_0.6.2-3_arm64.deb ... 465s Unpacking libcollection4t64:arm64 (0.6.2-3) ... 465s Selecting previously unselected package libcrack2:arm64. 465s Preparing to unpack .../10-libcrack2_2.9.6-5.2_arm64.deb ... 465s Unpacking libcrack2:arm64 (2.9.6-5.2) ... 465s Selecting previously unselected package libdhash1t64:arm64. 465s Preparing to unpack .../11-libdhash1t64_0.6.2-3_arm64.deb ... 465s Unpacking libdhash1t64:arm64 (0.6.2-3) ... 465s Selecting previously unselected package libpath-utils1t64:arm64. 465s Preparing to unpack .../12-libpath-utils1t64_0.6.2-3_arm64.deb ... 465s Unpacking libpath-utils1t64:arm64 (0.6.2-3) ... 465s Selecting previously unselected package libref-array1t64:arm64. 465s Preparing to unpack .../13-libref-array1t64_0.6.2-3_arm64.deb ... 465s Unpacking libref-array1t64:arm64 (0.6.2-3) ... 465s Selecting previously unselected package libini-config5t64:arm64. 465s Preparing to unpack .../14-libini-config5t64_0.6.2-3_arm64.deb ... 465s Unpacking libini-config5t64:arm64 (0.6.2-3) ... 465s Selecting previously unselected package libipa-hbac0t64. 465s Preparing to unpack .../15-libipa-hbac0t64_2.9.5-3ubuntu2_arm64.deb ... 465s Unpacking libipa-hbac0t64 (2.9.5-3ubuntu2) ... 465s Selecting previously unselected package libtalloc2:arm64. 465s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_arm64.deb ... 465s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 465s Selecting previously unselected package libtdb1:arm64. 465s Preparing to unpack .../17-libtdb1_1.4.12-1_arm64.deb ... 465s Unpacking libtdb1:arm64 (1.4.12-1) ... 465s Selecting previously unselected package libtevent0t64:arm64. 465s Preparing to unpack .../18-libtevent0t64_0.16.1-3_arm64.deb ... 465s Unpacking libtevent0t64:arm64 (0.16.1-3) ... 465s Selecting previously unselected package libldb2:arm64. 465s Preparing to unpack .../19-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu3_arm64.deb ... 465s Unpacking libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 465s Selecting previously unselected package libnfsidmap1:arm64. 465s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-4ubuntu1_arm64.deb ... 465s Unpacking libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 465s Selecting previously unselected package libpwquality-common. 465s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 465s Unpacking libpwquality-common (1.4.5-3build1) ... 465s Selecting previously unselected package libpwquality1:arm64. 465s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_arm64.deb ... 465s Unpacking libpwquality1:arm64 (1.4.5-3build1) ... 465s Selecting previously unselected package libpam-pwquality:arm64. 465s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_arm64.deb ... 465s Unpacking libpam-pwquality:arm64 (1.4.5-3build1) ... 465s Selecting previously unselected package libwbclient0:arm64. 465s Preparing to unpack .../24-libwbclient0_2%3a4.20.4+dfsg-1ubuntu3_arm64.deb ... 465s Unpacking libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 465s Selecting previously unselected package samba-libs:arm64. 465s Preparing to unpack .../25-samba-libs_2%3a4.20.4+dfsg-1ubuntu3_arm64.deb ... 465s Unpacking samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 465s Selecting previously unselected package libsmbclient0:arm64. 466s Preparing to unpack .../26-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu3_arm64.deb ... 466s Unpacking libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 466s Selecting previously unselected package libnss-sss:arm64. 466s Preparing to unpack .../27-libnss-sss_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking libnss-sss:arm64 (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package libpam-sss:arm64. 466s Preparing to unpack .../28-libpam-sss_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking libpam-sss:arm64 (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package softhsm2-common. 466s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_arm64.deb ... 466s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 466s Selecting previously unselected package libsofthsm2. 466s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_arm64.deb ... 466s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 466s Selecting previously unselected package libsss-certmap0. 466s Preparing to unpack .../31-libsss-certmap0_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking libsss-certmap0 (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package libsss-idmap0. 466s Preparing to unpack .../32-libsss-idmap0_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking libsss-idmap0 (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package libsss-nss-idmap0. 466s Preparing to unpack .../33-libsss-nss-idmap0_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package python3-sss. 466s Preparing to unpack .../34-python3-sss_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking python3-sss (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package softhsm2. 466s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_arm64.deb ... 466s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 466s Selecting previously unselected package sssd-common. 466s Preparing to unpack .../36-sssd-common_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking sssd-common (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package sssd-ad-common. 466s Preparing to unpack .../37-sssd-ad-common_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking sssd-ad-common (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package sssd-krb5-common. 466s Preparing to unpack .../38-sssd-krb5-common_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking sssd-krb5-common (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package sssd-ad. 466s Preparing to unpack .../39-sssd-ad_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking sssd-ad (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package sssd-ipa. 466s Preparing to unpack .../40-sssd-ipa_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking sssd-ipa (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package sssd-krb5. 466s Preparing to unpack .../41-sssd-krb5_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking sssd-krb5 (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package sssd-ldap. 466s Preparing to unpack .../42-sssd-ldap_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking sssd-ldap (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package sssd-proxy. 466s Preparing to unpack .../43-sssd-proxy_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking sssd-proxy (2.9.5-3ubuntu2) ... 466s Selecting previously unselected package sssd. 466s Preparing to unpack .../44-sssd_2.9.5-3ubuntu2_arm64.deb ... 466s Unpacking sssd (2.9.5-3ubuntu2) ... 467s Setting up libpwquality-common (1.4.5-3build1) ... 467s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 467s Creating config file /etc/softhsm/softhsm2.conf with new version 467s Setting up libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 467s Setting up libsss-idmap0 (2.9.5-3ubuntu2) ... 467s Setting up libbasicobjects0t64:arm64 (0.6.2-3) ... 467s Setting up libipa-hbac0t64 (2.9.5-3ubuntu2) ... 467s Setting up libref-array1t64:arm64 (0.6.2-3) ... 467s Setting up libtdb1:arm64 (1.4.12-1) ... 467s Setting up libcollection4t64:arm64 (0.6.2-3) ... 467s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 467s Setting up libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 467s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 467s Setting up libpath-utils1t64:arm64 (0.6.2-3) ... 467s Setting up libunbound8:arm64 (1.20.0-1ubuntu2.1) ... 467s Setting up libgnutls-dane0t64:arm64 (3.8.8-2ubuntu1) ... 467s Setting up libavahi-common-data:arm64 (0.8-14ubuntu1) ... 467s Setting up libcares2:arm64 (1.34.4-2.1) ... 467s Setting up libdhash1t64:arm64 (0.6.2-3) ... 467s Setting up libcrack2:arm64 (2.9.6-5.2) ... 467s Setting up libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 467s Setting up libini-config5t64:arm64 (0.6.2-3) ... 467s Setting up libtevent0t64:arm64 (0.16.1-3) ... 467s Setting up libnss-sss:arm64 (2.9.5-3ubuntu2) ... 467s Setting up gnutls-bin (3.8.8-2ubuntu1) ... 467s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 467s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 467s Setting up libavahi-common3:arm64 (0.8-14ubuntu1) ... 467s Setting up libsss-certmap0 (2.9.5-3ubuntu2) ... 467s Setting up libpwquality1:arm64 (1.4.5-3build1) ... 467s Setting up libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 467s Setting up libavahi-client3:arm64 (0.8-14ubuntu1) ... 467s Setting up libpam-pwquality:arm64 (1.4.5-3build1) ... 467s Setting up samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 467s Setting up python3-sss (2.9.5-3ubuntu2) ... 467s Setting up libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu3) ... 467s Setting up libpam-sss:arm64 (2.9.5-3ubuntu2) ... 467s Setting up sssd-common (2.9.5-3ubuntu2) ... 467s Creating SSSD system user & group... 467s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 467s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 468s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 468s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 468s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 468s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 468s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 469s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 469s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 469s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 470s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 470s sssd-autofs.service is a disabled or a static unit, not starting it. 470s sssd-nss.service is a disabled or a static unit, not starting it. 470s sssd-pam.service is a disabled or a static unit, not starting it. 470s sssd-ssh.service is a disabled or a static unit, not starting it. 470s sssd-sudo.service is a disabled or a static unit, not starting it. 470s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 470s Setting up sssd-proxy (2.9.5-3ubuntu2) ... 470s Setting up sssd-ad-common (2.9.5-3ubuntu2) ... 470s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 471s sssd-pac.service is a disabled or a static unit, not starting it. 471s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 471s Setting up sssd-krb5-common (2.9.5-3ubuntu2) ... 471s Setting up sssd-krb5 (2.9.5-3ubuntu2) ... 471s Setting up sssd-ldap (2.9.5-3ubuntu2) ... 471s Setting up sssd-ad (2.9.5-3ubuntu2) ... 471s Setting up sssd-ipa (2.9.5-3ubuntu2) ... 471s Setting up sssd (2.9.5-3ubuntu2) ... 471s Processing triggers for man-db (2.13.0-1) ... 472s Processing triggers for libc-bin (2.40-4ubuntu1) ... 483s autopkgtest [14:19:16]: test sssd-softhism2-certificates-tests.sh: [----------------------- 483s + '[' -z ubuntu ']' 483s + required_tools=(p11tool openssl softhsm2-util) 483s + for cmd in "${required_tools[@]}" 483s + command -v p11tool 483s + for cmd in "${required_tools[@]}" 483s + command -v openssl 483s + for cmd in "${required_tools[@]}" 483s + command -v softhsm2-util 483s + PIN=053350 483s +++ find /usr/lib/softhsm/libsofthsm2.so 483s +++ head -n 1 483s ++ realpath /usr/lib/softhsm/libsofthsm2.so 483s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 483s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 483s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 483s + '[' '!' -v NO_SSSD_TESTS ']' 483s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 483s + ca_db_arg=ca_db 483s ++ /usr/libexec/sssd/p11_child --help 483s + p11_child_help='Usage: p11_child [OPTION...] 483s -d, --debug-level=INT Debug level 483s --debug-timestamps=INT Add debug timestamps 483s --debug-microseconds=INT Show timestamps with microseconds 483s --dumpable=INT Allow core dumps 483s --debug-fd=INT An open file descriptor for the debug 483s logs 483s --logger=stderr|files|journald Set logger 483s --auth Run in auth mode 483s --pre Run in pre-auth mode 483s --wait_for_card Wait until card is available 483s --verification Run in verification mode 483s --pin Expect PIN on stdin 483s --keypad Expect PIN on keypad 483s --verify=STRING Tune validation 483s --ca_db=STRING CA DB to use 483s --module_name=STRING Module name for authentication 483s --token_name=STRING Token name for authentication 483s --key_id=STRING Key ID for authentication 483s --label=STRING Label for authentication 483s --certificate=STRING certificate to verify, base64 encoded 483s --uri=STRING PKCS#11 URI to restrict selection 483s --chain-id=LONG Tevent chain ID used for logging 483s purposes 483s 483s Help options: 483s -?, --help Show this help message 483s --usage Display brief usage message' 483s + echo 'Usage: p11_child [OPTION...] 483s -d, --debug-level=INT Debug level 483s --debug-timestamps=INT Add debug timestamps 483s --debug-microseconds=INT Show timestamps with microseconds 483s --dumpable=INT Allow core dumps 483s --debug-fd=INT An open file descriptor for the debug 483s logs 483s --logger=stderr|files|journald Set logger 483s --auth Run in auth mode 483s --pre Run in pre-auth mode 483s --wait_for_card Wait until card is available 483s --verification Run in verification mode 483s --pin Expect PIN on stdin 483s --keypad Expect PIN on keypad 483s --verify=STRING Tune validation 483s --ca_db=STRING CA DB to use 483s --module_name=STRING Module name for authentication 483s --token_name=STRING Token name for authentication 483s --key_id=STRING Key ID for authentication 483s --label=STRING Label for authentication 483s --certificate=STRING certificate to verify, base64 encoded 483s --uri=STRING PKCS#11 URI to restrict selection 483s --chain-id=LONG Tevent chain ID used for logging 483s purposes 483s 483s Help options: 483s -?, --help Show this help message 483s --usage Display brief usage message' 483s + grep nssdb -qs 483s + echo 'Usage: p11_child [OPTION...] 483s -d, --debug-level=INT Debug level 483s --debug-timestamps=INT Add debug timestamps 483s --debug-microseconds=INT Show timestamps with microseconds 483s --dumpable=INT Allow core dumps 483s --debug-fd=INT An open file descriptor for the debug 483s logs 483s --logger=stderr|files|journald Set logger 483s --auth Run in auth mode 483s --pre Run in pre-auth mode 483s --wait_for_card Wait until card is available 483s --verification Run in verification mode 483s --pin Expect PIN on stdin 483s --keypad Expect PIN on keypad 483s --verify=STRING Tune validation 483s --ca_db=STRING CA DB to use 483s --module_name=STRING Module name for authentication 483s --token_name=STRING Token name for authentication 483s --key_id=STRING Key ID for authentication 483s --label=STRING Label for authentication 483s --certificate=STRING certificate to verify, base64 encoded 483s --uri=STRING PKCS#11 URI to restrict selection 483s --chain-id=LONG Tevent chain ID used for logging 483s purposes 483s 483s Help options: 483s -?, --help Show this help message 483s --usage Display brief usage message' 483s + grep -qs -- --ca_db 483s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 483s ++ mktemp -d -t sssd-softhsm2-XXXXXX 483s + tmpdir=/tmp/sssd-softhsm2-zphWn2 483s + keys_size=1024 483s + [[ ! -v KEEP_TEMPORARY_FILES ]] 483s + trap 'rm -rf "$tmpdir"' EXIT 483s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 483s + echo -n 01 483s + touch /tmp/sssd-softhsm2-zphWn2/index.txt 483s + mkdir -p /tmp/sssd-softhsm2-zphWn2/new_certs 483s + cat 483s + root_ca_key_pass=pass:random-root-CA-password-23971 483s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-zphWn2/test-root-CA-key.pem -passout pass:random-root-CA-password-23971 1024 483s + openssl req -passin pass:random-root-CA-password-23971 -batch -config /tmp/sssd-softhsm2-zphWn2/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-zphWn2/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 483s + openssl x509 -noout -in /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 483s + cat 483s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-11148 483s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-11148 1024 483s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-11148 -config /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.config -key /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-23971 -sha256 -out /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-certificate-request.pem 483s + openssl req -text -noout -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-certificate-request.pem 483s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-zphWn2/test-root-CA.config -passin pass:random-root-CA-password-23971 -keyfile /tmp/sssd-softhsm2-zphWn2/test-root-CA-key.pem -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 483s Certificate Request: 483s Data: 483s Version: 1 (0x0) 483s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 483s Subject Public Key Info: 483s Public Key Algorithm: rsaEncryption 483s Public-Key: (1024 bit) 483s Modulus: 483s 00:e6:af:98:ca:e1:87:c9:4c:8e:aa:09:45:4f:ff: 483s 13:a7:02:88:f5:04:28:81:1c:bf:61:59:2f:69:bd: 483s cc:74:81:bf:e1:5c:b0:ef:4b:44:7e:b8:6f:0a:bc: 483s 94:32:9a:5c:a9:d4:ae:77:2f:1e:41:d4:e0:8f:89: 483s 02:45:dc:5c:41:01:27:d1:b6:ea:3e:be:8b:c2:4f: 483s d0:9b:f0:8f:ea:79:5a:5d:e4:25:6f:22:ed:19:7d: 483s 2f:bf:27:64:04:56:e0:75:29:f4:ff:35:cb:5e:bc: 483s 67:95:ae:51:d3:54:6f:21:27:7b:79:fd:74:28:b2: 483s 55:6a:f2:e3:87:95:d2:1f:65 483s Exponent: 65537 (0x10001) 483s Attributes: 483s (none) 483s Requested Extensions: 483s Signature Algorithm: sha256WithRSAEncryption 483s Signature Value: 483s 03:a5:5c:a5:8b:cc:41:3a:a2:56:94:f7:88:11:4f:69:f5:48: 483s 56:1d:18:fa:70:cd:e0:0e:25:b2:9e:de:ab:ff:d2:55:9e:b4: 483s 73:01:b5:b9:c7:b9:5d:de:f0:9b:de:1d:b7:1b:3b:8f:1a:3d: 483s 51:dc:b8:29:7a:b2:d9:83:2b:4d:31:6e:3b:ed:51:d5:2f:e2: 483s 7c:37:a6:b4:ff:ad:05:27:eb:ff:82:72:99:7e:6b:27:58:86: 483s fb:c4:23:53:5f:e6:ce:6f:0c:b0:2e:bc:ba:69:91:5c:55:39: 483s c5:8d:5a:4d:ea:e0:89:11:19:da:b7:98:92:a5:0a:1f:58:fe: 483s 22:fa 483s Using configuration from /tmp/sssd-softhsm2-zphWn2/test-root-CA.config 483s Check that the request matches the signature 483s Signature ok 483s Certificate Details: 483s Serial Number: 1 (0x1) 483s Validity 483s Not Before: Jan 17 14:19:16 2025 GMT 483s Not After : Jan 17 14:19:16 2026 GMT 483s Subject: 483s organizationName = Test Organization 483s organizationalUnitName = Test Organization Unit 483s commonName = Test Organization Intermediate CA 483s X509v3 extensions: 483s X509v3 Subject Key Identifier: 483s 49:3A:0D:2E:D2:5B:4F:3C:FF:E1:DB:4D:70:35:AF:FF:27:D2:E3:B1 483s X509v3 Authority Key Identifier: 483s keyid:F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 483s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 483s serial:00 483s X509v3 Basic Constraints: 483s CA:TRUE 483s X509v3 Key Usage: critical 483s Digital Signature, Certificate Sign, CRL Sign 483s Certificate is to be certified until Jan 17 14:19:16 2026 GMT (365 days) 483s 483s Write out database with 1 new entries 483s Database updated 483s + openssl x509 -noout -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 483s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 483s /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem: OK 483s + cat 483s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-32734 483s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-32734 1024 483s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-32734 -config /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-11148 -sha256 -out /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-certificate-request.pem 483s + openssl req -text -noout -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-certificate-request.pem 483s Certificate Request: 483s Data: 483s Version: 1 (0x0) 483s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 483s Subject Public Key Info: 483s Public Key Algorithm: rsaEncryption 483s Public-Key: (1024 bit) 483s Modulus: 483s 00:f9:1f:17:d6:b8:8a:ce:91:8f:7a:38:fa:ce:48: 483s d7:7a:0f:9d:6d:3f:5b:b0:91:ad:75:51:f9:4a:b4: 483s e0:b5:f7:86:7d:95:b5:6b:f8:9a:95:24:2a:2e:3c: 483s 7c:ab:d8:80:08:73:bd:de:30:d5:71:96:ec:de:17: 483s f4:32:64:19:c0:fc:94:e2:28:e2:d6:86:5d:35:2a: 483s 26:73:41:99:91:1a:ee:5d:62:4f:27:bd:ac:ba:f4: 483s 4d:07:b9:6b:10:a6:d3:b9:5b:ac:47:10:f4:e5:f9: 483s 34:b6:07:de:cc:be:41:c0:6c:81:bc:15:81:83:31: 483s 63:42:21:a0:bc:f8:10:47:6b 483s Exponent: 65537 (0x10001) 483s Attributes: 483s (none) 483s Requested Extensions: 483s Signature Algorithm: sha256WithRSAEncryption 483s Signature Value: 483s 10:5e:60:ae:67:54:c9:b0:fd:22:00:5c:e9:6b:22:ff:67:77: 483s 88:9d:d7:5f:3b:1c:28:62:04:3a:dd:91:dc:80:b9:3f:1c:30: 483s 11:b0:cd:2f:39:98:88:1c:5f:a5:cc:c0:39:1b:43:70:38:d6: 483s 46:16:3f:83:83:a5:e4:1f:46:6d:85:a3:03:c9:ed:78:2c:10: 483s e3:a3:50:b0:a4:b3:7e:3e:68:8d:67:df:e4:13:6c:cb:ff:66: 483s 30:98:bf:58:c7:9c:8c:07:c8:cb:90:3d:e7:4a:8c:5f:1c:9e: 483s c6:90:6c:b1:83:af:02:fa:28:fd:1d:ee:f2:3d:95:82:60:5b: 483s 24:bc 483s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-11148 -keyfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 483s Using configuration from /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.config 483s Check that the request matches the signature 483s Signature ok 483s Certificate Details: 483s Serial Number: 2 (0x2) 483s Validity 483s Not Before: Jan 17 14:19:16 2025 GMT 483s Not After : Jan 17 14:19:16 2026 GMT 483s Subject: 483s organizationName = Test Organization 483s organizationalUnitName = Test Organization Unit 483s commonName = Test Organization Sub Intermediate CA 483s X509v3 extensions: 483s X509v3 Subject Key Identifier: 483s 82:01:06:4E:35:A1:89:25:D9:09:AF:17:01:13:6A:B0:D2:35:A8:28 483s X509v3 Authority Key Identifier: 483s keyid:49:3A:0D:2E:D2:5B:4F:3C:FF:E1:DB:4D:70:35:AF:FF:27:D2:E3:B1 483s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 483s serial:01 483s X509v3 Basic Constraints: 483s CA:TRUE 483s X509v3 Key Usage: critical 483s Digital Signature, Certificate Sign, CRL Sign 483s Certificate is to be certified until Jan 17 14:19:16 2026 GMT (365 days) 483s 483s Write out database with 1 new entries 483s Database updated 483s + openssl x509 -noout -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 483s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 483s /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem: OK 483s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 483s + local cmd=openssl 483s + shift 483s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 483s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 483s error 20 at 0 depth lookup: unable to get local issuer certificate 483s error /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem: verification failed 483s + cat 483s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-23424 483s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-23424 1024 483s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-23424 -key /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001-request.pem 483s + openssl req -text -noout -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001-request.pem 483s Certificate Request: 483s Data: 483s Version: 1 (0x0) 483s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 483s Subject Public Key Info: 483s Public Key Algorithm: rsaEncryption 483s Public-Key: (1024 bit) 483s Modulus: 483s 00:c7:a9:18:27:9d:4b:74:ed:f2:64:15:2e:e4:04: 483s 62:c3:95:61:69:10:94:e0:73:a9:9c:49:e7:43:e1: 483s d2:12:0c:f7:ef:50:81:18:9c:2c:98:7a:c2:37:52: 483s 5c:d7:07:d8:0a:f4:14:2d:af:99:a0:4d:02:1b:2a: 483s 90:95:75:49:f9:f8:6a:17:88:f9:f2:29:fd:71:e8: 483s e7:85:37:c7:96:cd:0c:bb:31:67:af:2b:ea:38:dc: 483s 2b:90:9c:52:49:b9:4e:5d:3b:d0:2f:5e:e5:79:44: 483s 03:21:58:c5:ef:8a:3f:87:32:07:55:1d:b9:3d:bf: 483s cf:24:f5:13:11:df:a3:14:8d 483s Exponent: 65537 (0x10001) 483s Attributes: 483s Requested Extensions: 483s X509v3 Basic Constraints: 483s CA:FALSE 483s Netscape Cert Type: 483s SSL Client, S/MIME 483s Netscape Comment: 483s Test Organization Root CA trusted Certificate 483s X509v3 Subject Key Identifier: 483s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 483s X509v3 Key Usage: critical 483s Digital Signature, Non Repudiation, Key Encipherment 483s X509v3 Extended Key Usage: 483s TLS Web Client Authentication, E-mail Protection 483s X509v3 Subject Alternative Name: 483s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 483s Signature Algorithm: sha256WithRSAEncryption 483s Signature Value: 483s 0d:12:29:1a:26:f9:84:e7:72:a3:2a:2e:39:6d:24:38:aa:52: 483s 5a:9d:b1:db:22:76:34:9e:4d:95:f0:79:26:8f:20:ca:9a:c4: 483s 93:35:fc:f8:69:62:b9:f0:cf:8e:b4:bc:84:b3:bf:00:74:1d: 483s c8:65:00:e7:17:55:c0:e6:1c:ea:55:e7:d8:47:19:fc:4a:f1: 483s 35:ac:95:2f:c6:e5:fa:e0:7b:0a:75:3c:2e:d9:c3:0f:04:b2: 483s 35:6b:26:94:dc:16:03:15:cd:84:f8:e0:2a:53:f9:dc:4e:fa: 483s 23:09:13:cd:0b:85:50:eb:8d:52:1d:16:71:52:57:8a:75:69: 483s 66:fa 483s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-zphWn2/test-root-CA.config -passin pass:random-root-CA-password-23971 -keyfile /tmp/sssd-softhsm2-zphWn2/test-root-CA-key.pem -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 483s Using configuration from /tmp/sssd-softhsm2-zphWn2/test-root-CA.config 483s Check that the request matches the signature 483s Signature ok 483s Certificate Details: 483s Serial Number: 3 (0x3) 483s Validity 483s Not Before: Jan 17 14:19:16 2025 GMT 483s Not After : Jan 17 14:19:16 2026 GMT 483s Subject: 483s organizationName = Test Organization 483s organizationalUnitName = Test Organization Unit 483s commonName = Test Organization Root Trusted Certificate 0001 483s X509v3 extensions: 483s X509v3 Authority Key Identifier: 483s F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 483s X509v3 Basic Constraints: 483s CA:FALSE 483s Netscape Cert Type: 483s SSL Client, S/MIME 483s Netscape Comment: 483s Test Organization Root CA trusted Certificate 483s X509v3 Subject Key Identifier: 483s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 483s X509v3 Key Usage: critical 483s Digital Signature, Non Repudiation, Key Encipherment 483s X509v3 Extended Key Usage: 483s TLS Web Client Authentication, E-mail Protection 483s X509v3 Subject Alternative Name: 483s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 483s Certificate is to be certified until Jan 17 14:19:16 2026 GMT (365 days) 483s 483s Write out database with 1 new entries 483s Database updated 483s + openssl x509 -noout -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 483s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 483s /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem: OK 483s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 483s + local cmd=openssl 483s + shift 483s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 483s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 483s error 20 at 0 depth lookup: unable to get local issuer certificate 483s error /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem: verification failed 483s + cat 483s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 483s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-27476 1024 484s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-27476 -key /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001-request.pem 484s + openssl req -text -noout -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001-request.pem 484s Certificate Request: 484s Data: 484s Version: 1 (0x0) 484s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:c2:4c:84:af:75:7d:11:59:04:ad:4c:49:e6:bd: 484s 20:f7:13:5b:61:ac:42:27:eb:ae:2a:e5:27:c7:70: 484s 30:cd:4a:15:c4:cf:b3:55:3b:72:2f:ff:96:91:19: 484s fa:13:16:6b:70:90:1b:4e:f7:0c:23:f9:c6:3b:4a: 484s 3f:b0:29:d4:37:7e:68:a6:06:97:ff:0a:5d:6a:25: 484s 27:2f:85:d5:4d:95:da:82:be:8a:42:db:de:1a:c4: 484s be:a0:e0:60:4f:37:fa:a5:1f:64:9c:56:17:3e:2c: 484s d7:6c:50:44:d5:8d:b3:89:ae:b0:ab:2d:be:c8:a5: 484s b6:fb:70:bd:3e:a1:51:db:01 484s Exponent: 65537 (0x10001) 484s Attributes: 484s Requested Extensions: 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 0B:26:19:0E:9D:32:B2:5A:05:1D:62:01:2C:5E:67:8D:3C:54:A5:76 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 04:45:f5:35:a9:38:aa:a3:28:c9:45:53:a1:be:4d:66:41:68: 484s 