0s autopkgtest [15:04:20]: starting date and time: 2025-03-15 15:04:20+0000 0s autopkgtest [15:04:20]: git checkout: 325255d2 Merge branch 'pin-any-arch' into 'ubuntu/production' 0s autopkgtest [15:04:20]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.v69i8evl/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:glibc --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=glibc/2.41-1ubuntu2 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos03-arm64-27.secgroup --name adt-plucky-arm64-sssd-20250315-150420-juju-7f2275-prod-proposed-migration-environment-2-5470177e-3999-4082-90ee-693dc74b8015 --image adt/ubuntu-plucky-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com,radosgw.ps5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 186s autopkgtest [15:07:26]: testbed dpkg architecture: arm64 187s autopkgtest [15:07:27]: testbed apt version: 2.9.33 187s autopkgtest [15:07:27]: @@@@@@@@@@@@@@@@@@@@ test bed setup 187s autopkgtest [15:07:27]: testbed release detected to be: None 188s autopkgtest [15:07:28]: updating testbed package index (apt update) 188s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [126 kB] 189s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 189s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 189s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 189s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [404 kB] 189s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [101 kB] 190s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [15.8 kB] 190s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 Packages [78.2 kB] 190s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 c-n-f Metadata [1976 B] 190s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted arm64 c-n-f Metadata [116 B] 190s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 Packages [346 kB] 190s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 c-n-f Metadata [15.8 kB] 190s Get:13 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse arm64 Packages [4948 B] 190s Get:14 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse arm64 c-n-f Metadata [572 B] 191s Fetched 1094 kB in 2s (514 kB/s) 192s Reading package lists... 193s Reading package lists... 193s Building dependency tree... 193s Reading state information... 194s Calculating upgrade... 194s Calculating upgrade... 194s The following packages will be upgraded: 194s python3-jinja2 strace 194s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 194s Need to get 608 kB of archives. 194s After this operation, 11.3 kB of additional disk space will be used. 194s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 strace arm64 6.13+ds-1ubuntu1 [499 kB] 195s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 python3-jinja2 all 3.1.5-2ubuntu1 [109 kB] 196s Fetched 608 kB in 1s (647 kB/s) 196s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 117701 files and directories currently installed.) 196s Preparing to unpack .../strace_6.13+ds-1ubuntu1_arm64.deb ... 196s Unpacking strace (6.13+ds-1ubuntu1) over (6.11-0ubuntu1) ... 196s Preparing to unpack .../python3-jinja2_3.1.5-2ubuntu1_all.deb ... 196s Unpacking python3-jinja2 (3.1.5-2ubuntu1) over (3.1.5-2) ... 196s Setting up python3-jinja2 (3.1.5-2ubuntu1) ... 197s Setting up strace (6.13+ds-1ubuntu1) ... 197s Processing triggers for man-db (2.13.0-1) ... 198s Reading package lists... 198s Building dependency tree... 198s Reading state information... 199s Solving dependencies... 199s The following packages will be REMOVED: 199s libnsl2* libpython3.12-minimal* libpython3.12-stdlib* libpython3.12t64* 199s libunwind8* linux-headers-6.11.0-8* linux-headers-6.11.0-8-generic* 199s linux-image-6.11.0-8-generic* linux-modules-6.11.0-8-generic* 199s linux-tools-6.11.0-8* linux-tools-6.11.0-8-generic* 200s 0 upgraded, 0 newly installed, 11 to remove and 5 not upgraded. 200s After this operation, 267 MB disk space will be freed. 200s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 117701 files and directories currently installed.) 200s Removing linux-tools-6.11.0-8-generic (6.11.0-8.8) ... 200s Removing linux-tools-6.11.0-8 (6.11.0-8.8) ... 200s Removing libpython3.12t64:arm64 (3.12.9-1) ... 200s Removing libpython3.12-stdlib:arm64 (3.12.9-1) ... 200s Removing libnsl2:arm64 (1.3.0-3build3) ... 200s Removing libpython3.12-minimal:arm64 (3.12.9-1) ... 200s Removing libunwind8:arm64 (1.6.2-3.1) ... 201s Removing linux-headers-6.11.0-8-generic (6.11.0-8.8) ... 201s Removing linux-headers-6.11.0-8 (6.11.0-8.8) ... 203s Removing linux-image-6.11.0-8-generic (6.11.0-8.8) ... 203s I: /boot/vmlinuz.old is now a symlink to vmlinuz-6.14.0-10-generic 203s I: /boot/initrd.img.old is now a symlink to initrd.img-6.14.0-10-generic 203s /etc/kernel/postrm.d/initramfs-tools: 203s update-initramfs: Deleting /boot/initrd.img-6.11.0-8-generic 203s /etc/kernel/postrm.d/zz-flash-kernel: 203s flash-kernel: Kernel 6.11.0-8-generic has been removed. 203s flash-kernel: A higher version (6.14.0-10-generic) is still installed, no reflashing required. 204s /etc/kernel/postrm.d/zz-update-grub: 204s Sourcing file `/etc/default/grub' 204s Sourcing file `/etc/default/grub.d/50-cloudimg-settings.cfg' 204s Generating grub configuration file ... 204s Found linux image: /boot/vmlinuz-6.14.0-10-generic 204s Found initrd image: /boot/initrd.img-6.14.0-10-generic 204s Warning: os-prober will not be executed to detect other bootable partitions. 204s Systems on them will not be added to the GRUB boot configuration. 204s Check GRUB_DISABLE_OS_PROBER documentation entry. 204s Adding boot menu entry for UEFI Firmware Settings ... 204s done 204s Removing linux-modules-6.11.0-8-generic (6.11.0-8.8) ... 205s Processing triggers for libc-bin (2.41-1ubuntu1) ... 205s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81650 files and directories currently installed.) 205s Purging configuration files for linux-image-6.11.0-8-generic (6.11.0-8.8) ... 205s Purging configuration files for libpython3.12-minimal:arm64 (3.12.9-1) ... 205s Purging configuration files for linux-modules-6.11.0-8-generic (6.11.0-8.8) ... 205s autopkgtest [15:07:45]: upgrading testbed (apt dist-upgrade and autopurge) 206s Reading package lists... 206s Building dependency tree... 206s Reading state information... 207s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 207s Starting 2 pkgProblemResolver with broken count: 0 207s Done 208s Entering ResolveByKeep 209s 209s Calculating upgrade... 210s The following packages will be upgraded: 210s libc-bin libc-dev-bin libc6 libc6-dev locales 210s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 210s Need to get 9530 kB of archives. 210s After this operation, 0 B of additional disk space will be used. 210s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libc6-dev arm64 2.41-1ubuntu2 [1750 kB] 213s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libc-dev-bin arm64 2.41-1ubuntu2 [24.0 kB] 213s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libc6 arm64 2.41-1ubuntu2 [2910 kB] 217s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libc-bin arm64 2.41-1ubuntu2 [600 kB] 218s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 locales all 2.41-1ubuntu2 [4246 kB] 224s Preconfiguring packages ... 224s Fetched 9530 kB in 13s (713 kB/s) 224s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81647 files and directories currently installed.) 224s Preparing to unpack .../libc6-dev_2.41-1ubuntu2_arm64.deb ... 224s Unpacking libc6-dev:arm64 (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 224s Preparing to unpack .../libc-dev-bin_2.41-1ubuntu2_arm64.deb ... 224s Unpacking libc-dev-bin (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 224s Preparing to unpack .../libc6_2.41-1ubuntu2_arm64.deb ... 224s Unpacking libc6:arm64 (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 224s Setting up libc6:arm64 (2.41-1ubuntu2) ... 225s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81647 files and directories currently installed.) 225s Preparing to unpack .../libc-bin_2.41-1ubuntu2_arm64.deb ... 225s Unpacking libc-bin (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 225s Setting up libc-bin (2.41-1ubuntu2) ... 225s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81647 files and directories currently installed.) 225s Preparing to unpack .../locales_2.41-1ubuntu2_all.deb ... 225s Unpacking locales (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 225s Setting up locales (2.41-1ubuntu2) ... 226s Generating locales (this might take a while)... 228s en_US.UTF-8... done 228s Generation complete. 228s Setting up libc-dev-bin (2.41-1ubuntu2) ... 228s Setting up libc6-dev:arm64 (2.41-1ubuntu2) ... 228s Processing triggers for man-db (2.13.0-1) ... 229s Processing triggers for systemd (257.3-1ubuntu3) ... 230s Reading package lists... 230s Building dependency tree... 230s Reading state information... 230s Starting pkgProblemResolver with broken count: 0 230s Starting 2 pkgProblemResolver with broken count: 0 230s Done 231s Solving dependencies... 231s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 231s autopkgtest [15:08:11]: rebooting testbed after setup commands that affected boot 255s autopkgtest [15:08:35]: testbed running kernel: Linux 6.14.0-10-generic #10-Ubuntu SMP PREEMPT_DYNAMIC Wed Mar 12 15:45:31 UTC 2025 257s autopkgtest [15:08:37]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 285s Get:1 http://ftpmaster.internal/ubuntu plucky/main sssd 2.10.1-2ubuntu3 (dsc) [5083 B] 285s Get:2 http://ftpmaster.internal/ubuntu plucky/main sssd 2.10.1-2ubuntu3 (tar) [9197 kB] 285s Get:3 http://ftpmaster.internal/ubuntu plucky/main sssd 2.10.1-2ubuntu3 (diff) [50.0 kB] 285s gpgv: Signature made Thu Feb 20 17:50:10 2025 UTC 285s gpgv: using RSA key 8AFD08D3D1B817B2DF8982F501AC4B4083590A98 285s gpgv: Can't check signature: No public key 285s dpkg-source: warning: cannot verify inline signature for ./sssd_2.10.1-2ubuntu3.dsc: no acceptable signature found 286s autopkgtest [15:09:06]: testing package sssd version 2.10.1-2ubuntu3 293s autopkgtest [15:09:13]: build not needed 305s autopkgtest [15:09:25]: test ldap-user-group-ldap-auth: preparing testbed 305s Reading package lists... 305s Building dependency tree... 305s Reading state information... 305s Starting pkgProblemResolver with broken count: 0 306s Starting 2 pkgProblemResolver with broken count: 0 306s Done 306s The following NEW packages will be installed: 306s expect ldap-utils libargon2-1 libavahi-client3 libavahi-common-data 306s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 306s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 306s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 306s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 306s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 306s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 306s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 306s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 306s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 306s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 306s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 306s tcl-expect tcl8.6 307s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 307s Need to get 13.2 MB of archives. 307s After this operation, 62.0 MB of additional disk space will be used. 307s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 libargon2-1 arm64 0~20190702+dfsg-4build1 [20.5 kB] 307s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 libltdl7 arm64 2.5.4-4 [43.0 kB] 307s Get:3 http://ftpmaster.internal/ubuntu plucky/main arm64 libodbc2 arm64 2.3.12-2ubuntu1 [147 kB] 307s Get:4 http://ftpmaster.internal/ubuntu plucky/main arm64 slapd arm64 2.6.9+dfsg-1~exp2ubuntu1 [1530 kB] 309s Get:5 http://ftpmaster.internal/ubuntu plucky/main arm64 libtcl8.6 arm64 8.6.16+dfsg-1 [987 kB] 310s Get:6 http://ftpmaster.internal/ubuntu plucky/main arm64 tcl8.6 arm64 8.6.16+dfsg-1 [14.8 kB] 310s Get:7 http://ftpmaster.internal/ubuntu plucky/universe arm64 tcl-expect arm64 5.45.4-4 [112 kB] 310s Get:8 http://ftpmaster.internal/ubuntu plucky/universe arm64 expect arm64 5.45.4-4 [137 kB] 310s Get:9 http://ftpmaster.internal/ubuntu plucky/main arm64 ldap-utils arm64 2.6.9+dfsg-1~exp2ubuntu1 [149 kB] 310s Get:10 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common-data arm64 0.8-16ubuntu1 [30.9 kB] 310s Get:11 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common3 arm64 0.8-16ubuntu1 [22.9 kB] 310s Get:12 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-client3 arm64 0.8-16ubuntu1 [26.9 kB] 310s Get:13 http://ftpmaster.internal/ubuntu plucky/main arm64 libbasicobjects0t64 arm64 0.6.2-3 [5882 B] 310s Get:14 http://ftpmaster.internal/ubuntu plucky/main arm64 libcares2 arm64 1.34.4-2.1 [100 kB] 310s Get:15 http://ftpmaster.internal/ubuntu plucky/main arm64 libcollection4t64 arm64 0.6.2-3 [23.6 kB] 310s Get:16 http://ftpmaster.internal/ubuntu plucky/main arm64 libcrack2 arm64 2.9.6-5.2build1 [29.1 kB] 310s Get:17 http://ftpmaster.internal/ubuntu plucky/main arm64 libdhash1t64 arm64 0.6.2-3 [8914 B] 310s Get:18 http://ftpmaster.internal/ubuntu plucky/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-10 [140 kB] 310s Get:19 http://ftpmaster.internal/ubuntu plucky/main arm64 libpath-utils1t64 arm64 0.6.2-3 [9088 B] 311s Get:20 http://ftpmaster.internal/ubuntu plucky/main arm64 libref-array1t64 arm64 0.6.2-3 [7312 B] 311s Get:21 http://ftpmaster.internal/ubuntu plucky/main arm64 libini-config5t64 arm64 0.6.2-3 [44.4 kB] 311s Get:22 http://ftpmaster.internal/ubuntu plucky/main arm64 libipa-hbac0t64 arm64 2.10.1-2ubuntu3 [18.5 kB] 311s Get:23 http://ftpmaster.internal/ubuntu plucky/universe arm64 libjose0 arm64 14-1 [44.9 kB] 311s Get:24 http://ftpmaster.internal/ubuntu plucky/main arm64 libverto-libevent1t64 arm64 0.3.1-1.2ubuntu3 [6328 B] 311s Get:25 http://ftpmaster.internal/ubuntu plucky/main arm64 libverto1t64 arm64 0.3.1-1.2ubuntu3 [10.4 kB] 311s Get:26 http://ftpmaster.internal/ubuntu plucky/main arm64 libkrad0 arm64 1.21.3-4ubuntu2 [23.2 kB] 311s Get:27 http://ftpmaster.internal/ubuntu plucky/main arm64 libtalloc2 arm64 2:2.4.2+samba4.21.4+dfsg-1ubuntu3 [71.7 kB] 311s Get:28 http://ftpmaster.internal/ubuntu plucky/main arm64 libtdb1 arm64 2:1.4.12+samba4.21.4+dfsg-1ubuntu3 [93.9 kB] 311s Get:29 http://ftpmaster.internal/ubuntu plucky/main arm64 libtevent0t64 arm64 2:0.16.1+samba4.21.4+dfsg-1ubuntu3 [40.7 kB] 311s Get:30 http://ftpmaster.internal/ubuntu plucky/main arm64 libldb2 arm64 2:2.10.0+samba4.21.4+dfsg-1ubuntu3 [151 kB] 311s Get:31 http://ftpmaster.internal/ubuntu plucky/main arm64 libnfsidmap1 arm64 1:2.8.2-2ubuntu1 [50.1 kB] 311s Get:32 http://ftpmaster.internal/ubuntu plucky/universe arm64 libnss-sudo all 1.9.16p2-1ubuntu1 [16.7 kB] 311s Get:33 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality-common all 1.4.5-4 [7714 B] 311s Get:34 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality1 arm64 1.4.5-4 [13.5 kB] 311s Get:35 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-pwquality arm64 1.4.5-4 [11.8 kB] 311s Get:36 http://ftpmaster.internal/ubuntu plucky/main arm64 libwbclient0 arm64 2:4.21.4+dfsg-1ubuntu3 [81.1 kB] 311s Get:37 http://ftpmaster.internal/ubuntu plucky/main arm64 samba-libs arm64 2:4.21.4+dfsg-1ubuntu3 [6420 kB] 318s Get:38 http://ftpmaster.internal/ubuntu plucky/main arm64 libsmbclient0 arm64 2:4.21.4+dfsg-1ubuntu3 [62.9 kB] 318s Get:39 http://ftpmaster.internal/ubuntu plucky/main arm64 libnss-sss arm64 2.10.1-2ubuntu3 [33.2 kB] 318s Get:40 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-sss arm64 2.10.1-2ubuntu3 [50.5 kB] 318s Get:41 http://ftpmaster.internal/ubuntu plucky/main arm64 python3-sss arm64 2.10.1-2ubuntu3 [46.7 kB] 318s Get:42 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-certmap0 arm64 2.10.1-2ubuntu3 [47.8 kB] 318s Get:43 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-idmap0 arm64 2.10.1-2ubuntu3 [23.6 kB] 318s Get:44 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-nss-idmap0 arm64 2.10.1-2ubuntu3 [31.9 kB] 318s Get:45 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-common arm64 2.10.1-2ubuntu3 [1138 kB] 319s Get:46 http://ftpmaster.internal/ubuntu plucky/universe arm64 sssd-idp arm64 2.10.1-2ubuntu3 [28.3 kB] 319s Get:47 http://ftpmaster.internal/ubuntu plucky/universe arm64 sssd-passkey arm64 2.10.1-2ubuntu3 [32.9 kB] 319s Get:48 http://ftpmaster.internal/ubuntu plucky/main arm64 libipa-hbac-dev arm64 2.10.1-2ubuntu3 [6668 B] 319s Get:49 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-certmap-dev arm64 2.10.1-2ubuntu3 [5728 B] 319s Get:50 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-idmap-dev arm64 2.10.1-2ubuntu3 [8378 B] 319s Get:51 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-nss-idmap-dev arm64 2.10.1-2ubuntu3 [6712 B] 319s Get:52 http://ftpmaster.internal/ubuntu plucky/universe arm64 libsss-sudo arm64 2.10.1-2ubuntu3 [22.1 kB] 319s Get:53 http://ftpmaster.internal/ubuntu plucky/universe arm64 python3-libipa-hbac arm64 2.10.1-2ubuntu3 [16.8 kB] 319s Get:54 http://ftpmaster.internal/ubuntu plucky/universe arm64 python3-libsss-nss-idmap arm64 2.10.1-2ubuntu3 [9290 B] 319s Get:55 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ad-common arm64 2.10.1-2ubuntu3 [74.2 kB] 320s Get:56 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-krb5-common arm64 2.10.1-2ubuntu3 [90.2 kB] 320s Get:57 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ad arm64 2.10.1-2ubuntu3 [136 kB] 320s Get:58 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ipa arm64 2.10.1-2ubuntu3 [223 kB] 320s Get:59 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-krb5 arm64 2.10.1-2ubuntu3 [14.4 kB] 320s Get:60 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ldap arm64 2.10.1-2ubuntu3 [31.7 kB] 320s Get:61 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-proxy arm64 2.10.1-2ubuntu3 [44.3 kB] 320s Get:62 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd arm64 2.10.1-2ubuntu3 [4122 B] 320s Get:63 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-dbus arm64 2.10.1-2ubuntu3 [101 kB] 320s Get:64 http://ftpmaster.internal/ubuntu plucky/universe arm64 sssd-kcm arm64 2.10.1-2ubuntu3 [138 kB] 320s Get:65 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-tools arm64 2.10.1-2ubuntu3 [98.7 kB] 321s Preconfiguring packages ... 321s Fetched 13.2 MB in 14s (937 kB/s) 321s Selecting previously unselected package libargon2-1:arm64. 321s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81647 files and directories currently installed.) 321s Preparing to unpack .../00-libargon2-1_0~20190702+dfsg-4build1_arm64.deb ... 321s Unpacking libargon2-1:arm64 (0~20190702+dfsg-4build1) ... 321s Selecting previously unselected package libltdl7:arm64. 321s Preparing to unpack .../01-libltdl7_2.5.4-4_arm64.deb ... 321s Unpacking libltdl7:arm64 (2.5.4-4) ... 321s Selecting previously unselected package libodbc2:arm64. 321s Preparing to unpack .../02-libodbc2_2.3.12-2ubuntu1_arm64.deb ... 321s Unpacking libodbc2:arm64 (2.3.12-2ubuntu1) ... 321s Selecting previously unselected package slapd. 322s Preparing to unpack .../03-slapd_2.6.9+dfsg-1~exp2ubuntu1_arm64.deb ... 322s Unpacking slapd (2.6.9+dfsg-1~exp2ubuntu1) ... 322s Selecting previously unselected package libtcl8.6:arm64. 322s Preparing to unpack .../04-libtcl8.6_8.6.16+dfsg-1_arm64.deb ... 322s Unpacking libtcl8.6:arm64 (8.6.16+dfsg-1) ... 322s Selecting previously unselected package tcl8.6. 322s Preparing to unpack .../05-tcl8.6_8.6.16+dfsg-1_arm64.deb ... 322s Unpacking tcl8.6 (8.6.16+dfsg-1) ... 322s Selecting previously unselected package tcl-expect:arm64. 322s Preparing to unpack .../06-tcl-expect_5.45.4-4_arm64.deb ... 322s Unpacking tcl-expect:arm64 (5.45.4-4) ... 322s Selecting previously unselected package expect. 322s Preparing to unpack .../07-expect_5.45.4-4_arm64.deb ... 322s Unpacking expect (5.45.4-4) ... 322s Selecting previously unselected package ldap-utils. 322s Preparing to unpack .../08-ldap-utils_2.6.9+dfsg-1~exp2ubuntu1_arm64.deb ... 322s Unpacking ldap-utils (2.6.9+dfsg-1~exp2ubuntu1) ... 322s Selecting previously unselected package libavahi-common-data:arm64. 322s Preparing to unpack .../09-libavahi-common-data_0.8-16ubuntu1_arm64.deb ... 322s Unpacking libavahi-common-data:arm64 (0.8-16ubuntu1) ... 322s Selecting previously unselected package libavahi-common3:arm64. 322s Preparing to unpack .../10-libavahi-common3_0.8-16ubuntu1_arm64.deb ... 322s Unpacking libavahi-common3:arm64 (0.8-16ubuntu1) ... 322s Selecting previously unselected package libavahi-client3:arm64. 322s Preparing to unpack .../11-libavahi-client3_0.8-16ubuntu1_arm64.deb ... 322s Unpacking libavahi-client3:arm64 (0.8-16ubuntu1) ... 322s Selecting previously unselected package libbasicobjects0t64:arm64. 322s Preparing to unpack .../12-libbasicobjects0t64_0.6.2-3_arm64.deb ... 322s Unpacking libbasicobjects0t64:arm64 (0.6.2-3) ... 322s Selecting previously unselected package libcares2:arm64. 322s Preparing to unpack .../13-libcares2_1.34.4-2.1_arm64.deb ... 322s Unpacking libcares2:arm64 (1.34.4-2.1) ... 322s Selecting previously unselected package libcollection4t64:arm64. 322s Preparing to unpack .../14-libcollection4t64_0.6.2-3_arm64.deb ... 322s Unpacking libcollection4t64:arm64 (0.6.2-3) ... 322s Selecting previously unselected package libcrack2:arm64. 322s Preparing to unpack .../15-libcrack2_2.9.6-5.2build1_arm64.deb ... 322s Unpacking libcrack2:arm64 (2.9.6-5.2build1) ... 322s Selecting previously unselected package libdhash1t64:arm64. 322s Preparing to unpack .../16-libdhash1t64_0.6.2-3_arm64.deb ... 322s Unpacking libdhash1t64:arm64 (0.6.2-3) ... 322s Selecting previously unselected package libevent-2.1-7t64:arm64. 322s Preparing to unpack .../17-libevent-2.1-7t64_2.1.12-stable-10_arm64.deb ... 322s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 322s Selecting previously unselected package libpath-utils1t64:arm64. 322s Preparing to unpack .../18-libpath-utils1t64_0.6.2-3_arm64.deb ... 322s Unpacking libpath-utils1t64:arm64 (0.6.2-3) ... 322s Selecting previously unselected package libref-array1t64:arm64. 322s Preparing to unpack .../19-libref-array1t64_0.6.2-3_arm64.deb ... 322s Unpacking libref-array1t64:arm64 (0.6.2-3) ... 322s Selecting previously unselected package libini-config5t64:arm64. 322s Preparing to unpack .../20-libini-config5t64_0.6.2-3_arm64.deb ... 322s Unpacking libini-config5t64:arm64 (0.6.2-3) ... 322s Selecting previously unselected package libipa-hbac0t64. 322s Preparing to unpack .../21-libipa-hbac0t64_2.10.1-2ubuntu3_arm64.deb ... 322s Unpacking libipa-hbac0t64 (2.10.1-2ubuntu3) ... 322s Selecting previously unselected package libjose0:arm64. 322s Preparing to unpack .../22-libjose0_14-1_arm64.deb ... 322s Unpacking libjose0:arm64 (14-1) ... 322s Selecting previously unselected package libverto-libevent1t64:arm64. 323s Preparing to unpack .../23-libverto-libevent1t64_0.3.1-1.2ubuntu3_arm64.deb ... 323s Unpacking libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 323s Selecting previously unselected package libverto1t64:arm64. 323s Preparing to unpack .../24-libverto1t64_0.3.1-1.2ubuntu3_arm64.deb ... 323s Unpacking libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 323s Selecting previously unselected package libkrad0:arm64. 323s Preparing to unpack .../25-libkrad0_1.21.3-4ubuntu2_arm64.deb ... 323s Unpacking libkrad0:arm64 (1.21.3-4ubuntu2) ... 323s Selecting previously unselected package libtalloc2:arm64. 323s Preparing to unpack .../26-libtalloc2_2%3a2.4.2+samba4.21.4+dfsg-1ubuntu3_arm64.deb ... 323s Unpacking libtalloc2:arm64 (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 323s Selecting previously unselected package libtdb1:arm64. 323s Preparing to unpack .../27-libtdb1_2%3a1.4.12+samba4.21.4+dfsg-1ubuntu3_arm64.deb ... 323s Unpacking libtdb1:arm64 (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 323s Selecting previously unselected package libtevent0t64:arm64. 323s Preparing to unpack .../28-libtevent0t64_2%3a0.16.1+samba4.21.4+dfsg-1ubuntu3_arm64.deb ... 323s Unpacking libtevent0t64:arm64 (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 323s Selecting previously unselected package libldb2:arm64. 323s Preparing to unpack .../29-libldb2_2%3a2.10.0+samba4.21.4+dfsg-1ubuntu3_arm64.deb ... 323s Unpacking libldb2:arm64 (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 323s Selecting previously unselected package libnfsidmap1:arm64. 323s Preparing to unpack .../30-libnfsidmap1_1%3a2.8.2-2ubuntu1_arm64.deb ... 323s Unpacking libnfsidmap1:arm64 (1:2.8.2-2ubuntu1) ... 323s Selecting previously unselected package libnss-sudo. 323s Preparing to unpack .../31-libnss-sudo_1.9.16p2-1ubuntu1_all.deb ... 323s Unpacking libnss-sudo (1.9.16p2-1ubuntu1) ... 323s Selecting previously unselected package libpwquality-common. 323s Preparing to unpack .../32-libpwquality-common_1.4.5-4_all.deb ... 323s Unpacking libpwquality-common (1.4.5-4) ... 323s Selecting previously unselected package libpwquality1:arm64. 323s Preparing to unpack .../33-libpwquality1_1.4.5-4_arm64.deb ... 323s Unpacking libpwquality1:arm64 (1.4.5-4) ... 323s Selecting previously unselected package libpam-pwquality:arm64. 323s Preparing to unpack .../34-libpam-pwquality_1.4.5-4_arm64.deb ... 323s Unpacking libpam-pwquality:arm64 (1.4.5-4) ... 323s Selecting previously unselected package libwbclient0:arm64. 323s Preparing to unpack .../35-libwbclient0_2%3a4.21.4+dfsg-1ubuntu3_arm64.deb ... 323s Unpacking libwbclient0:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 323s Selecting previously unselected package samba-libs:arm64. 323s Preparing to unpack .../36-samba-libs_2%3a4.21.4+dfsg-1ubuntu3_arm64.deb ... 323s Unpacking samba-libs:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 323s Selecting previously unselected package libsmbclient0:arm64. 323s Preparing to unpack .../37-libsmbclient0_2%3a4.21.4+dfsg-1ubuntu3_arm64.deb ... 323s Unpacking libsmbclient0:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 323s Selecting previously unselected package libnss-sss:arm64. 323s Preparing to unpack .../38-libnss-sss_2.10.1-2ubuntu3_arm64.deb ... 323s Unpacking libnss-sss:arm64 (2.10.1-2ubuntu3) ... 323s Selecting previously unselected package libpam-sss:arm64. 323s Preparing to unpack .../39-libpam-sss_2.10.1-2ubuntu3_arm64.deb ... 323s Unpacking libpam-sss:arm64 (2.10.1-2ubuntu3) ... 323s Selecting previously unselected package python3-sss. 323s Preparing to unpack .../40-python3-sss_2.10.1-2ubuntu3_arm64.deb ... 323s Unpacking python3-sss (2.10.1-2ubuntu3) ... 323s Selecting previously unselected package libsss-certmap0. 323s Preparing to unpack .../41-libsss-certmap0_2.10.1-2ubuntu3_arm64.deb ... 323s Unpacking libsss-certmap0 (2.10.1-2ubuntu3) ... 323s Selecting previously unselected package libsss-idmap0. 323s Preparing to unpack .../42-libsss-idmap0_2.10.1-2ubuntu3_arm64.deb ... 323s Unpacking libsss-idmap0 (2.10.1-2ubuntu3) ... 323s Selecting previously unselected package libsss-nss-idmap0. 323s Preparing to unpack .../43-libsss-nss-idmap0_2.10.1-2ubuntu3_arm64.deb ... 323s Unpacking libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 323s Selecting previously unselected package sssd-common. 323s Preparing to unpack .../44-sssd-common_2.10.1-2ubuntu3_arm64.deb ... 323s Unpacking sssd-common (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-idp. 324s Preparing to unpack .../45-sssd-idp_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-idp (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-passkey. 324s Preparing to unpack .../46-sssd-passkey_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-passkey (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package libipa-hbac-dev. 324s Preparing to unpack .../47-libipa-hbac-dev_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking libipa-hbac-dev (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package libsss-certmap-dev. 324s Preparing to unpack .../48-libsss-certmap-dev_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking libsss-certmap-dev (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package libsss-idmap-dev. 324s Preparing to unpack .../49-libsss-idmap-dev_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking libsss-idmap-dev (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package libsss-nss-idmap-dev. 324s Preparing to unpack .../50-libsss-nss-idmap-dev_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking libsss-nss-idmap-dev (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package libsss-sudo. 324s Preparing to unpack .../51-libsss-sudo_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking libsss-sudo (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package python3-libipa-hbac. 324s Preparing to unpack .../52-python3-libipa-hbac_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking python3-libipa-hbac (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package python3-libsss-nss-idmap. 324s Preparing to unpack .../53-python3-libsss-nss-idmap_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking python3-libsss-nss-idmap (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-ad-common. 324s Preparing to unpack .../54-sssd-ad-common_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-ad-common (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-krb5-common. 324s Preparing to unpack .../55-sssd-krb5-common_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-krb5-common (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-ad. 324s Preparing to unpack .../56-sssd-ad_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-ad (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-ipa. 324s Preparing to unpack .../57-sssd-ipa_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-ipa (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-krb5. 324s Preparing to unpack .../58-sssd-krb5_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-krb5 (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-ldap. 324s Preparing to unpack .../59-sssd-ldap_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-ldap (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-proxy. 324s Preparing to unpack .../60-sssd-proxy_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-proxy (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd. 324s Preparing to unpack .../61-sssd_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-dbus. 324s Preparing to unpack .../62-sssd-dbus_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-dbus (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-kcm. 324s Preparing to unpack .../63-sssd-kcm_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-kcm (2.10.1-2ubuntu3) ... 324s Selecting previously unselected package sssd-tools. 324s Preparing to unpack .../64-sssd-tools_2.10.1-2ubuntu3_arm64.deb ... 324s Unpacking sssd-tools (2.10.1-2ubuntu3) ... 324s Setting up libpwquality-common (1.4.5-4) ... 324s Setting up libnfsidmap1:arm64 (1:2.8.2-2ubuntu1) ... 324s Setting up libsss-idmap0 (2.10.1-2ubuntu3) ... 324s Setting up libbasicobjects0t64:arm64 (0.6.2-3) ... 324s Setting up libipa-hbac0t64 (2.10.1-2ubuntu3) ... 324s Setting up libsss-idmap-dev (2.10.1-2ubuntu3) ... 324s Setting up libref-array1t64:arm64 (0.6.2-3) ... 324s Setting up libipa-hbac-dev (2.10.1-2ubuntu3) ... 324s Setting up libtdb1:arm64 (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 324s Setting up libargon2-1:arm64 (0~20190702+dfsg-4build1) ... 324s Setting up libcollection4t64:arm64 (0.6.2-3) ... 324s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 324s Setting up ldap-utils (2.6.9+dfsg-1~exp2ubuntu1) ... 324s Setting up libjose0:arm64 (14-1) ... 324s Setting up libwbclient0:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 324s Setting up libtalloc2:arm64 (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 324s Setting up libpath-utils1t64:arm64 (0.6.2-3) ... 324s Setting up libavahi-common-data:arm64 (0.8-16ubuntu1) ... 324s Setting up libcares2:arm64 (1.34.4-2.1) ... 324s Setting up libdhash1t64:arm64 (0.6.2-3) ... 324s Setting up libtcl8.6:arm64 (8.6.16+dfsg-1) ... 324s Setting up libltdl7:arm64 (2.5.4-4) ... 324s Setting up libcrack2:arm64 (2.9.6-5.2build1) ... 324s Setting up libodbc2:arm64 (2.3.12-2ubuntu1) ... 324s Setting up python3-libipa-hbac (2.10.1-2ubuntu3) ... 324s Setting up libnss-sudo (1.9.16p2-1ubuntu1) ... 324s Setting up libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 324s Setting up libini-config5t64:arm64 (0.6.2-3) ... 324s Setting up libtevent0t64:arm64 (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 324s Setting up libnss-sss:arm64 (2.10.1-2ubuntu3) ... 324s Setting up slapd (2.6.9+dfsg-1~exp2ubuntu1) ... 325s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 325s Can't find configuration db, was SSSD configured and run? 325s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 325s Can't find configuration db, was SSSD configured and run? 325s Creating new user openldap... [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 325s Can't find configuration db, was SSSD configured and run? 325s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 325s Can't find configuration db, was SSSD configured and run? 325s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 325s Can't find configuration db, was SSSD configured and run? 325s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 325s Can't find configuration db, was SSSD configured and run? 325s done. 325s Creating initial configuration... done. 325s Creating LDAP directory... done. 325s Created symlink '/etc/systemd/system/multi-user.target.wants/slapd.service' → '/usr/lib/systemd/system/slapd.service'. 326s Setting up tcl8.6 (8.6.16+dfsg-1) ... 326s Setting up libsss-sudo (2.10.1-2ubuntu3) ... 326s Setting up libsss-nss-idmap-dev (2.10.1-2ubuntu3) ... 326s Setting up libavahi-common3:arm64 (0.8-16ubuntu1) ... 326s Setting up tcl-expect:arm64 (5.45.4-4) ... 326s Setting up libsss-certmap0 (2.10.1-2ubuntu3) ... 326s Setting up libpwquality1:arm64 (1.4.5-4) ... 326s Setting up python3-libsss-nss-idmap (2.10.1-2ubuntu3) ... 326s Setting up libldb2:arm64 (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 326s Setting up libavahi-client3:arm64 (0.8-16ubuntu1) ... 326s Setting up expect (5.45.4-4) ... 326s Setting up libpam-pwquality:arm64 (1.4.5-4) ... 326s Setting up samba-libs:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 326s Setting up libsss-certmap-dev (2.10.1-2ubuntu3) ... 326s Setting up python3-sss (2.10.1-2ubuntu3) ... 326s Setting up libsmbclient0:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 326s Setting up libpam-sss:arm64 (2.10.1-2ubuntu3) ... 326s Setting up sssd-common (2.10.1-2ubuntu3) ... 326s Creating SSSD system user & group... 326s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 326s Can't find configuration db, was SSSD configured and run? 326s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 326s Can't find configuration db, was SSSD configured and run? 326s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 326s Can't find configuration db, was SSSD configured and run? 326s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 326s Can't find configuration db, was SSSD configured and run? 326s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 326s Can't find configuration db, was SSSD configured and run? 326s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 326s Can't find configuration db, was SSSD configured and run? 326s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 326s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 326s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 326s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 327s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 327s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 327s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 328s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 328s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 328s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 328s sssd-autofs.service is a disabled or a static unit, not starting it. 328s sssd-nss.service is a disabled or a static unit, not starting it. 328s sssd-pam.service is a disabled or a static unit, not starting it. 329s sssd-ssh.service is a disabled or a static unit, not starting it. 329s sssd-sudo.service is a disabled or a static unit, not starting it. 329s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 329s Setting up sssd-proxy (2.10.1-2ubuntu3) ... 329s Setting up sssd-kcm (2.10.1-2ubuntu3) ... 329s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 329s sssd-kcm.service is a disabled or a static unit, not starting it. 329s Setting up sssd-dbus (2.10.1-2ubuntu3) ... 330s sssd-ifp.service is a disabled or a static unit, not starting it. 330s Setting up sssd-ad-common (2.10.1-2ubuntu3) ... 330s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 330s sssd-pac.service is a disabled or a static unit, not starting it. 330s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 330s Setting up sssd-krb5-common (2.10.1-2ubuntu3) ... 330s Setting up sssd-krb5 (2.10.1-2ubuntu3) ... 330s Setting up sssd-ldap (2.10.1-2ubuntu3) ... 330s Setting up sssd-ad (2.10.1-2ubuntu3) ... 330s Setting up sssd-tools (2.10.1-2ubuntu3) ... 330s Setting up sssd-ipa (2.10.1-2ubuntu3) ... 330s Setting up sssd (2.10.1-2ubuntu3) ... 330s Setting up libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 330s Setting up libkrad0:arm64 (1.21.3-4ubuntu2) ... 330s Setting up libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 330s Setting up sssd-passkey (2.10.1-2ubuntu3) ... 330s Setting up sssd-idp (2.10.1-2ubuntu3) ... 330s Processing triggers for libc-bin (2.41-1ubuntu2) ... 330s Processing triggers for man-db (2.13.0-1) ... 332s Processing triggers for dbus (1.16.2-1ubuntu1) ... 338s autopkgtest [15:09:58]: test ldap-user-group-ldap-auth: [----------------------- 338s + . debian/tests/util 338s + . debian/tests/common-tests 338s + trap cleanup EXIT 338s + mydomain=example.com 338s + myhostname=ldap.example.com 338s + mysuffix=dc=example,dc=com 338s + admin_dn=cn=admin,dc=example,dc=com 338s + admin_pw=secret 338s + ldap_user=testuser1 338s + ldap_user_pw=testuser1secret 338s + ldap_group=ldapusers 338s + adjust_hostname ldap.example.com 338s + local myhostname=ldap.example.com 338s + echo ldap.example.com 338s + hostname ldap.example.com 338s + grep -qE ldap.example.com /etc/hosts 338s + echo 127.0.1.10 ldap.example.com 338s + reconfigure_slapd 338s + debconf-set-selections 338s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 338s + dpkg-reconfigure -fnoninteractive -pcritical slapd 338s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1... done. 338s Moving old database directory to /var/backups: 338s - directory unknown... done. 339s Creating initial configuration... done. 339s Creating LDAP directory... done. 339s + generate_certs ldap.example.com 339s + local cn=ldap.example.com 339s + local cert=/etc/ldap/server.pem 339s + local key=/etc/ldap/server.key 339s + local cnf=/etc/ldap/openssl.cnf 339s + cat 339s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 339s ....+...........+.+.....+...+.+...+..+....+.....+..........+......+........+.............+..+.+......+.....+...+.......+.....+....+..+...+....+++++++++++++++++++++++++++++++++++++++*.+.+..+++++++++++++++++++++++++++++++++++++++*.+...+...+..+.......+...+...........+.........+.+.....+...............+.+......+.................+.+..............+......+.+......+..+.......+...+....................+.+............+............+..+................+..+............+....+..+...+.+...+........+...+....+..+....+.....+.......+........+.+...+...+.............................+...+............+...+...+...+.+......+..+...............+...............+......+.+...+............+...+...+...+..+...+......+...+.+...........+....+......+...+.....+.++++++ 340s .+....+..+....+..+.........+.........+.......+.....+...+.+...............+...........+.........+......+..........+..............+.+............+.....+...+.......+...+..+++++++++++++++++++++++++++++++++++++++*...+....+...+......+......+++++++++++++++++++++++++++++++++++++++*.........+............+..+.+.....+..........+..............+.......+.....+.+..+...+....+...+......+..+.........+....+...........+......+.......+............+...+.....+.+.....+.+.....+..........+...+..+.........+......+.+...+..+............+..........+......+......+......+...+....................+.........+.+.....+.......+.....+...............+...+....+...+..+.+..+.......+..+...+.....................+.+.....+.........+......+....+.....++++++ 340s ----- 340s + chmod 0640 /etc/ldap/server.key 340s + chgrp openldap /etc/ldap/server.key 340s + [ ! -f /etc/ldap/server.pem ] 340s + [ ! -f /etc/ldap/server.key ] 340s + enable_ldap_ssl 340s + cat 340s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 340s + cat 340s modifying entry "cn=config" 340s 340s + populate_ldap_rfc2307 340s + + cat 340s ldapadd -x -D cn=admin,dc=example,dc=com -w secret 340s adding new entry "ou=People,dc=example,dc=com" 340s 340s adding new entry "ou=Group,dc=example,dc=com" 340s 340s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 340s 340s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 340s 340s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 340s 340s + configure_sssd_ldap_rfc2307 340s + cat 340s + chmod 0600 /etc/sssd/sssd.conf 340s + systemctl restart sssd 340s + enable_pam_mkhomedir 340s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 340s Assert local user databases do not have our LDAP test data 340s + echo session optional pam_mkhomedir.so 340s + run_common_tests 340s + echo Assert local user databases do not have our LDAP test data 340s + check_local_user testuser1 340s + local local_user=testuser1 340s + grep -q ^testuser1 /etc/passwd 340s + check_local_group testuser1 340s + local local_group=testuser1 340s + grep -q ^testuser1 /etc/group 340s + check_local_group ldapusers 340s + local local_group=ldapusers 340s + grep -q ^ldapusers /etc/group 340s The LDAP user is known to the system via getent 340s + echo The LDAP user is known to the system via getent 340s + check_getent_user testuser1 340s + local getent_user=testuser1 340s + local output 340s + getent passwd testuser1 340s The LDAP user's private group is known to the system via getent 340s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 340s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 340s + echo The LDAP user's private group is known to the system via getent 340s + check_getent_group testuser1 340s + local getent_group=testuser1 340s + local output 340s + getent group testuser1 340s + output=testuser1:*:10001:testuser1 340s + [ -z testuser1:*:10001:testuser1 ] 340s + echo The LDAP group ldapusers is known to the system via getent 340s + check_getent_group ldapusers 340s + local getent_group=ldapusers 340s + local output 340s + getent group ldapusers 340s The LDAP group ldapusers is known to the system via getent 340s The id(1) command can resolve the group membership of the LDAP user 340s + output=ldapusers:*:10100:testuser1 340s + [ -z ldapusers:*:10100:testuser1 ] 340s + echo The id(1) command can resolve the group membership of the LDAP user 340s + id -Gn testuser1 340s + output=testuser1 ldapusers 340s + [ testuser1 ldapusers != testuser1 ldapusers ] 340s + echo The LDAP user can login via ssh 340s + setup_sshd_password_auth 340s + cat 340s The LDAP user can login via ssh 340s + systemctl restart ssh 340s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 340s spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no testuser1@localhost 340s Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. 340s testuser1@localhost's password: 341s Creating directory '/home/testuser1'. 341s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.14.0-10-generic aarch64) 341s 341s * Documentation: https://help.ubuntu.com 341s * Management: https://landscape.canonical.com 341s * Support: https://ubuntu.com/pro 341s 341s 341s The programs included with the Ubuntu system are free software; 341s the exact distribution terms for each program are described in the 341s individual files in /usr/share/doc/*/copyright. 341s 341s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 341s applicable law. 341s 341s [?2004htestuser1@ldap:~$ id -un 341s [?2004l testuser1 341s [?2004htestuser1@ldap:~$ ## All tests passed, phew 341s + cleanup 341s + result=0 341s + set +e 341s + [ 0 -ne 0 ] 341s + echo ## All tests passed, phew 341s + cleanup_sshd_config 341s + rm -f /etc/ssh/sshd_config.d/00-dep8.conf 341s + systemctl restart ssh 341s autopkgtest [15:10:01]: test ldap-user-group-ldap-auth: -----------------------] 342s autopkgtest [15:10:02]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 342s ldap-user-group-ldap-auth PASS 342s autopkgtest [15:10:02]: test ldap-user-group-krb5-auth: preparing testbed 343s Reading package lists... 343s Building dependency tree... 343s Reading state information... 343s Starting pkgProblemResolver with broken count: 0 343s Starting 2 pkgProblemResolver with broken count: 0 343s Done 344s The following NEW packages will be installed: 344s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 344s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 344s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 344s Need to get 609 kB of archives. 344s After this operation, 2994 kB of additional disk space will be used. 344s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 krb5-config all 2.7 [22.0 kB] 344s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 libgssrpc4t64 arm64 1.21.3-4ubuntu2 [58.5 kB] 344s Get:3 http://ftpmaster.internal/ubuntu plucky/main arm64 libkadm5clnt-mit12 arm64 1.21.3-4ubuntu2 [40.3 kB] 345s Get:4 http://ftpmaster.internal/ubuntu plucky/main arm64 libkdb5-10t64 arm64 1.21.3-4ubuntu2 [40.9 kB] 345s Get:5 http://ftpmaster.internal/ubuntu plucky/main arm64 libkadm5srv-mit12 arm64 1.21.3-4ubuntu2 [53.8 kB] 345s Get:6 http://ftpmaster.internal/ubuntu plucky/universe arm64 krb5-user arm64 1.21.3-4ubuntu2 [109 kB] 345s Get:7 http://ftpmaster.internal/ubuntu plucky/universe arm64 krb5-kdc arm64 1.21.3-4ubuntu2 [190 kB] 345s Get:8 http://ftpmaster.internal/ubuntu plucky/universe arm64 krb5-admin-server arm64 1.21.3-4ubuntu2 [95.3 kB] 345s Preconfiguring packages ... 347s Fetched 609 kB in 1s (570 kB/s) 347s Selecting previously unselected package krb5-config. 347s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 82932 files and directories currently installed.) 347s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 347s Unpacking krb5-config (2.7) ... 347s Selecting previously unselected package libgssrpc4t64:arm64. 347s Preparing to unpack .../1-libgssrpc4t64_1.21.3-4ubuntu2_arm64.deb ... 347s Unpacking libgssrpc4t64:arm64 (1.21.3-4ubuntu2) ... 347s Selecting previously unselected package libkadm5clnt-mit12:arm64. 347s Preparing to unpack .../2-libkadm5clnt-mit12_1.21.3-4ubuntu2_arm64.deb ... 347s Unpacking libkadm5clnt-mit12:arm64 (1.21.3-4ubuntu2) ... 347s Selecting previously unselected package libkdb5-10t64:arm64. 347s Preparing to unpack .../3-libkdb5-10t64_1.21.3-4ubuntu2_arm64.deb ... 347s Unpacking libkdb5-10t64:arm64 (1.21.3-4ubuntu2) ... 347s Selecting previously unselected package libkadm5srv-mit12:arm64. 347s Preparing to unpack .../4-libkadm5srv-mit12_1.21.3-4ubuntu2_arm64.deb ... 347s Unpacking libkadm5srv-mit12:arm64 (1.21.3-4ubuntu2) ... 347s Selecting previously unselected package krb5-user. 347s Preparing to unpack .../5-krb5-user_1.21.3-4ubuntu2_arm64.deb ... 347s Unpacking krb5-user (1.21.3-4ubuntu2) ... 347s Selecting previously unselected package krb5-kdc. 347s Preparing to unpack .../6-krb5-kdc_1.21.3-4ubuntu2_arm64.deb ... 347s Unpacking krb5-kdc (1.21.3-4ubuntu2) ... 347s Selecting previously unselected package krb5-admin-server. 347s Preparing to unpack .../7-krb5-admin-server_1.21.3-4ubuntu2_arm64.deb ... 347s Unpacking krb5-admin-server (1.21.3-4ubuntu2) ... 347s Setting up libgssrpc4t64:arm64 (1.21.3-4ubuntu2) ... 347s Setting up krb5-config (2.7) ... 347s Setting up libkadm5clnt-mit12:arm64 (1.21.3-4ubuntu2) ... 347s Setting up libkdb5-10t64:arm64 (1.21.3-4ubuntu2) ... 347s Setting up libkadm5srv-mit12:arm64 (1.21.3-4ubuntu2) ... 347s Setting up krb5-user (1.21.3-4ubuntu2) ... 347s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 347s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 347s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 347s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 347s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 347s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 347s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 347s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 347s Setting up krb5-kdc (1.21.3-4ubuntu2) ... 348s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 348s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 348s Setting up krb5-admin-server (1.21.3-4ubuntu2) ... 349s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 349s Processing triggers for man-db (2.13.0-1) ... 350s Processing triggers for libc-bin (2.41-1ubuntu2) ... 356s autopkgtest [15:10:16]: test ldap-user-group-krb5-auth: [----------------------- 356s + . debian/tests/util 356s + . debian/tests/common-tests 356s + trap cleanup EXIT 356s + mydomain=example.com 356s + myhostname=ldap.example.com 356s + mysuffix=dc=example,dc=com 356s + myrealm=EXAMPLE.COM 356s + admin_dn=cn=admin,dc=example,dc=com 356s + admin_pw=secret 356s + ldap_user=testuser1 356s + ldap_user_pw=testuser1secret 356s + kerberos_principal_pw=testuser1kerberos 356s + ldap_group=ldapusers 356s + adjust_hostname ldap.example.com 356s + local myhostname=ldap.example.com 356s + echo ldap.example.com 356s + hostname ldap.example.com 356s + grep -qE ldap.example.com /etc/hosts 356s + reconfigure_slapd 356s + debconf-set-selections 356s + rm -rf /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1 /var/backups/unknown-2.6.9+dfsg-1~exp2ubuntu1-20250315-150958.ldapdb 356s + dpkg-reconfigure -fnoninteractive -pcritical slapd 357s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1... done. 357s Moving old database directory to /var/backups: 357s - directory unknown... done. 357s Creating initial configuration... done. 357s Creating LDAP directory... done. 358s + generate_certs ldap.example.com 358s + local cn=ldap.example.com 358s + local cert=/etc/ldap/server.pem 358s + local key=/etc/ldap/server.key 358s + local cnf=/etc/ldap/openssl.cnf 358s + cat 358s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 358s .+++++++++++++++++++++++++++++++++++++++*.....+++++++++++++++++++++++++++++++++++++++*..+....+.....+...........................+.+..+...+....+...........+...+.+.........+..+..........+...+......+........+...+.......+......+......+...+..+...+.+......+......+.....+...+....+..+...................+.....+....+...+...+...............+.........+...........+.+...+...........+.+.....+.+.....+....+...+.....+...+....+.........+.........+..+...+.+..+.........+......+....+.........+..+.........+.+........+......+.........+.+.....+...+..........+......+..+...+....+.....+.+...........+...+.......+......+................................+.......+.....+.+........+....+...+............+..+..........+.....+....+..+....+......+.........+.....+...++++++ 358s .+......+.............+++++++++++++++++++++++++++++++++++++++*..+.+..+.............+...+.....+................+........+..........+.....+...+++++++++++++++++++++++++++++++++++++++*...+...............+.....+....+.....+.......+..+......+.+......+..+.......+.....+.+............+..+.+..+.......+...+......+..+.............+.........+.....+..................+.......+..+...+...+.............+..+.........+....+...........+...+................+.....+.......+.........+.....+.+..+...+...+......+......+....+.....+.+.....+...+....+........+....+.........+..+....+........+...+....+.....+..........+......+..+...+...+....+..+...+......+....+..+.+........+................+...+.....+...+....+...+........+.............+.....+......+.+..+.............+..............+....+.........+..+....+..+.........+...+.+..+...+.......+.......................+.......+.....+.........+.+.........+..............+.......+.....+....+...+........+...+.........++++++ 358s ----- 358s + chmod 0640 /etc/ldap/server.key 358s + chgrp openldap /etc/ldap/server.key 358s + [ ! -f /etc/ldap/server.pem ] 358s + [ ! -f /etc/ldap/server.key ] 358s + enable_ldap_ssl 358s + cat 358s + cat 358s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 358s modifying entry "cn=config" 358s 358s + populate_ldap_rfc2307 358s + cat 358s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 358s adding new entry "ou=People,dc=example,dc=com" 358s 358s adding new entry "ou=Group,dc=example,dc=com" 358s 358s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 358s 358s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 358s 358s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 358s 358s + create_realm EXAMPLE.COM ldap.example.com 358s + local realm_name=EXAMPLE.COM 358s + local kerberos_server=ldap.example.com 358s + rm -rf /var/lib/krb5kdc/* 358s + rm -rf /etc/krb5kdc/kdc.conf 358s + rm -f /etc/krb5.keytab 358s + cat 358s + cat 358s + echo # */admin * 358s + kdb5_util create -s -P secretpassword 358s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 358s master key name 'K/M@EXAMPLE.COM' 358s + systemctl restart krb5-kdc.service krb5-admin-server.service 358s + create_krb_principal testuser1 testuser1kerberos 358s + local principal=testuser1 358s + local password=testuser1kerberos 358s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 358s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 358s Authenticating as principal root/admin@EXAMPLE.COM with password. 358s Principal "testuser1@EXAMPLE.COM" created. 358s + configure_sssd_ldap_rfc2307_krb5_auth 358s + cat 358s + chmod 0600 /etc/sssd/sssd.conf 358s + systemctl restart sssd 358s + enable_pam_mkhomedir 358s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 358s Assert local user databases do not have our LDAP test data 358s + run_common_tests 358s + echo Assert local user databases do not have our LDAP test data 358s + check_local_user testuser1 358s + local local_user=testuser1 358s + grep -q ^testuser1 /etc/passwd 358s + check_local_group testuser1 358s + local local_group=testuser1 358s + grep -q ^testuser1 /etc/group 358s The LDAP user is known to the system via getent 358s + check_local_group ldapusers 358s + local local_group=ldapusers 358s + grep -q ^ldapusers /etc/group 358s + echo The LDAP user is known to the system via getent 358s + check_getent_user testuser1 358s + local getent_user=testuser1 358s + local output 358s + getent passwd testuser1 358s The LDAP user's private group is known to the system via getent 358s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 358s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 358s + echo The LDAP user's private group is known to the system via getent 358s + check_getent_group testuser1 358s + local getent_group=testuser1 358s + local output 358s + getent group testuser1 358s The LDAP group ldapusers is known to the system via getent 358s + output=testuser1:*:10001:testuser1 358s + [ -z testuser1:*:10001:testuser1 ] 358s + echo The LDAP group ldapusers is known to the system via getent 358s + check_getent_group ldapusers 358s + local getent_group=ldapusers 358s + local output 358s + getent group ldapusers 358s The id(1) command can resolve the group membership of the LDAP user 358s + output=ldapusers:*:10100:testuser1 358s + [ -z ldapusers:*:10100:testuser1 ] 358s + echo The id(1) command can resolve the group membership of the LDAP user 358s + id -Gn testuser1 358s The Kerberos principal can login via ssh 358s + output=testuser1 ldapusers 358s + [ testuser1 ldapusers != testuser1 ldapusers ] 358s + echo The Kerberos principal can login via ssh 358s + setup_sshd_password_auth 358s + cat 358s + systemctl restart ssh 358s + kdestroy 358s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 358s spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no testuser1@localhost 359s Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. 359s testuser1@localhost's password: 359s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.14.0-10-generic aarch64) 359s 359s * Documentation: https://help.ubuntu.com 359s * Management: https://landscape.canonical.com 359s * Support: https://ubuntu.com/pro 359s 359s Last login: Sat Mar 15 15:10:01 2025 from ::1 359s [?2004htestuser1@ldap:~$ id -un 359s [?2004l testuser1 359s [?2004htestuser1@ldap:~$ klist 359s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_UZjLxn 359s Default principal: testuser1@EXAMPLE.COM 359s 359s Valid starting Expires Service principal 359s 03/15/25 15:10:19 03/16/25 01:10:19 krbtgt/EXAMPLE.COM@EXAMPLE.COM 359s renew until 03/16/25 15:10:19 359s + cleanup 359s + result=0 359s + set +e 359s + [ 0 -ne 0 ] 359s + echo ## All tests passed, phew 359s + cleanup_sshd_config 359s + rm -f /etc/ssh/sshd_config.d/00-dep8.conf 359s ## All tests passed, phew 359s + systemctl restart ssh 360s autopkgtest [15:10:20]: test ldap-user-group-krb5-auth: -----------------------] 360s ldap-user-group-krb5-auth PASS 360s autopkgtest [15:10:20]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 360s autopkgtest [15:10:20]: test sssd-softhism2-certificates-tests.sh: preparing testbed 558s autopkgtest [15:13:38]: testbed dpkg architecture: arm64 558s autopkgtest [15:13:38]: testbed apt version: 2.9.33 558s autopkgtest [15:13:38]: @@@@@@@@@@@@@@@@@@@@ test bed setup 559s autopkgtest [15:13:39]: testbed release detected to be: plucky 559s autopkgtest [15:13:39]: updating testbed package index (apt update) 560s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [126 kB] 560s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 560s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 560s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 560s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [101 kB] 560s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [15.8 kB] 560s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [404 kB] 561s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 Packages [78.2 kB] 561s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 c-n-f Metadata [1976 B] 561s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted arm64 c-n-f Metadata [116 B] 561s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 Packages [346 kB] 561s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 c-n-f Metadata [15.8 kB] 561s Get:13 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse arm64 Packages [4948 B] 561s Get:14 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse arm64 c-n-f Metadata [572 B] 562s Fetched 1094 kB in 2s (663 kB/s) 563s Reading package lists... 563s Reading package lists... 564s Building dependency tree... 564s Reading state information... 564s Calculating upgrade... 565s Calculating upgrade... 566s The following packages will be upgraded: 566s python3-jinja2 strace 566s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 566s Need to get 608 kB of archives. 