27:54:de:a3:8f:f2:e3:c6:fb:57:cf:4d:ef:eb:98:8b:fd:b7: 484s d3:b0:de:67:46:1a:43:12:70:08:09:86:ee:a4:28:4a:f5:3d: 484s 36:99:0e:1f:97:4c:5e:9c:e0:da:d6:aa:4d:37:79:15:32:8d: 484s df:e8:8c:21:98:42:12:74:62:35:38:9b:0a:9a:c9:fb:04:6d: 484s c9:21:e1:53:a7:d9:e6:98:19:9b:76:b5:61:75:73:ce:5c:ba: 484s f4:25:56:20:63:f2:60:d9:41:41:72:65:da:6a:45:bd:34:94: 484s c8:56 484s + openssl ca -passin pass:random-intermediate-CA-password-11148 -config /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 484s Using configuration from /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.config 484s Check that the request matches the signature 484s Signature ok 484s Certificate Details: 484s Serial Number: 4 (0x4) 484s Validity 484s Not Before: Jan 17 14:19:17 2025 GMT 484s Not After : Jan 17 14:19:17 2026 GMT 484s Subject: 484s organizationName = Test Organization 484s organizationalUnitName = Test Organization Unit 484s commonName = Test Organization Intermediate Trusted Certificate 0001 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s 49:3A:0D:2E:D2:5B:4F:3C:FF:E1:DB:4D:70:35:AF:FF:27:D2:E3:B1 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 0B:26:19:0E:9D:32:B2:5A:05:1D:62:01:2C:5E:67:8D:3C:54:A5:76 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Certificate is to be certified until Jan 17 14:19:17 2026 GMT (365 days) 484s 484s Write out database with 1 new entries 484s Database updated 484s + openssl x509 -noout -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 484s This certificate should not be trusted fully 484s + echo 'This certificate should not be trusted fully' 484s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 484s + local cmd=openssl 484s + shift 484s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 484s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 484s error 2 at 1 depth lookup: unable to get issuer certificate 484s error /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 484s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 484s /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem: OK 484s + cat 484s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 484s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-9121 1024 484s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-9121 -key /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 484s + openssl req -text -noout -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 484s Certificate Request: 484s Data: 484s Version: 1 (0x0) 484s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:bb:1c:10:bd:c2:3c:6a:aa:cf:fa:63:51:9b:54: 484s ea:6d:15:eb:e0:16:8e:64:3f:96:59:a3:12:d0:c1: 484s 71:36:77:a1:8b:58:8c:33:f8:62:ec:bb:74:30:51: 484s 95:86:fd:80:7c:12:53:85:d3:4c:7d:d7:9b:b7:5c: 484s 4b:00:26:d8:be:4b:06:f1:ab:92:bf:a1:ca:59:14: 484s 37:59:53:46:d9:ef:e5:e5:7b:ab:c9:02:0b:f2:8c: 484s 1f:90:82:1e:3c:bc:de:a8:22:0b:66:ab:05:39:cd: 484s e9:1f:88:0d:b3:fe:cf:40:d0:6f:5d:cb:f9:b5:61: 484s d2:a7:39:20:fc:9b:03:55:35 484s Exponent: 65537 (0x10001) 484s Attributes: 484s Requested Extensions: 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Sub Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 4B:BE:1A:CA:0B:9A:5F:C1:62:9D:7B:E4:64:47:43:FE:D1:71:D9:1E 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 6d:ef:0e:04:dc:2c:22:09:03:7b:47:c3:8b:16:3f:cb:39:24: 484s d3:12:1a:08:f8:99:e8:f3:57:b7:b3:1c:06:6c:4a:c3:77:34: 484s 9d:c4:97:d3:c8:b7:e9:07:6c:e6:0e:74:cf:22:47:2f:56:cf: 484s a1:08:a1:fb:49:f1:7d:1e:c2:18:12:ad:af:3e:57:ef:4a:21: 484s 6a:ed:2b:6a:02:f4:68:bf:b5:cf:2d:53:21:37:02:09:72:f4: 484s 92:75:2c:6a:ff:9b:37:eb:9d:ed:52:dd:84:94:53:00:e6:cd: 484s ea:40:57:3d:84:fa:8a:ad:b9:6d:22:17:70:18:67:39:75:d7: 484s 95:74 484s + openssl ca -passin pass:random-sub-intermediate-CA-password-32734 -config /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s Using configuration from /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.config 484s Check that the request matches the signature 484s Signature ok 484s Certificate Details: 484s Serial Number: 5 (0x5) 484s Validity 484s Not Before: Jan 17 14:19:17 2025 GMT 484s Not After : Jan 17 14:19:17 2026 GMT 484s Subject: 484s organizationName = Test Organization 484s organizationalUnitName = Test Organization Unit 484s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s 82:01:06:4E:35:A1:89:25:D9:09:AF:17:01:13:6A:B0:D2:35:A8:28 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Sub Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 4B:BE:1A:CA:0B:9A:5F:C1:62:9D:7B:E4:64:47:43:FE:D1:71:D9:1E 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Certificate is to be certified until Jan 17 14:19:17 2026 GMT (365 days) 484s 484s Write out database with 1 new entries 484s Database updated 484s + openssl x509 -noout -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s This certificate should not be trusted fully 484s + echo 'This certificate should not be trusted fully' 484s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + local cmd=openssl 484s + shift 484s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 484s error 2 at 1 depth lookup: unable to get issuer certificate 484s error /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 484s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + local cmd=openssl 484s + shift 484s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 484s error 20 at 0 depth lookup: unable to get local issuer certificate 484s error /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 484s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 484s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s + local cmd=openssl 484s + shift 484s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 484s error 20 at 0 depth lookup: unable to get local issuer certificate 484s error /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 484s Building a the full-chain CA file... 484s + echo 'Building a the full-chain CA file...' 484s + cat /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 484s + cat /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 484s + cat /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 484s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 484s + openssl pkcs7 -print_certs -noout 484s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s 484s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 484s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s 484s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 484s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 484s 484s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 484s /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem: OK 484s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem: OK 484s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 484s /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem: OK 484s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem /tmp/sssd-softhsm2-zphWn2/test-root-intermediate-chain-CA.pem 484s /tmp/sssd-softhsm2-zphWn2/test-root-intermediate-chain-CA.pem: OK 484s + openssl verify -CAfile /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 484s /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 484s Certificates generation completed! 484s + echo 'Certificates generation completed!' 484s + [[ -v NO_SSSD_TESTS ]] 484s + invalid_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /dev/null 484s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /dev/null 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_ring=/dev/null 484s + local verify_option= 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-root-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Root Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 484s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 484s + token_name='Test Organization Root Tr Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 484s + local key_file 484s + local decrypted_key 484s + mkdir -p /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 484s + key_file=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001-key.pem 484s + decrypted_key=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001-key-decrypted.pem 484s + cat 484s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 484s Slot 0 has a free/uninitialized token. 484s The token has been initialized and is reassigned to slot 455162126 484s + softhsm2-util --show-slots 484s Available slots: 484s Slot 455162126 484s Slot info: 484s Description: SoftHSM slot ID 0x1b21390e 484s Manufacturer ID: SoftHSM project 484s Hardware version: 2.6 484s Firmware version: 2.6 484s Token present: yes 484s Token info: 484s Manufacturer ID: SoftHSM project 484s Model: SoftHSM v2 484s Hardware version: 2.6 484s Firmware version: 2.6 484s Serial number: 2355dd091b21390e 484s Initialized: yes 484s User PIN init.: yes 484s Label: Test Organization Root Tr Token 484s Slot 1 484s Slot info: 484s Description: SoftHSM slot ID 0x1 484s Manufacturer ID: SoftHSM project 484s Hardware version: 2.6 484s Firmware version: 2.6 484s Token present: yes 484s Token info: 484s Manufacturer ID: SoftHSM project 484s Model: SoftHSM v2 484s Hardware version: 2.6 484s Firmware version: 2.6 484s Serial number: 484s Initialized: no 484s User PIN init.: no 484s Label: 484s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 484s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-23424 -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001-key-decrypted.pem 484s writing RSA key 484s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 484s + rm /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001-key-decrypted.pem 484s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 484s Object 0: 484s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2355dd091b21390e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 484s Type: X.509 Certificate (RSA-1024) 484s Expires: Sat Jan 17 14:19:16 2026 484s Label: Test Organization Root Trusted Certificate 0001 484s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 484s 484s Test Organization Root Tr Token 484s + echo 'Test Organization Root Tr Token' 484s + '[' -n '' ']' 484s + local output_base_name=SSSD-child-19080 484s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-19080.output 484s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-19080.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 484s [p11_child[2599]] [main] (0x0400): p11_child started. 484s [p11_child[2599]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[2599]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[2599]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[2599]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 484s [p11_child[2599]] [do_work] (0x0040): init_verification failed. 484s [p11_child[2599]] [main] (0x0020): p11_child failed (5) 484s + return 2 484s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /dev/null no_verification 484s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /dev/null no_verification 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_ring=/dev/null 484s + local verify_option=no_verification 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-root-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Root Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 484s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 484s Test Organization Root Tr Token 484s + token_name='Test Organization Root Tr Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 484s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 ']' 484s + echo 'Test Organization Root Tr Token' 484s + '[' -n no_verification ']' 484s + local verify_arg=--verify=no_verification 484s + local output_base_name=SSSD-child-25482 484s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-25482.output 484s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-25482.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 484s [p11_child[2605]] [main] (0x0400): p11_child started. 484s [p11_child[2605]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[2605]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[2605]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[2605]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 484s [p11_child[2605]] [do_card] (0x4000): Module List: 484s [p11_child[2605]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[2605]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2605]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[2605]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 484s [p11_child[2605]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2605]] [do_card] (0x4000): Login NOT required. 484s [p11_child[2605]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 484s [p11_child[2605]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[2605]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b21390e;slot-manufacturer=SoftHSM%20project;slot-id=455162126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2355dd091b21390e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[2605]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-25482.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-25482.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-25482.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 3 (0x3) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s Validity 484s Not Before: Jan 17 14:19:16 2025 GMT 484s Not After : Jan 17 14:19:16 2026 GMT 484s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:c7:a9:18:27:9d:4b:74:ed:f2:64:15:2e:e4:04: 484s 62:c3:95:61:69:10:94:e0:73:a9:9c:49:e7:43:e1: 484s d2:12:0c:f7:ef:50:81:18:9c:2c:98:7a:c2:37:52: 484s 5c:d7:07:d8:0a:f4:14:2d:af:99:a0:4d:02:1b:2a: 484s 90:95:75:49:f9:f8:6a:17:88:f9:f2:29:fd:71:e8: 484s e7:85:37:c7:96:cd:0c:bb:31:67:af:2b:ea:38:dc: 484s 2b:90:9c:52:49:b9:4e:5d:3b:d0:2f:5e:e5:79:44: 484s 03:21:58:c5:ef:8a:3f:87:32:07:55:1d:b9:3d:bf: 484s cf:24:f5:13:11:df:a3:14:8d 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Root CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 98:54:aa:24:51:24:42:03:e8:e4:13:f1:85:be:b5:51:c5:a0: 484s 3b:db:c3:85:5c:8d:5d:99:51:18:7a:56:4b:10:52:fa:18:79: 484s 78:ad:bb:74:cc:c1:26:97:24:08:bb:a2:c3:4b:79:86:15:77: 484s 9c:71:58:d7:db:21:77:85:58:00:cb:ea:de:61:b4:8c:03:79: 484s ac:92:02:4c:fe:0e:70:58:9d:0b:34:ec:db:b9:6a:e7:16:9c: 484s 97:fd:91:25:5f:72:8e:80:a8:bd:86:32:e3:59:a6:d9:20:5e: 484s 23:b2:24:7f:7e:9a:14:5e:6d:be:5b:14:0d:f3:7c:e1:ba:30: 484s 31:60 484s + local found_md5 expected_md5 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + expected_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-25482.pem 484s + found_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s + '[' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D '!=' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D ']' 484s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-25482-auth.output 484s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-25482-auth.output .output 484s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-25482-auth.pem 484s + echo -n 053350 484s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 484s [p11_child[2613]] [main] (0x0400): p11_child started. 484s [p11_child[2613]] [main] (0x2000): Running in [auth] mode. 484s [p11_child[2613]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[2613]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[2613]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 484s [p11_child[2613]] [do_card] (0x4000): Module List: 484s [p11_child[2613]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[2613]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2613]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[2613]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 484s [p11_child[2613]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2613]] [do_card] (0x4000): Login required. 484s [p11_child[2613]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 484s [p11_child[2613]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[2613]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b21390e;slot-manufacturer=SoftHSM%20project;slot-id=455162126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2355dd091b21390e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 484s [p11_child[2613]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 484s [p11_child[2613]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 484s [p11_child[2613]] [do_card] (0x4000): Certificate verified and validated. 484s [p11_child[2613]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-25482-auth.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-25482-auth.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-25482-auth.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 3 (0x3) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s Validity 484s Not Before: Jan 17 14:19:16 2025 GMT 484s Not After : Jan 17 14:19:16 2026 GMT 484s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:c7:a9:18:27:9d:4b:74:ed:f2:64:15:2e:e4:04: 484s 62:c3:95:61:69:10:94:e0:73:a9:9c:49:e7:43:e1: 484s d2:12:0c:f7:ef:50:81:18:9c:2c:98:7a:c2:37:52: 484s 5c:d7:07:d8:0a:f4:14:2d:af:99:a0:4d:02:1b:2a: 484s 90:95:75:49:f9:f8:6a:17:88:f9:f2:29:fd:71:e8: 484s e7:85:37:c7:96:cd:0c:bb:31:67:af:2b:ea:38:dc: 484s 2b:90:9c:52:49:b9:4e:5d:3b:d0:2f:5e:e5:79:44: 484s 03:21:58:c5:ef:8a:3f:87:32:07:55:1d:b9:3d:bf: 484s cf:24:f5:13:11:df:a3:14:8d 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Root CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 98:54:aa:24:51:24:42:03:e8:e4:13:f1:85:be:b5:51:c5:a0: 484s 3b:db:c3:85:5c:8d:5d:99:51:18:7a:56:4b:10:52:fa:18:79: 484s 78:ad:bb:74:cc:c1:26:97:24:08:bb:a2:c3:4b:79:86:15:77: 484s 9c:71:58:d7:db:21:77:85:58:00:cb:ea:de:61:b4:8c:03:79: 484s ac:92:02:4c:fe:0e:70:58:9d:0b:34:ec:db:b9:6a:e7:16:9c: 484s 97:fd:91:25:5f:72:8e:80:a8:bd:86:32:e3:59:a6:d9:20:5e: 484s 23:b2:24:7f:7e:9a:14:5e:6d:be:5b:14:0d:f3:7c:e1:ba:30: 484s 31:60 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-25482-auth.pem 484s + found_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s + '[' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D '!=' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D ']' 484s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 484s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 484s + local verify_option= 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-root-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Root Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 484s Test Organization Root Tr Token 484s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 484s + token_name='Test Organization Root Tr Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 484s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 ']' 484s + echo 'Test Organization Root Tr Token' 484s + '[' -n '' ']' 484s + local output_base_name=SSSD-child-22234 484s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-22234.output 484s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-22234.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 484s [p11_child[2623]] [main] (0x0400): p11_child started. 484s [p11_child[2623]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[2623]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[2623]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[2623]] [do_card] (0x4000): Module List: 484s [p11_child[2623]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[2623]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2623]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[2623]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 484s [p11_child[2623]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2623]] [do_card] (0x4000): Login NOT required. 484s [p11_child[2623]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 484s [p11_child[2623]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[2623]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[2623]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b21390e;slot-manufacturer=SoftHSM%20project;slot-id=455162126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2355dd091b21390e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[2623]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-22234.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-22234.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-22234.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 3 (0x3) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s Validity 484s Not Before: Jan 17 14:19:16 2025 GMT 484s Not After : Jan 17 14:19:16 2026 GMT 484s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:c7:a9:18:27:9d:4b:74:ed:f2:64:15:2e:e4:04: 484s 62:c3:95:61:69:10:94:e0:73:a9:9c:49:e7:43:e1: 484s d2:12:0c:f7:ef:50:81:18:9c:2c:98:7a:c2:37:52: 484s 5c:d7:07:d8:0a:f4:14:2d:af:99:a0:4d:02:1b:2a: 484s 90:95:75:49:f9:f8:6a:17:88:f9:f2:29:fd:71:e8: 484s e7:85:37:c7:96:cd:0c:bb:31:67:af:2b:ea:38:dc: 484s 2b:90:9c:52:49:b9:4e:5d:3b:d0:2f:5e:e5:79:44: 484s 03:21:58:c5:ef:8a:3f:87:32:07:55:1d:b9:3d:bf: 484s cf:24:f5:13:11:df:a3:14:8d 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Root CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 98:54:aa:24:51:24:42:03:e8:e4:13:f1:85:be:b5:51:c5:a0: 484s 3b:db:c3:85:5c:8d:5d:99:51:18:7a:56:4b:10:52:fa:18:79: 484s 78:ad:bb:74:cc:c1:26:97:24:08:bb:a2:c3:4b:79:86:15:77: 484s 9c:71:58:d7:db:21:77:85:58:00:cb:ea:de:61:b4:8c:03:79: 484s ac:92:02:4c:fe:0e:70:58:9d:0b:34:ec:db:b9:6a:e7:16:9c: 484s 97:fd:91:25:5f:72:8e:80:a8:bd:86:32:e3:59:a6:d9:20:5e: 484s 23:b2:24:7f:7e:9a:14:5e:6d:be:5b:14:0d:f3:7c:e1:ba:30: 484s 31:60 484s + local found_md5 expected_md5 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + expected_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-22234.pem 484s + found_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s + '[' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D '!=' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D ']' 484s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-22234-auth.output 484s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-22234-auth.output .output 484s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-22234-auth.pem 484s + echo -n 053350 484s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 484s [p11_child[2631]] [main] (0x0400): p11_child started. 484s [p11_child[2631]] [main] (0x2000): Running in [auth] mode. 484s [p11_child[2631]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[2631]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[2631]] [do_card] (0x4000): Module List: 484s [p11_child[2631]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[2631]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2631]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[2631]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 484s [p11_child[2631]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2631]] [do_card] (0x4000): Login required. 484s [p11_child[2631]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 484s [p11_child[2631]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[2631]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[2631]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b21390e;slot-manufacturer=SoftHSM%20project;slot-id=455162126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2355dd091b21390e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 484s [p11_child[2631]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 484s [p11_child[2631]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 484s [p11_child[2631]] [do_card] (0x4000): Certificate verified and validated. 484s [p11_child[2631]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-22234-auth.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-22234-auth.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-22234-auth.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 3 (0x3) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s Validity 484s Not Before: Jan 17 14:19:16 2025 GMT 484s Not After : Jan 17 14:19:16 2026 GMT 484s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:c7:a9:18:27:9d:4b:74:ed:f2:64:15:2e:e4:04: 484s 62:c3:95:61:69:10:94:e0:73:a9:9c:49:e7:43:e1: 484s d2:12:0c:f7:ef:50:81:18:9c:2c:98:7a:c2:37:52: 484s 5c:d7:07:d8:0a:f4:14:2d:af:99:a0:4d:02:1b:2a: 484s 90:95:75:49:f9:f8:6a:17:88:f9:f2:29:fd:71:e8: 484s e7:85:37:c7:96:cd:0c:bb:31:67:af:2b:ea:38:dc: 484s 2b:90:9c:52:49:b9:4e:5d:3b:d0:2f:5e:e5:79:44: 484s 03:21:58:c5:ef:8a:3f:87:32:07:55:1d:b9:3d:bf: 484s cf:24:f5:13:11:df:a3:14:8d 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Root CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 98:54:aa:24:51:24:42:03:e8:e4:13:f1:85:be:b5:51:c5:a0: 484s 3b:db:c3:85:5c:8d:5d:99:51:18:7a:56:4b:10:52:fa:18:79: 484s 78:ad:bb:74:cc:c1:26:97:24:08:bb:a2:c3:4b:79:86:15:77: 484s 9c:71:58:d7:db:21:77:85:58:00:cb:ea:de:61:b4:8c:03:79: 484s ac:92:02:4c:fe:0e:70:58:9d:0b:34:ec:db:b9:6a:e7:16:9c: 484s 97:fd:91:25:5f:72:8e:80:a8:bd:86:32:e3:59:a6:d9:20:5e: 484s 23:b2:24:7f:7e:9a:14:5e:6d:be:5b:14:0d:f3:7c:e1:ba:30: 484s 31:60 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-22234-auth.pem 484s + found_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s + '[' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D '!=' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D ']' 484s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem partial_chain 484s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem partial_chain 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 484s + local verify_option=partial_chain 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-root-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Root Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 484s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 484s + token_name='Test Organization Root Tr Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 484s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 ']' 484s + echo 'Test Organization Root Tr Token' 484s Test Organization Root Tr Token 484s + '[' -n partial_chain ']' 484s + local verify_arg=--verify=partial_chain 484s + local output_base_name=SSSD-child-662 484s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-662.output 484s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-662.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 484s [p11_child[2641]] [main] (0x0400): p11_child started. 484s [p11_child[2641]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[2641]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[2641]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[2641]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 484s [p11_child[2641]] [do_card] (0x4000): Module List: 484s [p11_child[2641]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[2641]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2641]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[2641]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 484s [p11_child[2641]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2641]] [do_card] (0x4000): Login NOT required. 484s [p11_child[2641]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 484s [p11_child[2641]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[2641]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[2641]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b21390e;slot-manufacturer=SoftHSM%20project;slot-id=455162126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2355dd091b21390e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[2641]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-662.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-662.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-662.