566s After this operation, 11.3 kB of additional disk space will be used. 566s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 strace arm64 6.13+ds-1ubuntu1 [499 kB] 567s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 python3-jinja2 all 3.1.5-2ubuntu1 [109 kB] 568s Fetched 608 kB in 1s (660 kB/s) 568s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 117701 files and directories currently installed.) 568s Preparing to unpack .../strace_6.13+ds-1ubuntu1_arm64.deb ... 568s Unpacking strace (6.13+ds-1ubuntu1) over (6.11-0ubuntu1) ... 568s Preparing to unpack .../python3-jinja2_3.1.5-2ubuntu1_all.deb ... 568s Unpacking python3-jinja2 (3.1.5-2ubuntu1) over (3.1.5-2) ... 568s Setting up python3-jinja2 (3.1.5-2ubuntu1) ... 569s Setting up strace (6.13+ds-1ubuntu1) ... 569s Processing triggers for man-db (2.13.0-1) ... 570s Reading package lists... 570s Building dependency tree... 570s Reading state information... 571s Solving dependencies... 572s The following packages will be REMOVED: 572s libnsl2* libpython3.12-minimal* libpython3.12-stdlib* libpython3.12t64* 572s libunwind8* linux-headers-6.11.0-8* linux-headers-6.11.0-8-generic* 572s linux-image-6.11.0-8-generic* linux-modules-6.11.0-8-generic* 572s linux-tools-6.11.0-8* linux-tools-6.11.0-8-generic* 572s 0 upgraded, 0 newly installed, 11 to remove and 5 not upgraded. 572s After this operation, 267 MB disk space will be freed. 572s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 117701 files and directories currently installed.) 572s Removing linux-tools-6.11.0-8-generic (6.11.0-8.8) ... 573s Removing linux-tools-6.11.0-8 (6.11.0-8.8) ... 573s Removing libpython3.12t64:arm64 (3.12.9-1) ... 573s Removing libpython3.12-stdlib:arm64 (3.12.9-1) ... 573s Removing libnsl2:arm64 (1.3.0-3build3) ... 573s Removing libpython3.12-minimal:arm64 (3.12.9-1) ... 573s Removing libunwind8:arm64 (1.6.2-3.1) ... 573s Removing linux-headers-6.11.0-8-generic (6.11.0-8.8) ... 573s Removing linux-headers-6.11.0-8 (6.11.0-8.8) ... 575s Removing linux-image-6.11.0-8-generic (6.11.0-8.8) ... 575s I: /boot/vmlinuz.old is now a symlink to vmlinuz-6.14.0-10-generic 575s I: /boot/initrd.img.old is now a symlink to initrd.img-6.14.0-10-generic 575s /etc/kernel/postrm.d/initramfs-tools: 575s update-initramfs: Deleting /boot/initrd.img-6.11.0-8-generic 576s /etc/kernel/postrm.d/zz-flash-kernel: 576s flash-kernel: Kernel 6.11.0-8-generic has been removed. 576s flash-kernel: A higher version (6.14.0-10-generic) is still installed, no reflashing required. 576s /etc/kernel/postrm.d/zz-update-grub: 576s Sourcing file `/etc/default/grub' 576s Sourcing file `/etc/default/grub.d/50-cloudimg-settings.cfg' 576s Generating grub configuration file ... 576s Found linux image: /boot/vmlinuz-6.14.0-10-generic 576s Found initrd image: /boot/initrd.img-6.14.0-10-generic 577s Warning: os-prober will not be executed to detect other bootable partitions. 577s Systems on them will not be added to the GRUB boot configuration. 577s Check GRUB_DISABLE_OS_PROBER documentation entry. 577s Adding boot menu entry for UEFI Firmware Settings ... 577s done 577s Removing linux-modules-6.11.0-8-generic (6.11.0-8.8) ... 577s Processing triggers for libc-bin (2.41-1ubuntu1) ... 577s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81650 files and directories currently installed.) 577s Purging configuration files for linux-image-6.11.0-8-generic (6.11.0-8.8) ... 577s Purging configuration files for libpython3.12-minimal:arm64 (3.12.9-1) ... 577s Purging configuration files for linux-modules-6.11.0-8-generic (6.11.0-8.8) ... 578s autopkgtest [15:13:58]: upgrading testbed (apt dist-upgrade and autopurge) 578s Reading package lists... 578s Building dependency tree... 578s Reading state information... 579s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 579s Starting 2 pkgProblemResolver with broken count: 0 579s Done 580s Entering ResolveByKeep 580s 580s Calculating upgrade... 581s The following packages will be upgraded: 581s libc-bin libc-dev-bin libc6 libc6-dev locales 581s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 581s Need to get 9530 kB of archives. 581s After this operation, 0 B of additional disk space will be used. 581s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libc6-dev arm64 2.41-1ubuntu2 [1750 kB] 583s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libc-dev-bin arm64 2.41-1ubuntu2 [24.0 kB] 583s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libc6 arm64 2.41-1ubuntu2 [2910 kB] 586s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libc-bin arm64 2.41-1ubuntu2 [600 kB] 586s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 locales all 2.41-1ubuntu2 [4246 kB] 590s Preconfiguring packages ... 590s Fetched 9530 kB in 9s (1095 kB/s) 590s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81647 files and directories currently installed.) 590s Preparing to unpack .../libc6-dev_2.41-1ubuntu2_arm64.deb ... 590s Unpacking libc6-dev:arm64 (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 591s Preparing to unpack .../libc-dev-bin_2.41-1ubuntu2_arm64.deb ... 591s Unpacking libc-dev-bin (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 591s Preparing to unpack .../libc6_2.41-1ubuntu2_arm64.deb ... 591s Unpacking libc6:arm64 (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 591s Setting up libc6:arm64 (2.41-1ubuntu2) ... 591s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81647 files and directories currently installed.) 591s Preparing to unpack .../libc-bin_2.41-1ubuntu2_arm64.deb ... 591s Unpacking libc-bin (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 592s Setting up libc-bin (2.41-1ubuntu2) ... 592s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81647 files and directories currently installed.) 592s Preparing to unpack .../locales_2.41-1ubuntu2_all.deb ... 592s Unpacking locales (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 592s Setting up locales (2.41-1ubuntu2) ... 593s Generating locales (this might take a while)... 595s en_US.UTF-8... done 595s Generation complete. 595s Setting up libc-dev-bin (2.41-1ubuntu2) ... 595s Setting up libc6-dev:arm64 (2.41-1ubuntu2) ... 595s Processing triggers for man-db (2.13.0-1) ... 596s Processing triggers for systemd (257.3-1ubuntu3) ... 598s Reading package lists... 598s Building dependency tree... 598s Reading state information... 599s Starting pkgProblemResolver with broken count: 0 599s Starting 2 pkgProblemResolver with broken count: 0 599s Done 600s Solving dependencies... 600s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 601s autopkgtest [15:14:21]: rebooting testbed after setup commands that affected boot 624s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 634s Reading package lists... 634s Building dependency tree... 634s Reading state information... 635s Starting pkgProblemResolver with broken count: 0 635s Starting 2 pkgProblemResolver with broken count: 0 635s Done 636s The following NEW packages will be installed: 636s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 636s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 636s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 636s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 636s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 636s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 636s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 636s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 636s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 636s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 636s Need to get 10.6 MB of archives. 636s After this operation, 50.4 MB of additional disk space will be used. 636s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-10 [140 kB] 636s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 libunbound8 arm64 1.22.0-1ubuntu1 [437 kB] 637s Get:3 http://ftpmaster.internal/ubuntu plucky/main arm64 libgnutls-dane0t64 arm64 3.8.9-2ubuntu2 [24.4 kB] 637s Get:4 http://ftpmaster.internal/ubuntu plucky/universe arm64 gnutls-bin arm64 3.8.9-2ubuntu2 [271 kB] 637s Get:5 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common-data arm64 0.8-16ubuntu1 [30.9 kB] 637s Get:6 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common3 arm64 0.8-16ubuntu1 [22.9 kB] 637s Get:7 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-client3 arm64 0.8-16ubuntu1 [26.9 kB] 637s Get:8 http://ftpmaster.internal/ubuntu plucky/main arm64 libbasicobjects0t64 arm64 0.6.2-3 [5882 B] 637s Get:9 http://ftpmaster.internal/ubuntu plucky/main arm64 libcares2 arm64 1.34.4-2.1 [100 kB] 637s Get:10 http://ftpmaster.internal/ubuntu plucky/main arm64 libcollection4t64 arm64 0.6.2-3 [23.6 kB] 637s Get:11 http://ftpmaster.internal/ubuntu plucky/main arm64 libcrack2 arm64 2.9.6-5.2build1 [29.1 kB] 637s Get:12 http://ftpmaster.internal/ubuntu plucky/main arm64 libdhash1t64 arm64 0.6.2-3 [8914 B] 637s Get:13 http://ftpmaster.internal/ubuntu plucky/main arm64 libpath-utils1t64 arm64 0.6.2-3 [9088 B] 637s Get:14 http://ftpmaster.internal/ubuntu plucky/main arm64 libref-array1t64 arm64 0.6.2-3 [7312 B] 637s Get:15 http://ftpmaster.internal/ubuntu plucky/main arm64 libini-config5t64 arm64 0.6.2-3 [44.4 kB] 637s Get:16 http://ftpmaster.internal/ubuntu plucky/main arm64 libipa-hbac0t64 arm64 2.10.1-2ubuntu3 [18.5 kB] 637s Get:17 http://ftpmaster.internal/ubuntu plucky/main arm64 libtalloc2 arm64 2:2.4.2+samba4.21.4+dfsg-1ubuntu3 [71.7 kB] 638s Get:18 http://ftpmaster.internal/ubuntu plucky/main arm64 libtdb1 arm64 2:1.4.12+samba4.21.4+dfsg-1ubuntu3 [93.9 kB] 638s Get:19 http://ftpmaster.internal/ubuntu plucky/main arm64 libtevent0t64 arm64 2:0.16.1+samba4.21.4+dfsg-1ubuntu3 [40.7 kB] 638s Get:20 http://ftpmaster.internal/ubuntu plucky/main arm64 libldb2 arm64 2:2.10.0+samba4.21.4+dfsg-1ubuntu3 [151 kB] 638s Get:21 http://ftpmaster.internal/ubuntu plucky/main arm64 libnfsidmap1 arm64 1:2.8.2-2ubuntu1 [50.1 kB] 638s Get:22 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality-common all 1.4.5-4 [7714 B] 638s Get:23 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality1 arm64 1.4.5-4 [13.5 kB] 638s Get:24 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-pwquality arm64 1.4.5-4 [11.8 kB] 638s Get:25 http://ftpmaster.internal/ubuntu plucky/main arm64 libwbclient0 arm64 2:4.21.4+dfsg-1ubuntu3 [81.1 kB] 638s Get:26 http://ftpmaster.internal/ubuntu plucky/main arm64 samba-libs arm64 2:4.21.4+dfsg-1ubuntu3 [6420 kB] 645s Get:27 http://ftpmaster.internal/ubuntu plucky/main arm64 libsmbclient0 arm64 2:4.21.4+dfsg-1ubuntu3 [62.9 kB] 645s Get:28 http://ftpmaster.internal/ubuntu plucky/main arm64 libnss-sss arm64 2.10.1-2ubuntu3 [33.2 kB] 645s Get:29 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-sss arm64 2.10.1-2ubuntu3 [50.5 kB] 645s Get:30 http://ftpmaster.internal/ubuntu plucky/universe arm64 softhsm2-common arm64 2.6.1-2.2ubuntu3 [6196 B] 645s Get:31 http://ftpmaster.internal/ubuntu plucky/universe arm64 libsofthsm2 arm64 2.6.1-2.2ubuntu3 [247 kB] 645s Get:32 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-certmap0 arm64 2.10.1-2ubuntu3 [47.8 kB] 645s Get:33 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-idmap0 arm64 2.10.1-2ubuntu3 [23.6 kB] 645s Get:34 http://ftpmaster.internal/ubuntu plucky/main arm64 libsss-nss-idmap0 arm64 2.10.1-2ubuntu3 [31.9 kB] 645s Get:35 http://ftpmaster.internal/ubuntu plucky/main arm64 python3-sss arm64 2.10.1-2ubuntu3 [46.7 kB] 645s Get:36 http://ftpmaster.internal/ubuntu plucky/universe arm64 softhsm2 arm64 2.6.1-2.2ubuntu3 [167 kB] 645s Get:37 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-common arm64 2.10.1-2ubuntu3 [1138 kB] 647s Get:38 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ad-common arm64 2.10.1-2ubuntu3 [74.2 kB] 647s Get:39 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-krb5-common arm64 2.10.1-2ubuntu3 [90.2 kB] 647s Get:40 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ad arm64 2.10.1-2ubuntu3 [136 kB] 647s Get:41 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ipa arm64 2.10.1-2ubuntu3 [223 kB] 647s Get:42 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-krb5 arm64 2.10.1-2ubuntu3 [14.4 kB] 647s Get:43 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-ldap arm64 2.10.1-2ubuntu3 [31.7 kB] 647s Get:44 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd-proxy arm64 2.10.1-2ubuntu3 [44.3 kB] 647s Get:45 http://ftpmaster.internal/ubuntu plucky/main arm64 sssd arm64 2.10.1-2ubuntu3 [4122 B] 648s Fetched 10.6 MB in 11s (942 kB/s) 648s Selecting previously unselected package libevent-2.1-7t64:arm64. 648s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81647 files and directories currently installed.) 648s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10_arm64.deb ... 648s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 648s Selecting previously unselected package libunbound8:arm64. 648s Preparing to unpack .../01-libunbound8_1.22.0-1ubuntu1_arm64.deb ... 648s Unpacking libunbound8:arm64 (1.22.0-1ubuntu1) ... 648s Selecting previously unselected package libgnutls-dane0t64:arm64. 648s Preparing to unpack .../02-libgnutls-dane0t64_3.8.9-2ubuntu2_arm64.deb ... 648s Unpacking libgnutls-dane0t64:arm64 (3.8.9-2ubuntu2) ... 648s Selecting previously unselected package gnutls-bin. 648s Preparing to unpack .../03-gnutls-bin_3.8.9-2ubuntu2_arm64.deb ... 648s Unpacking gnutls-bin (3.8.9-2ubuntu2) ... 648s Selecting previously unselected package libavahi-common-data:arm64. 648s Preparing to unpack .../04-libavahi-common-data_0.8-16ubuntu1_arm64.deb ... 648s Unpacking libavahi-common-data:arm64 (0.8-16ubuntu1) ... 648s Selecting previously unselected package libavahi-common3:arm64. 648s Preparing to unpack .../05-libavahi-common3_0.8-16ubuntu1_arm64.deb ... 648s Unpacking libavahi-common3:arm64 (0.8-16ubuntu1) ... 648s Selecting previously unselected package libavahi-client3:arm64. 648s Preparing to unpack .../06-libavahi-client3_0.8-16ubuntu1_arm64.deb ... 648s Unpacking libavahi-client3:arm64 (0.8-16ubuntu1) ... 648s Selecting previously unselected package libbasicobjects0t64:arm64. 648s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-3_arm64.deb ... 648s Unpacking libbasicobjects0t64:arm64 (0.6.2-3) ... 648s Selecting previously unselected package libcares2:arm64. 649s Preparing to unpack .../08-libcares2_1.34.4-2.1_arm64.deb ... 649s Unpacking libcares2:arm64 (1.34.4-2.1) ... 649s Selecting previously unselected package libcollection4t64:arm64. 649s Preparing to unpack .../09-libcollection4t64_0.6.2-3_arm64.deb ... 649s Unpacking libcollection4t64:arm64 (0.6.2-3) ... 649s Selecting previously unselected package libcrack2:arm64. 649s Preparing to unpack .../10-libcrack2_2.9.6-5.2build1_arm64.deb ... 649s Unpacking libcrack2:arm64 (2.9.6-5.2build1) ... 649s Selecting previously unselected package libdhash1t64:arm64. 649s Preparing to unpack .../11-libdhash1t64_0.6.2-3_arm64.deb ... 649s Unpacking libdhash1t64:arm64 (0.6.2-3) ... 649s Selecting previously unselected package libpath-utils1t64:arm64. 649s Preparing to unpack .../12-libpath-utils1t64_0.6.2-3_arm64.deb ... 649s Unpacking libpath-utils1t64:arm64 (0.6.2-3) ... 649s Selecting previously unselected package libref-array1t64:arm64. 649s Preparing to unpack .../13-libref-array1t64_0.6.2-3_arm64.deb ... 649s Unpacking libref-array1t64:arm64 (0.6.2-3) ... 649s Selecting previously unselected package libini-config5t64:arm64. 649s Preparing to unpack .../14-libini-config5t64_0.6.2-3_arm64.deb ... 649s Unpacking libini-config5t64:arm64 (0.6.2-3) ... 649s Selecting previously unselected package libipa-hbac0t64. 649s Preparing to unpack .../15-libipa-hbac0t64_2.10.1-2ubuntu3_arm64.deb ... 649s Unpacking libipa-hbac0t64 (2.10.1-2ubuntu3) ... 649s Selecting previously unselected package libtalloc2:arm64. 649s Preparing to unpack .../16-libtalloc2_2%3a2.4.2+samba4.21.4+dfsg-1ubuntu3_arm64.deb ... 649s Unpacking libtalloc2:arm64 (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 649s Selecting previously unselected package libtdb1:arm64. 649s Preparing to unpack .../17-libtdb1_2%3a1.4.12+samba4.21.4+dfsg-1ubuntu3_arm64.deb ... 649s Unpacking libtdb1:arm64 (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 649s Selecting previously unselected package libtevent0t64:arm64. 649s Preparing to unpack .../18-libtevent0t64_2%3a0.16.1+samba4.21.4+dfsg-1ubuntu3_arm64.deb ... 649s Unpacking libtevent0t64:arm64 (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 649s Selecting previously unselected package libldb2:arm64. 649s Preparing to unpack .../19-libldb2_2%3a2.10.0+samba4.21.4+dfsg-1ubuntu3_arm64.deb ... 649s Unpacking libldb2:arm64 (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 649s Selecting previously unselected package libnfsidmap1:arm64. 649s Preparing to unpack .../20-libnfsidmap1_1%3a2.8.2-2ubuntu1_arm64.deb ... 649s Unpacking libnfsidmap1:arm64 (1:2.8.2-2ubuntu1) ... 649s Selecting previously unselected package libpwquality-common. 649s Preparing to unpack .../21-libpwquality-common_1.4.5-4_all.deb ... 649s Unpacking libpwquality-common (1.4.5-4) ... 649s Selecting previously unselected package libpwquality1:arm64. 649s Preparing to unpack .../22-libpwquality1_1.4.5-4_arm64.deb ... 649s Unpacking libpwquality1:arm64 (1.4.5-4) ... 649s Selecting previously unselected package libpam-pwquality:arm64. 649s Preparing to unpack .../23-libpam-pwquality_1.4.5-4_arm64.deb ... 649s Unpacking libpam-pwquality:arm64 (1.4.5-4) ... 649s Selecting previously unselected package libwbclient0:arm64. 649s Preparing to unpack .../24-libwbclient0_2%3a4.21.4+dfsg-1ubuntu3_arm64.deb ... 649s Unpacking libwbclient0:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 649s Selecting previously unselected package samba-libs:arm64. 649s Preparing to unpack .../25-samba-libs_2%3a4.21.4+dfsg-1ubuntu3_arm64.deb ... 649s Unpacking samba-libs:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 649s Selecting previously unselected package libsmbclient0:arm64. 649s Preparing to unpack .../26-libsmbclient0_2%3a4.21.4+dfsg-1ubuntu3_arm64.deb ... 649s Unpacking libsmbclient0:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 649s Selecting previously unselected package libnss-sss:arm64. 649s Preparing to unpack .../27-libnss-sss_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking libnss-sss:arm64 (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package libpam-sss:arm64. 650s Preparing to unpack .../28-libpam-sss_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking libpam-sss:arm64 (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package softhsm2-common. 650s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_arm64.deb ... 650s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 650s Selecting previously unselected package libsofthsm2. 650s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_arm64.deb ... 650s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 650s Selecting previously unselected package libsss-certmap0. 650s Preparing to unpack .../31-libsss-certmap0_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking libsss-certmap0 (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package libsss-idmap0. 650s Preparing to unpack .../32-libsss-idmap0_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking libsss-idmap0 (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package libsss-nss-idmap0. 650s Preparing to unpack .../33-libsss-nss-idmap0_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package python3-sss. 650s Preparing to unpack .../34-python3-sss_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking python3-sss (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package softhsm2. 650s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_arm64.deb ... 650s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 650s Selecting previously unselected package sssd-common. 650s Preparing to unpack .../36-sssd-common_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking sssd-common (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package sssd-ad-common. 650s Preparing to unpack .../37-sssd-ad-common_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking sssd-ad-common (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package sssd-krb5-common. 650s Preparing to unpack .../38-sssd-krb5-common_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking sssd-krb5-common (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package sssd-ad. 650s Preparing to unpack .../39-sssd-ad_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking sssd-ad (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package sssd-ipa. 650s Preparing to unpack .../40-sssd-ipa_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking sssd-ipa (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package sssd-krb5. 650s Preparing to unpack .../41-sssd-krb5_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking sssd-krb5 (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package sssd-ldap. 650s Preparing to unpack .../42-sssd-ldap_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking sssd-ldap (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package sssd-proxy. 650s Preparing to unpack .../43-sssd-proxy_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking sssd-proxy (2.10.1-2ubuntu3) ... 650s Selecting previously unselected package sssd. 650s Preparing to unpack .../44-sssd_2.10.1-2ubuntu3_arm64.deb ... 650s Unpacking sssd (2.10.1-2ubuntu3) ... 650s Setting up libpwquality-common (1.4.5-4) ... 650s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 651s Creating config file /etc/softhsm/softhsm2.conf with new version 651s Setting up libnfsidmap1:arm64 (1:2.8.2-2ubuntu1) ... 651s Setting up libsss-idmap0 (2.10.1-2ubuntu3) ... 651s Setting up libbasicobjects0t64:arm64 (0.6.2-3) ... 651s Setting up libipa-hbac0t64 (2.10.1-2ubuntu3) ... 651s Setting up libref-array1t64:arm64 (0.6.2-3) ... 651s Setting up libtdb1:arm64 (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 651s Setting up libcollection4t64:arm64 (0.6.2-3) ... 651s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 651s Setting up libwbclient0:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 651s Setting up libtalloc2:arm64 (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 651s Setting up libpath-utils1t64:arm64 (0.6.2-3) ... 651s Setting up libunbound8:arm64 (1.22.0-1ubuntu1) ... 651s Setting up libgnutls-dane0t64:arm64 (3.8.9-2ubuntu2) ... 651s Setting up libavahi-common-data:arm64 (0.8-16ubuntu1) ... 651s Setting up libcares2:arm64 (1.34.4-2.1) ... 651s Setting up libdhash1t64:arm64 (0.6.2-3) ... 651s Setting up libcrack2:arm64 (2.9.6-5.2build1) ... 651s Setting up libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 651s Setting up libini-config5t64:arm64 (0.6.2-3) ... 651s Setting up libtevent0t64:arm64 (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 651s Setting up libnss-sss:arm64 (2.10.1-2ubuntu3) ... 651s Setting up gnutls-bin (3.8.9-2ubuntu2) ... 651s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 651s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 651s Setting up libavahi-common3:arm64 (0.8-16ubuntu1) ... 651s Setting up libsss-certmap0 (2.10.1-2ubuntu3) ... 651s Setting up libpwquality1:arm64 (1.4.5-4) ... 651s Setting up libldb2:arm64 (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 651s Setting up libavahi-client3:arm64 (0.8-16ubuntu1) ... 651s Setting up libpam-pwquality:arm64 (1.4.5-4) ... 651s Setting up samba-libs:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 651s Setting up python3-sss (2.10.1-2ubuntu3) ... 651s Setting up libsmbclient0:arm64 (2:4.21.4+dfsg-1ubuntu3) ... 651s Setting up libpam-sss:arm64 (2.10.1-2ubuntu3) ... 651s Setting up sssd-common (2.10.1-2ubuntu3) ... 651s Creating SSSD system user & group... 652s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 652s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 652s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 652s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 652s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 652s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 653s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 653s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 653s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 654s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 654s sssd-autofs.service is a disabled or a static unit, not starting it. 654s sssd-nss.service is a disabled or a static unit, not starting it. 654s sssd-pam.service is a disabled or a static unit, not starting it. 654s sssd-ssh.service is a disabled or a static unit, not starting it. 654s sssd-sudo.service is a disabled or a static unit, not starting it. 654s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 654s Setting up sssd-proxy (2.10.1-2ubuntu3) ... 654s Setting up sssd-ad-common (2.10.1-2ubuntu3) ... 654s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 655s sssd-pac.service is a disabled or a static unit, not starting it. 655s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 655s Setting up sssd-krb5-common (2.10.1-2ubuntu3) ... 655s Setting up sssd-krb5 (2.10.1-2ubuntu3) ... 655s Setting up sssd-ldap (2.10.1-2ubuntu3) ... 655s Setting up sssd-ad (2.10.1-2ubuntu3) ... 655s Setting up sssd-ipa (2.10.1-2ubuntu3) ... 655s Setting up sssd (2.10.1-2ubuntu3) ... 655s Processing triggers for man-db (2.13.0-1) ... 656s Processing triggers for libc-bin (2.41-1ubuntu2) ... 668s autopkgtest [15:15:28]: test sssd-softhism2-certificates-tests.sh: [----------------------- 668s + '[' -z ubuntu ']' 668s + required_tools=(p11tool openssl softhsm2-util) 668s + for cmd in "${required_tools[@]}" 668s + command -v p11tool 668s + for cmd in "${required_tools[@]}" 668s + command -v openssl 668s + for cmd in "${required_tools[@]}" 668s + command -v softhsm2-util 668s + PIN=053350 668s +++ find /usr/lib/softhsm/libsofthsm2.so 668s +++ head -n 1 668s ++ realpath /usr/lib/softhsm/libsofthsm2.so 668s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 668s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 668s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 668s + '[' '!' -v NO_SSSD_TESTS ']' 668s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 668s + ca_db_arg=ca_db 668s ++ /usr/libexec/sssd/p11_child --help 668s + p11_child_help='Usage: p11_child [OPTION...] 668s -d, --debug-level=INT Debug level 668s --debug-timestamps=INT Add debug timestamps 668s --debug-microseconds=INT Show timestamps with microseconds 668s --dumpable=INT Allow core dumps 668s --backtrace=INT Enable debug backtrace 668s --debug-fd=INT An open file descriptor for the debug 668s logs 668s --logger=stderr|files|journald Set logger 668s --auth Run in auth mode 668s --pre Run in pre-auth mode 668s --wait_for_card Wait until card is available 668s --verification Run in verification mode 668s --pin Expect PIN on stdin 668s --keypad Expect PIN on keypad 668s --verify=STRING Tune validation 668s --ca_db=STRING CA DB to use 668s --module_name=STRING Module name for authentication 668s --token_name=STRING Token name for authentication 668s --key_id=STRING Key ID for authentication 668s --label=STRING Label for authentication 668s --certificate=STRING certificate to verify, base64 encoded 668s --uri=STRING PKCS#11 URI to restrict selection 668s --chain-id=LONG Tevent chain ID used for logging 668s purposes 668s 668s Help options: 668s -?, --help Show this help message 668s --usage Display brief usage message' 668s + echo 'Usage: p11_child [OPTION...] 668s -d, --debug-level=INT Debug level 668s --debug-timestamps=INT Add debug timestamps 668s --debug-microseconds=INT Show timestamps with microseconds 668s --dumpable=INT Allow core dumps 668s --backtrace=INT Enable debug backtrace 668s --debug-fd=INT An open file descriptor for the debug 668s logs 668s --logger=stderr|files|journald Set logger 668s --auth Run in auth mode 668s --pre Run in pre-auth mode 668s --wait_for_card Wait until card is available 668s --verification Run in verification mode 668s --pin Expect PIN on stdin 668s --keypad Expect PIN on keypad 668s --verify=STRING Tune validation 668s --ca_db=STRING CA DB to use 668s --module_name=STRING Module name for authentication 668s --token_name=STRING Token name for authentication 668s --key_id=STRING Key ID for authentication 668s --label=STRING Label for authentication 668s --certificate=STRING certificate to verify, base64 encoded 668s --uri=STRING PKCS#11 URI to restrict selection 668s --chain-id=LONG Tevent chain ID used for logging 668s purposes 668s 668s Help options: 668s -?, --help Show this help message 668s --usage Display brief usage message' 668s + grep nssdb -qs 668s + echo 'Usage: p11_child [OPTION...] 668s -d, --debug-level=INT Debug level 668s --debug-timestamps=INT Add debug timestamps 668s --debug-microseconds=INT Show timestamps with microseconds 668s --dumpable=INT Allow core dumps 668s --backtrace=INT Enable debug backtrace 668s --debug-fd=INT An open file descriptor for the debug 668s logs 668s --logger=stderr|files|journald Set logger 668s --auth Run in auth mode 668s --pre Run in pre-auth mode 668s --wait_for_card Wait until card is available 668s --verification Run in verification mode 668s --pin Expect PIN on stdin 668s --keypad Expect PIN on keypad 668s --verify=STRING Tune validation 668s --ca_db=STRING CA DB to use 668s --module_name=STRING Module name for authentication 668s --token_name=STRING Token name for authentication 668s --key_id=STRING Key ID for authentication 668s --label=STRING Label for authentication 668s --certificate=STRING certificate to verify, base64 encoded 668s --uri=STRING PKCS#11 URI to restrict selection 668s --chain-id=LONG Tevent chain ID used for logging 668s purposes 668s 668s Help options: 668s -?, --help Show this help message 668s --usage Display brief usage message' 668s + grep -qs -- --ca_db 668s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 668s ++ mktemp -d -t sssd-softhsm2-XXXXXX 668s + tmpdir=/tmp/sssd-softhsm2-NiH3EW 668s + keys_size=1024 668s + [[ ! -v KEEP_TEMPORARY_FILES ]] 668s + trap 'rm -rf "$tmpdir"' EXIT 668s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 668s + echo -n 01 668s + touch /tmp/sssd-softhsm2-NiH3EW/index.txt 668s + mkdir -p /tmp/sssd-softhsm2-NiH3EW/new_certs 668s + cat 668s + root_ca_key_pass=pass:random-root-CA-password-36 668s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-NiH3EW/test-root-CA-key.pem -passout pass:random-root-CA-password-36 1024 668s + openssl req -passin pass:random-root-CA-password-36 -batch -config /tmp/sssd-softhsm2-NiH3EW/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-NiH3EW/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 668s + openssl x509 -noout -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 668s + cat 668s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-18881 668s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-18881 1024 668s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-18881 -config /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.config -key /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-36 -sha256 -out /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-certificate-request.pem 668s + openssl req -text -noout -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-certificate-request.pem 668s Certificate Request: 668s Data: 668s Version: 1 (0x0) 668s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:c8:4e:41:8b:3b:7a:af:63:57:16:af:e3:25:7f: 668s f0:50:73:65:78:2f:cd:8b:ff:bb:ca:75:bd:69:a7: 668s ec:1c:8a:22:99:d9:e6:ca:09:74:06:01:47:5d:d6: 668s 50:6f:e2:a8:15:9f:db:97:ab:cd:48:40:e7:0c:2f: 668s 55:07:47:95:8b:ab:1b:82:51:af:41:91:80:a9:00: 668s 5b:bd:b6:f2:d1:41:1a:90:75:5d:18:0e:ad:73:f2: 668s e6:1c:88:c9:db:2e:91:30:18:b4:35:5a:a5:31:8f: 668s 0d:8f:1f:8f:c1:d1:35:27:17:6b:fe:64:de:7f:98: 668s a6:14:cf:53:24:a7:c8:18:65 668s Exponent: 65537 (0x10001) 668s Attributes: 668s (none) 668s Requested Extensions: 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 23:37:de:6d:08:39:61:ae:a7:a4:9e:96:64:be:b5:c1:1c:3e: 668s cd:9e:15:24:47:12:57:6b:11:22:a0:ab:f8:c9:20:f8:5d:c2: 668s cd:95:ac:e2:d7:b2:4e:25:51:ab:0d:a1:3d:2d:da:70:c7:c0: 668s 7a:31:c5:78:d5:4a:a1:1b:55:40:fb:64:94:41:75:38:13:58: 668s a8:03:3d:ca:d9:92:c8:4d:14:2f:fd:4c:96:3e:a8:df:5a:5e: 668s 0e:80:45:b8:f7:3f:21:65:73:ee:08:48:66:72:0d:96:7f:40: 668s cc:ae:78:c2:1d:2e:45:78:4a:e0:91:07:7b:9e:d0:04:ea:0f: 668s 13:66 668s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-NiH3EW/test-root-CA.config -passin pass:random-root-CA-password-36 -keyfile /tmp/sssd-softhsm2-NiH3EW/test-root-CA-key.pem -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 668s Using configuration from /tmp/sssd-softhsm2-NiH3EW/test-root-CA.config 668s Check that the request matches the signature 668s Signature ok 668s Certificate Details: 668s Serial Number: 1 (0x1) 668s Validity 668s Not Before: Mar 15 15:15:28 2025 GMT 668s Not After : Mar 15 15:15:28 2026 GMT 668s Subject: 668s organizationName = Test Organization 668s organizationalUnitName = Test Organization Unit 668s commonName = Test Organization Intermediate CA 668s X509v3 extensions: 668s X509v3 Subject Key Identifier: 668s C7:3E:1D:5C:74:D7:4B:B9:67:67:03:B3:94:AB:D0:BC:B4:BD:6C:29 668s X509v3 Authority Key Identifier: 668s keyid:23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 668s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 668s serial:00 668s X509v3 Basic Constraints: 668s CA:TRUE 668s X509v3 Key Usage: critical 668s Digital Signature, Certificate Sign, CRL Sign 668s Certificate is to be certified until Mar 15 15:15:28 2026 GMT (365 days) 668s 668s Write out database with 1 new entries 668s Database updated 668s + openssl x509 -noout -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 668s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 668s /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem: OK 668s + cat 668s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-14630 668s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-14630 1024 668s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-14630 -config /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-18881 -sha256 -out /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-certificate-request.pem 668s + openssl req -text -noout -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-certificate-request.pem 668s Certificate Request: 668s Data: 668s Version: 1 (0x0) 668s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:cc:0b:18:13:74:9a:6b:e9:90:57:5f:fc:ca:17: 668s 9f:71:78:a3:97:66:49:df:1e:e2:85:52:da:41:6f: 668s 30:93:fc:c0:f8:66:6c:fb:79:cb:fa:4c:b8:5c:7e: 668s a5:76:f2:b9:40:68:30:12:62:3e:65:ad:cc:6c:b7: 668s c4:da:7b:4c:dc:b7:f6:27:21:57:e2:4f:d3:74:ac: 668s 8a:b9:71:65:8c:11:43:1c:1b:f4:d4:77:f2:27:14: 668s 19:0a:da:94:19:d9:d6:d8:b2:80:e5:48:56:b1:3e: 668s 9c:67:55:69:cd:1f:74:f9:99:3c:e4:93:de:f6:8f: 668s 70:9e:1e:df:7e:18:7b:86:75 668s Exponent: 65537 (0x10001) 668s Attributes: 668s (none) 668s Requested Extensions: 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 0e:4d:cd:2e:58:41:52:eb:8b:a3:47:a5:e5:30:4f:ae:cc:9a: 668s 81:48:c7:47:97:93:18:73:a3:99:2f:7f:25:60:80:36:80:66: 668s 01:80:f4:ac:2a:f5:00:16:fd:9c:cd:5a:bb:64:ad:81:98:13: 668s d1:ef:cf:2f:a5:e7:bc:41:e1:ac:bf:d6:05:32:d1:27:f9:36: 668s 65:32:a7:78:e2:45:60:6f:a3:a3:4b:3a:6e:51:2e:c6:40:7a: 668s f1:92:bd:60:24:cd:de:64:d8:7a:c7:2f:b5:4c:23:8a:72:7c: 668s 1c:ae:a6:3d:73:19:85:8d:ac:52:15:7d:6c:a9:88:5a:99:9d: 668s 9a:6c 668s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-18881 -keyfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 668s Using configuration from /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.config 668s Check that the request matches the signature 668s Signature ok 668s Certificate Details: 668s Serial Number: 2 (0x2) 668s Validity 668s Not Before: Mar 15 15:15:28 2025 GMT 668s Not After : Mar 15 15:15:28 2026 GMT 668s Subject: 668s organizationName = Test Organization 668s organizationalUnitName = Test Organization Unit 668s commonName = Test Organization Sub Intermediate CA 668s X509v3 extensions: 668s X509v3 Subject Key Identifier: 668s 54:73:97:72:7C:F8:8B:30:C5:22:0C:59:28:77:A5:E8:79:97:C3:6B 668s X509v3 Authority Key Identifier: 668s keyid:C7:3E:1D:5C:74:D7:4B:B9:67:67:03:B3:94:AB:D0:BC:B4:BD:6C:29 668s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 668s serial:01 668s X509v3 Basic Constraints: 668s CA:TRUE 668s X509v3 Key Usage: critical 668s Digital Signature, Certificate Sign, CRL Sign 668s Certificate is to be certified until Mar 15 15:15:28 2026 GMT (365 days) 668s 668s Write out database with 1 new entries 668s Database updated 668s + openssl x509 -noout -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 668s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 668s /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem: OK 668s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 668s + local cmd=openssl 668s + shift 668s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 668s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 668s error 20 at 0 depth lookup: unable to get local issuer certificate 668s error /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem: verification failed 668s + cat 668s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-12901 668s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-12901 1024 668s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-12901 -key /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001-request.pem 668s + openssl req -text -noout -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001-request.pem 668s Certificate Request: 668s Data: 668s Version: 1 (0x0) 668s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:da:02:14:7b:b0:da:a5:b9:7f:d5:4d:d9:22:cf: 668s bc:b1:85:3a:e8:e0:36:08:02:d4:b0:cd:7c:5d:9a: 668s 69:d9:8c:aa:be:73:0b:56:94:b0:86:61:f6:c0:b7: 668s c6:6d:c7:aa:84:b5:a1:eb:86:dc:42:b9:92:10:67: 668s c1:05:d0:a6:e0:5f:ca:bd:41:95:c1:9c:76:54:00: 668s 80:f1:8f:99:91:6e:95:f1:ec:9d:a4:49:6a:90:5a: 668s 3b:c8:d5:ae:c3:7a:52:33:74:69:a7:9d:85:69:10: 668s f4:41:ce:85:ac:a6:cf:53:1a:27:bc:11:91:cd:71: 668s e0:34:fc:c7:63:20:08:42:67 668s Exponent: 65537 (0x10001) 668s Attributes: 668s Requested Extensions: 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Root CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 9f:29:d0:37:cd:03:b0:dc:80:85:8d:19:66:bd:e2:d9:7d:4a: 668s da:22:a4:07:32:f9:5f:c8:23:ca:b9:e9:f0:78:1f:0a:db:bb: 668s 49:bc:ee:ab:c8:a0:c3:30:f2:2a:0a:a4:58:d4:80:a4:ba:61: 668s 80:32:86:9c:44:d6:54:79:19:48:eb:6d:9b:35:c6:ba:0c:44: 668s ef:52:0f:b4:fa:f8:43:cc:68:31:97:08:f3:fb:3f:e4:a7:35: 668s 22:93:d6:70:aa:54:16:a0:b2:00:84:24:71:33:04:41:c9:4f: 668s 32:80:32:89:07:f1:15:dd:da:5c:ec:70:37:f8:10:6d:44:4d: 668s 6a:87 668s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-NiH3EW/test-root-CA.config -passin pass:random-root-CA-password-36 -keyfile /tmp/sssd-softhsm2-NiH3EW/test-root-CA-key.pem -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 668s Using configuration from /tmp/sssd-softhsm2-NiH3EW/test-root-CA.config 668s Check that the request matches the signature 668s Signature ok 668s Certificate Details: 668s Serial Number: 3 (0x3) 668s Validity 668s Not Before: Mar 15 15:15:28 2025 GMT 668s Not After : Mar 15 15:15:28 2026 GMT 668s Subject: 668s organizationName = Test Organization 668s organizationalUnitName = Test Organization Unit 668s commonName = Test Organization Root Trusted Certificate 0001 668s X509v3 extensions: 668s X509v3 Authority Key Identifier: 668s 23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Root CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Certificate is to be certified until Mar 15 15:15:28 2026 GMT (365 days) 668s 668s Write out database with 1 new entries 668s Database updated 668s + openssl x509 -noout -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 668s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 668s /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem: OK 668s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 668s + local cmd=openssl 668s + shift 668s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 668s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 668s error 20 at 0 depth lookup: unable to get local issuer certificate 668s error /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem: verification failed 668s + cat 668s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 668s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-30946 1024 668s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-30946 -key /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001-request.pem 668s + openssl req -text -noout -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001-request.pem 668s Certificate Request: 668s Data: 668s Version: 1 (0x0) 668s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:b5:d8:20:1e:bb:8b:0a:33:55:3e:58:a3:90:b0: 668s f9:5e:d3:d9:02:bc:87:e9:a9:36:d1:88:57:b0:7a: 668s 97:b6:88:13:82:da:e3:24:1a:6f:55:08:c0:8a:2d: 668s 8c:4d:d1:26:80:ae:4a:e4:dd:79:2d:10:cc:01:72: 668s 9e:30:42:df:75:7f:92:b8:a5:28:8d:f4:a0:75:1f: 668s e4:9d:bb:b7:9f:e8:e7:88:e4:9a:f9:e1:8e:d6:46: 668s e9:d2:3a:52:22:01:97:a6:a2:f1:f9:6d:c3:34:b0: 668s ec:ba:c3:e2:0b:40:56:2f:44:03:c9:8a:78:36:a4: 668s fc:07:37:0a:ed:a3:f2:a9:c7 668s Exponent: 65537 (0x10001) 668s Attributes: 668s Requested Extensions: 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 2D:45:6B:F2:60:4F:EE:19:49:7D:0D:0B:8A:52:C3:07:5D:96:52:AC 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 96:6f:2c:45:4f:09:bb:71:0f:4c:ec:8c:c4:17:9c:0c:67:5c: 668s 87:0b:5b:4e:48:f1:19:08:b0:41:e7:59:3d:16:5f:0f:0f:c5: 668s b9:01:13:96:3d:42:c8:41:5a:e4:d9:49:6e:3c:5c:73:7f:b4: 668s 77:06:2b:e4:6a:27:05:73:31:a8:c7:b6:42:39:6a:dc:87:c7: 668s 7e:08:06:fd:5c:9a:4b:12:8b:fa:9d:37:6e:ea:4e:74:f1:3e: 668s e0:ca:87:50:75:43:e2:17:48:17:a2:81:3c:82:11:96:83:d2: 668s 10:ab:d4:8f:49:db:70:0a:48:ad:cb:44:1a:b3:e4:97:dc:88: 668s 4a:de 668s + openssl ca -passin pass:random-intermediate-CA-password-18881 -config /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 668s Using configuration from /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.config 668s Check that the request matches the signature 668s Signature ok 668s Certificate Details: 668s Serial Number: 4 (0x4) 668s Validity 668s Not Before: Mar 15 15:15:28 2025 GMT 668s Not After : Mar 15 15:15:28 2026 GMT 668s Subject: 668s organizationName = Test Organization 668s organizationalUnitName = Test Organization Unit 668s commonName = Test Organization Intermediate Trusted Certificate 0001 668s X509v3 extensions: 668s X509v3 Authority Key Identifier: 668s C7:3E:1D:5C:74:D7:4B:B9:67:67:03:B3:94:AB:D0:BC:B4:BD:6C:29 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 2D:45:6B:F2:60:4F:EE:19:49:7D:0D:0B:8A:52:C3:07:5D:96:52:AC 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Certificate is to be certified until Mar 15 15:15:28 2026 GMT (365 days) 668s 668s Write out database with 1 new entries 668s Database updated 668s + openssl x509 -noout -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 668s This certificate should not be trusted fully 668s + echo 'This certificate should not be trusted fully' 668s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 668s + local cmd=openssl 668s + shift 668s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 668s O/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem: OK 668s =Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 668s error 2 at 1 depth lookup: unable to get issuer certificate 668s error /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 668s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 668s + cat 668s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 668s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-29050 1024 668s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-29050 -key /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 668s + openssl req -text -noout -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 668s Certificate Request: 668s Data: 668s Version: 1 (0x0) 668s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 668s Subject Public Key Info: 668s Public Key Algorithm: rsaEncryption 668s Public-Key: (1024 bit) 668s Modulus: 668s 00:b2:3b:00:52:d1:b7:4c:15:04:88:34:c9:99:23: 668s aa:86:6e:a2:f8:3b:07:ca:e9:6a:c8:7f:1d:62:23: 668s fa:9d:64:0c:d7:f2:57:1a:af:38:39:47:90:7d:5c: 668s ea:5a:92:81:40:4e:22:3a:99:de:36:8e:35:ee:11: 668s 5a:bb:f3:06:4e:71:ca:67:f4:1a:73:82:e3:37:b9: 668s 4a:93:86:ea:8e:65:e7:72:41:ce:e1:33:e6:9a:1e: 668s db:c8:ac:da:c0:c5:81:43:4d:0a:f6:77:c0:02:d8: 668s ee:ee:8a:63:15:cb:67:7d:f0:4e:ce:c2:1e:ac:22: 668s ad:d2:48:d7:1f:92:13:bf:95 668s Exponent: 65537 (0x10001) 668s Attributes: 668s Requested Extensions: 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Sub Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 5B:C3:25:58:F1:0B:0B:63:A0:60:B1:F1:F9:F2:F2:61:B4:16:D5:0E 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Signature Algorithm: sha256WithRSAEncryption 668s Signature Value: 668s 1a:9c:15:38:01:26:62:85:26:96:27:da:31:94:b4:77:09:72: 668s bf:58:08:f9:4d:71:a0:b0:99:e9:b5:9e:c0:2a:2c:97:f7:3a: 668s 35:66:25:29:98:33:3d:90:f2:21:66:a5:ce:05:72:7c:62:43: 668s fd:21:21:c9:e0:a6:a3:20:c6:1a:0b:8b:f2:6b:df:5e:07:b0: 668s dd:91:1a:fa:0e:9d:a5:8c:50:60:41:ab:6e:14:ff:dc:4c:0d: 668s 25:d0:d3:3f:3a:69:42:cd:53:42:c4:d3:15:d0:33:f1:0b:2a: 668s d6:8e:b2:2c:3d:0b:f7:6a:9a:b4:76:bd:01:6f:c2:df:a3:fd: 668s d8:14 668s + openssl ca -passin pass:random-sub-intermediate-CA-password-14630 -config /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 668s Using configuration from /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.config 668s Check that the request matches the signature 668s Signature ok 668s Certificate Details: 668s Serial Number: 5 (0x5) 668s Validity 668s Not Before: Mar 15 15:15:28 2025 GMT 668s Not After : Mar 15 15:15:28 2026 GMT 668s Subject: 668s organizationName = Test Organization 668s organizationalUnitName = Test Organization Unit 668s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 668s X509v3 extensions: 668s X509v3 Authority Key Identifier: 668s 54:73:97:72:7C:F8:8B:30:C5:22:0C:59:28:77:A5:E8:79:97:C3:6B 668s X509v3 Basic Constraints: 668s CA:FALSE 668s Netscape Cert Type: 668s SSL Client, S/MIME 668s Netscape Comment: 668s Test Organization Sub Intermediate CA trusted Certificate 668s X509v3 Subject Key Identifier: 668s 5B:C3:25:58:F1:0B:0B:63:A0:60:B1:F1:F9:F2:F2:61:B4:16:D5:0E 668s X509v3 Key Usage: critical 668s Digital Signature, Non Repudiation, Key Encipherment 668s X509v3 Extended Key Usage: 668s TLS Web Client Authentication, E-mail Protection 668s X509v3 Subject Alternative Name: 668s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 668s Certificate is to be certified until Mar 15 15:15:28 2026 GMT (365 days) 668s 668s Write out database with 1 new entries 668s Database updated 668s + openssl x509 -noout -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s This certificate should not be trusted fully 669s + echo 'This certificate should not be trusted fully' 669s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local cmd=openssl 669s + shift 669s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 669s error 2 at 1 depth lookup: unable to get issuer certificate 669s error /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 669s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local cmd=openssl 669s + shift 669s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 669s error 20 at 0 depth lookup: unable to get local issuer certificate 669s error /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 669s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 669s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s + local cmd=openssl 669s + shift 669s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 669s error 20 at 0 depth lookup: unable to get local issuer certificate 669s error /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 669s Building a the full-chain CA file... 669s + echo 'Building a the full-chain CA file...' 669s + cat /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 669s + cat /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 669s + cat /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 669s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 669s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 669s 669s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 669s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 669s 669s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 669s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 669s 669s /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem: OK 669s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 669s + openssl pkcs7 -print_certs -noout 669s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 669s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem: OK 669s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 669s /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem: OK 669s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-root-intermediate-chain-CA.pem 669s /tmp/sssd-softhsm2-NiH3EW/test-root-intermediate-chain-CA.pem: OK 669s + openssl verify -CAfile /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 669s /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 669s + echo 'Certificates generation completed!' 669s Certificates generation completed! 669s + [[ -v NO_SSSD_TESTS ]] 669s + invalid_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /dev/null 669s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /dev/null 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_ring=/dev/null 669s + local verify_option= 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-root-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s + key_cn='Test Organization Root Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 669s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 669s + token_name='Test Organization Root Tr Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 669s + local key_file 669s + local decrypted_key 669s + mkdir -p /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 669s + key_file=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001-key.pem 669s + decrypted_key=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001-key-decrypted.pem 669s + cat 669s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 669s Slot 0 has a free/uninitialized token. 669s The token has been initialized and is reassigned to slot 799401048 669s + softhsm2-util --show-slots 669s Available slots: 669s Slot 799401048 669s Slot info: 669s Description: SoftHSM slot ID 0x2fa5e458 669s Manufacturer ID: SoftHSM project 669s Hardware version: 2.6 669s Firmware version: 2.6 669s Token present: yes 669s Token info: 669s Manufacturer ID: SoftHSM project 669s Model: SoftHSM v2 669s Hardware version: 2.6 669s Firmware version: 2.6 669s Serial number: 73a1c82b2fa5e458 669s Initialized: yes 669s User PIN init.: yes 669s Label: Test Organization Root Tr Token 669s Slot 1 669s Slot info: 669s Description: SoftHSM slot ID 0x1 669s Manufacturer ID: SoftHSM project 669s Hardware version: 2.6 669s Firmware version: 2.6 669s Token present: yes 669s Token info: 669s Manufacturer ID: SoftHSM project 669s Model: SoftHSM v2 669s Hardware version: 2.6 669s Firmware version: 2.6 669s Serial number: 669s Initialized: no 669s User PIN init.: no 669s Label: 669s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 669s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-12901 -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001-key-decrypted.pem 669s writing RSA key 669s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 669s + rm /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001-key-decrypted.pem 669s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 669s Object 0: 669s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=73a1c82b2fa5e458;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 669s Type: X.509 Certificate (RSA-1024) 669s Expires: Sun Mar 15 15:15:28 2026 669s Label: Test Organization Root Trusted Certificate 0001 669s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 669s 669s + echo 'Test Organization Root Tr Token' 669s + '[' -n '' ']' 669s + local output_base_name=SSSD-child-31529 669s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-31529.output 669s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-31529.pem 669s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 669s Test Organization Root Tr Token 669s [p11_child[2149]] [main] (0x0400): p11_child started. 669s [p11_child[2149]] [main] (0x2000): Running in [pre-auth] mode. 669s [p11_child[2149]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2149]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2149]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 669s [p11_child[2149]] [do_work] (0x0040): init_verification failed. 669s [p11_child[2149]] [main] (0x0020): p11_child failed (5) 669s + return 2 669s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /dev/null no_verification 669s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /dev/null no_verification 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_ring=/dev/null 669s + local verify_option=no_verification 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-root-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s + key_cn='Test Organization Root Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 669s Test Organization Root Tr Token 669s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 669s + token_name='Test Organization Root Tr Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 669s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 669s + echo 'Test Organization Root Tr Token' 669s + '[' -n no_verification ']' 669s + local verify_arg=--verify=no_verification 669s + local output_base_name=SSSD-child-7612 669s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612.output 669s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612.pem 669s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 669s [p11_child[2155]] [main] (0x0400): p11_child started. 669s [p11_child[2155]] [main] (0x2000): Running in [pre-auth] mode. 669s [p11_child[2155]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2155]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2155]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 669s [p11_child[2155]] [do_card] (0x4000): Module List: 669s [p11_child[2155]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2155]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2155]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2155]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 669s [p11_child[2155]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2155]] [do_card] (0x4000): Login NOT required. 669s [p11_child[2155]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 669s [p11_child[2155]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2155]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fa5e458;slot-manufacturer=SoftHSM%20project;slot-id=799401048;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=73a1c82b2fa5e458;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2155]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 3 (0x3) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 669s Validity 669s Not Before: Mar 15 15:15:28 2025 GMT 669s Not After : Mar 15 15:15:28 2026 GMT 669s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:da:02:14:7b:b0:da:a5:b9:7f:d5:4d:d9:22:cf: 669s bc:b1:85:3a:e8:e0:36:08:02:d4:b0:cd:7c:5d:9a: 669s 69:d9:8c:aa:be:73:0b:56:94:b0:86:61:f6:c0:b7: 669s c6:6d:c7:aa:84:b5:a1:eb:86:dc:42:b9:92:10:67: 669s c1:05:d0:a6:e0:5f:ca:bd:41:95:c1:9c:76:54:00: 669s 80:f1:8f:99:91:6e:95:f1:ec:9d:a4:49:6a:90:5a: 669s 3b:c8:d5:ae:c3:7a:52:33:74:69:a7:9d:85:69:10: 669s f4:41:ce:85:ac:a6:cf:53:1a:27:bc:11:91:cd:71: 669s e0:34:fc:c7:63:20:08:42:67 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Root CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s b2:57:50:99:2e:07:c3:35:1e:55:fa:84:15:62:36:a9:69:70: 669s 7c:45:0b:7b:aa:2a:83:66:f1:51:b4:99:15:5d:16:67:f8:8e: 669s ce:c6:92:d0:b5:de:54:06:2a:bd:4a:94:c2:cd:ca:df:9f:04: 669s dc:bc:77:31:8c:50:4b:a3:07:2f:15:6e:12:04:11:3f:94:c7: 669s 5f:24:1e:ab:78:33:e5:87:e4:74:f4:e5:1e:6b:df:85:81:c4: 669s 0c:be:cc:76:32:33:71:b1:50:5c:70:58:8e:99:84:7a:1d:e9: 669s 1d:31:ba:82:ea:fc:f9:89:95:77:5b:af:69:99:33:7b:81:f8: 669s 4a:aa 669s + local found_md5 expected_md5 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + expected_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612.pem 669s + found_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s + '[' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 '!=' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 ']' 669s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612-auth.output 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612-auth.output .output 669s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612-auth.pem 669s + echo -n 053350 669s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 669s [p11_child[2163]] [main] (0x0400): p11_child started. 669s [p11_child[2163]] [main] (0x2000): Running in [auth] mode. 669s [p11_child[2163]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2163]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2163]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 669s [p11_child[2163]] [do_card] (0x4000): Module List: 669s [p11_child[2163]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2163]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2163]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2163]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 669s [p11_child[2163]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2163]] [do_card] (0x4000): Login required. 669s [p11_child[2163]] [do_card] (0x4000): Token flags [1069]. 669s [p11_child[2163]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 669s [p11_child[2163]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2163]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fa5e458;slot-manufacturer=SoftHSM%20project;slot-id=799401048;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=73a1c82b2fa5e458;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 669s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 669s [p11_child[2163]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 669s [p11_child[2163]] [do_card] (0x4000): Certificate verified and validated. 669s [p11_child[2163]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612-auth.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612-auth.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612-auth.