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 3 (0x3) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s Validity 484s Not Before: Jan 17 14:19:16 2025 GMT 484s Not After : Jan 17 14:19:16 2026 GMT 484s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:c7:a9:18:27:9d:4b:74:ed:f2:64:15:2e:e4:04: 484s 62:c3:95:61:69:10:94:e0:73:a9:9c:49:e7:43:e1: 484s d2:12:0c:f7:ef:50:81:18:9c:2c:98:7a:c2:37:52: 484s 5c:d7:07:d8:0a:f4:14:2d:af:99:a0:4d:02:1b:2a: 484s 90:95:75:49:f9:f8:6a:17:88:f9:f2:29:fd:71:e8: 484s e7:85:37:c7:96:cd:0c:bb:31:67:af:2b:ea:38:dc: 484s 2b:90:9c:52:49:b9:4e:5d:3b:d0:2f:5e:e5:79:44: 484s 03:21:58:c5:ef:8a:3f:87:32:07:55:1d:b9:3d:bf: 484s cf:24:f5:13:11:df:a3:14:8d 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Root CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 98:54:aa:24:51:24:42:03:e8:e4:13:f1:85:be:b5:51:c5:a0: 484s 3b:db:c3:85:5c:8d:5d:99:51:18:7a:56:4b:10:52:fa:18:79: 484s 78:ad:bb:74:cc:c1:26:97:24:08:bb:a2:c3:4b:79:86:15:77: 484s 9c:71:58:d7:db:21:77:85:58:00:cb:ea:de:61:b4:8c:03:79: 484s ac:92:02:4c:fe:0e:70:58:9d:0b:34:ec:db:b9:6a:e7:16:9c: 484s 97:fd:91:25:5f:72:8e:80:a8:bd:86:32:e3:59:a6:d9:20:5e: 484s 23:b2:24:7f:7e:9a:14:5e:6d:be:5b:14:0d:f3:7c:e1:ba:30: 484s 31:60 484s + local found_md5 expected_md5 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + expected_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-662.pem 484s + found_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s + '[' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D '!=' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D ']' 484s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-662-auth.output 484s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-662-auth.output .output 484s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-662-auth.pem 484s + echo -n 053350 484s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 484s [p11_child[2649]] [main] (0x0400): p11_child started. 484s [p11_child[2649]] [main] (0x2000): Running in [auth] mode. 484s [p11_child[2649]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[2649]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[2649]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 484s [p11_child[2649]] [do_card] (0x4000): Module List: 484s [p11_child[2649]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[2649]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2649]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[2649]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 484s [p11_child[2649]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2649]] [do_card] (0x4000): Login required. 484s [p11_child[2649]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 484s [p11_child[2649]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[2649]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[2649]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b21390e;slot-manufacturer=SoftHSM%20project;slot-id=455162126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2355dd091b21390e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 484s [p11_child[2649]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 484s [p11_child[2649]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 484s [p11_child[2649]] [do_card] (0x4000): Certificate verified and validated. 484s [p11_child[2649]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-662-auth.output 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 3 (0x3) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s Validity 484s Not Before: Jan 17 14:19:16 2025 GMT 484s Not After : Jan 17 14:19:16 2026 GMT 484s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:c7:a9:18:27:9d:4b:74:ed:f2:64:15:2e:e4:04: 484s 62:c3:95:61:69:10:94:e0:73:a9:9c:49:e7:43:e1: 484s d2:12:0c:f7:ef:50:81:18:9c:2c:98:7a:c2:37:52: 484s 5c:d7:07:d8:0a:f4:14:2d:af:99:a0:4d:02:1b:2a: 484s 90:95:75:49:f9:f8:6a:17:88:f9:f2:29:fd:71:e8: 484s e7:85:37:c7:96:cd:0c:bb:31:67:af:2b:ea:38:dc: 484s 2b:90:9c:52:49:b9:4e:5d:3b:d0:2f:5e:e5:79:44: 484s 03:21:58:c5:ef:8a:3f:87:32:07:55:1d:b9:3d:bf: 484s cf:24:f5:13:11:df:a3:14:8d 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Root CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 98:54:aa:24:51:24:42:03:e8:e4:13:f1:85:be:b5:51:c5:a0: 484s 3b:db:c3:85:5c:8d:5d:99:51:18:7a:56:4b:10:52:fa:18:79: 484s 78:ad:bb:74:cc:c1:26:97:24:08:bb:a2:c3:4b:79:86:15:77: 484s 9c:71:58:d7:db:21:77:85:58:00:cb:ea:de:61:b4:8c:03:79: 484s ac:92:02:4c:fe:0e:70:58:9d:0b:34:ec:db:b9:6a:e7:16:9c: 484s 97:fd:91:25:5f:72:8e:80:a8:bd:86:32:e3:59:a6:d9:20:5e: 484s 23:b2:24:7f:7e:9a:14:5e:6d:be:5b:14:0d:f3:7c:e1:ba:30: 484s 31:60 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-662-auth.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-662-auth.pem 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-662-auth.pem 484s + found_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s + '[' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D '!=' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D ']' 484s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 484s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 484s + local verify_option= 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-root-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Root Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 484s Test Organization Root Tr Token 484s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 484s + token_name='Test Organization Root Tr Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 484s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 ']' 484s + echo 'Test Organization Root Tr Token' 484s + '[' -n '' ']' 484s + local output_base_name=SSSD-child-23099 484s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-23099.output 484s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-23099.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 484s [p11_child[2659]] [main] (0x0400): p11_child started. 484s [p11_child[2659]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[2659]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[2659]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[2659]] [do_card] (0x4000): Module List: 484s [p11_child[2659]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[2659]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2659]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[2659]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 484s [p11_child[2659]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2659]] [do_card] (0x4000): Login NOT required. 484s [p11_child[2659]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 484s [p11_child[2659]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[2659]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[2659]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b21390e;slot-manufacturer=SoftHSM%20project;slot-id=455162126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2355dd091b21390e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[2659]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-23099.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-23099.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-23099.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 3 (0x3) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s Validity 484s Not Before: Jan 17 14:19:16 2025 GMT 484s Not After : Jan 17 14:19:16 2026 GMT 484s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:c7:a9:18:27:9d:4b:74:ed:f2:64:15:2e:e4:04: 484s 62:c3:95:61:69:10:94:e0:73:a9:9c:49:e7:43:e1: 484s d2:12:0c:f7:ef:50:81:18:9c:2c:98:7a:c2:37:52: 484s 5c:d7:07:d8:0a:f4:14:2d:af:99:a0:4d:02:1b:2a: 484s 90:95:75:49:f9:f8:6a:17:88:f9:f2:29:fd:71:e8: 484s e7:85:37:c7:96:cd:0c:bb:31:67:af:2b:ea:38:dc: 484s 2b:90:9c:52:49:b9:4e:5d:3b:d0:2f:5e:e5:79:44: 484s 03:21:58:c5:ef:8a:3f:87:32:07:55:1d:b9:3d:bf: 484s cf:24:f5:13:11:df:a3:14:8d 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Root CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 98:54:aa:24:51:24:42:03:e8:e4:13:f1:85:be:b5:51:c5:a0: 484s 3b:db:c3:85:5c:8d:5d:99:51:18:7a:56:4b:10:52:fa:18:79: 484s 78:ad:bb:74:cc:c1:26:97:24:08:bb:a2:c3:4b:79:86:15:77: 484s 9c:71:58:d7:db:21:77:85:58:00:cb:ea:de:61:b4:8c:03:79: 484s ac:92:02:4c:fe:0e:70:58:9d:0b:34:ec:db:b9:6a:e7:16:9c: 484s 97:fd:91:25:5f:72:8e:80:a8:bd:86:32:e3:59:a6:d9:20:5e: 484s 23:b2:24:7f:7e:9a:14:5e:6d:be:5b:14:0d:f3:7c:e1:ba:30: 484s 31:60 484s + local found_md5 expected_md5 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + expected_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-23099.pem 484s + found_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s + '[' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D '!=' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D ']' 484s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-23099-auth.output 484s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-23099-auth.output .output 484s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-23099-auth.pem 484s + echo -n 053350 484s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 484s [p11_child[2667]] [main] (0x0400): p11_child started. 484s [p11_child[2667]] [main] (0x2000): Running in [auth] mode. 484s [p11_child[2667]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[2667]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[2667]] [do_card] (0x4000): Module List: 484s [p11_child[2667]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[2667]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2667]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[2667]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 484s [p11_child[2667]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2667]] [do_card] (0x4000): Login required. 484s [p11_child[2667]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 484s [p11_child[2667]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[2667]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[2667]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b21390e;slot-manufacturer=SoftHSM%20project;slot-id=455162126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2355dd091b21390e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 484s [p11_child[2667]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 484s [p11_child[2667]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 484s [p11_child[2667]] [do_card] (0x4000): Certificate verified and validated. 484s [p11_child[2667]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-23099-auth.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-23099-auth.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-23099-auth.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 3 (0x3) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s Validity 484s Not Before: Jan 17 14:19:16 2025 GMT 484s Not After : Jan 17 14:19:16 2026 GMT 484s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:c7:a9:18:27:9d:4b:74:ed:f2:64:15:2e:e4:04: 484s 62:c3:95:61:69:10:94:e0:73:a9:9c:49:e7:43:e1: 484s d2:12:0c:f7:ef:50:81:18:9c:2c:98:7a:c2:37:52: 484s 5c:d7:07:d8:0a:f4:14:2d:af:99:a0:4d:02:1b:2a: 484s 90:95:75:49:f9:f8:6a:17:88:f9:f2:29:fd:71:e8: 484s e7:85:37:c7:96:cd:0c:bb:31:67:af:2b:ea:38:dc: 484s 2b:90:9c:52:49:b9:4e:5d:3b:d0:2f:5e:e5:79:44: 484s 03:21:58:c5:ef:8a:3f:87:32:07:55:1d:b9:3d:bf: 484s cf:24:f5:13:11:df:a3:14:8d 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Root CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 98:54:aa:24:51:24:42:03:e8:e4:13:f1:85:be:b5:51:c5:a0: 484s 3b:db:c3:85:5c:8d:5d:99:51:18:7a:56:4b:10:52:fa:18:79: 484s 78:ad:bb:74:cc:c1:26:97:24:08:bb:a2:c3:4b:79:86:15:77: 484s 9c:71:58:d7:db:21:77:85:58:00:cb:ea:de:61:b4:8c:03:79: 484s ac:92:02:4c:fe:0e:70:58:9d:0b:34:ec:db:b9:6a:e7:16:9c: 484s 97:fd:91:25:5f:72:8e:80:a8:bd:86:32:e3:59:a6:d9:20:5e: 484s 23:b2:24:7f:7e:9a:14:5e:6d:be:5b:14:0d:f3:7c:e1:ba:30: 484s 31:60 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-23099-auth.pem 484s + found_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s + '[' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D '!=' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D ']' 484s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem partial_chain 484s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem partial_chain 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 484s + local verify_option=partial_chain 484s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 484s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 484s + local key_cn 484s + local key_name 484s + local tokens_dir 484s + local output_cert_file 484s + token_name= 484s ++ basename /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem .pem 484s + key_name=test-root-CA-trusted-certificate-0001 484s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s ++ sed -n 's/ *commonName *= //p' 484s + key_cn='Test Organization Root Trusted Certificate 0001' 484s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 484s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 484s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 484s Test Organization Root Tr Token 484s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 484s + token_name='Test Organization Root Tr Token' 484s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 484s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 ']' 484s + echo 'Test Organization Root Tr Token' 484s + '[' -n partial_chain ']' 484s + local verify_arg=--verify=partial_chain 484s + local output_base_name=SSSD-child-18389 484s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-18389.output 484s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-18389.pem 484s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 484s [p11_child[2677]] [main] (0x0400): p11_child started. 484s [p11_child[2677]] [main] (0x2000): Running in [pre-auth] mode. 484s [p11_child[2677]] [main] (0x2000): Running with effective IDs: [0][0]. 484s [p11_child[2677]] [main] (0x2000): Running with real IDs [0][0]. 484s [p11_child[2677]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 484s [p11_child[2677]] [do_card] (0x4000): Module List: 484s [p11_child[2677]] [do_card] (0x4000): common name: [softhsm2]. 484s [p11_child[2677]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2677]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 484s [p11_child[2677]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 484s [p11_child[2677]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 484s [p11_child[2677]] [do_card] (0x4000): Login NOT required. 484s [p11_child[2677]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 484s [p11_child[2677]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 484s [p11_child[2677]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 484s [p11_child[2677]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b21390e;slot-manufacturer=SoftHSM%20project;slot-id=455162126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2355dd091b21390e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 484s [p11_child[2677]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 484s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-18389.output 484s + echo '-----BEGIN CERTIFICATE-----' 484s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-18389.output 484s + echo '-----END CERTIFICATE-----' 484s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-18389.pem 484s Certificate: 484s Data: 484s Version: 3 (0x2) 484s Serial Number: 3 (0x3) 484s Signature Algorithm: sha256WithRSAEncryption 484s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 484s Validity 484s Not Before: Jan 17 14:19:16 2025 GMT 484s Not After : Jan 17 14:19:16 2026 GMT 484s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:c7:a9:18:27:9d:4b:74:ed:f2:64:15:2e:e4:04: 484s 62:c3:95:61:69:10:94:e0:73:a9:9c:49:e7:43:e1: 484s d2:12:0c:f7:ef:50:81:18:9c:2c:98:7a:c2:37:52: 484s 5c:d7:07:d8:0a:f4:14:2d:af:99:a0:4d:02:1b:2a: 484s 90:95:75:49:f9:f8:6a:17:88:f9:f2:29:fd:71:e8: 484s e7:85:37:c7:96:cd:0c:bb:31:67:af:2b:ea:38:dc: 484s 2b:90:9c:52:49:b9:4e:5d:3b:d0:2f:5e:e5:79:44: 484s 03:21:58:c5:ef:8a:3f:87:32:07:55:1d:b9:3d:bf: 484s cf:24:f5:13:11:df:a3:14:8d 484s Exponent: 65537 (0x10001) 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Root CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 98:54:aa:24:51:24:42:03:e8:e4:13:f1:85:be:b5:51:c5:a0: 484s 3b:db:c3:85:5c:8d:5d:99:51:18:7a:56:4b:10:52:fa:18:79: 484s 78:ad:bb:74:cc:c1:26:97:24:08:bb:a2:c3:4b:79:86:15:77: 484s 9c:71:58:d7:db:21:77:85:58:00:cb:ea:de:61:b4:8c:03:79: 484s ac:92:02:4c:fe:0e:70:58:9d:0b:34:ec:db:b9:6a:e7:16:9c: 484s 97:fd:91:25:5f:72:8e:80:a8:bd:86:32:e3:59:a6:d9:20:5e: 484s 23:b2:24:7f:7e:9a:14:5e:6d:be:5b:14:0d:f3:7c:e1:ba:30: 484s 31:60 484s + local found_md5 expected_md5 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 484s + expected_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 484s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-18389.pem 485s + found_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 485s + '[' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D '!=' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D ']' 485s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-18389-auth.output 485s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-18389-auth.output .output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-18389-auth.pem 485s + echo -n 053350 485s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 485s [p11_child[2685]] [main] (0x0400): p11_child started. 485s [p11_child[2685]] [main] (0x2000): Running in [auth] mode. 485s [p11_child[2685]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2685]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2685]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[2685]] [do_card] (0x4000): Module List: 485s [p11_child[2685]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2685]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2685]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2685]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 485s [p11_child[2685]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2685]] [do_card] (0x4000): Login required. 485s [p11_child[2685]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 485s [p11_child[2685]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[2685]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2685]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b21390e;slot-manufacturer=SoftHSM%20project;slot-id=455162126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2355dd091b21390e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 485s [p11_child[2685]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 485s [p11_child[2685]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 485s [p11_child[2685]] [do_card] (0x4000): Certificate verified and validated. 485s [p11_child[2685]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-18389-auth.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-18389-auth.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-18389-auth.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 3 (0x3) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 485s Validity 485s Not Before: Jan 17 14:19:16 2025 GMT 485s Not After : Jan 17 14:19:16 2026 GMT 485s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:c7:a9:18:27:9d:4b:74:ed:f2:64:15:2e:e4:04: 485s 62:c3:95:61:69:10:94:e0:73:a9:9c:49:e7:43:e1: 485s d2:12:0c:f7:ef:50:81:18:9c:2c:98:7a:c2:37:52: 485s 5c:d7:07:d8:0a:f4:14:2d:af:99:a0:4d:02:1b:2a: 485s 90:95:75:49:f9:f8:6a:17:88:f9:f2:29:fd:71:e8: 485s e7:85:37:c7:96:cd:0c:bb:31:67:af:2b:ea:38:dc: 485s 2b:90:9c:52:49:b9:4e:5d:3b:d0:2f:5e:e5:79:44: 485s 03:21:58:c5:ef:8a:3f:87:32:07:55:1d:b9:3d:bf: 485s cf:24:f5:13:11:df:a3:14:8d 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s F4:0F:CC:C1:D6:BD:7F:FA:36:C5:D7:A9:0F:88:9D:34:52:11:5A:58 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Root CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 5C:11:E3:FD:E0:AD:65:8C:62:A2:EC:A4:07:5E:FE:6E:AD:44:D6:68 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 98:54:aa:24:51:24:42:03:e8:e4:13:f1:85:be:b5:51:c5:a0: 485s 3b:db:c3:85:5c:8d:5d:99:51:18:7a:56:4b:10:52:fa:18:79: 485s 78:ad:bb:74:cc:c1:26:97:24:08:bb:a2:c3:4b:79:86:15:77: 485s 9c:71:58:d7:db:21:77:85:58:00:cb:ea:de:61:b4:8c:03:79: 485s ac:92:02:4c:fe:0e:70:58:9d:0b:34:ec:db:b9:6a:e7:16:9c: 485s 97:fd:91:25:5f:72:8e:80:a8:bd:86:32:e3:59:a6:d9:20:5e: 485s 23:b2:24:7f:7e:9a:14:5e:6d:be:5b:14:0d:f3:7c:e1:ba:30: 485s 31:60 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-18389-auth.pem 485s + found_md5=Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D 485s + '[' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D '!=' Modulus=C7A918279D4B74EDF264152EE40462C39561691094E073A99C49E743E1D2120CF7EF5081189C2C987AC237525CD707D80AF4142DAF99A04D021B2A90957549F9F86A1788F9F229FD71E8E78537C796CD0CBB3167AF2BEA38DC2B909C5249B94E5D3BD02F5EE57944032158C5EF8A3F873207551DB93DBFCF24F51311DFA3148D ']' 485s + invalid_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 485s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s + local verify_option= 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-root-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Root Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s Test Organization Root Tr Token 485s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 485s + token_name='Test Organization Root Tr Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Root Tr Token' 485s + '[' -n '' ']' 485s + local output_base_name=SSSD-child-60 485s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-60.output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-60.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s [p11_child[2695]] [main] (0x0400): p11_child started. 485s [p11_child[2695]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2695]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2695]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2695]] [do_card] (0x4000): Module List: 485s [p11_child[2695]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2695]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2695]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2695]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 485s [p11_child[2695]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2695]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2695]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 485s [p11_child[2695]] [do_verification] (0x0040): X509_verify_cert failed [0]. 485s [p11_child[2695]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 485s [p11_child[2695]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 485s [p11_child[2695]] [do_card] (0x4000): No certificate found. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-60.output 485s + return 2 485s + invalid_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem partial_chain 485s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem partial_chain 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 485s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s + local verify_option=partial_chain 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23424 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-23424 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-root-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-root-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s Test Organization Root Tr Token 485s + key_cn='Test Organization Root Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 485s + token_name='Test Organization Root Tr Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-root-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Root Tr Token' 485s + '[' -n partial_chain ']' 485s + local verify_arg=--verify=partial_chain 485s + local output_base_name=SSSD-child-18373 485s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-18373.output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-18373.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s [p11_child[2702]] [main] (0x0400): p11_child started. 485s [p11_child[2702]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2702]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2702]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2702]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[2702]] [do_card] (0x4000): Module List: 485s [p11_child[2702]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2702]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2702]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b21390e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2702]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 485s [p11_child[2702]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x1b21390e][455162126] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2702]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2702]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 485s [p11_child[2702]] [do_verification] (0x0040): X509_verify_cert failed [0]. 485s [p11_child[2702]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 485s [p11_child[2702]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 485s [p11_child[2702]] [do_card] (0x4000): No certificate found. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-18373.output 485s + return 2 485s + invalid_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /dev/null 485s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /dev/null 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_ring=/dev/null 485s + local verify_option= 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 485s + token_name='Test Organization Interme Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 485s + local key_file 485s + local decrypted_key 485s + mkdir -p /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 485s + key_file=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001-key.pem 485s + decrypted_key=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 485s + cat 485s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 485s Slot 0 has a free/uninitialized token. 485s The token has been initialized and is reassigned to slot 1739753194 485s + softhsm2-util --show-slots 485s Available slots: 485s Slot 1739753194 485s Slot info: 485s Description: SoftHSM slot ID 0x67b286ea 485s Manufacturer ID: SoftHSM project 485s Hardware version: 2.6 485s Firmware version: 2.6 485s Token present: yes 485s Token info: 485s Manufacturer ID: SoftHSM project 485s Model: SoftHSM v2 485s Hardware version: 2.6 485s Firmware version: 2.6 485s Serial number: 6fc227c9e7b286ea 485s Initialized: yes 485s User PIN init.: yes 485s Label: Test Organization Interme Token 485s Slot 1 485s Slot info: 485s Description: SoftHSM slot ID 0x1 485s Manufacturer ID: SoftHSM project 485s Hardware version: 2.6 485s Firmware version: 2.6 485s Token present: yes 485s Token info: 485s Manufacturer ID: SoftHSM project 485s Model: SoftHSM v2 485s Hardware version: 2.6 485s Firmware version: 2.6 485s Serial number: 485s Initialized: no 485s User PIN init.: no 485s Label: 485s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 485s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-27476 -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 485s writing RSA key 485s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 485s + rm /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 485s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 485s Object 0: 485s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6fc227c9e7b286ea;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 485s Type: X.509 Certificate (RSA-1024) 485s Expires: Sat Jan 17 14:19:17 2026 485s Label: Test Organization Intermediate Trusted Certificate 0001 485s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 485s 485s + echo 'Test Organization Interme Token' 485s + '[' -n '' ']' 485s + local output_base_name=SSSD-child-25891 485s Test Organization Interme Token 485s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-25891.output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-25891.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 485s [p11_child[2718]] [main] (0x0400): p11_child started. 485s [p11_child[2718]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2718]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2718]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2718]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 485s [p11_child[2718]] [do_work] (0x0040): init_verification failed. 