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 3 (0x3) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 669s Validity 669s Not Before: Mar 15 15:15:28 2025 GMT 669s Not After : Mar 15 15:15:28 2026 GMT 669s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:da:02:14:7b:b0:da:a5:b9:7f:d5:4d:d9:22:cf: 669s bc:b1:85:3a:e8:e0:36:08:02:d4:b0:cd:7c:5d:9a: 669s 69:d9:8c:aa:be:73:0b:56:94:b0:86:61:f6:c0:b7: 669s c6:6d:c7:aa:84:b5:a1:eb:86:dc:42:b9:92:10:67: 669s c1:05:d0:a6:e0:5f:ca:bd:41:95:c1:9c:76:54:00: 669s 80:f1:8f:99:91:6e:95:f1:ec:9d:a4:49:6a:90:5a: 669s 3b:c8:d5:ae:c3:7a:52:33:74:69:a7:9d:85:69:10: 669s f4:41:ce:85:ac:a6:cf:53:1a:27:bc:11:91:cd:71: 669s e0:34:fc:c7:63:20:08:42:67 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Root CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s b2:57:50:99:2e:07:c3:35:1e:55:fa:84:15:62:36:a9:69:70: 669s 7c:45:0b:7b:aa:2a:83:66:f1:51:b4:99:15:5d:16:67:f8:8e: 669s ce:c6:92:d0:b5:de:54:06:2a:bd:4a:94:c2:cd:ca:df:9f:04: 669s dc:bc:77:31:8c:50:4b:a3:07:2f:15:6e:12:04:11:3f:94:c7: 669s 5f:24:1e:ab:78:33:e5:87:e4:74:f4:e5:1e:6b:df:85:81:c4: 669s 0c:be:cc:76:32:33:71:b1:50:5c:70:58:8e:99:84:7a:1d:e9: 669s 1d:31:ba:82:ea:fc:f9:89:95:77:5b:af:69:99:33:7b:81:f8: 669s 4a:aa 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7612-auth.pem 669s + found_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s + '[' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 '!=' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 ']' 669s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 669s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 669s + local verify_option= 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-root-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s + key_cn='Test Organization Root Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 669s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 669s Test Organization Root Tr Token 669s + token_name='Test Organization Root Tr Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 669s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 669s + echo 'Test Organization Root Tr Token' 669s + '[' -n '' ']' 669s + local output_base_name=SSSD-child-19243 669s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243.output 669s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243.pem 669s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 669s [p11_child[2173]] [main] (0x0400): p11_child started. 669s [p11_child[2173]] [main] (0x2000): Running in [pre-auth] mode. 669s [p11_child[2173]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2173]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2173]] [do_card] (0x4000): Module List: 669s [p11_child[2173]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2173]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2173]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2173]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 669s [p11_child[2173]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2173]] [do_card] (0x4000): Login NOT required. 669s [p11_child[2173]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 669s [p11_child[2173]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2173]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2173]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fa5e458;slot-manufacturer=SoftHSM%20project;slot-id=799401048;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=73a1c82b2fa5e458;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2173]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 3 (0x3) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 669s Validity 669s Not Before: Mar 15 15:15:28 2025 GMT 669s Not After : Mar 15 15:15:28 2026 GMT 669s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:da:02:14:7b:b0:da:a5:b9:7f:d5:4d:d9:22:cf: 669s bc:b1:85:3a:e8:e0:36:08:02:d4:b0:cd:7c:5d:9a: 669s 69:d9:8c:aa:be:73:0b:56:94:b0:86:61:f6:c0:b7: 669s c6:6d:c7:aa:84:b5:a1:eb:86:dc:42:b9:92:10:67: 669s c1:05:d0:a6:e0:5f:ca:bd:41:95:c1:9c:76:54:00: 669s 80:f1:8f:99:91:6e:95:f1:ec:9d:a4:49:6a:90:5a: 669s 3b:c8:d5:ae:c3:7a:52:33:74:69:a7:9d:85:69:10: 669s f4:41:ce:85:ac:a6:cf:53:1a:27:bc:11:91:cd:71: 669s e0:34:fc:c7:63:20:08:42:67 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Root CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s b2:57:50:99:2e:07:c3:35:1e:55:fa:84:15:62:36:a9:69:70: 669s 7c:45:0b:7b:aa:2a:83:66:f1:51:b4:99:15:5d:16:67:f8:8e: 669s ce:c6:92:d0:b5:de:54:06:2a:bd:4a:94:c2:cd:ca:df:9f:04: 669s dc:bc:77:31:8c:50:4b:a3:07:2f:15:6e:12:04:11:3f:94:c7: 669s 5f:24:1e:ab:78:33:e5:87:e4:74:f4:e5:1e:6b:df:85:81:c4: 669s 0c:be:cc:76:32:33:71:b1:50:5c:70:58:8e:99:84:7a:1d:e9: 669s 1d:31:ba:82:ea:fc:f9:89:95:77:5b:af:69:99:33:7b:81:f8: 669s 4a:aa 669s + local found_md5 expected_md5 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + expected_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243.pem 669s + found_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s + '[' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 '!=' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 ']' 669s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243-auth.output 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243-auth.output .output 669s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243-auth.pem 669s + echo -n 053350 669s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 669s [p11_child[2181]] [main] (0x0400): p11_child started. 669s [p11_child[2181]] [main] (0x2000): Running in [auth] mode. 669s [p11_child[2181]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2181]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2181]] [do_card] (0x4000): Module List: 669s [p11_child[2181]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2181]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2181]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2181]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 669s [p11_child[2181]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2181]] [do_card] (0x4000): Login required. 669s [p11_child[2181]] [do_card] (0x4000): Token flags [1069]. 669s [p11_child[2181]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 669s [p11_child[2181]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2181]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2181]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fa5e458;slot-manufacturer=SoftHSM%20project;slot-id=799401048;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=73a1c82b2fa5e458;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 669s [p11_child[2181]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 669s [p11_child[2181]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 669s [p11_child[2181]] [do_card] (0x4000): Certificate verified and validated. 669s [p11_child[2181]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243-auth.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243-auth.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243-auth.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 3 (0x3) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 669s Validity 669s Not Before: Mar 15 15:15:28 2025 GMT 669s Not After : Mar 15 15:15:28 2026 GMT 669s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:da:02:14:7b:b0:da:a5:b9:7f:d5:4d:d9:22:cf: 669s bc:b1:85:3a:e8:e0:36:08:02:d4:b0:cd:7c:5d:9a: 669s 69:d9:8c:aa:be:73:0b:56:94:b0:86:61:f6:c0:b7: 669s c6:6d:c7:aa:84:b5:a1:eb:86:dc:42:b9:92:10:67: 669s c1:05:d0:a6:e0:5f:ca:bd:41:95:c1:9c:76:54:00: 669s 80:f1:8f:99:91:6e:95:f1:ec:9d:a4:49:6a:90:5a: 669s 3b:c8:d5:ae:c3:7a:52:33:74:69:a7:9d:85:69:10: 669s f4:41:ce:85:ac:a6:cf:53:1a:27:bc:11:91:cd:71: 669s e0:34:fc:c7:63:20:08:42:67 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Root CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s b2:57:50:99:2e:07:c3:35:1e:55:fa:84:15:62:36:a9:69:70: 669s 7c:45:0b:7b:aa:2a:83:66:f1:51:b4:99:15:5d:16:67:f8:8e: 669s ce:c6:92:d0:b5:de:54:06:2a:bd:4a:94:c2:cd:ca:df:9f:04: 669s dc:bc:77:31:8c:50:4b:a3:07:2f:15:6e:12:04:11:3f:94:c7: 669s 5f:24:1e:ab:78:33:e5:87:e4:74:f4:e5:1e:6b:df:85:81:c4: 669s 0c:be:cc:76:32:33:71:b1:50:5c:70:58:8e:99:84:7a:1d:e9: 669s 1d:31:ba:82:ea:fc:f9:89:95:77:5b:af:69:99:33:7b:81:f8: 669s 4a:aa 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-19243-auth.pem 669s + found_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s + '[' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 '!=' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 ']' 669s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem partial_chain 669s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem partial_chain 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 669s + local verify_option=partial_chain 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-root-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s + key_cn='Test Organization Root Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 669s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 669s + token_name='Test Organization Root Tr Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 669s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 669s + echo 'Test Organization Root Tr Token' 669s + '[' -n partial_chain ']' 669s + local verify_arg=--verify=partial_chain 669s + local output_base_name=SSSD-child-3300 669s Test Organization Root Tr Token 669s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300.output 669s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300.pem 669s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 669s [p11_child[2191]] [main] (0x0400): p11_child started. 669s [p11_child[2191]] [main] (0x2000): Running in [pre-auth] mode. 669s [p11_child[2191]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2191]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2191]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 669s [p11_child[2191]] [do_card] (0x4000): Module List: 669s [p11_child[2191]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2191]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2191]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2191]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 669s [p11_child[2191]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2191]] [do_card] (0x4000): Login NOT required. 669s [p11_child[2191]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 669s [p11_child[2191]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2191]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2191]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fa5e458;slot-manufacturer=SoftHSM%20project;slot-id=799401048;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=73a1c82b2fa5e458;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2191]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 3 (0x3) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 669s Validity 669s Not Before: Mar 15 15:15:28 2025 GMT 669s Not After : Mar 15 15:15:28 2026 GMT 669s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:da:02:14:7b:b0:da:a5:b9:7f:d5:4d:d9:22:cf: 669s bc:b1:85:3a:e8:e0:36:08:02:d4:b0:cd:7c:5d:9a: 669s 69:d9:8c:aa:be:73:0b:56:94:b0:86:61:f6:c0:b7: 669s c6:6d:c7:aa:84:b5:a1:eb:86:dc:42:b9:92:10:67: 669s c1:05:d0:a6:e0:5f:ca:bd:41:95:c1:9c:76:54:00: 669s 80:f1:8f:99:91:6e:95:f1:ec:9d:a4:49:6a:90:5a: 669s 3b:c8:d5:ae:c3:7a:52:33:74:69:a7:9d:85:69:10: 669s f4:41:ce:85:ac:a6:cf:53:1a:27:bc:11:91:cd:71: 669s e0:34:fc:c7:63:20:08:42:67 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Root CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s b2:57:50:99:2e:07:c3:35:1e:55:fa:84:15:62:36:a9:69:70: 669s 7c:45:0b:7b:aa:2a:83:66:f1:51:b4:99:15:5d:16:67:f8:8e: 669s ce:c6:92:d0:b5:de:54:06:2a:bd:4a:94:c2:cd:ca:df:9f:04: 669s dc:bc:77:31:8c:50:4b:a3:07:2f:15:6e:12:04:11:3f:94:c7: 669s 5f:24:1e:ab:78:33:e5:87:e4:74:f4:e5:1e:6b:df:85:81:c4: 669s 0c:be:cc:76:32:33:71:b1:50:5c:70:58:8e:99:84:7a:1d:e9: 669s 1d:31:ba:82:ea:fc:f9:89:95:77:5b:af:69:99:33:7b:81:f8: 669s 4a:aa 669s + local found_md5 expected_md5 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + expected_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300.pem 669s + found_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s + '[' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 '!=' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 ']' 669s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300-auth.output 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300-auth.output .output 669s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300-auth.pem 669s + echo -n 053350 669s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 669s [p11_child[2199]] [main] (0x0400): p11_child started. 669s [p11_child[2199]] [main] (0x2000): Running in [auth] mode. 669s [p11_child[2199]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2199]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2199]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 669s [p11_child[2199]] [do_card] (0x4000): Module List: 669s [p11_child[2199]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2199]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2199]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2199]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 669s [p11_child[2199]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2199]] [do_card] (0x4000): Login required. 669s [p11_child[2199]] [do_card] (0x4000): Token flags [1069]. 669s [p11_child[2199]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 669s [p11_child[2199]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2199]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2199]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fa5e458;slot-manufacturer=SoftHSM%20project;slot-id=799401048;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=73a1c82b2fa5e458;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 669s [p11_child[2199]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 669s [p11_child[2199]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 669s [p11_child[2199]] [do_card] (0x4000): Certificate verified and validated. 669s [p11_child[2199]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300-auth.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300-auth.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300-auth.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 3 (0x3) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 669s Validity 669s Not Before: Mar 15 15:15:28 2025 GMT 669s Not After : Mar 15 15:15:28 2026 GMT 669s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:da:02:14:7b:b0:da:a5:b9:7f:d5:4d:d9:22:cf: 669s bc:b1:85:3a:e8:e0:36:08:02:d4:b0:cd:7c:5d:9a: 669s 69:d9:8c:aa:be:73:0b:56:94:b0:86:61:f6:c0:b7: 669s c6:6d:c7:aa:84:b5:a1:eb:86:dc:42:b9:92:10:67: 669s c1:05:d0:a6:e0:5f:ca:bd:41:95:c1:9c:76:54:00: 669s 80:f1:8f:99:91:6e:95:f1:ec:9d:a4:49:6a:90:5a: 669s 3b:c8:d5:ae:c3:7a:52:33:74:69:a7:9d:85:69:10: 669s f4:41:ce:85:ac:a6:cf:53:1a:27:bc:11:91:cd:71: 669s e0:34:fc:c7:63:20:08:42:67 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Root CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s b2:57:50:99:2e:07:c3:35:1e:55:fa:84:15:62:36:a9:69:70: 669s 7c:45:0b:7b:aa:2a:83:66:f1:51:b4:99:15:5d:16:67:f8:8e: 669s ce:c6:92:d0:b5:de:54:06:2a:bd:4a:94:c2:cd:ca:df:9f:04: 669s dc:bc:77:31:8c:50:4b:a3:07:2f:15:6e:12:04:11:3f:94:c7: 669s 5f:24:1e:ab:78:33:e5:87:e4:74:f4:e5:1e:6b:df:85:81:c4: 669s 0c:be:cc:76:32:33:71:b1:50:5c:70:58:8e:99:84:7a:1d:e9: 669s 1d:31:ba:82:ea:fc:f9:89:95:77:5b:af:69:99:33:7b:81:f8: 669s 4a:aa 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3300-auth.pem 669s + found_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s + '[' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 '!=' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 ']' 669s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 669s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 669s + local verify_option= 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-root-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s + key_cn='Test Organization Root Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 669s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 669s + token_name='Test Organization Root Tr Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 669s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 669s + echo 'Test Organization Root Tr Token' 669s + '[' -n '' ']' 669s + local output_base_name=SSSD-child-25937 669s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937.output 669s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937.pem 669s Test Organization Root Tr Token 669s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 669s [p11_child[2209]] [main] (0x0400): p11_child started. 669s [p11_child[2209]] [main] (0x2000): Running in [pre-auth] mode. 669s [p11_child[2209]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2209]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2209]] [do_card] (0x4000): Module List: 669s [p11_child[2209]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2209]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2209]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2209]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 669s [p11_child[2209]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2209]] [do_card] (0x4000): Login NOT required. 669s [p11_child[2209]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 669s [p11_child[2209]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2209]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2209]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fa5e458;slot-manufacturer=SoftHSM%20project;slot-id=799401048;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=73a1c82b2fa5e458;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2209]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 3 (0x3) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 669s Validity 669s Not Before: Mar 15 15:15:28 2025 GMT 669s Not After : Mar 15 15:15:28 2026 GMT 669s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:da:02:14:7b:b0:da:a5:b9:7f:d5:4d:d9:22:cf: 669s bc:b1:85:3a:e8:e0:36:08:02:d4:b0:cd:7c:5d:9a: 669s 69:d9:8c:aa:be:73:0b:56:94:b0:86:61:f6:c0:b7: 669s c6:6d:c7:aa:84:b5:a1:eb:86:dc:42:b9:92:10:67: 669s c1:05:d0:a6:e0:5f:ca:bd:41:95:c1:9c:76:54:00: 669s 80:f1:8f:99:91:6e:95:f1:ec:9d:a4:49:6a:90:5a: 669s 3b:c8:d5:ae:c3:7a:52:33:74:69:a7:9d:85:69:10: 669s f4:41:ce:85:ac:a6:cf:53:1a:27:bc:11:91:cd:71: 669s e0:34:fc:c7:63:20:08:42:67 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Root CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s b2:57:50:99:2e:07:c3:35:1e:55:fa:84:15:62:36:a9:69:70: 669s 7c:45:0b:7b:aa:2a:83:66:f1:51:b4:99:15:5d:16:67:f8:8e: 669s ce:c6:92:d0:b5:de:54:06:2a:bd:4a:94:c2:cd:ca:df:9f:04: 669s dc:bc:77:31:8c:50:4b:a3:07:2f:15:6e:12:04:11:3f:94:c7: 669s 5f:24:1e:ab:78:33:e5:87:e4:74:f4:e5:1e:6b:df:85:81:c4: 669s 0c:be:cc:76:32:33:71:b1:50:5c:70:58:8e:99:84:7a:1d:e9: 669s 1d:31:ba:82:ea:fc:f9:89:95:77:5b:af:69:99:33:7b:81:f8: 669s 4a:aa 669s + local found_md5 expected_md5 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + expected_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937.pem 669s + found_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s + '[' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 '!=' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 ']' 669s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937-auth.output 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937-auth.output .output 669s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937-auth.pem 669s + echo -n 053350 669s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 669s [p11_child[2217]] [main] (0x0400): p11_child started. 669s [p11_child[2217]] [main] (0x2000): Running in [auth] mode. 669s [p11_child[2217]] [main] (0x2000): Running with effective IDs: [0][0]. 669s [p11_child[2217]] [main] (0x2000): Running with real IDs [0][0]. 669s [p11_child[2217]] [do_card] (0x4000): Module List: 669s [p11_child[2217]] [do_card] (0x4000): common name: [softhsm2]. 669s [p11_child[2217]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2217]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 669s [p11_child[2217]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 669s [p11_child[2217]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 669s [p11_child[2217]] [do_card] (0x4000): Login required. 669s [p11_child[2217]] [do_card] (0x4000): Token flags [1069]. 669s [p11_child[2217]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 669s [p11_child[2217]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 669s [p11_child[2217]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 669s [p11_child[2217]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fa5e458;slot-manufacturer=SoftHSM%20project;slot-id=799401048;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=73a1c82b2fa5e458;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 669s [p11_child[2217]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 669s [p11_child[2217]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 669s [p11_child[2217]] [do_card] (0x4000): Certificate verified and validated. 669s [p11_child[2217]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 669s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937-auth.output 669s + echo '-----BEGIN CERTIFICATE-----' 669s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937-auth.output 669s + echo '-----END CERTIFICATE-----' 669s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937-auth.pem 669s Certificate: 669s Data: 669s Version: 3 (0x2) 669s Serial Number: 3 (0x3) 669s Signature Algorithm: sha256WithRSAEncryption 669s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 669s Validity 669s Not Before: Mar 15 15:15:28 2025 GMT 669s Not After : Mar 15 15:15:28 2026 GMT 669s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 669s Subject Public Key Info: 669s Public Key Algorithm: rsaEncryption 669s Public-Key: (1024 bit) 669s Modulus: 669s 00:da:02:14:7b:b0:da:a5:b9:7f:d5:4d:d9:22:cf: 669s bc:b1:85:3a:e8:e0:36:08:02:d4:b0:cd:7c:5d:9a: 669s 69:d9:8c:aa:be:73:0b:56:94:b0:86:61:f6:c0:b7: 669s c6:6d:c7:aa:84:b5:a1:eb:86:dc:42:b9:92:10:67: 669s c1:05:d0:a6:e0:5f:ca:bd:41:95:c1:9c:76:54:00: 669s 80:f1:8f:99:91:6e:95:f1:ec:9d:a4:49:6a:90:5a: 669s 3b:c8:d5:ae:c3:7a:52:33:74:69:a7:9d:85:69:10: 669s f4:41:ce:85:ac:a6:cf:53:1a:27:bc:11:91:cd:71: 669s e0:34:fc:c7:63:20:08:42:67 669s Exponent: 65537 (0x10001) 669s X509v3 extensions: 669s X509v3 Authority Key Identifier: 669s 23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 669s X509v3 Basic Constraints: 669s CA:FALSE 669s Netscape Cert Type: 669s SSL Client, S/MIME 669s Netscape Comment: 669s Test Organization Root CA trusted Certificate 669s X509v3 Subject Key Identifier: 669s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 669s X509v3 Key Usage: critical 669s Digital Signature, Non Repudiation, Key Encipherment 669s X509v3 Extended Key Usage: 669s TLS Web Client Authentication, E-mail Protection 669s X509v3 Subject Alternative Name: 669s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 669s Signature Algorithm: sha256WithRSAEncryption 669s Signature Value: 669s b2:57:50:99:2e:07:c3:35:1e:55:fa:84:15:62:36:a9:69:70: 669s 7c:45:0b:7b:aa:2a:83:66:f1:51:b4:99:15:5d:16:67:f8:8e: 669s ce:c6:92:d0:b5:de:54:06:2a:bd:4a:94:c2:cd:ca:df:9f:04: 669s dc:bc:77:31:8c:50:4b:a3:07:2f:15:6e:12:04:11:3f:94:c7: 669s 5f:24:1e:ab:78:33:e5:87:e4:74:f4:e5:1e:6b:df:85:81:c4: 669s 0c:be:cc:76:32:33:71:b1:50:5c:70:58:8e:99:84:7a:1d:e9: 669s 1d:31:ba:82:ea:fc:f9:89:95:77:5b:af:69:99:33:7b:81:f8: 669s 4a:aa 669s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-25937-auth.pem 669s + found_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 669s + '[' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 '!=' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 ']' 669s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem partial_chain 669s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem partial_chain 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 669s + local verify_option=partial_chain 669s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 669s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 669s + local key_cn 669s + local key_name 669s + local tokens_dir 669s + local output_cert_file 669s + token_name= 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem .pem 669s + key_name=test-root-CA-trusted-certificate-0001 669s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 669s ++ sed -n 's/ *commonName *= //p' 669s + key_cn='Test Organization Root Trusted Certificate 0001' 669s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 669s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 669s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 669s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 669s + token_name='Test Organization Root Tr Token' 669s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 669s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 669s + echo 'Test Organization Root Tr Token' 669s + '[' -n partial_chain ']' 670s + local verify_arg=--verify=partial_chain 670s + local output_base_name=SSSD-child-5619 670s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619.output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619.pem 670s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 670s Test Organization Root Tr Token 670s [p11_child[2227]] [main] (0x0400): p11_child started. 670s [p11_child[2227]] [main] (0x2000): Running in [pre-auth] mode. 670s [p11_child[2227]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2227]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2227]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 670s [p11_child[2227]] [do_card] (0x4000): Module List: 670s [p11_child[2227]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2227]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2227]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2227]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 670s [p11_child[2227]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2227]] [do_card] (0x4000): Login NOT required. 670s [p11_child[2227]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 670s [p11_child[2227]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 670s [p11_child[2227]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 670s [p11_child[2227]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fa5e458;slot-manufacturer=SoftHSM%20project;slot-id=799401048;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=73a1c82b2fa5e458;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 670s [p11_child[2227]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619.output 670s + echo '-----BEGIN CERTIFICATE-----' 670s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619.output 670s + echo '-----END CERTIFICATE-----' 670s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619.pem 670s Certificate: 670s Data: 670s Version: 3 (0x2) 670s Serial Number: 3 (0x3) 670s Signature Algorithm: sha256WithRSAEncryption 670s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 670s Validity 670s Not Before: Mar 15 15:15:28 2025 GMT 670s Not After : Mar 15 15:15:28 2026 GMT 670s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 670s Subject Public Key Info: 670s Public Key Algorithm: rsaEncryption 670s Public-Key: (1024 bit) 670s Modulus: 670s 00:da:02:14:7b:b0:da:a5:b9:7f:d5:4d:d9:22:cf: 670s bc:b1:85:3a:e8:e0:36:08:02:d4:b0:cd:7c:5d:9a: 670s 69:d9:8c:aa:be:73:0b:56:94:b0:86:61:f6:c0:b7: 670s c6:6d:c7:aa:84:b5:a1:eb:86:dc:42:b9:92:10:67: 670s c1:05:d0:a6:e0:5f:ca:bd:41:95:c1:9c:76:54:00: 670s 80:f1:8f:99:91:6e:95:f1:ec:9d:a4:49:6a:90:5a: 670s 3b:c8:d5:ae:c3:7a:52:33:74:69:a7:9d:85:69:10: 670s f4:41:ce:85:ac:a6:cf:53:1a:27:bc:11:91:cd:71: 670s e0:34:fc:c7:63:20:08:42:67 670s Exponent: 65537 (0x10001) 670s X509v3 extensions: 670s X509v3 Authority Key Identifier: 670s 23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 670s X509v3 Basic Constraints: 670s CA:FALSE 670s Netscape Cert Type: 670s SSL Client, S/MIME 670s Netscape Comment: 670s Test Organization Root CA trusted Certificate 670s X509v3 Subject Key Identifier: 670s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 670s X509v3 Key Usage: critical 670s Digital Signature, Non Repudiation, Key Encipherment 670s X509v3 Extended Key Usage: 670s TLS Web Client Authentication, E-mail Protection 670s X509v3 Subject Alternative Name: 670s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 670s Signature Algorithm: sha256WithRSAEncryption 670s Signature Value: 670s b2:57:50:99:2e:07:c3:35:1e:55:fa:84:15:62:36:a9:69:70: 670s 7c:45:0b:7b:aa:2a:83:66:f1:51:b4:99:15:5d:16:67:f8:8e: 670s ce:c6:92:d0:b5:de:54:06:2a:bd:4a:94:c2:cd:ca:df:9f:04: 670s dc:bc:77:31:8c:50:4b:a3:07:2f:15:6e:12:04:11:3f:94:c7: 670s 5f:24:1e:ab:78:33:e5:87:e4:74:f4:e5:1e:6b:df:85:81:c4: 670s 0c:be:cc:76:32:33:71:b1:50:5c:70:58:8e:99:84:7a:1d:e9: 670s 1d:31:ba:82:ea:fc:f9:89:95:77:5b:af:69:99:33:7b:81:f8: 670s 4a:aa 670s + local found_md5 expected_md5 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 670s + expected_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619.pem 670s + found_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 670s + '[' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 '!=' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 ']' 670s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619-auth.output 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619-auth.output .output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619-auth.pem 670s + echo -n 053350 670s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 670s [p11_child[2235]] [main] (0x0400): p11_child started. 670s [p11_child[2235]] [main] (0x2000): Running in [auth] mode. 670s [p11_child[2235]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2235]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2235]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 670s [p11_child[2235]] [do_card] (0x4000): Module List: 670s [p11_child[2235]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2235]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2235]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2235]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 670s [p11_child[2235]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2235]] [do_card] (0x4000): Login required. 670s [p11_child[2235]] [do_card] (0x4000): Token flags [1069]. 670s [p11_child[2235]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 670s [p11_child[2235]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 670s [p11_child[2235]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 670s [p11_child[2235]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fa5e458;slot-manufacturer=SoftHSM%20project;slot-id=799401048;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=73a1c82b2fa5e458;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 670s [p11_child[2235]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 670s [p11_child[2235]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 670s [p11_child[2235]] [do_card] (0x4000): Certificate verified and validated. 670s [p11_child[2235]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619-auth.output 670s + echo '-----BEGIN CERTIFICATE-----' 670s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619-auth.output 670s + echo '-----END CERTIFICATE-----' 670s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619-auth.pem 670s Certificate: 670s Data: 670s Version: 3 (0x2) 670s Serial Number: 3 (0x3) 670s Signature Algorithm: sha256WithRSAEncryption 670s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 670s Validity 670s Not Before: Mar 15 15:15:28 2025 GMT 670s Not After : Mar 15 15:15:28 2026 GMT 670s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 670s Subject Public Key Info: 670s Public Key Algorithm: rsaEncryption 670s Public-Key: (1024 bit) 670s Modulus: 670s 00:da:02:14:7b:b0:da:a5:b9:7f:d5:4d:d9:22:cf: 670s bc:b1:85:3a:e8:e0:36:08:02:d4:b0:cd:7c:5d:9a: 670s 69:d9:8c:aa:be:73:0b:56:94:b0:86:61:f6:c0:b7: 670s c6:6d:c7:aa:84:b5:a1:eb:86:dc:42:b9:92:10:67: 670s c1:05:d0:a6:e0:5f:ca:bd:41:95:c1:9c:76:54:00: 670s 80:f1:8f:99:91:6e:95:f1:ec:9d:a4:49:6a:90:5a: 670s 3b:c8:d5:ae:c3:7a:52:33:74:69:a7:9d:85:69:10: 670s f4:41:ce:85:ac:a6:cf:53:1a:27:bc:11:91:cd:71: 670s e0:34:fc:c7:63:20:08:42:67 670s Exponent: 65537 (0x10001) 670s X509v3 extensions: 670s X509v3 Authority Key Identifier: 670s 23:DE:71:4E:8C:34:EF:A2:BD:7A:25:F6:8A:92:D0:48:EE:CA:F4:F0 670s X509v3 Basic Constraints: 670s CA:FALSE 670s Netscape Cert Type: 670s SSL Client, S/MIME 670s Netscape Comment: 670s Test Organization Root CA trusted Certificate 670s X509v3 Subject Key Identifier: 670s 68:97:E6:1D:BD:15:0D:D3:ED:EE:D5:F7:47:20:C2:8A:F7:5F:91:EF 670s X509v3 Key Usage: critical 670s Digital Signature, Non Repudiation, Key Encipherment 670s X509v3 Extended Key Usage: 670s TLS Web Client Authentication, E-mail Protection 670s X509v3 Subject Alternative Name: 670s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 670s Signature Algorithm: sha256WithRSAEncryption 670s Signature Value: 670s b2:57:50:99:2e:07:c3:35:1e:55:fa:84:15:62:36:a9:69:70: 670s 7c:45:0b:7b:aa:2a:83:66:f1:51:b4:99:15:5d:16:67:f8:8e: 670s ce:c6:92:d0:b5:de:54:06:2a:bd:4a:94:c2:cd:ca:df:9f:04: 670s dc:bc:77:31:8c:50:4b:a3:07:2f:15:6e:12:04:11:3f:94:c7: 670s 5f:24:1e:ab:78:33:e5:87:e4:74:f4:e5:1e:6b:df:85:81:c4: 670s 0c:be:cc:76:32:33:71:b1:50:5c:70:58:8e:99:84:7a:1d:e9: 670s 1d:31:ba:82:ea:fc:f9:89:95:77:5b:af:69:99:33:7b:81:f8: 670s 4a:aa 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-5619-auth.pem 670s + found_md5=Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 670s + '[' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 '!=' Modulus=DA02147BB0DAA5B97FD54DD922CFBCB1853AE8E0360802D4B0CD7C5D9A69D98CAABE730B5694B08661F6C0B7C66DC7AA84B5A1EB86DC42B9921067C105D0A6E05FCABD4195C19C76540080F18F99916E95F1EC9DA4496A905A3BC8D5AEC37A52337469A79D856910F441CE85ACA6CF531A27BC1191CD71E034FCC76320084267 ']' 670s + invalid_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 670s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 670s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 670s + local verify_option= 670s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 670s + local key_cn 670s + local key_name 670s + local tokens_dir 670s + local output_cert_file 670s + token_name= 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem .pem 670s + key_name=test-root-CA-trusted-certificate-0001 670s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 670s ++ sed -n 's/ *commonName *= //p' 670s + key_cn='Test Organization Root Trusted Certificate 0001' 670s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 670s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 670s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 670s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 670s + token_name='Test Organization Root Tr Token' 670s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 670s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 670s + echo 'Test Organization Root Tr Token' 670s + '[' -n '' ']' 670s + local output_base_name=SSSD-child-26701 670s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-26701.output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-26701.pem 670s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 670s Test Organization Root Tr Token 670s [p11_child[2245]] [main] (0x0400): p11_child started. 670s [p11_child[2245]] [main] (0x2000): Running in [pre-auth] mode. 670s [p11_child[2245]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2245]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2245]] [do_card] (0x4000): Module List: 670s [p11_child[2245]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2245]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2245]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2245]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 670s [p11_child[2245]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2245]] [do_card] (0x4000): Login NOT required. 670s [p11_child[2245]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 670s [p11_child[2245]] [do_verification] (0x0040): X509_verify_cert failed [0]. 670s [p11_child[2245]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 670s [p11_child[2245]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 670s [p11_child[2245]] [do_card] (0x4000): No certificate found. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-26701.output 670s + return 2 670s + invalid_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem partial_chain 670s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem partial_chain 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 670s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 670s + local verify_option=partial_chain 670s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12901 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-root-ca-trusted-cert-0001-12901 670s + local key_cn 670s + local key_name 670s + local tokens_dir 670s + local output_cert_file 670s + token_name= 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem .pem 670s + key_name=test-root-CA-trusted-certificate-0001 670s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-root-CA-trusted-certificate-0001.pem 670s ++ sed -n 's/ *commonName *= //p' 670s Test Organization Root Tr Token 670s + key_cn='Test Organization Root Trusted Certificate 0001' 670s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 670s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 670s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 670s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 670s + token_name='Test Organization Root Tr Token' 670s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 670s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 670s + echo 'Test Organization Root Tr Token' 670s + '[' -n partial_chain ']' 670s + local verify_arg=--verify=partial_chain 670s + local output_base_name=SSSD-child-14376 670s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-14376.output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-14376.pem 670s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 670s [p11_child[2252]] [main] (0x0400): p11_child started. 670s [p11_child[2252]] [main] (0x2000): Running in [pre-auth] mode. 670s [p11_child[2252]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2252]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2252]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 670s [p11_child[2252]] [do_card] (0x4000): Module List: 670s [p11_child[2252]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2252]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2252]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fa5e458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2252]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 670s [p11_child[2252]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2fa5e458][799401048] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2252]] [do_card] (0x4000): Login NOT required. 670s [p11_child[2252]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 670s [p11_child[2252]] [do_verification] (0x0040): X509_verify_cert failed [0]. 670s [p11_child[2252]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 670s [p11_child[2252]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 670s [p11_child[2252]] [do_card] (0x4000): No certificate found. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-14376.output 670s + return 2 670s + invalid_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /dev/null 670s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /dev/null 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_ring=/dev/null 670s + local verify_option= 670s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_cn 670s + local key_name 670s + local tokens_dir 670s + local output_cert_file 670s + token_name= 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem .pem 670s + key_name=test-intermediate-CA-trusted-certificate-0001 670s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s ++ sed -n 's/ *commonName *= //p' 670s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 670s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 670s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 670s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 670s + token_name='Test Organization Interme Token' 670s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 670s + local key_file 670s + local decrypted_key 670s + mkdir -p /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 670s + key_file=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001-key.pem 670s + decrypted_key=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 670s + cat 670s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 670s Slot 0 has a free/uninitialized token. 670s The token has been initialized and is reassigned to slot 2043282223 670s + softhsm2-util --show-slots 670s Available slots: 670s Slot 2043282223 670s Slot info: 670s Description: SoftHSM slot ID 0x79ca032f 670s Manufacturer ID: SoftHSM project 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Token present: yes 670s Token info: 670s Manufacturer ID: SoftHSM project 670s Model: SoftHSM v2 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Serial number: d86f399af9ca032f 670s Initialized: yes 670s User PIN init.: yes 670s Label: Test Organization Interme Token 670s Slot 1 670s Slot info: 670s Description: SoftHSM slot ID 0x1 670s Manufacturer ID: SoftHSM project 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Token present: yes 670s Token info: 670s Manufacturer ID: SoftHSM project 670s Model: SoftHSM v2 670s Hardware version: 2.6 670s Firmware version: 2.6 670s Serial number: 670s Initialized: no 670s User PIN init.: no 670s Label: 670s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 670s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-30946 -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 670s writing RSA key 670s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 670s + rm /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 670s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 670s Object 0: 670s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d86f399af9ca032f;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 670s Type: X.509 Certificate (RSA-1024) 670s Expires: Sun Mar 15 15:15:28 2026 670s Label: Test Organization Intermediate Trusted Certificate 0001 670s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 670s 670s Test Organization Interme Token 670s + echo 'Test Organization Interme Token' 670s + '[' -n '' ']' 670s + local output_base_name=SSSD-child-22262 670s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-22262.output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-22262.pem 670s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 670s [p11_child[2268]] [main] (0x0400): p11_child started. 670s [p11_child[2268]] [main] (0x2000): Running in [pre-auth] mode. 670s [p11_child[2268]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2268]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2268]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 670s [p11_child[2268]] [do_work] (0x0040): init_verification failed. 670s [p11_child[2268]] [main] (0x0020): p11_child failed (5) 670s + return 2 670s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /dev/null no_verification 670s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /dev/null no_verification 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_ring=/dev/null 670s + local verify_option=no_verification 670s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_cn 670s + local key_name 670s + local tokens_dir 670s + local output_cert_file 670s + token_name= 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem .pem 670s + key_name=test-intermediate-CA-trusted-certificate-0001 670s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s ++ sed -n 's/ *commonName *= //p' 670s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 670s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 670s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 670s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 670s + token_name='Test Organization Interme Token' 670s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 670s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 670s + echo 'Test Organization Interme Token' 670s + '[' -n no_verification ']' 670s + local verify_arg=--verify=no_verification 670s + local output_base_name=SSSD-child-24281 670s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281.output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281.pem 670s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 670s Test Organization Interme Token 670s [p11_child[2274]] [main] (0x0400): p11_child started. 670s [p11_child[2274]] [main] (0x2000): Running in [pre-auth] mode. 670s [p11_child[2274]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2274]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2274]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 670s [p11_child[2274]] [do_card] (0x4000): Module List: 670s [p11_child[2274]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2274]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2274]] [do_card] (0x4000): Description [SoftHSM slot ID 0x79ca032f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2274]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 670s [p11_child[2274]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x79ca032f][2043282223] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2274]] [do_card] (0x4000): Login NOT required. 670s [p11_child[2274]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 670s [p11_child[2274]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 670s [p11_child[2274]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x79ca032f;slot-manufacturer=SoftHSM%20project;slot-id=2043282223;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d86f399af9ca032f;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 670s [p11_child[2274]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281.output 670s + echo '-----BEGIN CERTIFICATE-----' 670s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281.output 670s + echo '-----END CERTIFICATE-----' 670s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281.pem 670s + local found_md5 expected_md5 670s Certificate: 670s Data: 670s Version: 3 (0x2) 670s Serial Number: 4 (0x4) 670s Signature Algorithm: sha256WithRSAEncryption 670s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 670s Validity 670s Not Before: Mar 15 15:15:28 2025 GMT 670s Not After : Mar 15 15:15:28 2026 GMT 670s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 670s Subject Public Key Info: 670s Public Key Algorithm: rsaEncryption 670s Public-Key: (1024 bit) 670s Modulus: 670s 00:b5:d8:20:1e:bb:8b:0a:33:55:3e:58:a3:90:b0: 670s f9:5e:d3:d9:02:bc:87:e9:a9:36:d1:88:57:b0:7a: 670s 97:b6:88:13:82:da:e3:24:1a:6f:55:08:c0:8a:2d: 670s 8c:4d:d1:26:80:ae:4a:e4:dd:79:2d:10:cc:01:72: 670s 9e:30:42:df:75:7f:92:b8:a5:28:8d:f4:a0:75:1f: 670s e4:9d:bb:b7:9f:e8:e7:88:e4:9a:f9:e1:8e:d6:46: 670s e9:d2:3a:52:22:01:97:a6:a2:f1:f9:6d:c3:34:b0: 670s ec:ba:c3:e2:0b:40:56:2f:44:03:c9:8a:78:36:a4: 670s fc:07:37:0a:ed:a3:f2:a9:c7 670s Exponent: 65537 (0x10001) 670s X509v3 extensions: 670s X509v3 Authority Key Identifier: 670s C7:3E:1D:5C:74:D7:4B:B9:67:67:03:B3:94:AB:D0:BC:B4:BD:6C:29 670s X509v3 Basic Constraints: 670s CA:FALSE 670s Netscape Cert Type: 670s SSL Client, S/MIME 670s Netscape Comment: 670s Test Organization Intermediate CA trusted Certificate 670s X509v3 Subject Key Identifier: 670s 2D:45:6B:F2:60:4F:EE:19:49:7D:0D:0B:8A:52:C3:07:5D:96:52:AC 670s X509v3 Key Usage: critical 670s Digital Signature, Non Repudiation, Key Encipherment 670s X509v3 Extended Key Usage: 670s TLS Web Client Authentication, E-mail Protection 670s X509v3 Subject Alternative Name: 670s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 670s Signature Algorithm: sha256WithRSAEncryption 670s Signature Value: 670s 6c:20:01:7b:59:59:c4:36:92:bb:1e:3f:9d:58:d9:d7:71:46: 670s b1:bc:14:00:dd:8f:b2:eb:5c:a4:8d:28:d0:a8:0b:ba:9c:04: 670s b2:e1:6b:f8:dd:aa:7d:c7:f2:e9:b2:a2:a9:9f:e5:57:e8:ab: 670s 00:d8:ac:c2:3f:2a:5b:e2:98:61:0c:60:08:49:d5:57:26:a3: 670s 52:47:ae:d8:07:35:0e:b1:fe:07:58:9b:e5:cb:49:2b:83:a6: 670s d7:7a:a2:ed:a8:64:23:c2:a4:e0:ae:f1:a1:50:81:94:56:95: 670s 3f:c9:62:93:05:5e:6b:29:30:05:e5:25:1a:a4:34:ff:0c:72: 670s 85:9d 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + expected_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281.pem 670s + found_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 670s + '[' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 '!=' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 ']' 670s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281-auth.output 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281-auth.output .output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281-auth.pem 670s + echo -n 053350 670s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 670s [p11_child[2282]] [main] (0x0400): p11_child started. 670s [p11_child[2282]] [main] (0x2000): Running in [auth] mode. 670s [p11_child[2282]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2282]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2282]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 670s [p11_child[2282]] [do_card] (0x4000): Module List: 670s [p11_child[2282]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2282]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2282]] [do_card] (0x4000): Description [SoftHSM slot ID 0x79ca032f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2282]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 670s [p11_child[2282]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x79ca032f][2043282223] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2282]] [do_card] (0x4000): Login required. 670s [p11_child[2282]] [do_card] (0x4000): Token flags [1069]. 670s [p11_child[2282]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 670s [p11_child[2282]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 670s [p11_child[2282]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x79ca032f;slot-manufacturer=SoftHSM%20project;slot-id=2043282223;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d86f399af9ca032f;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 670s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 670s [p11_child[2282]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 670s [p11_child[2282]] [do_card] (0x4000): Certificate verified and validated. 670s [p11_child[2282]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281-auth.output 670s + echo '-----BEGIN CERTIFICATE-----' 670s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281-auth.output 670s + echo '-----END CERTIFICATE-----' 670s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281-auth.pem 670s Certificate: 670s Data: 670s Version: 3 (0x2) 670s Serial Number: 4 (0x4) 670s Signature Algorithm: sha256WithRSAEncryption 670s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 670s Validity 670s Not Before: Mar 15 15:15:28 2025 GMT 670s Not After : Mar 15 15:15:28 2026 GMT 670s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 670s Subject Public Key Info: 670s Public Key Algorithm: rsaEncryption 670s Public-Key: (1024 bit) 670s Modulus: 670s 00:b5:d8:20:1e:bb:8b:0a:33:55:3e:58:a3:90:b0: 670s f9:5e:d3:d9:02:bc:87:e9:a9:36:d1:88:57:b0:7a: 670s 97:b6:88:13:82:da:e3:24:1a:6f:55:08:c0:8a:2d: 670s 8c:4d:d1:26:80:ae:4a:e4:dd:79:2d:10:cc:01:72: 670s 9e:30:42:df:75:7f:92:b8:a5:28:8d:f4:a0:75:1f: 670s e4:9d:bb:b7:9f:e8:e7:88:e4:9a:f9:e1:8e:d6:46: 670s e9:d2:3a:52:22:01:97:a6:a2:f1:f9:6d:c3:34:b0: 670s ec:ba:c3:e2:0b:40:56:2f:44:03:c9:8a:78:36:a4: 670s fc:07:37:0a:ed:a3:f2:a9:c7 670s Exponent: 65537 (0x10001) 670s X509v3 extensions: 670s X509v3 Authority Key Identifier: 670s C7:3E:1D:5C:74:D7:4B:B9:67:67:03:B3:94:AB:D0:BC:B4:BD:6C:29 670s X509v3 Basic Constraints: 670s CA:FALSE 670s Netscape Cert Type: 670s SSL Client, S/MIME 670s Netscape Comment: 670s Test Organization Intermediate CA trusted Certificate 670s X509v3 Subject Key Identifier: 670s 2D:45:6B:F2:60:4F:EE:19:49:7D:0D:0B:8A:52:C3:07:5D:96:52:AC 670s X509v3 Key Usage: critical 670s Digital Signature, Non Repudiation, Key Encipherment 670s X509v3 Extended Key Usage: 670s TLS Web Client Authentication, E-mail Protection 670s X509v3 Subject Alternative Name: 670s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 670s Signature Algorithm: sha256WithRSAEncryption 670s Signature Value: 670s 6c:20:01:7b:59:59:c4:36:92:bb:1e:3f:9d:58:d9:d7:71:46: 670s b1:bc:14:00:dd:8f:b2:eb:5c:a4:8d:28:d0:a8:0b:ba:9c:04: 670s b2:e1:6b:f8:dd:aa:7d:c7:f2:e9:b2:a2:a9:9f:e5:57:e8:ab: 670s 00:d8:ac:c2:3f:2a:5b:e2:98:61:0c:60:08:49:d5:57:26:a3: 670s 52:47:ae:d8:07:35:0e:b1:fe:07:58:9b:e5:cb:49:2b:83:a6: 670s d7:7a:a2:ed:a8:64:23:c2:a4:e0:ae:f1:a1:50:81:94:56:95: 670s 3f:c9:62:93:05:5e:6b:29:30:05:e5:25:1a:a4:34:ff:0c:72: 670s 85:9d 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-24281-auth.pem 670s + found_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 670s + '[' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 '!=' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 ']' 670s + invalid_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 670s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 670s + local verify_option= 670s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_cn 670s + local key_name 670s + local tokens_dir 670s + local output_cert_file 670s + token_name= 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem .pem 670s + key_name=test-intermediate-CA-trusted-certificate-0001 670s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s ++ sed -n 's/ *commonName *= //p' 670s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 670s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 670s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 670s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 670s + token_name='Test Organization Interme Token' 670s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 670s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 670s + echo 'Test Organization Interme Token' 670s + '[' -n '' ']' 670s + local output_base_name=SSSD-child-13213 670s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-13213.output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-13213.pem 670s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 670s Test Organization Interme Token 670s [p11_child[2292]] [main] (0x0400): p11_child started. 670s [p11_child[2292]] [main] (0x2000): Running in [pre-auth] mode. 670s [p11_child[2292]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2292]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2292]] [do_card] (0x4000): Module List: 670s [p11_child[2292]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2292]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2292]] [do_card] (0x4000): Description [SoftHSM slot ID 0x79ca032f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2292]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 670s [p11_child[2292]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x79ca032f][2043282223] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2292]] [do_card] (0x4000): Login NOT required. 670s [p11_child[2292]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 670s [p11_child[2292]] [do_verification] (0x0040): X509_verify_cert failed [0]. 670s [p11_child[2292]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 670s [p11_child[2292]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 670s [p11_child[2292]] [do_card] (0x4000): No certificate found. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-13213.output 670s + return 2 670s + invalid_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem partial_chain 670s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem partial_chain 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 670s + local verify_option=partial_chain 670s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_cn 670s + local key_name 670s + local tokens_dir 670s + local output_cert_file 670s + token_name= 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem .pem 670s + key_name=test-intermediate-CA-trusted-certificate-0001 670s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s ++ sed -n 's/ *commonName *= //p' 670s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 670s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 670s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 670s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 670s + token_name='Test Organization Interme Token' 670s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 670s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 670s + echo 'Test Organization Interme Token' 670s + '[' -n partial_chain ']' 670s + local verify_arg=--verify=partial_chain 670s + local output_base_name=SSSD-child-30347 670s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-30347.output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-30347.pem 670s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 670s Test Organization Interme Token 670s [p11_child[2299]] [main] (0x0400): p11_child started. 670s [p11_child[2299]] [main] (0x2000): Running in [pre-auth] mode. 670s [p11_child[2299]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2299]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2299]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 670s [p11_child[2299]] [do_card] (0x4000): Module List: 670s [p11_child[2299]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2299]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2299]] [do_card] (0x4000): Description [SoftHSM slot ID 0x79ca032f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2299]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 670s [p11_child[2299]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x79ca032f][2043282223] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2299]] [do_card] (0x4000): Login NOT required. 670s [p11_child[2299]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 670s [p11_child[2299]] [do_verification] (0x0040): X509_verify_cert failed [0]. 670s [p11_child[2299]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 670s [p11_child[2299]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 670s [p11_child[2299]] [do_card] (0x4000): No certificate found. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-30347.output 670s + return 2 670s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 670s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 670s + local verify_option= 670s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_cn 670s + local key_name 670s + local tokens_dir 670s + local output_cert_file 670s + token_name= 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem .pem 670s + key_name=test-intermediate-CA-trusted-certificate-0001 670s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s ++ sed -n 's/ *commonName *= //p' 670s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 670s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 670s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 670s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 670s + token_name='Test Organization Interme Token' 670s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 670s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 670s + echo 'Test Organization Interme Token' 670s + '[' -n '' ']' 670s + local output_base_name=SSSD-child-27409 670s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409.output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409.pem 670s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 670s Test Organization Interme Token 670s [p11_child[2306]] [main] (0x0400): p11_child started. 