485s [p11_child[2718]] [main] (0x0020): p11_child failed (5) 485s + return 2 485s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /dev/null no_verification 485s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /dev/null no_verification 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_ring=/dev/null 485s + local verify_option=no_verification 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 485s Test Organization Interme Token 485s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 485s + token_name='Test Organization Interme Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Interme Token' 485s + '[' -n no_verification ']' 485s + local verify_arg=--verify=no_verification 485s + local output_base_name=SSSD-child-2772 485s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-2772.output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-2772.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 485s [p11_child[2724]] [main] (0x0400): p11_child started. 485s [p11_child[2724]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2724]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2724]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2724]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 485s [p11_child[2724]] [do_card] (0x4000): Module List: 485s [p11_child[2724]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2724]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2724]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67b286ea] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2724]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 485s [p11_child[2724]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x67b286ea][1739753194] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2724]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2724]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 485s [p11_child[2724]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2724]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67b286ea;slot-manufacturer=SoftHSM%20project;slot-id=1739753194;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6fc227c9e7b286ea;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2724]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-2772.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-2772.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-2772.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 4 (0x4) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 485s Validity 485s Not Before: Jan 17 14:19:17 2025 GMT 485s Not After : Jan 17 14:19:17 2026 GMT 485s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:c2:4c:84:af:75:7d:11:59:04:ad:4c:49:e6:bd: 485s 20:f7:13:5b:61:ac:42:27:eb:ae:2a:e5:27:c7:70: 485s 30:cd:4a:15:c4:cf:b3:55:3b:72:2f:ff:96:91:19: 485s fa:13:16:6b:70:90:1b:4e:f7:0c:23:f9:c6:3b:4a: 485s 3f:b0:29:d4:37:7e:68:a6:06:97:ff:0a:5d:6a:25: 485s 27:2f:85:d5:4d:95:da:82:be:8a:42:db:de:1a:c4: 485s be:a0:e0:60:4f:37:fa:a5:1f:64:9c:56:17:3e:2c: 485s d7:6c:50:44:d5:8d:b3:89:ae:b0:ab:2d:be:c8:a5: 485s b6:fb:70:bd:3e:a1:51:db:01 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 49:3A:0D:2E:D2:5B:4F:3C:FF:E1:DB:4D:70:35:AF:FF:27:D2:E3:B1 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0B:26:19:0E:9D:32:B2:5A:05:1D:62:01:2C:5E:67:8D:3C:54:A5:76 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 51:44:7c:ee:64:34:be:3b:ad:e1:a5:a7:fc:05:a8:09:1d:bf: 485s 7a:cc:3a:30:79:f1:af:ae:21:20:62:04:6d:62:cb:fe:d8:8b: 485s a9:8c:49:70:fd:cc:ae:3c:ef:46:7e:fb:ec:a7:b5:2e:9a:e7: 485s 3a:15:57:8d:4d:34:95:d3:ae:59:7b:be:a3:93:05:d9:d3:d3: 485s ac:9c:a4:61:7c:7c:0e:fa:bd:c7:bd:2c:62:84:ba:49:69:9a: 485s 56:fe:c4:b5:d8:c9:9a:fa:f6:6d:69:5d:2e:0d:ac:a6:ff:19: 485s 63:6e:d6:01:f3:de:c7:b0:ae:31:e2:fd:77:2d:0d:70:7a:af: 485s a5:76 485s + local found_md5 expected_md5 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + expected_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-2772.pem 485s + found_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s + '[' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 '!=' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 ']' 485s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-2772-auth.output 485s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-2772-auth.output .output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-2772-auth.pem 485s + echo -n 053350 485s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 485s [p11_child[2732]] [main] (0x0400): p11_child started. 485s [p11_child[2732]] [main] (0x2000): Running in [auth] mode. 485s [p11_child[2732]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2732]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2732]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 485s [p11_child[2732]] [do_card] (0x4000): Module List: 485s [p11_child[2732]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2732]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2732]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67b286ea] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2732]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 485s [p11_child[2732]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x67b286ea][1739753194] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2732]] [do_card] (0x4000): Login required. 485s [p11_child[2732]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 485s [p11_child[2732]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2732]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67b286ea;slot-manufacturer=SoftHSM%20project;slot-id=1739753194;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6fc227c9e7b286ea;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 485s [p11_child[2732]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 485s [p11_child[2732]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 485s [p11_child[2732]] [do_card] (0x4000): Certificate verified and validated. 485s [p11_child[2732]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-2772-auth.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-2772-auth.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-2772-auth.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 4 (0x4) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 485s Validity 485s Not Before: Jan 17 14:19:17 2025 GMT 485s Not After : Jan 17 14:19:17 2026 GMT 485s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:c2:4c:84:af:75:7d:11:59:04:ad:4c:49:e6:bd: 485s 20:f7:13:5b:61:ac:42:27:eb:ae:2a:e5:27:c7:70: 485s 30:cd:4a:15:c4:cf:b3:55:3b:72:2f:ff:96:91:19: 485s fa:13:16:6b:70:90:1b:4e:f7:0c:23:f9:c6:3b:4a: 485s 3f:b0:29:d4:37:7e:68:a6:06:97:ff:0a:5d:6a:25: 485s 27:2f:85:d5:4d:95:da:82:be:8a:42:db:de:1a:c4: 485s be:a0:e0:60:4f:37:fa:a5:1f:64:9c:56:17:3e:2c: 485s d7:6c:50:44:d5:8d:b3:89:ae:b0:ab:2d:be:c8:a5: 485s b6:fb:70:bd:3e:a1:51:db:01 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 49:3A:0D:2E:D2:5B:4F:3C:FF:E1:DB:4D:70:35:AF:FF:27:D2:E3:B1 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0B:26:19:0E:9D:32:B2:5A:05:1D:62:01:2C:5E:67:8D:3C:54:A5:76 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 51:44:7c:ee:64:34:be:3b:ad:e1:a5:a7:fc:05:a8:09:1d:bf: 485s 7a:cc:3a:30:79:f1:af:ae:21:20:62:04:6d:62:cb:fe:d8:8b: 485s a9:8c:49:70:fd:cc:ae:3c:ef:46:7e:fb:ec:a7:b5:2e:9a:e7: 485s 3a:15:57:8d:4d:34:95:d3:ae:59:7b:be:a3:93:05:d9:d3:d3: 485s ac:9c:a4:61:7c:7c:0e:fa:bd:c7:bd:2c:62:84:ba:49:69:9a: 485s 56:fe:c4:b5:d8:c9:9a:fa:f6:6d:69:5d:2e:0d:ac:a6:ff:19: 485s 63:6e:d6:01:f3:de:c7:b0:ae:31:e2:fd:77:2d:0d:70:7a:af: 485s a5:76 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-2772-auth.pem 485s + found_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s + '[' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 '!=' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 ']' 485s + invalid_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 485s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 485s + local verify_option= 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 485s Test Organization Interme Token 485s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 485s + token_name='Test Organization Interme Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Interme Token' 485s + '[' -n '' ']' 485s + local output_base_name=SSSD-child-19992 485s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-19992.output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-19992.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 485s [p11_child[2742]] [main] (0x0400): p11_child started. 485s [p11_child[2742]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2742]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2742]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2742]] [do_card] (0x4000): Module List: 485s [p11_child[2742]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2742]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2742]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67b286ea] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2742]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 485s [p11_child[2742]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x67b286ea][1739753194] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2742]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2742]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 485s [p11_child[2742]] [do_verification] (0x0040): X509_verify_cert failed [0]. 485s [p11_child[2742]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 485s [p11_child[2742]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 485s [p11_child[2742]] [do_card] (0x4000): No certificate found. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-19992.output 485s + return 2 485s + invalid_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem partial_chain 485s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem partial_chain 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 485s + local verify_option=partial_chain 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s Test Organization Interme Token 485s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 485s + token_name='Test Organization Interme Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Interme Token' 485s + '[' -n partial_chain ']' 485s + local verify_arg=--verify=partial_chain 485s + local output_base_name=SSSD-child-29050 485s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-29050.output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-29050.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 485s [p11_child[2749]] [main] (0x0400): p11_child started. 485s [p11_child[2749]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2749]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2749]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2749]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[2749]] [do_card] (0x4000): Module List: 485s [p11_child[2749]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2749]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2749]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67b286ea] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2749]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 485s [p11_child[2749]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x67b286ea][1739753194] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2749]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2749]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 485s [p11_child[2749]] [do_verification] (0x0040): X509_verify_cert failed [0]. 485s [p11_child[2749]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 485s [p11_child[2749]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 485s [p11_child[2749]] [do_card] (0x4000): No certificate found. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-29050.output 485s + return 2 485s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 485s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 485s + local verify_option= 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 485s + token_name='Test Organization Interme Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 485s Test Organization Interme Token 485s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Interme Token' 485s + '[' -n '' ']' 485s + local output_base_name=SSSD-child-12466 485s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12466.output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12466.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 485s [p11_child[2756]] [main] (0x0400): p11_child started. 485s [p11_child[2756]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2756]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2756]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2756]] [do_card] (0x4000): Module List: 485s [p11_child[2756]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2756]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2756]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67b286ea] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2756]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 485s [p11_child[2756]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x67b286ea][1739753194] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2756]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2756]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 485s [p11_child[2756]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[2756]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2756]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67b286ea;slot-manufacturer=SoftHSM%20project;slot-id=1739753194;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6fc227c9e7b286ea;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2756]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12466.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12466.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12466.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 4 (0x4) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 485s Validity 485s Not Before: Jan 17 14:19:17 2025 GMT 485s Not After : Jan 17 14:19:17 2026 GMT 485s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:c2:4c:84:af:75:7d:11:59:04:ad:4c:49:e6:bd: 485s 20:f7:13:5b:61:ac:42:27:eb:ae:2a:e5:27:c7:70: 485s 30:cd:4a:15:c4:cf:b3:55:3b:72:2f:ff:96:91:19: 485s fa:13:16:6b:70:90:1b:4e:f7:0c:23:f9:c6:3b:4a: 485s 3f:b0:29:d4:37:7e:68:a6:06:97:ff:0a:5d:6a:25: 485s 27:2f:85:d5:4d:95:da:82:be:8a:42:db:de:1a:c4: 485s be:a0:e0:60:4f:37:fa:a5:1f:64:9c:56:17:3e:2c: 485s d7:6c:50:44:d5:8d:b3:89:ae:b0:ab:2d:be:c8:a5: 485s b6:fb:70:bd:3e:a1:51:db:01 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 49:3A:0D:2E:D2:5B:4F:3C:FF:E1:DB:4D:70:35:AF:FF:27:D2:E3:B1 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0B:26:19:0E:9D:32:B2:5A:05:1D:62:01:2C:5E:67:8D:3C:54:A5:76 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 51:44:7c:ee:64:34:be:3b:ad:e1:a5:a7:fc:05:a8:09:1d:bf: 485s 7a:cc:3a:30:79:f1:af:ae:21:20:62:04:6d:62:cb:fe:d8:8b: 485s a9:8c:49:70:fd:cc:ae:3c:ef:46:7e:fb:ec:a7:b5:2e:9a:e7: 485s 3a:15:57:8d:4d:34:95:d3:ae:59:7b:be:a3:93:05:d9:d3:d3: 485s ac:9c:a4:61:7c:7c:0e:fa:bd:c7:bd:2c:62:84:ba:49:69:9a: 485s 56:fe:c4:b5:d8:c9:9a:fa:f6:6d:69:5d:2e:0d:ac:a6:ff:19: 485s 63:6e:d6:01:f3:de:c7:b0:ae:31:e2:fd:77:2d:0d:70:7a:af: 485s a5:76 485s + local found_md5 expected_md5 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + expected_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12466.pem 485s + found_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s + '[' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 '!=' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 ']' 485s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12466-auth.output 485s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-12466-auth.output .output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12466-auth.pem 485s + echo -n 053350 485s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 485s [p11_child[2764]] [main] (0x0400): p11_child started. 485s [p11_child[2764]] [main] (0x2000): Running in [auth] mode. 485s [p11_child[2764]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2764]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2764]] [do_card] (0x4000): Module List: 485s [p11_child[2764]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2764]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2764]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67b286ea] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2764]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 485s [p11_child[2764]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x67b286ea][1739753194] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2764]] [do_card] (0x4000): Login required. 485s [p11_child[2764]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 485s [p11_child[2764]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[2764]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2764]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67b286ea;slot-manufacturer=SoftHSM%20project;slot-id=1739753194;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6fc227c9e7b286ea;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 485s [p11_child[2764]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 485s [p11_child[2764]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 485s [p11_child[2764]] [do_card] (0x4000): Certificate verified and validated. 485s [p11_child[2764]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12466-auth.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12466-auth.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12466-auth.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 4 (0x4) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 485s Validity 485s Not Before: Jan 17 14:19:17 2025 GMT 485s Not After : Jan 17 14:19:17 2026 GMT 485s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:c2:4c:84:af:75:7d:11:59:04:ad:4c:49:e6:bd: 485s 20:f7:13:5b:61:ac:42:27:eb:ae:2a:e5:27:c7:70: 485s 30:cd:4a:15:c4:cf:b3:55:3b:72:2f:ff:96:91:19: 485s fa:13:16:6b:70:90:1b:4e:f7:0c:23:f9:c6:3b:4a: 485s 3f:b0:29:d4:37:7e:68:a6:06:97:ff:0a:5d:6a:25: 485s 27:2f:85:d5:4d:95:da:82:be:8a:42:db:de:1a:c4: 485s be:a0:e0:60:4f:37:fa:a5:1f:64:9c:56:17:3e:2c: 485s d7:6c:50:44:d5:8d:b3:89:ae:b0:ab:2d:be:c8:a5: 485s b6:fb:70:bd:3e:a1:51:db:01 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 49:3A:0D:2E:D2:5B:4F:3C:FF:E1:DB:4D:70:35:AF:FF:27:D2:E3:B1 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0B:26:19:0E:9D:32:B2:5A:05:1D:62:01:2C:5E:67:8D:3C:54:A5:76 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 51:44:7c:ee:64:34:be:3b:ad:e1:a5:a7:fc:05:a8:09:1d:bf: 485s 7a:cc:3a:30:79:f1:af:ae:21:20:62:04:6d:62:cb:fe:d8:8b: 485s a9:8c:49:70:fd:cc:ae:3c:ef:46:7e:fb:ec:a7:b5:2e:9a:e7: 485s 3a:15:57:8d:4d:34:95:d3:ae:59:7b:be:a3:93:05:d9:d3:d3: 485s ac:9c:a4:61:7c:7c:0e:fa:bd:c7:bd:2c:62:84:ba:49:69:9a: 485s 56:fe:c4:b5:d8:c9:9a:fa:f6:6d:69:5d:2e:0d:ac:a6:ff:19: 485s 63:6e:d6:01:f3:de:c7:b0:ae:31:e2:fd:77:2d:0d:70:7a:af: 485s a5:76 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12466-auth.pem 485s + found_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s + '[' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 '!=' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 ']' 485s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem partial_chain 485s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem partial_chain 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 485s + local verify_option=partial_chain 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 485s + token_name='Test Organization Interme Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Interme Token' 485s + '[' -n partial_chain ']' 485s + local verify_arg=--verify=partial_chain 485s + local output_base_name=SSSD-child-12311 485s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12311.output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12311.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 485s Test Organization Interme Token 485s [p11_child[2774]] [main] (0x0400): p11_child started. 485s [p11_child[2774]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2774]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2774]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2774]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[2774]] [do_card] (0x4000): Module List: 485s [p11_child[2774]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2774]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2774]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67b286ea] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2774]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 485s [p11_child[2774]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x67b286ea][1739753194] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2774]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2774]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 485s [p11_child[2774]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[2774]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2774]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67b286ea;slot-manufacturer=SoftHSM%20project;slot-id=1739753194;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6fc227c9e7b286ea;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2774]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12311.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12311.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12311.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 4 (0x4) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 485s Validity 485s Not Before: Jan 17 14:19:17 2025 GMT 485s Not After : Jan 17 14:19:17 2026 GMT 485s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:c2:4c:84:af:75:7d:11:59:04:ad:4c:49:e6:bd: 485s 20:f7:13:5b:61:ac:42:27:eb:ae:2a:e5:27:c7:70: 485s 30:cd:4a:15:c4:cf:b3:55:3b:72:2f:ff:96:91:19: 485s fa:13:16:6b:70:90:1b:4e:f7:0c:23:f9:c6:3b:4a: 485s 3f:b0:29:d4:37:7e:68:a6:06:97:ff:0a:5d:6a:25: 485s 27:2f:85:d5:4d:95:da:82:be:8a:42:db:de:1a:c4: 485s be:a0:e0:60:4f:37:fa:a5:1f:64:9c:56:17:3e:2c: 485s d7:6c:50:44:d5:8d:b3:89:ae:b0:ab:2d:be:c8:a5: 485s b6:fb:70:bd:3e:a1:51:db:01 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 49:3A:0D:2E:D2:5B:4F:3C:FF:E1:DB:4D:70:35:AF:FF:27:D2:E3:B1 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0B:26:19:0E:9D:32:B2:5A:05:1D:62:01:2C:5E:67:8D:3C:54:A5:76 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 51:44:7c:ee:64:34:be:3b:ad:e1:a5:a7:fc:05:a8:09:1d:bf: 485s 7a:cc:3a:30:79:f1:af:ae:21:20:62:04:6d:62:cb:fe:d8:8b: 485s a9:8c:49:70:fd:cc:ae:3c:ef:46:7e:fb:ec:a7:b5:2e:9a:e7: 485s 3a:15:57:8d:4d:34:95:d3:ae:59:7b:be:a3:93:05:d9:d3:d3: 485s ac:9c:a4:61:7c:7c:0e:fa:bd:c7:bd:2c:62:84:ba:49:69:9a: 485s 56:fe:c4:b5:d8:c9:9a:fa:f6:6d:69:5d:2e:0d:ac:a6:ff:19: 485s 63:6e:d6:01:f3:de:c7:b0:ae:31:e2:fd:77:2d:0d:70:7a:af: 485s a5:76 485s + local found_md5 expected_md5 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + expected_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12311.pem 485s + found_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s + '[' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 '!=' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 ']' 485s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12311-auth.output 485s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-12311-auth.output .output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12311-auth.pem 485s + echo -n 053350 485s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 485s [p11_child[2782]] [main] (0x0400): p11_child started. 485s [p11_child[2782]] [main] (0x2000): Running in [auth] mode. 485s [p11_child[2782]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2782]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2782]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[2782]] [do_card] (0x4000): Module List: 485s [p11_child[2782]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2782]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2782]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67b286ea] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2782]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 485s [p11_child[2782]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x67b286ea][1739753194] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2782]] [do_card] (0x4000): Login required. 485s [p11_child[2782]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 485s [p11_child[2782]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[2782]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2782]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67b286ea;slot-manufacturer=SoftHSM%20project;slot-id=1739753194;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6fc227c9e7b286ea;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 485s [p11_child[2782]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 485s [p11_child[2782]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 485s [p11_child[2782]] [do_card] (0x4000): Certificate verified and validated. 485s [p11_child[2782]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12311-auth.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12311-auth.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12311-auth.pem 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12311-auth.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 4 (0x4) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 485s Validity 485s Not Before: Jan 17 14:19:17 2025 GMT 485s Not After : Jan 17 14:19:17 2026 GMT 485s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:c2:4c:84:af:75:7d:11:59:04:ad:4c:49:e6:bd: 485s 20:f7:13:5b:61:ac:42:27:eb:ae:2a:e5:27:c7:70: 485s 30:cd:4a:15:c4:cf:b3:55:3b:72:2f:ff:96:91:19: 485s fa:13:16:6b:70:90:1b:4e:f7:0c:23:f9:c6:3b:4a: 485s 3f:b0:29:d4:37:7e:68:a6:06:97:ff:0a:5d:6a:25: 485s 27:2f:85:d5:4d:95:da:82:be:8a:42:db:de:1a:c4: 485s be:a0:e0:60:4f:37:fa:a5:1f:64:9c:56:17:3e:2c: 485s d7:6c:50:44:d5:8d:b3:89:ae:b0:ab:2d:be:c8:a5: 485s b6:fb:70:bd:3e:a1:51:db:01 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 49:3A:0D:2E:D2:5B:4F:3C:FF:E1:DB:4D:70:35:AF:FF:27:D2:E3:B1 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0B:26:19:0E:9D:32:B2:5A:05:1D:62:01:2C:5E:67:8D:3C:54:A5:76 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 51:44:7c:ee:64:34:be:3b:ad:e1:a5:a7:fc:05:a8:09:1d:bf: 485s 7a:cc:3a:30:79:f1:af:ae:21:20:62:04:6d:62:cb:fe:d8:8b: 485s a9:8c:49:70:fd:cc:ae:3c:ef:46:7e:fb:ec:a7:b5:2e:9a:e7: 485s 3a:15:57:8d:4d:34:95:d3:ae:59:7b:be:a3:93:05:d9:d3:d3: 485s ac:9c:a4:61:7c:7c:0e:fa:bd:c7:bd:2c:62:84:ba:49:69:9a: 485s 56:fe:c4:b5:d8:c9:9a:fa:f6:6d:69:5d:2e:0d:ac:a6:ff:19: 485s 63:6e:d6:01:f3:de:c7:b0:ae:31:e2:fd:77:2d:0d:70:7a:af: 485s a5:76 485s + found_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s + '[' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 '!=' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 ']' 485s + invalid_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s + local verify_option= 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 485s + token_name='Test Organization Interme Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Interme Token' 485s + '[' -n '' ']' 485s + local output_base_name=SSSD-child-12782 485s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12782.output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12782.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s Test Organization Interme Token 485s [p11_child[2792]] [main] (0x0400): p11_child started. 485s [p11_child[2792]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2792]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2792]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2792]] [do_card] (0x4000): Module List: 485s [p11_child[2792]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2792]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2792]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67b286ea] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2792]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 485s [p11_child[2792]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x67b286ea][1739753194] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2792]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2792]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 485s [p11_child[2792]] [do_verification] (0x0040): X509_verify_cert failed [0]. 485s [p11_child[2792]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 485s [p11_child[2792]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 485s [p11_child[2792]] [do_card] (0x4000): No certificate found. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12782.output 485s + return 2 485s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem partial_chain 485s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem partial_chain 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s + local verify_option=partial_chain 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27476 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-intermediate-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 485s Test Organization Interme Token 485s + token_name='Test Organization Interme Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Interme Token' 485s + '[' -n partial_chain ']' 485s + local verify_arg=--verify=partial_chain 485s + local output_base_name=SSSD-child-27267 485s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-27267.output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-27267.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem 485s [p11_child[2799]] [main] (0x0400): p11_child started. 485s [p11_child[2799]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2799]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2799]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2799]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[2799]] [do_card] (0x4000): Module List: 485s [p11_child[2799]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2799]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2799]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67b286ea] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2799]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 485s [p11_child[2799]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x67b286ea][1739753194] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2799]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2799]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 485s [p11_child[2799]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[2799]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2799]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67b286ea;slot-manufacturer=SoftHSM%20project;slot-id=1739753194;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6fc227c9e7b286ea;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2799]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-27267.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-27267.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-27267.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 4 (0x4) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 485s Validity 485s Not Before: Jan 17 14:19:17 2025 GMT 485s Not After : Jan 17 14:19:17 2026 GMT 485s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:c2:4c:84:af:75:7d:11:59:04:ad:4c:49:e6:bd: 485s 20:f7:13:5b:61:ac:42:27:eb:ae:2a:e5:27:c7:70: 485s 30:cd:4a:15:c4:cf:b3:55:3b:72:2f:ff:96:91:19: 485s fa:13:16:6b:70:90:1b:4e:f7:0c:23:f9:c6:3b:4a: 485s 3f:b0:29:d4:37:7e:68:a6:06:97:ff:0a:5d:6a:25: 485s 27:2f:85:d5:4d:95:da:82:be:8a:42:db:de:1a:c4: 485s be:a0:e0:60:4f:37:fa:a5:1f:64:9c:56:17:3e:2c: 485s d7:6c:50:44:d5:8d:b3:89:ae:b0:ab:2d:be:c8:a5: 485s b6:fb:70:bd:3e:a1:51:db:01 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 49:3A:0D:2E:D2:5B:4F:3C:FF:E1:DB:4D:70:35:AF:FF:27:D2:E3:B1 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0B:26:19:0E:9D:32:B2:5A:05:1D:62:01:2C:5E:67:8D:3C:54:A5:76 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 51:44:7c:ee:64:34:be:3b:ad:e1:a5:a7:fc:05:a8:09:1d:bf: 485s 7a:cc:3a:30:79:f1:af:ae:21:20:62:04:6d:62:cb:fe:d8:8b: 485s a9:8c:49:70:fd:cc:ae:3c:ef:46:7e:fb:ec:a7:b5:2e:9a:e7: 485s 3a:15:57:8d:4d:34:95:d3:ae:59:7b:be:a3:93:05:d9:d3:d3: 485s ac:9c:a4:61:7c:7c:0e:fa:bd:c7:bd:2c:62:84:ba:49:69:9a: 485s 56:fe:c4:b5:d8:c9:9a:fa:f6:6d:69:5d:2e:0d:ac:a6:ff:19: 485s 63:6e:d6:01:f3:de:c7:b0:ae:31:e2:fd:77:2d:0d:70:7a:af: 485s a5:76 485s + local found_md5 expected_md5 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-intermediate-CA-trusted-certificate-0001.pem 485s + expected_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-27267.pem 485s + found_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s + '[' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 '!=' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 ']' 485s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-27267-auth.output 485s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-27267-auth.output .output 485s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-27267-auth.pem 485s + echo -n 053350 485s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-zphWn2/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 485s [p11_child[2807]] [main] (0x0400): p11_child started. 485s [p11_child[2807]] [main] (0x2000): Running in [auth] mode. 485s [p11_child[2807]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2807]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2807]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[2807]] [do_card] (0x4000): Module List: 485s [p11_child[2807]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2807]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2807]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67b286ea] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2807]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 485s [p11_child[2807]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x67b286ea][1739753194] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2807]] [do_card] (0x4000): Login required. 485s [p11_child[2807]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 485s [p11_child[2807]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[2807]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2807]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67b286ea;slot-manufacturer=SoftHSM%20project;slot-id=1739753194;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6fc227c9e7b286ea;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 485s [p11_child[2807]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 485s [p11_child[2807]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 485s [p11_child[2807]] [do_card] (0x4000): Certificate verified and validated. 485s [p11_child[2807]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-27267-auth.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-27267-auth.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-27267-auth.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 4 (0x4) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 485s Validity 485s Not Before: Jan 17 14:19:17 2025 GMT 485s Not After : Jan 17 14:19:17 2026 GMT 485s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:c2:4c:84:af:75:7d:11:59:04:ad:4c:49:e6:bd: 485s 20:f7:13:5b:61:ac:42:27:eb:ae:2a:e5:27:c7:70: 485s 30:cd:4a:15:c4:cf:b3:55:3b:72:2f:ff:96:91:19: 485s fa:13:16:6b:70:90:1b:4e:f7:0c:23:f9:c6:3b:4a: 485s 3f:b0:29:d4:37:7e:68:a6:06:97:ff:0a:5d:6a:25: 485s 27:2f:85:d5:4d:95:da:82:be:8a:42:db:de:1a:c4: 485s be:a0:e0:60:4f:37:fa:a5:1f:64:9c:56:17:3e:2c: 485s d7:6c:50:44:d5:8d:b3:89:ae:b0:ab:2d:be:c8:a5: 485s b6:fb:70:bd:3e:a1:51:db:01 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 49:3A:0D:2E:D2:5B:4F:3C:FF:E1:DB:4D:70:35:AF:FF:27:D2:E3:B1 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0B:26:19:0E:9D:32:B2:5A:05:1D:62:01:2C:5E:67:8D:3C:54:A5:76 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 51:44:7c:ee:64:34:be:3b:ad:e1:a5:a7:fc:05:a8:09:1d:bf: 485s 7a:cc:3a:30:79:f1:af:ae:21:20:62:04:6d:62:cb:fe:d8:8b: 485s a9:8c:49:70:fd:cc:ae:3c:ef:46:7e:fb:ec:a7:b5:2e:9a:e7: 485s 3a:15:57:8d:4d:34:95:d3:ae:59:7b:be:a3:93:05:d9:d3:d3: 485s ac:9c:a4:61:7c:7c:0e:fa:bd:c7:bd:2c:62:84:ba:49:69:9a: 485s 56:fe:c4:b5:d8:c9:9a:fa:f6:6d:69:5d:2e:0d:ac:a6:ff:19: 485s 63:6e:d6:01:f3:de:c7:b0:ae:31:e2:fd:77:2d:0d:70:7a:af: 485s a5:76 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-27267-auth.pem 485s + found_md5=Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 485s + '[' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 '!=' Modulus=C24C84AF757D115904AD4C49E6BD20F7135B61AC4227EBAE2AE527C77030CD4A15C4CFB3553B722FFF969119FA13166B70901B4EF70C23F9C63B4A3FB029D4377E68A60697FF0A5D6A25272F85D54D95DA82BE8A42DBDE1AC4BEA0E0604F37FAA51F649C56173E2CD76C5044D58DB389AEB0AB2DBEC8A5B6FB70BD3EA151DB01 ']' 485s + invalid_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 485s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 485s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 485s + local verify_option= 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 485s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 485s ++ sed -n 's/ *commonName *= //p' 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 486s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 486s + token_name='Test Organization Sub Int Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 486s + local key_file 486s + local decrypted_key 486s + mkdir -p /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 486s + key_file=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 486s + decrypted_key=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 486s + cat 486s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 486s Slot 0 has a free/uninitialized token. 486s The token has been initialized and is reassigned to slot 1832630277 486s + softhsm2-util --show-slots 486s Available slots: 486s Slot 1832630277 486s Slot info: 486s Description: SoftHSM slot ID 0x6d3bb805 486s Manufacturer ID: SoftHSM project 486s Hardware version: 2.6 486s Firmware version: 2.6 486s Token present: yes 486s Token info: 486s Manufacturer ID: SoftHSM project 486s Model: SoftHSM v2 486s Hardware version: 2.6 486s Firmware version: 2.6 486s Serial number: 30bc80dded3bb805 486s Initialized: yes 486s User PIN init.: yes 486s Label: Test Organization Sub Int Token 486s Slot 1 486s Slot info: 486s Description: SoftHSM slot ID 0x1 486s Manufacturer ID: SoftHSM project 486s Hardware version: 2.6 486s Firmware version: 2.6 486s Token present: yes 486s Token info: 486s Manufacturer ID: SoftHSM project 486s Model: SoftHSM v2 486s Hardware version: 2.6 486s Firmware version: 2.6 486s Serial number: 486s Initialized: no 486s User PIN init.: no 486s Label: 486s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 486s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-9121 -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 486s writing RSA key 486s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 486s + rm /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 486s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 486s Object 0: 486s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=30bc80dded3bb805;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 486s Type: X.509 Certificate (RSA-1024) 486s Expires: Sat Jan 17 14:19:17 2026 486s Label: Test Organization Sub Intermediate Trusted Certificate 0001 486s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 486s 486s + echo 'Test Organization Sub Int Token' 486s + '[' -n '' ']' 486s + local output_base_name=SSSD-child-18590 486s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-18590.output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-18590.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 486s Test Organization Sub Int Token 486s [p11_child[2826]] [main] (0x0400): p11_child started. 486s [p11_child[2826]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2826]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2826]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2826]] [do_card] (0x4000): Module List: 486s [p11_child[2826]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2826]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2826]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2826]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2826]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2826]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2826]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2826]] [do_verification] (0x0040): X509_verify_cert failed [0]. 486s [p11_child[2826]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 486s [p11_child[2826]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 486s [p11_child[2826]] [do_card] (0x4000): No certificate found. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-18590.output 486s + return 2 486s + invalid_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem partial_chain 486s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-root-CA.pem partial_chain 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 486s + local verify_option=partial_chain 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 486s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 486s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 486s + token_name='Test Organization Sub Int Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 486s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 486s + echo 'Test Organization Sub Int Token' 486s + '[' -n partial_chain ']' 486s + local verify_arg=--verify=partial_chain 486s + local output_base_name=SSSD-child-10552 486s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-10552.output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-10552.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-zphWn2/test-root-CA.pem 486s Test Organization Sub Int Token 486s [p11_child[2833]] [main] (0x0400): p11_child started. 486s [p11_child[2833]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2833]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2833]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2833]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 486s [p11_child[2833]] [do_card] (0x4000): Module List: 486s [p11_child[2833]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2833]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2833]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2833]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2833]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2833]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2833]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2833]] [do_verification] (0x0040): X509_verify_cert failed [0]. 486s [p11_child[2833]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 486s [p11_child[2833]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 486s [p11_child[2833]] [do_card] (0x4000): No certificate found. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-10552.output 486s + return 2 486s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 486s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 486s + local verify_option= 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 486s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s Test Organization Sub Int Token 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 486s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 486s + token_name='Test Organization Sub Int Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 486s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 486s + echo 'Test Organization Sub Int Token' 486s + '[' -n '' ']' 486s + local output_base_name=SSSD-child-19821 486s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-19821.output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-19821.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 486s [p11_child[2840]] [main] (0x0400): p11_child started. 486s [p11_child[2840]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2840]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2840]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2840]] [do_card] (0x4000): Module List: 486s [p11_child[2840]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2840]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2840]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2840]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2840]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2840]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2840]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2840]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2840]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2840]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6d3bb805;slot-manufacturer=SoftHSM%20project;slot-id=1832630277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=30bc80dded3bb805;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2840]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-19821.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-19821.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-19821.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 5 (0x5) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 486s Validity 486s Not Before: Jan 17 14:19:17 2025 GMT 486s Not After : Jan 17 14:19:17 2026 GMT 486s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:bb:1c:10:bd:c2:3c:6a:aa:cf:fa:63:51:9b:54: 486s ea:6d:15:eb:e0:16:8e:64:3f:96:59:a3:12:d0:c1: 486s 71:36:77:a1:8b:58:8c:33:f8:62:ec:bb:74:30:51: 486s 95:86:fd:80:7c:12:53:85:d3:4c:7d:d7:9b:b7:5c: 486s 4b:00:26:d8:be:4b:06:f1:ab:92:bf:a1:ca:59:14: 486s 37:59:53:46:d9:ef:e5:e5:7b:ab:c9:02:0b:f2:8c: 486s 1f:90:82:1e:3c:bc:de:a8:22:0b:66:ab:05:39:cd: 486s e9:1f:88:0d:b3:fe:cf:40:d0:6f:5d:cb:f9:b5:61: 486s d2:a7:39:20:fc:9b:03:55:35 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 82:01:06:4E:35:A1:89:25:D9:09:AF:17:01:13:6A:B0:D2:35:A8:28 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Sub Intermediate CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 4B:BE:1A:CA:0B:9A:5F:C1:62:9D:7B:E4:64:47:43:FE:D1:71:D9:1E 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s ee:6f:9e:9f:15:fd:dd:41:15:09:a4:bc:a0:54:83:ce:e3:6b: 486s 7d:c8:8c:07:26:83:2a:48:99:52:0c:bd:c2:a3:32:4e:58:d4: 486s 8f:af:b1:20:37:29:15:97:cf:8a:04:e3:9c:cb:bf:3c:d0:82: 486s 3b:37:56:1e:51:f0:9d:85:63:0a:1d:c3:16:78:57:87:eb:ab: 486s 97:38:73:54:b2:57:64:ee:b5:f8:72:7d:5b:cb:5b:20:9c:24: 486s e8:92:e1:4f:d9:82:e2:27:14:bc:42:4a:ca:a9:d6:f9:66:57: 486s f8:83:5a:e4:12:4b:ce:f2:61:d6:07:cf:6f:a7:2c:79:f8:be: 486s e7:30 486s + local found_md5 expected_md5 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + expected_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-19821.pem 486s + found_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s + '[' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 '!=' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 ']' 486s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-19821-auth.output 486s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-19821-auth.output .output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-19821-auth.pem 486s + echo -n 053350 486s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 486s [p11_child[2848]] [main] (0x0400): p11_child started. 486s [p11_child[2848]] [main] (0x2000): Running in [auth] mode. 486s [p11_child[2848]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2848]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2848]] [do_card] (0x4000): Module List: 486s [p11_child[2848]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2848]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2848]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2848]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2848]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2848]] [do_card] (0x4000): Login required. 486s [p11_child[2848]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2848]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2848]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2848]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6d3bb805;slot-manufacturer=SoftHSM%20project;slot-id=1832630277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=30bc80dded3bb805;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 486s [p11_child[2848]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 486s [p11_child[2848]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 486s [p11_child[2848]] [do_card] (0x4000): Certificate verified and validated. 486s [p11_child[2848]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-19821-auth.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-19821-auth.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-19821-auth.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 5 (0x5) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 486s Validity 486s Not Before: Jan 17 14:19:17 2025 GMT 486s Not After : Jan 17 14:19:17 2026 GMT 486s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:bb:1c:10:bd:c2:3c:6a:aa:cf:fa:63:51:9b:54: 486s ea:6d:15:eb:e0:16:8e:64:3f:96:59:a3:12:d0:c1: 486s 71:36:77:a1:8b:58:8c:33:f8:62:ec:bb:74:30:51: 486s 95:86:fd:80:7c:12:53:85:d3:4c:7d:d7:9b:b7:5c: 486s 4b:00:26:d8:be:4b:06:f1:ab:92:bf:a1:ca:59:14: 486s 37:59:53:46:d9:ef:e5:e5:7b:ab:c9:02:0b:f2:8c: 486s 1f:90:82:1e:3c:bc:de:a8:22:0b:66:ab:05:39:cd: 486s e9:1f:88:0d:b3:fe:cf:40:d0:6f:5d:cb:f9:b5:61: 486s d2:a7:39:20:fc:9b:03:55:35 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 82:01:06:4E:35:A1:89:25:D9:09:AF:17:01:13:6A:B0:D2:35:A8:28 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Sub Intermediate CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 4B:BE:1A:CA:0B:9A:5F:C1:62:9D:7B:E4:64:47:43:FE:D1:71:D9:1E 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s ee:6f:9e:9f:15:fd:dd:41:15:09:a4:bc:a0:54:83:ce:e3:6b: 486s 7d:c8:8c:07:26:83:2a:48:99:52:0c:bd:c2:a3:32:4e:58:d4: 486s 8f:af:b1:20:37:29:15:97:cf:8a:04:e3:9c:cb:bf:3c:d0:82: 486s 3b:37:56:1e:51:f0:9d:85:63:0a:1d:c3:16:78:57:87:eb:ab: 486s 97:38:73:54:b2:57:64:ee:b5:f8:72:7d:5b:cb:5b:20:9c:24: 486s e8:92:e1:4f:d9:82:e2:27:14:bc:42:4a:ca:a9:d6:f9:66:57: 486s f8:83:5a:e4:12:4b:ce:f2:61:d6:07:cf:6f:a7:2c:79:f8:be: 486s e7:30 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-19821-auth.pem 486s + found_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s + '[' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 '!=' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 ']' 486s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem partial_chain 486s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem partial_chain 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 486s + local verify_option=partial_chain 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 486s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 486s Test Organization Sub Int Token 486s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 486s + token_name='Test Organization Sub Int Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 486s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 486s + echo 'Test Organization Sub Int Token' 486s + '[' -n partial_chain ']' 486s + local verify_arg=--verify=partial_chain 486s + local output_base_name=SSSD-child-30712 486s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-30712.output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-30712.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem 486s [p11_child[2858]] [main] (0x0400): p11_child started. 486s [p11_child[2858]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2858]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2858]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2858]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 486s [p11_child[2858]] [do_card] (0x4000): Module List: 486s [p11_child[2858]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2858]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2858]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2858]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2858]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2858]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2858]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2858]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2858]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2858]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6d3bb805;slot-manufacturer=SoftHSM%20project;slot-id=1832630277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=30bc80dded3bb805;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2858]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-30712.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-30712.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-30712.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 5 (0x5) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 486s Validity 486s Not Before: Jan 17 14:19:17 2025 GMT 486s Not After : Jan 17 14:19:17 2026 GMT 486s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:bb:1c:10:bd:c2:3c:6a:aa:cf:fa:63:51:9b:54: 486s ea:6d:15:eb:e0:16:8e:64:3f:96:59:a3:12:d0:c1: 486s 71:36:77:a1:8b:58:8c:33:f8:62:ec:bb:74:30:51: 486s 95:86:fd:80:7c:12:53:85:d3:4c:7d:d7:9b:b7:5c: 486s 4b:00:26:d8:be:4b:06:f1:ab:92:bf:a1:ca:59:14: 486s 37:59:53:46:d9:ef:e5:e5:7b:ab:c9:02:0b:f2:8c: 486s 1f:90:82:1e:3c:bc:de:a8:22:0b:66:ab:05:39:cd: 486s e9:1f:88:0d:b3:fe:cf:40:d0:6f:5d:cb:f9:b5:61: 486s d2:a7:39:20:fc:9b:03:55:35 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 82:01:06:4E:35:A1:89:25:D9:09:AF:17:01:13:6A:B0:D2:35:A8:28 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Sub Intermediate CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 4B:BE:1A:CA:0B:9A:5F:C1:62:9D:7B:E4:64:47:43:FE:D1:71:D9:1E 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s ee:6f:9e:9f:15:fd:dd:41:15:09:a4:bc:a0:54:83:ce:e3:6b: 486s 7d:c8:8c:07:26:83:2a:48:99:52:0c:bd:c2:a3:32:4e:58:d4: 486s 8f:af:b1:20:37:29:15:97:cf:8a:04:e3:9c:cb:bf:3c:d0:82: 486s 3b:37:56:1e:51:f0:9d:85:63:0a:1d:c3:16:78:57:87:eb:ab: 486s 97:38:73:54:b2:57:64:ee:b5:f8:72:7d:5b:cb:5b:20:9c:24: 486s e8:92:e1:4f:d9:82:e2:27:14:bc:42:4a:ca:a9:d6:f9:66:57: 486s f8:83:5a:e4:12:4b:ce:f2:61:d6:07:cf:6f:a7:2c:79:f8:be: 486s e7:30 486s + local found_md5 expected_md5 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + expected_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-30712.pem 486s + found_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s + '[' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 '!=' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 ']' 486s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-30712-auth.output 486s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-30712-auth.output .output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-30712-auth.pem 486s + echo -n 053350 486s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-zphWn2/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 486s [p11_child[2866]] [main] (0x0400): p11_child started. 486s [p11_child[2866]] [main] (0x2000): Running in [auth] mode. 486s [p11_child[2866]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2866]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2866]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 486s [p11_child[2866]] [do_card] (0x4000): Module List: 486s [p11_child[2866]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2866]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2866]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2866]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2866]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2866]] [do_card] (0x4000): Login required. 486s [p11_child[2866]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2866]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2866]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2866]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6d3bb805;slot-manufacturer=SoftHSM%20project;slot-id=1832630277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=30bc80dded3bb805;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 486s [p11_child[2866]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 486s [p11_child[2866]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 486s [p11_child[2866]] [do_card] (0x4000): Certificate verified and validated. 486s [p11_child[2866]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-30712-auth.