670s [p11_child[2306]] [main] (0x2000): Running in [pre-auth] mode. 670s [p11_child[2306]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2306]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2306]] [do_card] (0x4000): Module List: 670s [p11_child[2306]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2306]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2306]] [do_card] (0x4000): Description [SoftHSM slot ID 0x79ca032f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2306]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 670s [p11_child[2306]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x79ca032f][2043282223] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2306]] [do_card] (0x4000): Login NOT required. 670s [p11_child[2306]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 670s [p11_child[2306]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 670s [p11_child[2306]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 670s [p11_child[2306]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x79ca032f;slot-manufacturer=SoftHSM%20project;slot-id=2043282223;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d86f399af9ca032f;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 670s [p11_child[2306]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409.output 670s + echo '-----BEGIN CERTIFICATE-----' 670s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409.output 670s + echo '-----END CERTIFICATE-----' 670s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409.pem 670s + local found_md5 expected_md5 670s Certificate: 670s Data: 670s Version: 3 (0x2) 670s Serial Number: 4 (0x4) 670s Signature Algorithm: sha256WithRSAEncryption 670s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 670s Validity 670s Not Before: Mar 15 15:15:28 2025 GMT 670s Not After : Mar 15 15:15:28 2026 GMT 670s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 670s Subject Public Key Info: 670s Public Key Algorithm: rsaEncryption 670s Public-Key: (1024 bit) 670s Modulus: 670s 00:b5:d8:20:1e:bb:8b:0a:33:55:3e:58:a3:90:b0: 670s f9:5e:d3:d9:02:bc:87:e9:a9:36:d1:88:57:b0:7a: 670s 97:b6:88:13:82:da:e3:24:1a:6f:55:08:c0:8a:2d: 670s 8c:4d:d1:26:80:ae:4a:e4:dd:79:2d:10:cc:01:72: 670s 9e:30:42:df:75:7f:92:b8:a5:28:8d:f4:a0:75:1f: 670s e4:9d:bb:b7:9f:e8:e7:88:e4:9a:f9:e1:8e:d6:46: 670s e9:d2:3a:52:22:01:97:a6:a2:f1:f9:6d:c3:34:b0: 670s ec:ba:c3:e2:0b:40:56:2f:44:03:c9:8a:78:36:a4: 670s fc:07:37:0a:ed:a3:f2:a9:c7 670s Exponent: 65537 (0x10001) 670s X509v3 extensions: 670s X509v3 Authority Key Identifier: 670s C7:3E:1D:5C:74:D7:4B:B9:67:67:03:B3:94:AB:D0:BC:B4:BD:6C:29 670s X509v3 Basic Constraints: 670s CA:FALSE 670s Netscape Cert Type: 670s SSL Client, S/MIME 670s Netscape Comment: 670s Test Organization Intermediate CA trusted Certificate 670s X509v3 Subject Key Identifier: 670s 2D:45:6B:F2:60:4F:EE:19:49:7D:0D:0B:8A:52:C3:07:5D:96:52:AC 670s X509v3 Key Usage: critical 670s Digital Signature, Non Repudiation, Key Encipherment 670s X509v3 Extended Key Usage: 670s TLS Web Client Authentication, E-mail Protection 670s X509v3 Subject Alternative Name: 670s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 670s Signature Algorithm: sha256WithRSAEncryption 670s Signature Value: 670s 6c:20:01:7b:59:59:c4:36:92:bb:1e:3f:9d:58:d9:d7:71:46: 670s b1:bc:14:00:dd:8f:b2:eb:5c:a4:8d:28:d0:a8:0b:ba:9c:04: 670s b2:e1:6b:f8:dd:aa:7d:c7:f2:e9:b2:a2:a9:9f:e5:57:e8:ab: 670s 00:d8:ac:c2:3f:2a:5b:e2:98:61:0c:60:08:49:d5:57:26:a3: 670s 52:47:ae:d8:07:35:0e:b1:fe:07:58:9b:e5:cb:49:2b:83:a6: 670s d7:7a:a2:ed:a8:64:23:c2:a4:e0:ae:f1:a1:50:81:94:56:95: 670s 3f:c9:62:93:05:5e:6b:29:30:05:e5:25:1a:a4:34:ff:0c:72: 670s 85:9d 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + expected_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409.pem 670s + found_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 670s + '[' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 '!=' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 ']' 670s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409-auth.output 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409-auth.output .output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409-auth.pem 670s + echo -n 053350 670s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 670s [p11_child[2314]] [main] (0x0400): p11_child started. 670s [p11_child[2314]] [main] (0x2000): Running in [auth] mode. 670s [p11_child[2314]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2314]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2314]] [do_card] (0x4000): Module List: 670s [p11_child[2314]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2314]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2314]] [do_card] (0x4000): Description [SoftHSM slot ID 0x79ca032f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2314]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 670s [p11_child[2314]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x79ca032f][2043282223] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2314]] [do_card] (0x4000): Login required. 670s [p11_child[2314]] [do_card] (0x4000): Token flags [1069]. 670s [p11_child[2314]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 670s [p11_child[2314]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 670s [p11_child[2314]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 670s [p11_child[2314]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x79ca032f;slot-manufacturer=SoftHSM%20project;slot-id=2043282223;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d86f399af9ca032f;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 670s [p11_child[2314]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 670s [p11_child[2314]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 670s [p11_child[2314]] [do_card] (0x4000): Certificate verified and validated. 670s [p11_child[2314]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409-auth.output 670s + echo '-----BEGIN CERTIFICATE-----' 670s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409-auth.output 670s + echo '-----END CERTIFICATE-----' 670s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409-auth.pem 670s Certificate: 670s Data: 670s Version: 3 (0x2) 670s Serial Number: 4 (0x4) 670s Signature Algorithm: sha256WithRSAEncryption 670s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 670s Validity 670s Not Before: Mar 15 15:15:28 2025 GMT 670s Not After : Mar 15 15:15:28 2026 GMT 670s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 670s Subject Public Key Info: 670s Public Key Algorithm: rsaEncryption 670s Public-Key: (1024 bit) 670s Modulus: 670s 00:b5:d8:20:1e:bb:8b:0a:33:55:3e:58:a3:90:b0: 670s f9:5e:d3:d9:02:bc:87:e9:a9:36:d1:88:57:b0:7a: 670s 97:b6:88:13:82:da:e3:24:1a:6f:55:08:c0:8a:2d: 670s 8c:4d:d1:26:80:ae:4a:e4:dd:79:2d:10:cc:01:72: 670s 9e:30:42:df:75:7f:92:b8:a5:28:8d:f4:a0:75:1f: 670s e4:9d:bb:b7:9f:e8:e7:88:e4:9a:f9:e1:8e:d6:46: 670s e9:d2:3a:52:22:01:97:a6:a2:f1:f9:6d:c3:34:b0: 670s ec:ba:c3:e2:0b:40:56:2f:44:03:c9:8a:78:36:a4: 670s fc:07:37:0a:ed:a3:f2:a9:c7 670s Exponent: 65537 (0x10001) 670s X509v3 extensions: 670s X509v3 Authority Key Identifier: 670s C7:3E:1D:5C:74:D7:4B:B9:67:67:03:B3:94:AB:D0:BC:B4:BD:6C:29 670s X509v3 Basic Constraints: 670s CA:FALSE 670s Netscape Cert Type: 670s SSL Client, S/MIME 670s Netscape Comment: 670s Test Organization Intermediate CA trusted Certificate 670s X509v3 Subject Key Identifier: 670s 2D:45:6B:F2:60:4F:EE:19:49:7D:0D:0B:8A:52:C3:07:5D:96:52:AC 670s X509v3 Key Usage: critical 670s Digital Signature, Non Repudiation, Key Encipherment 670s X509v3 Extended Key Usage: 670s TLS Web Client Authentication, E-mail Protection 670s X509v3 Subject Alternative Name: 670s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 670s Signature Algorithm: sha256WithRSAEncryption 670s Signature Value: 670s 6c:20:01:7b:59:59:c4:36:92:bb:1e:3f:9d:58:d9:d7:71:46: 670s b1:bc:14:00:dd:8f:b2:eb:5c:a4:8d:28:d0:a8:0b:ba:9c:04: 670s b2:e1:6b:f8:dd:aa:7d:c7:f2:e9:b2:a2:a9:9f:e5:57:e8:ab: 670s 00:d8:ac:c2:3f:2a:5b:e2:98:61:0c:60:08:49:d5:57:26:a3: 670s 52:47:ae:d8:07:35:0e:b1:fe:07:58:9b:e5:cb:49:2b:83:a6: 670s d7:7a:a2:ed:a8:64:23:c2:a4:e0:ae:f1:a1:50:81:94:56:95: 670s 3f:c9:62:93:05:5e:6b:29:30:05:e5:25:1a:a4:34:ff:0c:72: 670s 85:9d 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-27409-auth.pem 670s + found_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 670s + '[' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 '!=' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 ']' 670s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem partial_chain 670s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem partial_chain 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 670s + local verify_option=partial_chain 670s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_cn 670s + local key_name 670s + local tokens_dir 670s + local output_cert_file 670s + token_name= 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem .pem 670s + key_name=test-intermediate-CA-trusted-certificate-0001 670s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s ++ sed -n 's/ *commonName *= //p' 670s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 670s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 670s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 670s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 670s + token_name='Test Organization Interme Token' 670s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 670s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 670s + echo 'Test Organization Interme Token' 670s + '[' -n partial_chain ']' 670s + local verify_arg=--verify=partial_chain 670s + local output_base_name=SSSD-child-7266 670s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266.output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266.pem 670s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 670s Test Organization Interme Token 670s [p11_child[2324]] [main] (0x0400): p11_child started. 670s [p11_child[2324]] [main] (0x2000): Running in [pre-auth] mode. 670s [p11_child[2324]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2324]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2324]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 670s [p11_child[2324]] [do_card] (0x4000): Module List: 670s [p11_child[2324]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2324]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2324]] [do_card] (0x4000): Description [SoftHSM slot ID 0x79ca032f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2324]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 670s [p11_child[2324]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x79ca032f][2043282223] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2324]] [do_card] (0x4000): Login NOT required. 670s [p11_child[2324]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 670s [p11_child[2324]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 670s [p11_child[2324]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 670s [p11_child[2324]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x79ca032f;slot-manufacturer=SoftHSM%20project;slot-id=2043282223;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d86f399af9ca032f;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 670s [p11_child[2324]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266.output 670s + echo '-----BEGIN CERTIFICATE-----' 670s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266.output 670s + echo '-----END CERTIFICATE-----' 670s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266.pem 670s Certificate: 670s Data: 670s Version: 3 (0x2) 670s Serial Number: 4 (0x4) 670s Signature Algorithm: sha256WithRSAEncryption 670s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 670s Validity 670s Not Before: Mar 15 15:15:28 2025 GMT 670s Not After : Mar 15 15:15:28 2026 GMT 670s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 670s Subject Public Key Info: 670s Public Key Algorithm: rsaEncryption 670s Public-Key: (1024 bit) 670s Modulus: 670s 00:b5:d8:20:1e:bb:8b:0a:33:55:3e:58:a3:90:b0: 670s f9:5e:d3:d9:02:bc:87:e9:a9:36:d1:88:57:b0:7a: 670s 97:b6:88:13:82:da:e3:24:1a:6f:55:08:c0:8a:2d: 670s 8c:4d:d1:26:80:ae:4a:e4:dd:79:2d:10:cc:01:72: 670s 9e:30:42:df:75:7f:92:b8:a5:28:8d:f4:a0:75:1f: 670s e4:9d:bb:b7:9f:e8:e7:88:e4:9a:f9:e1:8e:d6:46: 670s e9:d2:3a:52:22:01:97:a6:a2:f1:f9:6d:c3:34:b0: 670s ec:ba:c3:e2:0b:40:56:2f:44:03:c9:8a:78:36:a4: 670s fc:07:37:0a:ed:a3:f2:a9:c7 670s Exponent: 65537 (0x10001) 670s X509v3 extensions: 670s X509v3 Authority Key Identifier: 670s C7:3E:1D:5C:74:D7:4B:B9:67:67:03:B3:94:AB:D0:BC:B4:BD:6C:29 670s X509v3 Basic Constraints: 670s CA:FALSE 670s Netscape Cert Type: 670s SSL Client, S/MIME 670s Netscape Comment: 670s Test Organization Intermediate CA trusted Certificate 670s X509v3 Subject Key Identifier: 670s 2D:45:6B:F2:60:4F:EE:19:49:7D:0D:0B:8A:52:C3:07:5D:96:52:AC 670s X509v3 Key Usage: critical 670s Digital Signature, Non Repudiation, Key Encipherment 670s X509v3 Extended Key Usage: 670s TLS Web Client Authentication, E-mail Protection 670s X509v3 Subject Alternative Name: 670s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 670s Signature Algorithm: sha256WithRSAEncryption 670s Signature Value: 670s 6c:20:01:7b:59:59:c4:36:92:bb:1e:3f:9d:58:d9:d7:71:46: 670s b1:bc:14:00:dd:8f:b2:eb:5c:a4:8d:28:d0:a8:0b:ba:9c:04: 670s b2:e1:6b:f8:dd:aa:7d:c7:f2:e9:b2:a2:a9:9f:e5:57:e8:ab: 670s 00:d8:ac:c2:3f:2a:5b:e2:98:61:0c:60:08:49:d5:57:26:a3: 670s 52:47:ae:d8:07:35:0e:b1:fe:07:58:9b:e5:cb:49:2b:83:a6: 670s d7:7a:a2:ed:a8:64:23:c2:a4:e0:ae:f1:a1:50:81:94:56:95: 670s 3f:c9:62:93:05:5e:6b:29:30:05:e5:25:1a:a4:34:ff:0c:72: 670s 85:9d 670s + local found_md5 expected_md5 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + expected_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266.pem 670s + found_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 670s + '[' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 '!=' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 ']' 670s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266-auth.output 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266-auth.output .output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266-auth.pem 670s + echo -n 053350 670s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 670s [p11_child[2332]] [main] (0x0400): p11_child started. 670s [p11_child[2332]] [main] (0x2000): Running in [auth] mode. 670s [p11_child[2332]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2332]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2332]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 670s [p11_child[2332]] [do_card] (0x4000): Module List: 670s [p11_child[2332]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2332]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2332]] [do_card] (0x4000): Description [SoftHSM slot ID 0x79ca032f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2332]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 670s [p11_child[2332]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x79ca032f][2043282223] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2332]] [do_card] (0x4000): Login required. 670s [p11_child[2332]] [do_card] (0x4000): Token flags [1069]. 670s [p11_child[2332]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 670s [p11_child[2332]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 670s [p11_child[2332]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 670s [p11_child[2332]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x79ca032f;slot-manufacturer=SoftHSM%20project;slot-id=2043282223;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d86f399af9ca032f;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 670s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 670s [p11_child[2332]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 670s [p11_child[2332]] [do_card] (0x4000): Certificate verified and validated. 670s [p11_child[2332]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266-auth.output 670s + echo '-----BEGIN CERTIFICATE-----' 670s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266-auth.output 670s + echo '-----END CERTIFICATE-----' 670s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266-auth.pem 670s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-7266-auth.pem 670s Certificate: 670s Data: 670s Version: 3 (0x2) 670s Serial Number: 4 (0x4) 670s Signature Algorithm: sha256WithRSAEncryption 670s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 670s Validity 670s Not Before: Mar 15 15:15:28 2025 GMT 670s Not After : Mar 15 15:15:28 2026 GMT 670s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 670s Subject Public Key Info: 670s Public Key Algorithm: rsaEncryption 670s Public-Key: (1024 bit) 670s Modulus: 670s 00:b5:d8:20:1e:bb:8b:0a:33:55:3e:58:a3:90:b0: 670s f9:5e:d3:d9:02:bc:87:e9:a9:36:d1:88:57:b0:7a: 670s 97:b6:88:13:82:da:e3:24:1a:6f:55:08:c0:8a:2d: 670s 8c:4d:d1:26:80:ae:4a:e4:dd:79:2d:10:cc:01:72: 670s 9e:30:42:df:75:7f:92:b8:a5:28:8d:f4:a0:75:1f: 670s e4:9d:bb:b7:9f:e8:e7:88:e4:9a:f9:e1:8e:d6:46: 670s e9:d2:3a:52:22:01:97:a6:a2:f1:f9:6d:c3:34:b0: 670s ec:ba:c3:e2:0b:40:56:2f:44:03:c9:8a:78:36:a4: 670s fc:07:37:0a:ed:a3:f2:a9:c7 670s Exponent: 65537 (0x10001) 670s X509v3 extensions: 670s X509v3 Authority Key Identifier: 670s C7:3E:1D:5C:74:D7:4B:B9:67:67:03:B3:94:AB:D0:BC:B4:BD:6C:29 670s X509v3 Basic Constraints: 670s CA:FALSE 670s Netscape Cert Type: 670s SSL Client, S/MIME 670s Netscape Comment: 670s Test Organization Intermediate CA trusted Certificate 670s X509v3 Subject Key Identifier: 670s 2D:45:6B:F2:60:4F:EE:19:49:7D:0D:0B:8A:52:C3:07:5D:96:52:AC 670s X509v3 Key Usage: critical 670s Digital Signature, Non Repudiation, Key Encipherment 670s X509v3 Extended Key Usage: 670s TLS Web Client Authentication, E-mail Protection 670s X509v3 Subject Alternative Name: 670s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 670s Signature Algorithm: sha256WithRSAEncryption 670s Signature Value: 670s 6c:20:01:7b:59:59:c4:36:92:bb:1e:3f:9d:58:d9:d7:71:46: 670s b1:bc:14:00:dd:8f:b2:eb:5c:a4:8d:28:d0:a8:0b:ba:9c:04: 670s b2:e1:6b:f8:dd:aa:7d:c7:f2:e9:b2:a2:a9:9f:e5:57:e8:ab: 670s 00:d8:ac:c2:3f:2a:5b:e2:98:61:0c:60:08:49:d5:57:26:a3: 670s 52:47:ae:d8:07:35:0e:b1:fe:07:58:9b:e5:cb:49:2b:83:a6: 670s d7:7a:a2:ed:a8:64:23:c2:a4:e0:ae:f1:a1:50:81:94:56:95: 670s 3f:c9:62:93:05:5e:6b:29:30:05:e5:25:1a:a4:34:ff:0c:72: 670s 85:9d 670s + found_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 670s + '[' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 '!=' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 ']' 670s + invalid_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 670s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 670s + local verify_option= 670s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_cn 670s + local key_name 670s + local tokens_dir 670s + local output_cert_file 670s + token_name= 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem .pem 670s + key_name=test-intermediate-CA-trusted-certificate-0001 670s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s ++ sed -n 's/ *commonName *= //p' 670s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 670s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 670s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 670s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 670s Test Organization Interme Token 670s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 670s + token_name='Test Organization Interme Token' 670s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 670s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 670s + echo 'Test Organization Interme Token' 670s + '[' -n '' ']' 670s + local output_base_name=SSSD-child-11912 670s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-11912.output 670s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-11912.pem 670s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 670s [p11_child[2342]] [main] (0x0400): p11_child started. 670s [p11_child[2342]] [main] (0x2000): Running in [pre-auth] mode. 670s [p11_child[2342]] [main] (0x2000): Running with effective IDs: [0][0]. 670s [p11_child[2342]] [main] (0x2000): Running with real IDs [0][0]. 670s [p11_child[2342]] [do_card] (0x4000): Module List: 670s [p11_child[2342]] [do_card] (0x4000): common name: [softhsm2]. 670s [p11_child[2342]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2342]] [do_card] (0x4000): Description [SoftHSM slot ID 0x79ca032f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 670s [p11_child[2342]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 670s [p11_child[2342]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x79ca032f][2043282223] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 670s [p11_child[2342]] [do_card] (0x4000): Login NOT required. 670s [p11_child[2342]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 670s [p11_child[2342]] [do_verification] (0x0040): X509_verify_cert failed [0]. 670s [p11_child[2342]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 670s [p11_child[2342]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 670s [p11_child[2342]] [do_card] (0x4000): No certificate found. 670s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-11912.output 670s + return 2 670s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem partial_chain 670s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem partial_chain 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 670s + local verify_option=partial_chain 670s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 670s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-30946 670s + local key_cn 670s + local key_name 670s + local tokens_dir 670s + local output_cert_file 670s + token_name= 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem .pem 671s + key_name=test-intermediate-CA-trusted-certificate-0001 671s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 671s ++ sed -n 's/ *commonName *= //p' 671s Test Organization Interme Token 671s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 671s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 671s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 671s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 671s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 671s + token_name='Test Organization Interme Token' 671s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 671s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 671s + echo 'Test Organization Interme Token' 671s + '[' -n partial_chain ']' 671s + local verify_arg=--verify=partial_chain 671s + local output_base_name=SSSD-child-29031 671s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031.output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031.pem 671s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem 671s [p11_child[2349]] [main] (0x0400): p11_child started. 671s [p11_child[2349]] [main] (0x2000): Running in [pre-auth] mode. 671s [p11_child[2349]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2349]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2349]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 671s [p11_child[2349]] [do_card] (0x4000): Module List: 671s [p11_child[2349]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2349]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2349]] [do_card] (0x4000): Description [SoftHSM slot ID 0x79ca032f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2349]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 671s [p11_child[2349]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x79ca032f][2043282223] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2349]] [do_card] (0x4000): Login NOT required. 671s [p11_child[2349]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 671s [p11_child[2349]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 671s [p11_child[2349]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 671s [p11_child[2349]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x79ca032f;slot-manufacturer=SoftHSM%20project;slot-id=2043282223;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d86f399af9ca032f;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 671s [p11_child[2349]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031.output 671s + echo '-----BEGIN CERTIFICATE-----' 671s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031.output 671s + echo '-----END CERTIFICATE-----' 671s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031.pem 671s Certificate: 671s Data: 671s Version: 3 (0x2) 671s Serial Number: 4 (0x4) 671s Signature Algorithm: sha256WithRSAEncryption 671s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 671s Validity 671s Not Before: Mar 15 15:15:28 2025 GMT 671s Not After : Mar 15 15:15:28 2026 GMT 671s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 671s Subject Public Key Info: 671s Public Key Algorithm: rsaEncryption 671s Public-Key: (1024 bit) 671s Modulus: 671s 00:b5:d8:20:1e:bb:8b:0a:33:55:3e:58:a3:90:b0: 671s f9:5e:d3:d9:02:bc:87:e9:a9:36:d1:88:57:b0:7a: 671s 97:b6:88:13:82:da:e3:24:1a:6f:55:08:c0:8a:2d: 671s 8c:4d:d1:26:80:ae:4a:e4:dd:79:2d:10:cc:01:72: 671s 9e:30:42:df:75:7f:92:b8:a5:28:8d:f4:a0:75:1f: 671s e4:9d:bb:b7:9f:e8:e7:88:e4:9a:f9:e1:8e:d6:46: 671s e9:d2:3a:52:22:01:97:a6:a2:f1:f9:6d:c3:34:b0: 671s ec:ba:c3:e2:0b:40:56:2f:44:03:c9:8a:78:36:a4: 671s fc:07:37:0a:ed:a3:f2:a9:c7 671s Exponent: 65537 (0x10001) 671s X509v3 extensions: 671s X509v3 Authority Key Identifier: 671s C7:3E:1D:5C:74:D7:4B:B9:67:67:03:B3:94:AB:D0:BC:B4:BD:6C:29 671s X509v3 Basic Constraints: 671s CA:FALSE 671s Netscape Cert Type: 671s SSL Client, S/MIME 671s Netscape Comment: 671s Test Organization Intermediate CA trusted Certificate 671s X509v3 Subject Key Identifier: 671s 2D:45:6B:F2:60:4F:EE:19:49:7D:0D:0B:8A:52:C3:07:5D:96:52:AC 671s X509v3 Key Usage: critical 671s Digital Signature, Non Repudiation, Key Encipherment 671s X509v3 Extended Key Usage: 671s TLS Web Client Authentication, E-mail Protection 671s X509v3 Subject Alternative Name: 671s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 671s Signature Algorithm: sha256WithRSAEncryption 671s Signature Value: 671s 6c:20:01:7b:59:59:c4:36:92:bb:1e:3f:9d:58:d9:d7:71:46: 671s b1:bc:14:00:dd:8f:b2:eb:5c:a4:8d:28:d0:a8:0b:ba:9c:04: 671s b2:e1:6b:f8:dd:aa:7d:c7:f2:e9:b2:a2:a9:9f:e5:57:e8:ab: 671s 00:d8:ac:c2:3f:2a:5b:e2:98:61:0c:60:08:49:d5:57:26:a3: 671s 52:47:ae:d8:07:35:0e:b1:fe:07:58:9b:e5:cb:49:2b:83:a6: 671s d7:7a:a2:ed:a8:64:23:c2:a4:e0:ae:f1:a1:50:81:94:56:95: 671s 3f:c9:62:93:05:5e:6b:29:30:05:e5:25:1a:a4:34:ff:0c:72: 671s 85:9d 671s + local found_md5 expected_md5 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA-trusted-certificate-0001.pem 671s + expected_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031.pem 671s + found_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 671s + '[' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 '!=' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 ']' 671s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031-auth.output 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031-auth.output .output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031-auth.pem 671s + echo -n 053350 671s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 671s [p11_child[2357]] [main] (0x0400): p11_child started. 671s [p11_child[2357]] [main] (0x2000): Running in [auth] mode. 671s [p11_child[2357]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2357]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2357]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 671s [p11_child[2357]] [do_card] (0x4000): Module List: 671s [p11_child[2357]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2357]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2357]] [do_card] (0x4000): Description [SoftHSM slot ID 0x79ca032f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2357]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 671s [p11_child[2357]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x79ca032f][2043282223] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2357]] [do_card] (0x4000): Login required. 671s [p11_child[2357]] [do_card] (0x4000): Token flags [1069]. 671s [p11_child[2357]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 671s [p11_child[2357]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 671s [p11_child[2357]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 671s [p11_child[2357]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x79ca032f;slot-manufacturer=SoftHSM%20project;slot-id=2043282223;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d86f399af9ca032f;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 671s [p11_child[2357]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 671s [p11_child[2357]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 671s [p11_child[2357]] [do_card] (0x4000): Certificate verified and validated. 