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-30712-auth.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-30712-auth.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 5 (0x5) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 486s Validity 486s Not Before: Jan 17 14:19:17 2025 GMT 486s Not After : Jan 17 14:19:17 2026 GMT 486s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:bb:1c:10:bd:c2:3c:6a:aa:cf:fa:63:51:9b:54: 486s ea:6d:15:eb:e0:16:8e:64:3f:96:59:a3:12:d0:c1: 486s 71:36:77:a1:8b:58:8c:33:f8:62:ec:bb:74:30:51: 486s 95:86:fd:80:7c:12:53:85:d3:4c:7d:d7:9b:b7:5c: 486s 4b:00:26:d8:be:4b:06:f1:ab:92:bf:a1:ca:59:14: 486s 37:59:53:46:d9:ef:e5:e5:7b:ab:c9:02:0b:f2:8c: 486s 1f:90:82:1e:3c:bc:de:a8:22:0b:66:ab:05:39:cd: 486s e9:1f:88:0d:b3:fe:cf:40:d0:6f:5d:cb:f9:b5:61: 486s d2:a7:39:20:fc:9b:03:55:35 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 82:01:06:4E:35:A1:89:25:D9:09:AF:17:01:13:6A:B0:D2:35:A8:28 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Sub Intermediate CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 4B:BE:1A:CA:0B:9A:5F:C1:62:9D:7B:E4:64:47:43:FE:D1:71:D9:1E 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s ee:6f:9e:9f:15:fd:dd:41:15:09:a4:bc:a0:54:83:ce:e3:6b: 486s 7d:c8:8c:07:26:83:2a:48:99:52:0c:bd:c2:a3:32:4e:58:d4: 486s 8f:af:b1:20:37:29:15:97:cf:8a:04:e3:9c:cb:bf:3c:d0:82: 486s 3b:37:56:1e:51:f0:9d:85:63:0a:1d:c3:16:78:57:87:eb:ab: 486s 97:38:73:54:b2:57:64:ee:b5:f8:72:7d:5b:cb:5b:20:9c:24: 486s e8:92:e1:4f:d9:82:e2:27:14:bc:42:4a:ca:a9:d6:f9:66:57: 486s f8:83:5a:e4:12:4b:ce:f2:61:d6:07:cf:6f:a7:2c:79:f8:be: 486s e7:30 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-30712-auth.pem 486s + found_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s + '[' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 '!=' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 ']' 486s + invalid_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 486s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 486s + local verify_option= 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 486s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 486s Test Organization Sub Int Token 486s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 486s + token_name='Test Organization Sub Int Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 486s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 486s + echo 'Test Organization Sub Int Token' 486s + '[' -n '' ']' 486s + local output_base_name=SSSD-child-24882 486s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-24882.output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-24882.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 486s [p11_child[2876]] [main] (0x0400): p11_child started. 486s [p11_child[2876]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2876]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2876]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2876]] [do_card] (0x4000): Module List: 486s [p11_child[2876]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2876]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2876]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2876]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2876]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2876]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2876]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2876]] [do_verification] (0x0040): X509_verify_cert failed [0]. 486s [p11_child[2876]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 486s [p11_child[2876]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 486s [p11_child[2876]] [do_card] (0x4000): No certificate found. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-24882.output 486s + return 2 486s + invalid_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-root-intermediate-chain-CA.pem partial_chain 486s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-root-intermediate-chain-CA.pem partial_chain 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-root-intermediate-chain-CA.pem 486s + local verify_option=partial_chain 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 486s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 486s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 486s + token_name='Test Organization Sub Int Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 486s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 486s + echo 'Test Organization Sub Int Token' 486s + '[' -n partial_chain ']' 486s + local verify_arg=--verify=partial_chain 486s + local output_base_name=SSSD-child-21533 486s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-21533.output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-21533.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-zphWn2/test-root-intermediate-chain-CA.pem 486s Test Organization Sub Int Token 486s [p11_child[2883]] [main] (0x0400): p11_child started. 486s [p11_child[2883]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2883]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2883]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2883]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 486s [p11_child[2883]] [do_card] (0x4000): Module List: 486s [p11_child[2883]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2883]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2883]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2883]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2883]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2883]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2883]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2883]] [do_verification] (0x0040): X509_verify_cert failed [0]. 486s [p11_child[2883]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 486s [p11_child[2883]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 486s [p11_child[2883]] [do_card] (0x4000): No certificate found. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-21533.output 486s + return 2 486s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem partial_chain 486s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem partial_chain 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 486s + local verify_option=partial_chain 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 486s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 486s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 486s + token_name='Test Organization Sub Int Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 486s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 486s + echo 'Test Organization Sub Int Token' 486s + '[' -n partial_chain ']' 486s + local verify_arg=--verify=partial_chain 486s + local output_base_name=SSSD-child-1442 486s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-1442.output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-1442.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem 486s Test Organization Sub Int Token 486s [p11_child[2890]] [main] (0x0400): p11_child started. 486s [p11_child[2890]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2890]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2890]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2890]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 486s [p11_child[2890]] [do_card] (0x4000): Module List: 486s [p11_child[2890]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2890]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2890]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2890]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2890]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2890]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2890]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2890]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2890]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2890]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6d3bb805;slot-manufacturer=SoftHSM%20project;slot-id=1832630277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=30bc80dded3bb805;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2890]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-1442.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-1442.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-1442.pem 486s + local found_md5 expected_md5 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 5 (0x5) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 486s Validity 486s Not Before: Jan 17 14:19:17 2025 GMT 486s Not After : Jan 17 14:19:17 2026 GMT 486s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:bb:1c:10:bd:c2:3c:6a:aa:cf:fa:63:51:9b:54: 486s ea:6d:15:eb:e0:16:8e:64:3f:96:59:a3:12:d0:c1: 486s 71:36:77:a1:8b:58:8c:33:f8:62:ec:bb:74:30:51: 486s 95:86:fd:80:7c:12:53:85:d3:4c:7d:d7:9b:b7:5c: 486s 4b:00:26:d8:be:4b:06:f1:ab:92:bf:a1:ca:59:14: 486s 37:59:53:46:d9:ef:e5:e5:7b:ab:c9:02:0b:f2:8c: 486s 1f:90:82:1e:3c:bc:de:a8:22:0b:66:ab:05:39:cd: 486s e9:1f:88:0d:b3:fe:cf:40:d0:6f:5d:cb:f9:b5:61: 486s d2:a7:39:20:fc:9b:03:55:35 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 82:01:06:4E:35:A1:89:25:D9:09:AF:17:01:13:6A:B0:D2:35:A8:28 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Sub Intermediate CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 4B:BE:1A:CA:0B:9A:5F:C1:62:9D:7B:E4:64:47:43:FE:D1:71:D9:1E 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s ee:6f:9e:9f:15:fd:dd:41:15:09:a4:bc:a0:54:83:ce:e3:6b: 486s 7d:c8:8c:07:26:83:2a:48:99:52:0c:bd:c2:a3:32:4e:58:d4: 486s 8f:af:b1:20:37:29:15:97:cf:8a:04:e3:9c:cb:bf:3c:d0:82: 486s 3b:37:56:1e:51:f0:9d:85:63:0a:1d:c3:16:78:57:87:eb:ab: 486s 97:38:73:54:b2:57:64:ee:b5:f8:72:7d:5b:cb:5b:20:9c:24: 486s e8:92:e1:4f:d9:82:e2:27:14:bc:42:4a:ca:a9:d6:f9:66:57: 486s f8:83:5a:e4:12:4b:ce:f2:61:d6:07:cf:6f:a7:2c:79:f8:be: 486s e7:30 486s + expected_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-1442.pem 486s + found_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s + '[' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 '!=' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 ']' 486s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-1442-auth.output 486s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-1442-auth.output .output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-1442-auth.pem 486s + echo -n 053350 486s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 486s [p11_child[2898]] [main] (0x0400): p11_child started. 486s [p11_child[2898]] [main] (0x2000): Running in [auth] mode. 486s [p11_child[2898]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2898]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2898]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 486s [p11_child[2898]] [do_card] (0x4000): Module List: 486s [p11_child[2898]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2898]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2898]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2898]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2898]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2898]] [do_card] (0x4000): Login required. 486s [p11_child[2898]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2898]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2898]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2898]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6d3bb805;slot-manufacturer=SoftHSM%20project;slot-id=1832630277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=30bc80dded3bb805;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 486s [p11_child[2898]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 486s [p11_child[2898]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 486s [p11_child[2898]] [do_card] (0x4000): Certificate verified and validated. 486s [p11_child[2898]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-1442-auth.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-1442-auth.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-1442-auth.pem 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-1442-auth.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 5 (0x5) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 486s Validity 486s Not Before: Jan 17 14:19:17 2025 GMT 486s Not After : Jan 17 14:19:17 2026 GMT 486s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:bb:1c:10:bd:c2:3c:6a:aa:cf:fa:63:51:9b:54: 486s ea:6d:15:eb:e0:16:8e:64:3f:96:59:a3:12:d0:c1: 486s 71:36:77:a1:8b:58:8c:33:f8:62:ec:bb:74:30:51: 486s 95:86:fd:80:7c:12:53:85:d3:4c:7d:d7:9b:b7:5c: 486s 4b:00:26:d8:be:4b:06:f1:ab:92:bf:a1:ca:59:14: 486s 37:59:53:46:d9:ef:e5:e5:7b:ab:c9:02:0b:f2:8c: 486s 1f:90:82:1e:3c:bc:de:a8:22:0b:66:ab:05:39:cd: 486s e9:1f:88:0d:b3:fe:cf:40:d0:6f:5d:cb:f9:b5:61: 486s d2:a7:39:20:fc:9b:03:55:35 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 82:01:06:4E:35:A1:89:25:D9:09:AF:17:01:13:6A:B0:D2:35:A8:28 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Sub Intermediate CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 4B:BE:1A:CA:0B:9A:5F:C1:62:9D:7B:E4:64:47:43:FE:D1:71:D9:1E 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s ee:6f:9e:9f:15:fd:dd:41:15:09:a4:bc:a0:54:83:ce:e3:6b: 486s 7d:c8:8c:07:26:83:2a:48:99:52:0c:bd:c2:a3:32:4e:58:d4: 486s 8f:af:b1:20:37:29:15:97:cf:8a:04:e3:9c:cb:bf:3c:d0:82: 486s 3b:37:56:1e:51:f0:9d:85:63:0a:1d:c3:16:78:57:87:eb:ab: 486s 97:38:73:54:b2:57:64:ee:b5:f8:72:7d:5b:cb:5b:20:9c:24: 486s e8:92:e1:4f:d9:82:e2:27:14:bc:42:4a:ca:a9:d6:f9:66:57: 486s f8:83:5a:e4:12:4b:ce:f2:61:d6:07:cf:6f:a7:2c:79:f8:be: 486s e7:30 486s + found_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s + '[' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 '!=' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 ']' 486s + valid_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-intermediate-sub-chain-CA.pem partial_chain 486s + check_certificate /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 /tmp/sssd-softhsm2-zphWn2/test-intermediate-sub-chain-CA.pem partial_chain 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_ring=/tmp/sssd-softhsm2-zphWn2/test-intermediate-sub-chain-CA.pem 486s + local verify_option=partial_chain 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local certificate=/tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9121 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 486s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 486s + tokens_dir=/tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 486s + token_name='Test Organization Sub Int Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 486s + '[' '!' -d /tmp/sssd-softhsm2-zphWn2/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 486s + echo 'Test Organization Sub Int Token' 486s + '[' -n partial_chain ']' 486s + local verify_arg=--verify=partial_chain 486s + local output_base_name=SSSD-child-12543 486s + local output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12543.output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12543.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-zphWn2/test-intermediate-sub-chain-CA.pem 486s Test Organization Sub Int Token 486s [p11_child[2908]] [main] (0x0400): p11_child started. 486s [p11_child[2908]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2908]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2908]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2908]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 486s [p11_child[2908]] [do_card] (0x4000): Module List: 486s [p11_child[2908]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2908]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2908]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2908]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2908]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2908]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2908]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2908]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2908]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2908]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6d3bb805;slot-manufacturer=SoftHSM%20project;slot-id=1832630277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=30bc80dded3bb805;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2908]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12543.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12543.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12543.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 5 (0x5) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 486s Validity 486s Not Before: Jan 17 14:19:17 2025 GMT 486s Not After : Jan 17 14:19:17 2026 GMT 486s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:bb:1c:10:bd:c2:3c:6a:aa:cf:fa:63:51:9b:54: 486s ea:6d:15:eb:e0:16:8e:64:3f:96:59:a3:12:d0:c1: 486s 71:36:77:a1:8b:58:8c:33:f8:62:ec:bb:74:30:51: 486s 95:86:fd:80:7c:12:53:85:d3:4c:7d:d7:9b:b7:5c: 486s 4b:00:26:d8:be:4b:06:f1:ab:92:bf:a1:ca:59:14: 486s 37:59:53:46:d9:ef:e5:e5:7b:ab:c9:02:0b:f2:8c: 486s 1f:90:82:1e:3c:bc:de:a8:22:0b:66:ab:05:39:cd: 486s e9:1f:88:0d:b3:fe:cf:40:d0:6f:5d:cb:f9:b5:61: 486s d2:a7:39:20:fc:9b:03:55:35 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 82:01:06:4E:35:A1:89:25:D9:09:AF:17:01:13:6A:B0:D2:35:A8:28 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Sub Intermediate CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 4B:BE:1A:CA:0B:9A:5F:C1:62:9D:7B:E4:64:47:43:FE:D1:71:D9:1E 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s ee:6f:9e:9f:15:fd:dd:41:15:09:a4:bc:a0:54:83:ce:e3:6b: 486s 7d:c8:8c:07:26:83:2a:48:99:52:0c:bd:c2:a3:32:4e:58:d4: 486s 8f:af:b1:20:37:29:15:97:cf:8a:04:e3:9c:cb:bf:3c:d0:82: 486s 3b:37:56:1e:51:f0:9d:85:63:0a:1d:c3:16:78:57:87:eb:ab: 486s 97:38:73:54:b2:57:64:ee:b5:f8:72:7d:5b:cb:5b:20:9c:24: 486s e8:92:e1:4f:d9:82:e2:27:14:bc:42:4a:ca:a9:d6:f9:66:57: 486s f8:83:5a:e4:12:4b:ce:f2:61:d6:07:cf:6f:a7:2c:79:f8:be: 486s e7:30 486s + local found_md5 expected_md5 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/test-sub-intermediate-CA-trusted-certificate-0001.pem 486s + expected_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12543.pem 486s + found_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s + '[' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 '!=' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 ']' 486s + output_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12543-auth.output 486s ++ basename /tmp/sssd-softhsm2-zphWn2/SSSD-child-12543-auth.output .output 486s + output_cert_file=/tmp/sssd-softhsm2-zphWn2/SSSD-child-12543-auth.pem 486s + echo -n 053350 486s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-zphWn2/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 486s [p11_child[2916]] [main] (0x0400): p11_child started. 486s [p11_child[2916]] [main] (0x2000): Running in [auth] mode. 486s [p11_child[2916]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2916]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2916]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 486s [p11_child[2916]] [do_card] (0x4000): Module List: 486s [p11_child[2916]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2916]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2916]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6d3bb805] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2916]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 486s [p11_child[2916]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6d3bb805][1832630277] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2916]] [do_card] (0x4000): Login required. 486s [p11_child[2916]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 486s [p11_child[2916]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2916]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2916]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6d3bb805;slot-manufacturer=SoftHSM%20project;slot-id=1832630277;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=30bc80dded3bb805;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 486s [p11_child[2916]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 486s [p11_child[2916]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 486s [p11_child[2916]] [do_card] (0x4000): Certificate verified and validated. 486s [p11_child[2916]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12543-auth.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-zphWn2/SSSD-child-12543-auth.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12543-auth.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 5 (0x5) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 486s Validity 486s Not Before: Jan 17 14:19:17 2025 GMT 486s Not After : Jan 17 14:19:17 2026 GMT 486s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:bb:1c:10:bd:c2:3c:6a:aa:cf:fa:63:51:9b:54: 486s ea:6d:15:eb:e0:16:8e:64:3f:96:59:a3:12:d0:c1: 486s 71:36:77:a1:8b:58:8c:33:f8:62:ec:bb:74:30:51: 486s 95:86:fd:80:7c:12:53:85:d3:4c:7d:d7:9b:b7:5c: 486s 4b:00:26:d8:be:4b:06:f1:ab:92:bf:a1:ca:59:14: 486s 37:59:53:46:d9:ef:e5:e5:7b:ab:c9:02:0b:f2:8c: 486s 1f:90:82:1e:3c:bc:de:a8:22:0b:66:ab:05:39:cd: 486s e9:1f:88:0d:b3:fe:cf:40:d0:6f:5d:cb:f9:b5:61: 486s d2:a7:39:20:fc:9b:03:55:35 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 82:01:06:4E:35:A1:89:25:D9:09:AF:17:01:13:6A:B0:D2:35:A8:28 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Sub Intermediate CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 4B:BE:1A:CA:0B:9A:5F:C1:62:9D:7B:E4:64:47:43:FE:D1:71:D9:1E 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s ee:6f:9e:9f:15:fd:dd:41:15:09:a4:bc:a0:54:83:ce:e3:6b: 486s 7d:c8:8c:07:26:83:2a:48:99:52:0c:bd:c2:a3:32:4e:58:d4: 486s 8f:af:b1:20:37:29:15:97:cf:8a:04:e3:9c:cb:bf:3c:d0:82: 486s 3b:37:56:1e:51:f0:9d:85:63:0a:1d:c3:16:78:57:87:eb:ab: 486s 97:38:73:54:b2:57:64:ee:b5:f8:72:7d:5b:cb:5b:20:9c:24: 486s e8:92:e1:4f:d9:82:e2:27:14:bc:42:4a:ca:a9:d6:f9:66:57: 486s f8:83:5a:e4:12:4b:ce:f2:61:d6:07:cf:6f:a7:2c:79:f8:be: 486s e7:30 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-zphWn2/SSSD-child-12543-auth.pem 486s 486s Test completed, Root CA and intermediate issued certificates verified! 486s + found_md5=Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 486s + '[' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 '!=' Modulus=BB1C10BDC23C6AAACFFA63519B54EA6D15EBE0168E643F9659A312D0C1713677A18B588C33F862ECBB7430519586FD807C125385D34C7DD79BB75C4B0026D8BE4B06F1AB92BFA1CA591437595346D9EFE5E57BABC9020BF28C1F90821E3CBCDEA8220B66AB0539CDE91F880DB3FECF40D06F5DCBF9B561D2A73920FC9B035535 ']' 486s + set +x 487s autopkgtest [14:19:20]: test sssd-softhism2-certificates-tests.sh: -----------------------] 488s sssd-softhism2-certificates-tests.sh PASS 488s autopkgtest [14:19:21]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 488s autopkgtest [14:19:21]: test sssd-smart-card-pam-auth-configs: preparing testbed 488s Reading package lists... 489s Building dependency tree... 489s Reading state information... 489s Starting pkgProblemResolver with broken count: 0 489s Starting 2 pkgProblemResolver with broken count: 0 489s Done 490s The following NEW packages will be installed: 490s pamtester 490s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 490s Need to get 12.3 kB of archives. 490s After this operation, 36.9 kB of additional disk space will be used. 490s Get:1 http://ftpmaster.internal/ubuntu plucky/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 491s Fetched 12.3 kB in 0s (65.6 kB/s) 491s Selecting previously unselected package pamtester. 491s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80791 files and directories currently installed.) 491s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 491s Unpacking pamtester (0.1.2-4) ... 491s Setting up pamtester (0.1.2-4) ... 491s Processing triggers for man-db (2.13.0-1) ... 492s autopkgtest [14:19:25]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 492s autopkgtest [14:19:25]: test sssd-smart-card-pam-auth-configs: [----------------------- 493s + '[' -z ubuntu ']' 493s + export DEBIAN_FRONTEND=noninteractive 493s + DEBIAN_FRONTEND=noninteractive 493s + required_tools=(pamtester softhsm2-util sssd) 493s + [[ ! -v OFFLINE_MODE ]] 493s + for cmd in "${required_tools[@]}" 493s + command -v pamtester 493s + for cmd in "${required_tools[@]}" 493s + command -v softhsm2-util 493s + for cmd in "${required_tools[@]}" 493s + command -v sssd 493s + PIN=123456 493s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 493s + tmpdir=/tmp/sssd-softhsm2-certs-kmOvPz 493s + backupsdir= 493s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 493s + declare -a restore_paths 493s + declare -a delete_paths 493s + trap handle_exit EXIT 493s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 493s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 493s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 493s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 493s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-kmOvPz GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 493s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-kmOvPz 493s + GENERATE_SMART_CARDS=1 493s + KEEP_TEMPORARY_FILES=1 493s + NO_SSSD_TESTS=1 493s + bash debian/tests/sssd-softhism2-certificates-tests.sh 493s + '[' -z ubuntu ']' 493s + required_tools=(p11tool openssl softhsm2-util) 493s + for cmd in "${required_tools[@]}" 493s + command -v p11tool 493s + for cmd in "${required_tools[@]}" 493s + command -v openssl 493s + for cmd in "${required_tools[@]}" 493s + command -v softhsm2-util 493s + PIN=123456 493s +++ find /usr/lib/softhsm/libsofthsm2.so 493s +++ head -n 1 493s ++ realpath /usr/lib/softhsm/libsofthsm2.so 493s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 493s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 493s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 493s + '[' '!' -v NO_SSSD_TESTS ']' 493s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 493s + tmpdir=/tmp/sssd-softhsm2-certs-kmOvPz 493s + keys_size=1024 493s + [[ ! -v KEEP_TEMPORARY_FILES ]] 493s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 493s + echo -n 01 493s + touch /tmp/sssd-softhsm2-certs-kmOvPz/index.txt 493s + mkdir -p /tmp/sssd-softhsm2-certs-kmOvPz/new_certs 493s + cat 493s + root_ca_key_pass=pass:random-root-CA-password-30171 493s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-key.pem -passout pass:random-root-CA-password-30171 1024 493s + openssl req -passin pass:random-root-CA-password-30171 -batch -config /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.pem 493s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.pem 493s + cat 493s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-22666 493s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-22666 1024 493s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-22666 -config /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-30171 -sha256 -out /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-certificate-request.pem 493s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-certificate-request.pem 493s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.config -passin pass:random-root-CA-password-30171 -keyfile /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem 493s Using configuration from /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.config 493s Check that the request matches the signature 493s Signature ok 493s Certificate Details: 493s Serial Number: 1 (0x1) 493s Validity 493s Not Before: Jan 17 14:19:26 2025 GMT 493s Not After : Jan 17 14:19:26 2026 GMT 493s Subject: 493s organizationName = Test Organization 493s organizationalUnitName = Test Organization Unit 493s commonName = Test Organization Intermediate CA 493s X509v3 extensions: 493s X509v3 Subject Key Identifier: 493s C3:5A:97:A9:C1:96:B2:1F:2C:C0:32:91:0C:52:D7:00:C7:01:D7:D6 493s X509v3 Authority Key Identifier: 493s keyid:3B:E2:57:CB:A5:E9:17:34:B1:5F:1A:91:6C:FA:24:15:FA:5F:16:E0 493s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 493s serial:00 493s X509v3 Basic Constraints: 493s CA:TRUE 493s X509v3 Key Usage: critical 493s Digital Signature, Certificate Sign, CRL Sign 493s Certificate is to be certified until Jan 17 14:19:26 2026 GMT (365 days) 493s 493s Write out database with 1 new entries 493s Database updated 493s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem 493s Certificate Request: 493s Data: 493s Version: 1 (0x0) 493s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 493s Subject Public Key Info: 493s Public Key Algorithm: rsaEncryption 493s Public-Key: (1024 bit) 493s Modulus: 493s 00:9d:98:1e:65:51:12:d1:60:ec:30:0e:1a:7f:77: 493s 47:73:07:dd:38:dc:e5:f7:73:e6:ea:d1:a8:23:ea: 493s ef:7c:32:5c:41:38:98:a5:52:f8:2e:cc:22:02:10: 493s 3a:a5:50:99:ce:f8:88:e7:9d:da:80:50:89:c2:29: 493s 6f:a2:75:21:1b:05:2a:ba:86:6b:2b:0e:c0:62:87: 493s e5:8f:49:61:69:74:d4:e1:4b:e8:19:88:e4:0b:a7: 493s 43:ba:69:ff:39:0e:0f:33:58:6e:b9:98:1b:4f:91: 493s 5b:16:3c:16:f4:54:a5:49:c7:ae:8a:91:1a:84:a2: 493s 7b:c9:fc:db:a1:39:a8:62:8f 493s Exponent: 65537 (0x10001) 493s Attributes: 493s (none) 493s Requested Extensions: 493s Signature Algorithm: sha256WithRSAEncryption 493s Signature Value: 493s 0c:8b:7d:ae:c5:a6:92:5f:e0:ed:0f:88:48:a4:99:a4:a2:38: 493s 4d:c6:06:41:47:5e:bf:c0:ea:b0:fc:ea:25:28:6b:64:38:94: 493s ce:f0:7d:c7:cf:63:7e:56:3f:87:67:cd:e9:7e:78:c4:e0:6e: 493s 17:e1:b9:c0:f7:72:7c:2c:3e:80:f5:7d:9d:a1:20:47:b1:e5: 493s 75:f6:b3:36:ca:f5:ea:5c:74:f4:44:7f:4b:b4:21:e7:1a:66: 493s dd:36:2f:ab:73:1b:08:03:92:83:6a:5b:87:c6:46:53:0b:76: 493s 15:73:5e:23:3b:3f:2b:2c:f1:6b:20:62:17:db:6a:f7:da:bc: 493s e5:bc 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem 493s /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem: OK 493s + cat 493s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-15935 493s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-15935 1024 493s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-15935 -config /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-22666 -sha256 -out /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-certificate-request.pem 493s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-certificate-request.pem 493s Certificate Request: 493s Data: 493s Version: 1 (0x0) 493s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 493s Subject Public Key Info: 493s Public Key Algorithm: rsaEncryption 493s Public-Key: (1024 bit) 493s Modulus: 493s 00:bd:7c:c9:ad:f3:e0:b3:0d:54:a4:39:46:f5:00: 493s ed:03:32:26:41:c1:60:94:da:7d:a8:3a:94:50:7a: 493s a9:6e:42:ef:03:2a:89:83:f5:89:ae:27:4b:59:0c: 493s 2b:9c:cd:d6:d4:76:a6:b1:e6:83:86:3f:b9:1a:5d: 493s 7b:ce:c3:12:28:df:5b:34:91:e7:cf:31:5a:a0:66: 493s 31:c0:a1:2e:a8:7b:40:ff:b0:ae:69:63:39:1d:d4: 493s b2:55:70:6b:8e:15:a5:fb:61:4c:a5:d2:7f:d1:b7: 493s 25:e9:62:e8:29:4c:a1:c2:12:3b:14:b2:1e:84:f3: 493s e8:7f:85:29:ce:33:43:8f:37 493s Exponent: 65537 (0x10001) 493s Attributes: 493s (none) 493s Requested Extensions: 493s Signature Algorithm: sha256WithRSAEncryption 493s Signature Value: 493s 29:1b:04:72:96:86:01:df:16:58:e4:a2:bd:6c:f3:3a:40:ba: 493s 98:05:96:b4:37:4f:96:0b:4e:e5:9b:a1:9f:c2:c4:60:6f:ef: 493s 8d:98:f2:ba:58:4e:fe:08:c6:1a:6a:38:cf:8a:2a:2e:25:3e: 493s db:ba:5e:d3:24:8f:4d:7e:f2:7a:7f:77:ed:92:c0:3a:65:16: 493s ef:78:f9:b9:86:5f:eb:98:b9:4c:2a:7d:01:90:18:e8:e7:9b: 493s a2:59:1e:d0:77:ff:e9:39:a3:dd:ee:3a:c3:a1:d6:6f:4a:8c: 493s fe:30:52:40:10:01:f6:ff:74:37:19:1f:70:69:04:a6:d0:25: 493s 31:ce 493s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-22666 -keyfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem 493s Using configuration from /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.config 493s Check that the request matches the signature 493s Signature ok 493s Certificate Details: 493s Serial Number: 2 (0x2) 493s Validity 493s Not Before: Jan 17 14:19:26 2025 GMT 493s Not After : Jan 17 14:19:26 2026 GMT 493s Subject: 493s organizationName = Test Organization 493s organizationalUnitName = Test Organization Unit 493s commonName = Test Organization Sub Intermediate CA 493s X509v3 extensions: 493s X509v3 Subject Key Identifier: 493s 00:B0:4D:7E:F5:F9:16:63:2E:EA:DB:07:C6:6C:DA:21:10:10:C2:42 493s X509v3 Authority Key Identifier: 493s keyid:C3:5A:97:A9:C1:96:B2:1F:2C:C0:32:91:0C:52:D7:00:C7:01:D7:D6 493s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 493s serial:01 493s X509v3 Basic Constraints: 493s CA:TRUE 493s X509v3 Key Usage: critical 493s Digital Signature, Certificate Sign, CRL Sign 493s Certificate is to be certified until Jan 17 14:19:26 2026 GMT (365 days) 493s 493s Write out database with 1 new entries 493s Database updated 493s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem 493s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem 493s /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem: OK 493s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem 493s + local cmd=openssl 493s + shift 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem 493s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 493s error 20 at 0 depth lookup: unable to get local issuer certificate 493s error /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem: verification failed 493s + cat 493s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-31158 493s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-31158 1024 493s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-31158 -key /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001-request.pem 493s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001-request.pem 493s Certificate Request: 493s Data: 493s Version: 1 (0x0) 493s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 493s Subject Public Key Info: 493s Public Key Algorithm: rsaEncryption 493s Public-Key: (1024 bit) 493s Modulus: 493s 00:d8:5f:e2:8c:70:74:65:36:17:86:8d:f6:48:fe: 493s ca:fc:05:5d:02:7a:ba:33:7b:d1:b6:85:43:d1:b9: 493s 95:2b:82:f3:ac:68:a8:78:ba:b1:32:9a:40:85:b2: 493s 46:72:fb:1d:ed:f9:17:6a:26:9b:5d:80:f8:2f:67: 493s 3d:52:fa:c9:2e:de:fd:7d:6a:da:97:9c:85:67:1f: 493s 4e:91:de:c0:62:c4:4c:62:f7:a6:6e:40:c3:2e:6c: 493s 45:c8:55:59:f8:3d:cc:18:ae:25:ba:f8:93:93:27: 493s 66:a5:66:ea:b3:29:e6:60:0d:43:21:4b:1b:57:a9: 493s 06:66:a1:f1:56:23:08:c0:73 493s Exponent: 65537 (0x10001) 493s Attributes: 493s Requested Extensions: 493s X509v3 Basic Constraints: 493s CA:FALSE 493s Netscape Cert Type: 493s SSL Client, S/MIME 493s Netscape Comment: 493s Test Organization Root CA trusted Certificate 493s X509v3 Subject Key Identifier: 493s FB:40:F4:5C:F5:10:24:5E:17:36:D2:B6:9E:45:DF:8A:57:56:EC:9A 493s X509v3 Key Usage: critical 493s Digital Signature, Non Repudiation, Key Encipherment 493s X509v3 Extended Key Usage: 493s TLS Web Client Authentication, E-mail Protection 493s X509v3 Subject Alternative Name: 493s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 493s Signature Algorithm: sha256WithRSAEncryption 493s Signature Value: 493s 63:aa:7f:4a:14:c4:2f:ae:c4:ac:c2:72:bb:cd:5c:e0:36:30: 493s ae:47:ea:fa:19:1a:d9:1f:74:4e:3a:02:2b:44:8a:3c:f5:c6: 493s 4b:71:15:27:8e:29:91:d8:8d:b8:c5:2a:4a:77:06:c8:f6:e0: 493s f1:77:06:0a:aa:6a:86:8b:97:32:bb:d3:6d:8e:91:33:7b:91: 493s a5:27:f6:f2:dd:20:15:ee:9e:5b:6c:29:16:54:f4:21:c8:27: 493s 10:9e:df:a7:d3:a7:84:ae:0c:54:13:ec:b1:91:ea:27:bd:db: 493s 70:c3:1a:4b:aa:5f:fc:18:45:b5:9b:74:84:22:8c:7a:10:53: 493s 37:2c 493s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.config -passin pass:random-root-CA-password-30171 -keyfile /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem 493s Using configuration from /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.config 493s Check that the request matches the signature 493s Signature ok 493s Certificate Details: 493s Serial Number: 3 (0x3) 493s Validity 493s Not Before: Jan 17 14:19:26 2025 GMT 493s Not After : Jan 17 14:19:26 2026 GMT 493s Subject: 493s organizationName = Test Organization 493s organizationalUnitName = Test Organization Unit 493s commonName = Test Organization Root Trusted Certificate 0001 493s X509v3 extensions: 493s X509v3 Authority Key Identifier: 493s 3B:E2:57:CB:A5:E9:17:34:B1:5F:1A:91:6C:FA:24:15:FA:5F:16:E0 493s X509v3 Basic Constraints: 493s CA:FALSE 493s Netscape Cert Type: 493s SSL Client, S/MIME 493s Netscape Comment: 493s Test Organization Root CA trusted Certificate 493s X509v3 Subject Key Identifier: 493s FB:40:F4:5C:F5:10:24:5E:17:36:D2:B6:9E:45:DF:8A:57:56:EC:9A 493s X509v3 Key Usage: critical 493s Digital Signature, Non Repudiation, Key Encipherment 493s X509v3 Extended Key Usage: 493s TLS Web Client Authentication, E-mail Protection 493s X509v3 Subject Alternative Name: 493s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 493s Certificate is to be certified until Jan 17 14:19:26 2026 GMT (365 days) 493s 493s Write out database with 1 new entries 493s Database updated 493s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem 493s /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem: OK 493s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem 493s + local cmd=openssl 493s + shift 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem 493s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 493s error 20 at 0 depth lookup: unable to get local issuer certificate 493s error /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem: verification failed 493s + cat 493s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-16416 493s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-16416 1024 493s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-16416 -key /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001-request.pem 493s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001-request.pem 493s Certificate Request: 493s Data: 493s Version: 1 (0x0) 493s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 493s Subject Public Key Info: 493s Public Key Algorithm: rsaEncryption 493s Public-Key: (1024 bit) 493s Modulus: 493s 00:bf:b5:1a:22:af:65:41:24:8c:5f:86:bb:89:5e: 493s db:a0:c8:fa:16:00:04:13:cd:5c:73:6c:5f:45:93: 493s fa:da:2a:a5:79:5c:69:c0:67:7f:69:cb:45:89:f4: 493s 7e:55:f3:6d:b5:14:2c:4a:57:27:0a:6b:01:18:2f: 493s b8:d0:f8:37:b3:25:7b:6b:aa:ab:f2:1e:f3:80:4c: 493s d6:b3:d4:c8:ca:54:d2:da:5e:8f:40:76:71:01:e0: 493s 5b:95:58:3f:79:bf:ff:f6:a7:3e:09:55:f7:40:5c: 493s 31:d9:7c:22:63:07:40:4f:2c:4b:1e:c8:a0:06:f9: 493s be:d8:4a:44:7c:88:23:3e:01 493s Exponent: 65537 (0x10001) 493s Attributes: 493s Requested Extensions: 493s X509v3 Basic Constraints: 493s CA:FALSE 493s Netscape Cert Type: 493s SSL Client, S/MIME 493s Netscape Comment: 493s Test Organization Intermediate CA trusted Certificate 493s X509v3 Subject Key Identifier: 493s C5:55:65:C1:88:4B:50:F3:8C:C3:49:17:40:B8:D3:5F:1C:B8:12:9D 493s X509v3 Key Usage: critical 493s Digital Signature, Non Repudiation, Key Encipherment 493s X509v3 Extended Key Usage: 493s TLS Web Client Authentication, E-mail Protection 493s X509v3 Subject Alternative Name: 493s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 493s Signature Algorithm: sha256WithRSAEncryption 493s Signature Value: 493s 9f:6e:51:00:2a:87:af:de:0e:a8:ff:6e:9e:cd:6a:22:00:ae: 493s 7f:ef:3a:ab:f1:14:25:7c:e5:13:56:e7:b0:19:7b:59:5e:24: 493s 68:74:fa:20:59:69:a6:86:08:94:db:ed:6b:80:fb:8e:18:e0: 493s 2f:db:7c:56:fa:62:80:d2:45:09:7c:e4:85:b2:85:91:8d:f0: 493s 10:bb:bd:34:4b:6c:16:db:05:45:d9:82:1d:62:19:fb:1b:fc: 493s af:0c:f8:7c:60:59:ff:ff:83:f4:a5:f1:05:6e:36:49:cd:8c: 493s f8:98:d0:10:ee:76:3b:42:b4:69:ca:76:ce:c4:49:31:2e:bf: 493s db:d0 493s + openssl ca -passin pass:random-intermediate-CA-password-22666 -config /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem 493s Using configuration from /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.config 493s Check that the request matches the signature 493s Signature ok 493s Certificate Details: 493s Serial Number: 4 (0x4) 493s Validity 493s Not Before: Jan 17 14:19:26 2025 GMT 493s Not After : Jan 17 14:19:26 2026 GMT 493s Subject: 493s organizationName = Test Organization 493s organizationalUnitName = Test Organization Unit 493s commonName = Test Organization Intermediate Trusted Certificate 0001 493s X509v3 extensions: 493s X509v3 Authority Key Identifier: 493s C3:5A:97:A9:C1:96:B2:1F:2C:C0:32:91:0C:52:D7:00:C7:01:D7:D6 493s X509v3 Basic Constraints: 493s CA:FALSE 493s Netscape Cert Type: 493s SSL Client, S/MIME 493s Netscape Comment: 493s Test Organization Intermediate CA trusted Certificate 493s X509v3 Subject Key Identifier: 493s C5:55:65:C1:88:4B:50:F3:8C:C3:49:17:40:B8:D3:5F:1C:B8:12:9D 493s X509v3 Key Usage: critical 493s Digital Signature, Non Repudiation, Key Encipherment 493s X509v3 Extended Key Usage: 493s TLS Web Client Authentication, E-mail Protection 493s X509v3 Subject Alternative Name: 493s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 493s Certificate is to be certified until Jan 17 14:19:26 2026 GMT (365 days) 493s 493s Write out database with 1 new entries 493s Database updated 493s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem 493s This certificate should not be trusted fully 493s + echo 'This certificate should not be trusted fully' 493s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem 493s + local cmd=openssl 493s + shift 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem 493s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 493s error 2 at 1 depth lookup: unable to get issuer certificate 493s error /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 493s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem 493s /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem: OK 493s + cat 493s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-14899 493s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-14899 1024 493s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-14899 -key /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 493s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 493s Certificate Request: 493s Data: 493s Version: 1 (0x0) 493s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 493s Subject Public Key Info: 493s Public Key Algorithm: rsaEncryption 493s Public-Key: (1024 bit) 493s Modulus: 493s 00:b7:22:ce:0b:01:57:4c:27:f6:c9:a5:ae:38:20: 493s 4f:05:4c:c4:d4:e4:17:92:64:d2:4e:e0:34:d6:5a: 493s e9:22:db:09:2f:89:b5:fb:18:2a:6a:95:5e:5f:3d: 493s 71:84:c4:37:05:9c:67:ef:04:4e:8d:75:b6:23:44: 493s 48:22:dd:25:b3:fa:e4:be:dc:1c:8a:72:7a:67:91: 493s 6d:06:28:14:44:23:ae:d5:c5:0e:a6:db:c4:bb:3f: 493s 25:54:48:ca:01:eb:63:76:c2:ad:51:60:a9:64:d0: 493s 0f:82:12:8b:de:3d:72:9f:92:09:7c:ca:2a:cd:b5: 493s 28:50:52:07:d1:d6:dc:c1:91 493s Exponent: 65537 (0x10001) 493s Attributes: 493s Requested Extensions: 493s X509v3 Basic Constraints: 493s CA:FALSE 493s Netscape Cert Type: 493s SSL Client, S/MIME 493s Netscape Comment: 493s Test Organization Sub Intermediate CA trusted Certificate 493s X509v3 Subject Key Identifier: 493s 9B:3B:D7:EF:14:1B:7C:F3:66:0E:54:2F:9E:FD:8E:B0:D1:CE:0F:F8 493s X509v3 Key Usage: critical 493s Digital Signature, Non Repudiation, Key Encipherment 493s X509v3 Extended Key Usage: 493s TLS Web Client Authentication, E-mail Protection 493s X509v3 Subject Alternative Name: 493s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 493s Signature Algorithm: sha256WithRSAEncryption 493s Signature Value: 493s 3c:cb:db:9e:61:ec:0d:5a:52:1f:b2:60:f7:d6:4d:38:a0:30: 493s ed:6c:98:ce:b2:63:ec:11:3c:cf:30:9f:73:7b:bf:be:78:37: 493s c4:0d:e4:54:9e:89:82:28:a9:fd:ee:fd:a0:2d:e0:eb:d7:8f: 493s 72:90:81:ba:76:f3:82:1d:93:b4:57:9c:ec:dd:64:e4:9c:f7: 493s 08:ff:14:37:a0:ef:08:dd:06:27:6b:f7:9d:cb:b6:c5:0b:7c: 493s 28:a4:37:c2:a7:aa:c0:bf:b4:14:69:1d:f4:90:d3:74:53:c6: 493s 52:49:92:40:90:59:f2:aa:46:53:8f:41:fe:c8:ad:17:f1:ba: 493s 73:1d 493s + openssl ca -passin pass:random-sub-intermediate-CA-password-15935 -config /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s Using configuration from /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.config 493s Check that the request matches the signature 493s Signature ok 493s Certificate Details: 493s Serial Number: 5 (0x5) 493s Validity 493s Not Before: Jan 17 14:19:26 2025 GMT 493s Not After : Jan 17 14:19:26 2026 GMT 493s Subject: 493s organizationName = Test Organization 493s organizationalUnitName = Test Organization Unit 493s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 493s X509v3 extensions: 493s X509v3 Authority Key Identifier: 493s 00:B0:4D:7E:F5:F9:16:63:2E:EA:DB:07:C6:6C:DA:21:10:10:C2:42 493s X509v3 Basic Constraints: 493s CA:FALSE 493s Netscape Cert Type: 493s SSL Client, S/MIME 493s Netscape Comment: 493s Test Organization Sub Intermediate CA trusted Certificate 493s X509v3 Subject Key Identifier: 493s 9B:3B:D7:EF:14:1B:7C:F3:66:0E:54:2F:9E:FD:8E:B0:D1:CE:0F:F8 493s X509v3 Key Usage: critical 493s Digital Signature, Non Repudiation, Key Encipherment 493s X509v3 Extended Key Usage: 493s TLS Web Client Authentication, E-mail Protection 493s X509v3 Subject Alternative Name: 493s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 493s Certificate is to be certified until Jan 17 14:19:26 2026 GMT (365 days) 493s 493s Write out database with 1 new entries 493s Database updated 493s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s + echo 'This certificate should not be trusted fully' 493s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s + local cmd=openssl 493s + shift 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s This certificate should not be trusted fully 493s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 493s error 2 at 1 depth lookup: unable to get issuer certificate 493s error /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 493s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s + local cmd=openssl 493s + shift 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 493s error 20 at 0 depth lookup: unable to get local issuer certificate 493s error /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 493s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 493s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s + local cmd=openssl 493s + shift 493s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 493s error 20 at 0 depth lookup: unable to get local issuer certificate 493s error /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 493s + echo 'Building a the full-chain CA file...' 493s + cat /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem 493s Building a the full-chain CA file... 493s + cat /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem 493s + cat /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem 493s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem 493s + openssl pkcs7 -print_certs -noout 493s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 493s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 493s 493s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 493s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 493s 493s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 493s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 493s 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem 493s /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA.pem: OK 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem 493s /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem: OK 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem 493s /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem: OK 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-root-intermediate-chain-CA.pem 493s /tmp/sssd-softhsm2-certs-kmOvPz/test-root-intermediate-chain-CA.pem: OK 493s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s + echo 'Certificates generation completed!' 493s + [[ -v NO_SSSD_TESTS ]] 493s + [[ -v GENERATE_SMART_CARDS ]] 493s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31158 493s + local certificate=/tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem 493s + local key_pass=pass:random-root-ca-trusted-cert-0001-31158 493s + local key_cn 493s + local key_name 493s + local tokens_dir 493s + local output_cert_file 493s + token_name= 493s ++ basename /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem .pem 493s /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 493s Certificates generation completed! 493s + key_name=test-root-CA-trusted-certificate-0001 493s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem 493s ++ sed -n 's/ *commonName *= //p' 493s + key_cn='Test Organization Root Trusted Certificate 0001' 493s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 493s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-root-CA-trusted-certificate-0001.conf 493s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-root-CA-trusted-certificate-0001.conf 493s ++ basename /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 493s + tokens_dir=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-root-CA-trusted-certificate-0001 493s + token_name='Test Organization Root Tr Token' 493s + '[' '!' -e /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 493s + local key_file 493s + local decrypted_key 493s + mkdir -p /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-root-CA-trusted-certificate-0001 493s + key_file=/tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001-key.pem 493s + decrypted_key=/tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001-key-decrypted.pem 493s + cat 493s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 493s Slot 0 has a free/uninitialized token. 493s The token has been initialized and is reassigned to slot 225265451 493s + softhsm2-util --show-slots 493s Available slots: 493s Slot 225265451 493s Slot info: 493s Description: SoftHSM slot ID 0xd6d472b 493s Manufacturer ID: SoftHSM project 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Token present: yes 493s Token info: 493s Manufacturer ID: SoftHSM project 493s Model: SoftHSM v2 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Serial number: acec34980d6d472b 493s Initialized: yes 493s User PIN init.: yes 493s Label: Test Organization Root Tr Token 493s Slot 1 493s Slot info: 493s Description: SoftHSM slot ID 0x1 493s Manufacturer ID: SoftHSM project 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Token present: yes 493s Token info: 493s Manufacturer ID: SoftHSM project 493s Model: SoftHSM v2 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Serial number: 493s Initialized: no 493s User PIN init.: no 493s Label: 493s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 493s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-31158 -in /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001-key-decrypted.pem 493s writing RSA key 493s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 493s + rm /tmp/sssd-softhsm2-certs-kmOvPz/test-root-CA-trusted-certificate-0001-key-decrypted.pem 493s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 493s Object 0: 493s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=acec34980d6d472b;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 493s Type: X.509 Certificate (RSA-1024) 493s Expires: Sat Jan 17 14:19:26 2026 493s Label: Test Organization Root Trusted Certificate 0001 493s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 493s 493s Test Organization Root Tr Token 493s + echo 'Test Organization Root Tr Token' 493s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-16416 493s + local certificate=/tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem 493s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-16416 493s + local key_cn 493s + local key_name 493s + local tokens_dir 493s + local output_cert_file 493s + token_name= 493s ++ basename /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem .pem 493s + key_name=test-intermediate-CA-trusted-certificate-0001 493s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem 493s ++ sed -n 's/ *commonName *= //p' 493s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 493s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 493s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 493s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 493s ++ basename /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 493s + tokens_dir=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-intermediate-CA-trusted-certificate-0001 493s + token_name='Test Organization Interme Token' 493s + '[' '!' -e /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 493s + local key_file 493s + local decrypted_key 493s + mkdir -p /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-intermediate-CA-trusted-certificate-0001 493s + key_file=/tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001-key.pem 493s + decrypted_key=/tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 493s + cat 493s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 493s Slot 0 has a free/uninitialized token. 493s The token has been initialized and is reassigned to slot 117450043 493s + softhsm2-util --show-slots 493s Available slots: 493s Slot 117450043 493s Slot info: 493s Description: SoftHSM slot ID 0x700253b 493s Manufacturer ID: SoftHSM project 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Token present: yes 493s Token info: 493s Manufacturer ID: SoftHSM project 493s Model: SoftHSM v2 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Serial number: aef927d80700253b 493s Initialized: yes 493s User PIN init.: yes 493s Label: Test Organization Interme Token 493s Slot 1 493s Slot info: 493s Description: SoftHSM slot ID 0x1 493s Manufacturer ID: SoftHSM project 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Token present: yes 493s Token info: 493s Manufacturer ID: SoftHSM project 493s Model: SoftHSM v2 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Serial number: 493s Initialized: no 493s User PIN init.: no 493s Label: 493s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 493s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-16416 -in /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 493s writing RSA key 493s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 493s + rm /tmp/sssd-softhsm2-certs-kmOvPz/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 493s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 493s Object 0: 493s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=aef927d80700253b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 493s Type: X.509 Certificate (RSA-1024) 493s Expires: Sat Jan 17 14:19:26 2026 493s Label: Test Organization Intermediate Trusted Certificate 0001 493s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 493s 493s Test Organization Interme Token 493s + echo 'Test Organization Interme Token' 493s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-14899 493s + local certificate=/tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-14899 493s + local key_cn 493s + local key_name 493s + local tokens_dir 493s + local output_cert_file 493s + token_name= 493s ++ basename /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 493s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 493s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem 493s ++ sed -n 's/ *commonName *= //p' 493s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 493s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 493s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 493s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 493s ++ basename /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 493s + tokens_dir=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 493s + token_name='Test Organization Sub Int Token' 493s + '[' '!' -e /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 493s + local key_file 493s + local decrypted_key 493s + mkdir -p /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 493s + key_file=/tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 493s + decrypted_key=/tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 493s + cat 493s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 493s Slot 0 has a free/uninitialized token. 493s The token has been initialized and is reassigned to slot 1640721828 493s + softhsm2-util --show-slots 493s Available slots: 493s Slot 1640721828 493s Slot info: 493s Description: SoftHSM slot ID 0x61cb6da4 493s Manufacturer ID: SoftHSM project 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Token present: yes 493s Token info: 493s Manufacturer ID: SoftHSM project 493s Model: SoftHSM v2 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Serial number: 2741bed061cb6da4 493s Initialized: yes 493s User PIN init.: yes 493s Label: Test Organization Sub Int Token 493s Slot 1 493s Slot info: 493s Description: SoftHSM slot ID 0x1 493s Manufacturer ID: SoftHSM project 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Token present: yes 493s Token info: 493s Manufacturer ID: SoftHSM project 493s Model: SoftHSM v2 493s Hardware version: 2.6 493s Firmware version: 2.6 493s Serial number: 493s Initialized: no 493s User PIN init.: no 493s Label: 493s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 493s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-14899 -in /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 493s writing RSA key 493s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 494s + rm /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 494s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 494s Object 0: 494s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2741bed061cb6da4;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 494s Type: X.509 Certificate (RSA-1024) 494s Expires: Sat Jan 17 14:19:26 2026 494s Label: Test Organization Sub Intermediate Trusted Certificate 0001 494s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 494s 494s Test Organization Sub Int Token 494s Certificates generation completed! 494s + echo 'Test Organization Sub Int Token' 494s + echo 'Certificates generation completed!' 494s + exit 0 494s + find /tmp/sssd-softhsm2-certs-kmOvPz -type d -exec chmod 777 '{}' ';' 494s + find /tmp/sssd-softhsm2-certs-kmOvPz -type f -exec chmod 666 '{}' ';' 494s + backup_file /etc/sssd/sssd.conf 494s + '[' -z '' ']' 494s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 494s + backupsdir=/tmp/sssd-softhsm2-backups-JtkuVO 494s + '[' -e /etc/sssd/sssd.conf ']' 494s + delete_paths+=("$1") 494s + rm -f /etc/sssd/sssd.conf 494s ++ runuser -u ubuntu -- sh -c 'echo ~' 494s + user_home=/home/ubuntu 494s + mkdir -p /home/ubuntu 494s + chown ubuntu:ubuntu /home/ubuntu 494s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 494s + user_config=/home/ubuntu/.config 494s + system_config=/etc 494s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 494s + for path_pair in "${softhsm2_conf_paths[@]}" 494s + IFS=: 494s + read -r -a path 494s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 494s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 494s + '[' -z /tmp/sssd-softhsm2-backups-JtkuVO ']' 494s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 494s + delete_paths+=("$1") 494s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 494s + for path_pair in "${softhsm2_conf_paths[@]}" 494s + IFS=: 494s + read -r -a path 494s + path=/etc/softhsm/softhsm2.conf 494s + backup_file /etc/softhsm/softhsm2.conf 494s + '[' -z /tmp/sssd-softhsm2-backups-JtkuVO ']' 494s + '[' -e /etc/softhsm/softhsm2.conf ']' 494s ++ dirname /etc/softhsm/softhsm2.conf 494s + local back_dir=/tmp/sssd-softhsm2-backups-JtkuVO//etc/softhsm 494s ++ basename /etc/softhsm/softhsm2.conf 494s + local back_path=/tmp/sssd-softhsm2-backups-JtkuVO//etc/softhsm/softhsm2.conf 494s + '[' '!' -e /tmp/sssd-softhsm2-backups-JtkuVO//etc/softhsm/softhsm2.conf ']' 494s + mkdir -p /tmp/sssd-softhsm2-backups-JtkuVO//etc/softhsm 494s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-JtkuVO//etc/softhsm/softhsm2.conf 494s + restore_paths+=("$back_path") 494s + rm -f /etc/softhsm/softhsm2.conf 494s + test_authentication login /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem 494s + pam_service=login 494s + certificate_config=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-root-CA-trusted-certificate-0001.conf 494s + ca_db=/tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem 494s + verification_options= 494s + mkdir -p -m 700 /etc/sssd 494s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 494s + cat 494s Using CA DB '/tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem' with verification options: '' 494s + chmod 600 /etc/sssd/sssd.conf 494s + for path_pair in "${softhsm2_conf_paths[@]}" 494s + IFS=: 494s + read -r -a path 494s + user=ubuntu 494s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 494s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 494s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 494s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 494s + runuser -u ubuntu -- softhsm2-util --show-slots 494s + grep 'Test Organization' 494s Label: Test Organization Root Tr Token 494s + for path_pair in "${softhsm2_conf_paths[@]}" 494s + IFS=: 494s + read -r -a path 494s + user=root 494s + path=/etc/softhsm/softhsm2.conf 494s ++ dirname /etc/softhsm/softhsm2.conf 494s + runuser -u root -- mkdir -p /etc/softhsm 494s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 494s + runuser -u root -- softhsm2-util --show-slots 494s + grep 'Test Organization' 494s + systemctl restart sssd 494s Label: Test Organization Root Tr Token 494s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 494s + for alternative in "${alternative_pam_configs[@]}" 494s + pam-auth-update --enable sss-smart-card-optional 494s + cat /etc/pam.d/common-auth 494s + echo -n -e 123456 494s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 494s # 494s # /etc/pam.d/common-auth - authentication settings common to all services 494s # 494s # This file is included from other service-specific PAM config files, 494s # and should contain a list of the authentication modules that define 494s # the central authentication scheme for use on the system 494s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 494s # traditional Unix authentication mechanisms. 494s # 494s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 494s # To take advantage of this, it is recommended that you configure any 494s # local modules either before or after the default block, and use 494s # pam-auth-update to manage selection of other modules. See 494s # pam-auth-update(8) for details. 494s 494s # here are the per-package modules (the "Primary" block) 494s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 494s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 494s auth [success=1 default=ignore] pam_sss.so use_first_pass 494s # here's the fallback if no module succeeds 494s auth requisite pam_deny.so 494s # prime the stack with a positive return value if there isn't one already; 494s # this avoids us returning an error just because nothing sets a success code 494s # since the modules above will each just jump around 494s auth required pam_permit.so 494s # and here are more per-package modules (the "Additional" block) 494s auth optional pam_cap.so 494s # end of pam-auth-update config 495s pamtester: invoking pam_start(login, ubuntu, ...) 495s pamtester: performing operation - authenticate 495s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 495s + echo -n -e 123456 495s + runuser -u ubuntu -- pamtester -v login '' authenticate 495s pamtester: invoking pam_start(login, , ...) 495s pamtester: performing operation - authenticate 495s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 495s + echo -n -e wrong123456 495s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 495s pamtester: invoking pam_start(login, ubuntu, ...) 495s pamtester: performing operation - authenticate 498s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 498s + echo -n -e wrong123456 498s + runuser -u ubuntu -- pamtester -v login '' authenticate 498s pamtester: invoking pam_start(login, , ...) 498s pamtester: performing operation - authenticate 500s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 500s + echo -n -e 123456 500s + pamtester -v login root authenticate 500s pamtester: invoking pam_start(login, root, ...) 500s pamtester: performing operation - authenticate 503s Password: pamtester: Authentication failure 503s + for alternative in "${alternative_pam_configs[@]}" 503s + pam-auth-update --enable sss-smart-card-required 503s PAM configuration 503s ----------------- 503s 503s Incompatible PAM profiles selected. 503s 503s The following PAM profiles cannot be used together: 503s 503s SSS required smart card authentication, SSS optional smart card 503s authentication 503s 503s Please select a different set of modules to enable. 503s 503s # 503s # /etc/pam.d/common-auth - authentication settings common to all services 503s # 503s # This file is included from other service-specific PAM config files, 503s # and should contain a list of the authentication modules that define 503s # the central authentication scheme for use on the system 503s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 503s # traditional Unix authentication mechanisms. 503s # 503s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 503s # To take advantage of this, it is recommended that you configure any 503s # local modules either before or after the default block, and use 503s # pam-auth-update to manage selection of other modules. See 503s # pam-auth-update(8) for details. 503s 503s # here are the per-package modules (the "Primary" block) 503s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 503s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 503s auth [success=1 default=ignore] pam_sss.so use_first_pass 503s # here's the fallback if no module succeeds 503s auth requisite pam_deny.so 503s # prime the stack with a positive return value if there isn't one already; 503s # this avoids us returning an error just because nothing sets a success code 503s # since the modules above will each just jump around 503s auth required pam_permit.so 503s # and here are more per-package modules (the "Additional" block) 503s auth optional pam_cap.so 503s # end of pam-auth-update config 503s + cat /etc/pam.d/common-auth 503s + echo -n -e 123456 503s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 503s pamtester: invoking pam_start(login, ubuntu, ...) 503s pamtester: performing operation - authenticate 503s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 503s + echo -n -e 123456 503s + runuser -u ubuntu -- pamtester -v login '' authenticate 503s pamtester: invoking pam_start(login, , ...) 503s pamtester: performing operation - authenticate 503s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 503s + echo -n -e wrong123456 503s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 503s pamtester: invoking pam_start(login, ubuntu, ...) 503s pamtester: performing operation - authenticate 506s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 506s + echo -n -e wrong123456 506s + runuser -u ubuntu -- pamtester -v login '' authenticate 506s pamtester: invoking pam_start(login, , ...) 506s pamtester: performing operation - authenticate 509s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 509s + echo -n -e 123456 509s + pamtester -v login root authenticate 509s pamtester: invoking pam_start(login, root, ...) 509s pamtester: performing operation - authenticate 511s pamtester: Authentication service cannot retrieve authentication info 511s + test_authentication login /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem 511s + pam_service=login 511s + certificate_config=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 511s + ca_db=/tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem 511s + verification_options= 511s + mkdir -p -m 700 /etc/sssd 511s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 511s + cat 511s + chmod 600 /etc/sssd/sssd.conf 511s + for path_pair in "${softhsm2_conf_paths[@]}" 511s + IFS=: 511s + read -r -a path 511s + user=ubuntu 511s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 511s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 511s Using CA DB '/tmp/sssd-softhsm2-certs-kmOvPz/test-full-chain-CA.pem' with verification options: '' 511s Label: Test Organization Sub Int Token 511s Label: Test Organization Sub Int Token 511s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 511s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 511s + runuser -u ubuntu -- softhsm2-util --show-slots 511s + grep 'Test Organization' 511s + for path_pair in "${softhsm2_conf_paths[@]}" 511s + IFS=: 511s + read -r -a path 511s + user=root 511s + path=/etc/softhsm/softhsm2.conf 511s ++ dirname /etc/softhsm/softhsm2.conf 511s + runuser -u root -- mkdir -p /etc/softhsm 511s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 511s + runuser -u root -- softhsm2-util --show-slots 511s + grep 'Test Organization' 511s + systemctl restart sssd 511s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 511s + for alternative in "${alternative_pam_configs[@]}" 511s + pam-auth-update --enable sss-smart-card-optional 512s + cat /etc/pam.d/common-auth 512s # 512s # /etc/pam.d/common-auth - authentication settings common to all services 512s # 512s # This file is included from other service-specific PAM config files, 512s # and should contain a list of the authentication modules that define 512s # the central authentication scheme for use on the system 512s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 512s # traditional Unix authentication mechanisms. 512s # 512s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 512s # To take advantage of this, it is recommended that you configure any 512s # local modules either before or after the default block, and use 512s # pam-auth-update to manage selection of other modules. See 512s # pam-auth-update(8) for details. 512s 512s # here are the per-package modules (the "Primary" block) 512s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 512s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 512s auth [success=1 default=ignore] pam_sss.so use_first_pass 512s # here's the fallback if no module succeeds 512s auth requisite pam_deny.so 512s # prime the stack with a positive return value if there isn't one already; 512s # this avoids us returning an error just because nothing sets a success code 512s # since the modules above will each just jump around 512s auth required pam_permit.so 512s # and here are more per-package modules (the "Additional" block) 512s auth optional pam_cap.so 512s # end of pam-auth-update config 512s + echo -n -e 123456 512s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 512s pamtester: invoking pam_start(login, ubuntu, ...) 512s pamtester: performing operation - authenticate 512s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 512s + echo -n -e 123456 512s + runuser -u ubuntu -- pamtester -v login '' authenticate 512s pamtester: invoking pam_start(login, , ...) 512s pamtester: performing operation - authenticate 512s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 512s + echo -n -e wrong123456 512s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 512s pamtester: invoking pam_start(login, ubuntu, ...) 512s pamtester: performing operation - authenticate 514s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 514s + echo -n -e wrong123456 514s + runuser -u ubuntu -- pamtester -v login '' authenticate 514s pamtester: invoking pam_start(login, , ...) 514s pamtester: performing operation - authenticate 518s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 518s + echo -n -e 123456 518s + pamtester -v login root authenticate 518s pamtester: invoking pam_start(login, root, ...) 518s pamtester: performing operation - authenticate 521s Password: pamtester: Authentication failure 521s + for alternative in "${alternative_pam_configs[@]}" 521s + pam-auth-update --enable sss-smart-card-required 522s PAM configuration 522s ----------------- 522s 522s Incompatible PAM profiles selected. 522s 522s The following PAM profiles cannot be used together: 522s 522s SSS required smart card authentication, SSS optional smart card 522s authentication 522s 522s Please select a different set of modules to enable. 522s 522s + cat /etc/pam.d/common-auth 522s + echo -n -e 123456 522s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 522s # 522s # /etc/pam.d/common-auth - authentication settings common to all services 522s # 522s # This file is included from other service-specific PAM config files, 522s # and should contain a list of the authentication modules that define 522s # the central authentication scheme for use on the system 522s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 522s # traditional Unix authentication mechanisms. 522s # 522s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 522s # To take advantage of this, it is recommended that you configure any 522s # local modules either before or after the default block, and use 522s # pam-auth-update to manage selection of other modules. See 522s # pam-auth-update(8) for details. 522s 522s # here are the per-package modules (the "Primary" block) 522s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 522s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 522s auth [success=1 default=ignore] pam_sss.so use_first_pass 522s # here's the fallback if no module succeeds 522s auth requisite pam_deny.so 522s # prime the stack with a positive return value if there isn't one already; 522s # this avoids us returning an error just because nothing sets a success code 522s # since the modules above will each just jump around 522s auth required pam_permit.so 522s # and here are more per-package modules (the "Additional" block) 522s auth optional pam_cap.so 522s # end of pam-auth-update config 522s pamtester: invoking pam_start(login, ubuntu, ...) 522s pamtester: performing operation - authenticate 522s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 522s + echo -n -e 123456 522s + runuser -u ubuntu -- pamtester -v login '' authenticate 522s pamtester: invoking pam_start(login, , ...) 522s pamtester: performing operation - authenticate 522s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 522s + echo -n -e wrong123456 522s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 522s pamtester: invoking pam_start(login, ubuntu, ...) 522s pamtester: performing operation - authenticate 524s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 524s + echo -n -e wrong123456 524s + runuser -u ubuntu -- pamtester -v login '' authenticate 524s pamtester: invoking pam_start(login, , ...) 524s pamtester: performing operation - authenticate 527s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 527s + echo -n -e 123456 527s + pamtester -v login root authenticate 527s pamtester: invoking pam_start(login, root, ...) 527s pamtester: performing operation - authenticate 530s pamtester: Authentication service cannot retrieve authentication info 530s + test_authentication login /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem partial_chain 530s + pam_service=login 530s + certificate_config=/tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 530s + ca_db=/tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem 530s + verification_options=partial_chain 530s + mkdir -p -m 700 /etc/sssd 530s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 530s + cat 530s + chmod 600 /etc/sssd/sssd.conf 530s + for path_pair in "${softhsm2_conf_paths[@]}" 530s + IFS=: 530s + read -r -a path 530s + user=ubuntu 530s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 530s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 530s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 530s Using CA DB '/tmp/sssd-softhsm2-certs-kmOvPz/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 530s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 530s + runuser -u ubuntu -- softhsm2-util --show-slots 530s + grep 'Test Organization' 530s + for path_pair in "${softhsm2_conf_paths[@]}" 530s + IFS=: 530s + read -r -a path 530s + user=root 530s + path=/etc/softhsm/softhsm2.conf 530s ++ dirname /etc/softhsm/softhsm2.conf 530s + runuser -u root -- mkdir -p /etc/softhsm 530s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-kmOvPz/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 530s Label: Test Organization Sub Int Token 530s + runuser -u root -- softhsm2-util --show-slots 530s + grep 'Test Organization' 530s Label: Test Organization Sub Int Token 530s + systemctl restart sssd 530s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 530s + for alternative in "${alternative_pam_configs[@]}" 530s + pam-auth-update --enable sss-smart-card-optional 530s + cat /etc/pam.d/common-auth 530s # 530s # /etc/pam.d/common-auth - authentication settings common to all services 530s # 530s # This file is included from other service-specific PAM config files, 530s # and should contain a list of the authentication modules that define 530s # the central authentication scheme for use on the system 530s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 530s # traditional Unix authentication mechanisms. 530s # 530s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 530s # To take advantage of this, it is recommended that you configure any 530s # local modules either before or after the default block, and use 530s # pam-auth-update to manage selection of other modules. See 530s # pam-auth-update(8) for details. 530s 530s # here are the per-package modules (the "Primary" block) 530s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 530s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 530s auth [success=1 default=ignore] pam_sss.so use_first_pass 530s # here's the fallback if no module succeeds 530s auth requisite pam_deny.so 530s # prime the stack with a positive return value if there isn't one already; 530s # this avoids us returning an error just because nothing sets a success code 530s # since the modules above will each just jump around 530s auth required pam_permit.so 530s # and here are more per-package modules (the "Additional" block) 530s auth optional pam_cap.so 530s # end of pam-auth-update config 530s + echo -n -e 123456 530s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 530s pamtester: invoking pam_start(login, ubuntu, ...) 530s pamtester: performing operation - authenticate 530s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 530s + echo -n -e 123456 530s + runuser -u ubuntu -- pamtester -v login '' authenticate 530s pamtester: invoking pam_start(login, , ...) 530s pamtester: performing operation - authenticate 530s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 530s + echo -n -e wrong123456 530s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 531s pamtester: invoking pam_start(login, ubuntu, ...) 531s pamtester: performing operation - authenticate 534s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 534s + echo -n -e wrong123456 534s + runuser -u ubuntu -- pamtester -v login '' authenticate 534s pamtester: invoking pam_start(login, , ...) 534s pamtester: performing operation - authenticate 536s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 536s + echo -n -e 123456 536s + pamtester -v login root authenticate 536s pamtester: invoking pam_start(login, root, ...) 536s pamtester: performing operation - authenticate 539s Password: pamtester: Authentication failure 539s + for alternative in "${alternative_pam_configs[@]}" 539s + pam-auth-update --enable sss-smart-card-required 539s PAM configuration 539s ----------------- 539s 539s Incompatible PAM profiles selected. 539s 539s The following PAM profiles cannot be used together: 539s 539s SSS required smart card authentication, SSS optional smart card 539s authentication 539s 539s Please select a different set of modules to enable. 539s 539s + cat /etc/pam.d/common-auth 539s # 539s # /etc/pam.d/common-auth - authentication settings common to all services 539s # 539s # This file is included from other service-specific PAM config files, 539s # and should contain a list of the authentication modules that define 539s # the central authentication scheme for use on the system 539s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 539s # traditional Unix authentication mechanisms. 539s # 539s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 539s # To take advantage of this, it is recommended that you configure any 539s # local modules either before or after the default block, and use 539s # pam-auth-update to manage selection of other modules. See 539s # pam-auth-update(8) for details. 539s 539s # here are the per-package modules (the "Primary" block) 539s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 539s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 539s auth [success=1 default=ignore] pam_sss.so use_first_pass 539s # here's the fallback if no module succeeds 539s auth requisite pam_deny.so 539s # prime the stack with a positive return value if there isn't one already; 539s # this avoids us returning an error just because nothing sets a success code 539s # since the modules above will each just jump around 539s auth required pam_permit.so 539s # and here are more per-package modules (the "Additional" block) 539s auth optional pam_cap.so 539s # end of pam-auth-update config 539s + echo -n -e 123456 539s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 539s pamtester: invoking pam_start(login, ubuntu, ...) 539s pamtester: performing operation - authenticate 539s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 539s + echo -n -e 123456 539s + runuser -u ubuntu -- pamtester -v login '' authenticate 539s pamtester: invoking pam_start(login, , ...) 539s pamtester: performing operation - authenticate 540s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 540s + echo -n -e wrong123456 540s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 540s pamtester: invoking pam_start(login, ubuntu, ...) 540s pamtester: performing operation - authenticate 542s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 542s + echo -n -e wrong123456 542s + runuser -u ubuntu -- pamtester -v login '' authenticate 542s pamtester: invoking pam_start(login, , ...) 542s pamtester: performing operation - authenticate 544s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 544s + echo -n -e 123456 544s + pamtester -v login root authenticate 544s pamtester: invoking pam_start(login, root, ...) 544s pamtester: performing operation - authenticate 548s pamtester: Authentication service cannot retrieve authentication info 548s + handle_exit 548s + exit_code=0 548s + restore_changes 548s + for path in "${restore_paths[@]}" 548s + local original_path 548s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-JtkuVO /tmp/sssd-softhsm2-backups-JtkuVO//etc/softhsm/softhsm2.conf 548s + original_path=/etc/softhsm/softhsm2.conf 548s + rm /etc/softhsm/softhsm2.conf 548s + mv /tmp/sssd-softhsm2-backups-JtkuVO//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 548s + for path in "${delete_paths[@]}" 548s + rm -f /etc/sssd/sssd.conf 548s + for path in "${delete_paths[@]}" 548s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 548s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 548s + '[' -e /etc/sssd/sssd.conf ']' 548s + systemctl stop sssd 548s + '[' -e /etc/softhsm/softhsm2.conf ']' 548s + chmod 600 /etc/softhsm/softhsm2.conf 548s + rm -rf /tmp/sssd-softhsm2-certs-kmOvPz 548s + '[' 0 = 0 ']' 548s + rm -rf /tmp/sssd-softhsm2-backups-JtkuVO 548s Script completed successfully! 548s + set +x 548s autopkgtest [14:20:21]: test sssd-smart-card-pam-auth-configs: -----------------------] 549s sssd-smart-card-pam-auth-configs PASS 549s autopkgtest [14:20:22]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 549s autopkgtest [14:20:22]: @@@@@@@@@@@@@@@@@@@@ summary 549s ldap-user-group-ldap-auth FAIL non-zero exit status 80 549s ldap-user-group-krb5-auth FAIL non-zero exit status 80 549s sssd-softhism2-certificates-tests.sh PASS 549s sssd-smart-card-pam-auth-configs PASS 567s nova [W] Using flock in prodstack6-arm64 567s Creating nova instance adt-plucky-arm64-sssd-20250117-141113-juju-7f2275-prod-proposed-migration-environment-2-108afe42-4572-4c1c-bf97-83a68265a4ff from image adt/ubuntu-plucky-arm64-server-20250117.img (UUID 16a981e8-12f4-4912-806e-ebb4c2361146)... 567s nova [W] Timed out waiting for fbb7015c-cb11-4f5a-ab74-7bf2ffeb2fa4 to get deleted. 567s nova [W] Using flock in prodstack6-arm64 567s flock: timeout while waiting to get lock 567s Creating nova instance adt-plucky-arm64-sssd-20250117-141113-juju-7f2275-prod-proposed-migration-environment-2-108afe42-4572-4c1c-bf97-83a68265a4ff from image adt/ubuntu-plucky-arm64-server-20250117.img (UUID 16a981e8-12f4-4912-806e-ebb4c2361146)... 567s nova [W] Timed out waiting for 5f45bd9e-7950-4cf9-9930-ee2f2e57e29c to get deleted.