671s [p11_child[2357]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031-auth.output 671s + echo '-----BEGIN CERTIFICATE-----' 671s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031-auth.output 671s + echo '-----END CERTIFICATE-----' 671s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031-auth.pem 671s Certificate: 671s Data: 671s Version: 3 (0x2) 671s Serial Number: 4 (0x4) 671s Signature Algorithm: sha256WithRSAEncryption 671s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 671s Validity 671s Not Before: Mar 15 15:15:28 2025 GMT 671s Not After : Mar 15 15:15:28 2026 GMT 671s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 671s Subject Public Key Info: 671s Public Key Algorithm: rsaEncryption 671s Public-Key: (1024 bit) 671s Modulus: 671s 00:b5:d8:20:1e:bb:8b:0a:33:55:3e:58:a3:90:b0: 671s f9:5e:d3:d9:02:bc:87:e9:a9:36:d1:88:57:b0:7a: 671s 97:b6:88:13:82:da:e3:24:1a:6f:55:08:c0:8a:2d: 671s 8c:4d:d1:26:80:ae:4a:e4:dd:79:2d:10:cc:01:72: 671s 9e:30:42:df:75:7f:92:b8:a5:28:8d:f4:a0:75:1f: 671s e4:9d:bb:b7:9f:e8:e7:88:e4:9a:f9:e1:8e:d6:46: 671s e9:d2:3a:52:22:01:97:a6:a2:f1:f9:6d:c3:34:b0: 671s ec:ba:c3:e2:0b:40:56:2f:44:03:c9:8a:78:36:a4: 671s fc:07:37:0a:ed:a3:f2:a9:c7 671s Exponent: 65537 (0x10001) 671s X509v3 extensions: 671s X509v3 Authority Key Identifier: 671s C7:3E:1D:5C:74:D7:4B:B9:67:67:03:B3:94:AB:D0:BC:B4:BD:6C:29 671s X509v3 Basic Constraints: 671s CA:FALSE 671s Netscape Cert Type: 671s SSL Client, S/MIME 671s Netscape Comment: 671s Test Organization Intermediate CA trusted Certificate 671s X509v3 Subject Key Identifier: 671s 2D:45:6B:F2:60:4F:EE:19:49:7D:0D:0B:8A:52:C3:07:5D:96:52:AC 671s X509v3 Key Usage: critical 671s Digital Signature, Non Repudiation, Key Encipherment 671s X509v3 Extended Key Usage: 671s TLS Web Client Authentication, E-mail Protection 671s X509v3 Subject Alternative Name: 671s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 671s Signature Algorithm: sha256WithRSAEncryption 671s Signature Value: 671s 6c:20:01:7b:59:59:c4:36:92:bb:1e:3f:9d:58:d9:d7:71:46: 671s b1:bc:14:00:dd:8f:b2:eb:5c:a4:8d:28:d0:a8:0b:ba:9c:04: 671s b2:e1:6b:f8:dd:aa:7d:c7:f2:e9:b2:a2:a9:9f:e5:57:e8:ab: 671s 00:d8:ac:c2:3f:2a:5b:e2:98:61:0c:60:08:49:d5:57:26:a3: 671s 52:47:ae:d8:07:35:0e:b1:fe:07:58:9b:e5:cb:49:2b:83:a6: 671s d7:7a:a2:ed:a8:64:23:c2:a4:e0:ae:f1:a1:50:81:94:56:95: 671s 3f:c9:62:93:05:5e:6b:29:30:05:e5:25:1a:a4:34:ff:0c:72: 671s 85:9d 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-29031-auth.pem 671s + found_md5=Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 671s + '[' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 '!=' Modulus=B5D8201EBB8B0A33553E58A390B0F95ED3D902BC87E9A936D18857B07A97B6881382DAE3241A6F5508C08A2D8C4DD12680AE4AE4DD792D10CC01729E3042DF757F92B8A5288DF4A0751FE49DBBB79FE8E788E49AF9E18ED646E9D23A52220197A6A2F1F96DC334B0ECBAC3E20B40562F4403C98A7836A4FC07370AEDA3F2A9C7 ']' 671s + invalid_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 671s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 671s + local verify_option= 671s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_cn 671s + local key_name 671s + local tokens_dir 671s + local output_cert_file 671s + token_name= 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 671s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 671s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s ++ sed -n 's/ *commonName *= //p' 671s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 671s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 671s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 671s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 671s + token_name='Test Organization Sub Int Token' 671s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 671s + local key_file 671s + local decrypted_key 671s + mkdir -p /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 671s + key_file=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 671s + decrypted_key=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 671s + cat 671s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 671s Slot 0 has a free/uninitialized token. 671s The token has been initialized and is reassigned to slot 324395544 671s + softhsm2-util --show-slots 671s Available slots: 671s Slot 324395544 671s Slot info: 671s Description: SoftHSM slot ID 0x1355e218 671s Manufacturer ID: SoftHSM project 671s Hardware version: 2.6 671s Firmware version: 2.6 671s Token present: yes 671s Token info: 671s Manufacturer ID: SoftHSM project 671s Model: SoftHSM v2 671s Hardware version: 2.6 671s Firmware version: 2.6 671s Serial number: 4c6125751355e218 671s Initialized: yes 671s User PIN init.: yes 671s Label: Test Organization Sub Int Token 671s Slot 1 671s Slot info: 671s Description: SoftHSM slot ID 0x1 671s Manufacturer ID: SoftHSM project 671s Hardware version: 2.6 671s Firmware version: 2.6 671s Token present: yes 671s Token info: 671s Manufacturer ID: SoftHSM project 671s Model: SoftHSM v2 671s Hardware version: 2.6 671s Firmware version: 2.6 671s Serial number: 671s Initialized: no 671s User PIN init.: no 671s Label: 671s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 671s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-29050 -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 671s writing RSA key 671s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 671s + rm /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 671s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 671s Object 0: 671s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4c6125751355e218;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 671s Type: X.509 Certificate (RSA-1024) 671s Expires: Sun Mar 15 15:15:28 2026 671s Label: Test Organization Sub Intermediate Trusted Certificate 0001 671s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 671s 671s Test Organization Sub Int Token 671s + echo 'Test Organization Sub Int Token' 671s + '[' -n '' ']' 671s + local output_base_name=SSSD-child-8249 671s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-8249.output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-8249.pem 671s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 671s [p11_child[2376]] [main] (0x0400): p11_child started. 671s [p11_child[2376]] [main] (0x2000): Running in [pre-auth] mode. 671s [p11_child[2376]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2376]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2376]] [do_card] (0x4000): Module List: 671s [p11_child[2376]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2376]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2376]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2376]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 671s [p11_child[2376]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2376]] [do_card] (0x4000): Login NOT required. 671s [p11_child[2376]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 671s [p11_child[2376]] [do_verification] (0x0040): X509_verify_cert failed [0]. 671s [p11_child[2376]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 671s [p11_child[2376]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 671s [p11_child[2376]] [do_card] (0x4000): No certificate found. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-8249.output 671s + return 2 671s + invalid_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem partial_chain 671s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem partial_chain 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 671s + local verify_option=partial_chain 671s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_cn 671s + local key_name 671s + local tokens_dir 671s + local output_cert_file 671s + token_name= 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 671s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 671s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s ++ sed -n 's/ *commonName *= //p' 671s Test Organization Sub Int Token 671s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 671s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 671s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 671s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 671s + token_name='Test Organization Sub Int Token' 671s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 671s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 671s + echo 'Test Organization Sub Int Token' 671s + '[' -n partial_chain ']' 671s + local verify_arg=--verify=partial_chain 671s + local output_base_name=SSSD-child-8335 671s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-8335.output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-8335.pem 671s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-root-CA.pem 671s [p11_child[2383]] [main] (0x0400): p11_child started. 671s [p11_child[2383]] [main] (0x2000): Running in [pre-auth] mode. 671s [p11_child[2383]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2383]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2383]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 671s [p11_child[2383]] [do_card] (0x4000): Module List: 671s [p11_child[2383]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2383]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2383]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2383]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 671s [p11_child[2383]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2383]] [do_card] (0x4000): Login NOT required. 671s [p11_child[2383]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 671s [p11_child[2383]] [do_verification] (0x0040): X509_verify_cert failed [0]. 671s [p11_child[2383]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 671s [p11_child[2383]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 671s [p11_child[2383]] [do_card] (0x4000): No certificate found. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-8335.output 671s + return 2 671s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 671s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 671s + local verify_option= 671s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_cn 671s + local key_name 671s + local tokens_dir 671s + local output_cert_file 671s + token_name= 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 671s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 671s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s ++ sed -n 's/ *commonName *= //p' 671s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 671s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 671s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 671s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 671s + token_name='Test Organization Sub Int Token' 671s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 671s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 671s + echo 'Test Organization Sub Int Token' 671s + '[' -n '' ']' 671s + local output_base_name=SSSD-child-9589 671s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589.output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589.pem 671s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 671s Test Organization Sub Int Token 671s [p11_child[2390]] [main] (0x0400): p11_child started. 671s [p11_child[2390]] [main] (0x2000): Running in [pre-auth] mode. 671s [p11_child[2390]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2390]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2390]] [do_card] (0x4000): Module List: 671s [p11_child[2390]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2390]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2390]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2390]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 671s [p11_child[2390]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2390]] [do_card] (0x4000): Login NOT required. 671s [p11_child[2390]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 671s [p11_child[2390]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 671s [p11_child[2390]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 671s [p11_child[2390]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1355e218;slot-manufacturer=SoftHSM%20project;slot-id=324395544;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4c6125751355e218;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 671s [p11_child[2390]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589.output 671s + echo '-----BEGIN CERTIFICATE-----' 671s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589.output 671s + echo '-----END CERTIFICATE-----' 671s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589.pem 671s + local found_md5 expected_md5 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s Certificate: 671s Data: 671s Version: 3 (0x2) 671s Serial Number: 5 (0x5) 671s Signature Algorithm: sha256WithRSAEncryption 671s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 671s Validity 671s Not Before: Mar 15 15:15:28 2025 GMT 671s Not After : Mar 15 15:15:28 2026 GMT 671s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 671s Subject Public Key Info: 671s Public Key Algorithm: rsaEncryption 671s Public-Key: (1024 bit) 671s Modulus: 671s 00:b2:3b:00:52:d1:b7:4c:15:04:88:34:c9:99:23: 671s aa:86:6e:a2:f8:3b:07:ca:e9:6a:c8:7f:1d:62:23: 671s fa:9d:64:0c:d7:f2:57:1a:af:38:39:47:90:7d:5c: 671s ea:5a:92:81:40:4e:22:3a:99:de:36:8e:35:ee:11: 671s 5a:bb:f3:06:4e:71:ca:67:f4:1a:73:82:e3:37:b9: 671s 4a:93:86:ea:8e:65:e7:72:41:ce:e1:33:e6:9a:1e: 671s db:c8:ac:da:c0:c5:81:43:4d:0a:f6:77:c0:02:d8: 671s ee:ee:8a:63:15:cb:67:7d:f0:4e:ce:c2:1e:ac:22: 671s ad:d2:48:d7:1f:92:13:bf:95 671s Exponent: 65537 (0x10001) 671s X509v3 extensions: 671s X509v3 Authority Key Identifier: 671s 54:73:97:72:7C:F8:8B:30:C5:22:0C:59:28:77:A5:E8:79:97:C3:6B 671s X509v3 Basic Constraints: 671s CA:FALSE 671s Netscape Cert Type: 671s SSL Client, S/MIME 671s Netscape Comment: 671s Test Organization Sub Intermediate CA trusted Certificate 671s X509v3 Subject Key Identifier: 671s 5B:C3:25:58:F1:0B:0B:63:A0:60:B1:F1:F9:F2:F2:61:B4:16:D5:0E 671s X509v3 Key Usage: critical 671s Digital Signature, Non Repudiation, Key Encipherment 671s X509v3 Extended Key Usage: 671s TLS Web Client Authentication, E-mail Protection 671s X509v3 Subject Alternative Name: 671s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 671s Signature Algorithm: sha256WithRSAEncryption 671s Signature Value: 671s 47:0b:90:1e:51:5f:b2:66:59:6d:d4:e2:2d:89:b0:31:c6:b5: 671s 49:88:2d:fc:96:13:42:ce:da:ed:ee:ec:e1:a4:44:6b:dd:57: 671s 5c:0a:76:ed:ab:cc:3a:2a:ef:d8:45:31:21:5d:76:ce:a8:73: 671s 55:5d:8e:5b:ff:0f:de:20:c5:a8:ca:0f:2d:41:00:d4:64:50: 671s a9:36:d4:34:98:a1:88:95:b3:4b:b8:bd:d5:6a:e7:27:ac:82: 671s 0f:2e:0c:92:9c:0f:af:cd:80:c6:2b:7d:46:c6:b7:3c:20:1f: 671s 05:88:86:64:77:21:cb:bd:a0:6e:bf:1f:92:34:c7:12:d7:7a: 671s 0b:6a 671s + expected_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589.pem 671s + found_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 671s + '[' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 '!=' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 ']' 671s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589-auth.output 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589-auth.output .output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589-auth.pem 671s + echo -n 053350 671s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 671s [p11_child[2398]] [main] (0x0400): p11_child started. 671s [p11_child[2398]] [main] (0x2000): Running in [auth] mode. 671s [p11_child[2398]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2398]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2398]] [do_card] (0x4000): Module List: 671s [p11_child[2398]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2398]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2398]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2398]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 671s [p11_child[2398]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2398]] [do_card] (0x4000): Login required. 671s [p11_child[2398]] [do_card] (0x4000): Token flags [1069]. 671s [p11_child[2398]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 671s [p11_child[2398]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 671s [p11_child[2398]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 671s [p11_child[2398]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1355e218;slot-manufacturer=SoftHSM%20project;slot-id=324395544;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4c6125751355e218;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 671s [p11_child[2398]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 671s [p11_child[2398]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 671s [p11_child[2398]] [do_card] (0x4000): Certificate verified and validated. 671s [p11_child[2398]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589-auth.output 671s + echo '-----BEGIN CERTIFICATE-----' 671s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589-auth.output 671s + echo '-----END CERTIFICATE-----' 671s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589-auth.pem 671s Certificate: 671s Data: 671s Version: 3 (0x2) 671s Serial Number: 5 (0x5) 671s Signature Algorithm: sha256WithRSAEncryption 671s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 671s Validity 671s Not Before: Mar 15 15:15:28 2025 GMT 671s Not After : Mar 15 15:15:28 2026 GMT 671s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 671s Subject Public Key Info: 671s Public Key Algorithm: rsaEncryption 671s Public-Key: (1024 bit) 671s Modulus: 671s 00:b2:3b:00:52:d1:b7:4c:15:04:88:34:c9:99:23: 671s aa:86:6e:a2:f8:3b:07:ca:e9:6a:c8:7f:1d:62:23: 671s fa:9d:64:0c:d7:f2:57:1a:af:38:39:47:90:7d:5c: 671s ea:5a:92:81:40:4e:22:3a:99:de:36:8e:35:ee:11: 671s 5a:bb:f3:06:4e:71:ca:67:f4:1a:73:82:e3:37:b9: 671s 4a:93:86:ea:8e:65:e7:72:41:ce:e1:33:e6:9a:1e: 671s db:c8:ac:da:c0:c5:81:43:4d:0a:f6:77:c0:02:d8: 671s ee:ee:8a:63:15:cb:67:7d:f0:4e:ce:c2:1e:ac:22: 671s ad:d2:48:d7:1f:92:13:bf:95 671s Exponent: 65537 (0x10001) 671s X509v3 extensions: 671s X509v3 Authority Key Identifier: 671s 54:73:97:72:7C:F8:8B:30:C5:22:0C:59:28:77:A5:E8:79:97:C3:6B 671s X509v3 Basic Constraints: 671s CA:FALSE 671s Netscape Cert Type: 671s SSL Client, S/MIME 671s Netscape Comment: 671s Test Organization Sub Intermediate CA trusted Certificate 671s X509v3 Subject Key Identifier: 671s 5B:C3:25:58:F1:0B:0B:63:A0:60:B1:F1:F9:F2:F2:61:B4:16:D5:0E 671s X509v3 Key Usage: critical 671s Digital Signature, Non Repudiation, Key Encipherment 671s X509v3 Extended Key Usage: 671s TLS Web Client Authentication, E-mail Protection 671s X509v3 Subject Alternative Name: 671s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 671s Signature Algorithm: sha256WithRSAEncryption 671s Signature Value: 671s 47:0b:90:1e:51:5f:b2:66:59:6d:d4:e2:2d:89:b0:31:c6:b5: 671s 49:88:2d:fc:96:13:42:ce:da:ed:ee:ec:e1:a4:44:6b:dd:57: 671s 5c:0a:76:ed:ab:cc:3a:2a:ef:d8:45:31:21:5d:76:ce:a8:73: 671s 55:5d:8e:5b:ff:0f:de:20:c5:a8:ca:0f:2d:41:00:d4:64:50: 671s a9:36:d4:34:98:a1:88:95:b3:4b:b8:bd:d5:6a:e7:27:ac:82: 671s 0f:2e:0c:92:9c:0f:af:cd:80:c6:2b:7d:46:c6:b7:3c:20:1f: 671s 05:88:86:64:77:21:cb:bd:a0:6e:bf:1f:92:34:c7:12:d7:7a: 671s 0b:6a 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9589-auth.pem 671s + found_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 671s + '[' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 '!=' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 ']' 671s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem partial_chain 671s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem partial_chain 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 671s + local verify_option=partial_chain 671s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_cn 671s + local key_name 671s + local tokens_dir 671s + local output_cert_file 671s + token_name= 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 671s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 671s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s ++ sed -n 's/ *commonName *= //p' 671s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 671s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 671s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 671s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 671s + token_name='Test Organization Sub Int Token' 671s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 671s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 671s + echo 'Test Organization Sub Int Token' 671s + '[' -n partial_chain ']' 671s + local verify_arg=--verify=partial_chain 671s + local output_base_name=SSSD-child-26009 671s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009.output 671s Test Organization Sub Int Token 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009.pem 671s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem 671s [p11_child[2408]] [main] (0x0400): p11_child started. 671s [p11_child[2408]] [main] (0x2000): Running in [pre-auth] mode. 671s [p11_child[2408]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2408]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2408]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 671s [p11_child[2408]] [do_card] (0x4000): Module List: 671s [p11_child[2408]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2408]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2408]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2408]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 671s [p11_child[2408]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2408]] [do_card] (0x4000): Login NOT required. 671s [p11_child[2408]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 671s [p11_child[2408]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 671s [p11_child[2408]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 671s [p11_child[2408]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1355e218;slot-manufacturer=SoftHSM%20project;slot-id=324395544;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4c6125751355e218;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 671s [p11_child[2408]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009.output 671s + echo '-----BEGIN CERTIFICATE-----' 671s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009.output 671s + echo '-----END CERTIFICATE-----' 671s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009.pem 671s + local found_md5 expected_md5 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s Certificate: 671s Data: 671s Version: 3 (0x2) 671s Serial Number: 5 (0x5) 671s Signature Algorithm: sha256WithRSAEncryption 671s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 671s Validity 671s Not Before: Mar 15 15:15:28 2025 GMT 671s Not After : Mar 15 15:15:28 2026 GMT 671s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 671s Subject Public Key Info: 671s Public Key Algorithm: rsaEncryption 671s Public-Key: (1024 bit) 671s Modulus: 671s 00:b2:3b:00:52:d1:b7:4c:15:04:88:34:c9:99:23: 671s aa:86:6e:a2:f8:3b:07:ca:e9:6a:c8:7f:1d:62:23: 671s fa:9d:64:0c:d7:f2:57:1a:af:38:39:47:90:7d:5c: 671s ea:5a:92:81:40:4e:22:3a:99:de:36:8e:35:ee:11: 671s 5a:bb:f3:06:4e:71:ca:67:f4:1a:73:82:e3:37:b9: 671s 4a:93:86:ea:8e:65:e7:72:41:ce:e1:33:e6:9a:1e: 671s db:c8:ac:da:c0:c5:81:43:4d:0a:f6:77:c0:02:d8: 671s ee:ee:8a:63:15:cb:67:7d:f0:4e:ce:c2:1e:ac:22: 671s ad:d2:48:d7:1f:92:13:bf:95 671s Exponent: 65537 (0x10001) 671s X509v3 extensions: 671s X509v3 Authority Key Identifier: 671s 54:73:97:72:7C:F8:8B:30:C5:22:0C:59:28:77:A5:E8:79:97:C3:6B 671s X509v3 Basic Constraints: 671s CA:FALSE 671s Netscape Cert Type: 671s SSL Client, S/MIME 671s Netscape Comment: 671s Test Organization Sub Intermediate CA trusted Certificate 671s X509v3 Subject Key Identifier: 671s 5B:C3:25:58:F1:0B:0B:63:A0:60:B1:F1:F9:F2:F2:61:B4:16:D5:0E 671s X509v3 Key Usage: critical 671s Digital Signature, Non Repudiation, Key Encipherment 671s X509v3 Extended Key Usage: 671s TLS Web Client Authentication, E-mail Protection 671s X509v3 Subject Alternative Name: 671s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 671s Signature Algorithm: sha256WithRSAEncryption 671s Signature Value: 671s 47:0b:90:1e:51:5f:b2:66:59:6d:d4:e2:2d:89:b0:31:c6:b5: 671s 49:88:2d:fc:96:13:42:ce:da:ed:ee:ec:e1:a4:44:6b:dd:57: 671s 5c:0a:76:ed:ab:cc:3a:2a:ef:d8:45:31:21:5d:76:ce:a8:73: 671s 55:5d:8e:5b:ff:0f:de:20:c5:a8:ca:0f:2d:41:00:d4:64:50: 671s a9:36:d4:34:98:a1:88:95:b3:4b:b8:bd:d5:6a:e7:27:ac:82: 671s 0f:2e:0c:92:9c:0f:af:cd:80:c6:2b:7d:46:c6:b7:3c:20:1f: 671s 05:88:86:64:77:21:cb:bd:a0:6e:bf:1f:92:34:c7:12:d7:7a: 671s 0b:6a 671s + expected_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009.pem 671s + found_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 671s + '[' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 '!=' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 ']' 671s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009-auth.output 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009-auth.output .output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009-auth.pem 671s + echo -n 053350 671s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 671s [p11_child[2416]] [main] (0x0400): p11_child started. 671s [p11_child[2416]] [main] (0x2000): Running in [auth] mode. 671s [p11_child[2416]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2416]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2416]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 671s [p11_child[2416]] [do_card] (0x4000): Module List: 671s [p11_child[2416]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2416]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2416]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2416]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 671s [p11_child[2416]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2416]] [do_card] (0x4000): Login required. 671s [p11_child[2416]] [do_card] (0x4000): Token flags [1069]. 671s [p11_child[2416]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 671s [p11_child[2416]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 671s [p11_child[2416]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 671s [p11_child[2416]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1355e218;slot-manufacturer=SoftHSM%20project;slot-id=324395544;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4c6125751355e218;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 671s [p11_child[2416]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 671s [p11_child[2416]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 671s [p11_child[2416]] [do_card] (0x4000): Certificate verified and validated. 671s [p11_child[2416]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009-auth.output 671s + echo '-----BEGIN CERTIFICATE-----' 671s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009-auth.output 671s + echo '-----END CERTIFICATE-----' 671s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009-auth.pem 671s Certificate: 671s Data: 671s Version: 3 (0x2) 671s Serial Number: 5 (0x5) 671s Signature Algorithm: sha256WithRSAEncryption 671s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 671s Validity 671s Not Before: Mar 15 15:15:28 2025 GMT 671s Not After : Mar 15 15:15:28 2026 GMT 671s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 671s Subject Public Key Info: 671s Public Key Algorithm: rsaEncryption 671s Public-Key: (1024 bit) 671s Modulus: 671s 00:b2:3b:00:52:d1:b7:4c:15:04:88:34:c9:99:23: 671s aa:86:6e:a2:f8:3b:07:ca:e9:6a:c8:7f:1d:62:23: 671s fa:9d:64:0c:d7:f2:57:1a:af:38:39:47:90:7d:5c: 671s ea:5a:92:81:40:4e:22:3a:99:de:36:8e:35:ee:11: 671s 5a:bb:f3:06:4e:71:ca:67:f4:1a:73:82:e3:37:b9: 671s 4a:93:86:ea:8e:65:e7:72:41:ce:e1:33:e6:9a:1e: 671s db:c8:ac:da:c0:c5:81:43:4d:0a:f6:77:c0:02:d8: 671s ee:ee:8a:63:15:cb:67:7d:f0:4e:ce:c2:1e:ac:22: 671s ad:d2:48:d7:1f:92:13:bf:95 671s Exponent: 65537 (0x10001) 671s X509v3 extensions: 671s X509v3 Authority Key Identifier: 671s 54:73:97:72:7C:F8:8B:30:C5:22:0C:59:28:77:A5:E8:79:97:C3:6B 671s X509v3 Basic Constraints: 671s CA:FALSE 671s Netscape Cert Type: 671s SSL Client, S/MIME 671s Netscape Comment: 671s Test Organization Sub Intermediate CA trusted Certificate 671s X509v3 Subject Key Identifier: 671s 5B:C3:25:58:F1:0B:0B:63:A0:60:B1:F1:F9:F2:F2:61:B4:16:D5:0E 671s X509v3 Key Usage: critical 671s Digital Signature, Non Repudiation, Key Encipherment 671s X509v3 Extended Key Usage: 671s TLS Web Client Authentication, E-mail Protection 671s X509v3 Subject Alternative Name: 671s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 671s Signature Algorithm: sha256WithRSAEncryption 671s Signature Value: 671s 47:0b:90:1e:51:5f:b2:66:59:6d:d4:e2:2d:89:b0:31:c6:b5: 671s 49:88:2d:fc:96:13:42:ce:da:ed:ee:ec:e1:a4:44:6b:dd:57: 671s 5c:0a:76:ed:ab:cc:3a:2a:ef:d8:45:31:21:5d:76:ce:a8:73: 671s 55:5d:8e:5b:ff:0f:de:20:c5:a8:ca:0f:2d:41:00:d4:64:50: 671s a9:36:d4:34:98:a1:88:95:b3:4b:b8:bd:d5:6a:e7:27:ac:82: 671s 0f:2e:0c:92:9c:0f:af:cd:80:c6:2b:7d:46:c6:b7:3c:20:1f: 671s 05:88:86:64:77:21:cb:bd:a0:6e:bf:1f:92:34:c7:12:d7:7a: 671s 0b:6a 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-26009-auth.pem 671s + found_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 671s + '[' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 '!=' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 ']' 671s + invalid_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 671s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 671s + local verify_option= 671s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_cn 671s + local key_name 671s + local tokens_dir 671s + local output_cert_file 671s + token_name= 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 671s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 671s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s ++ sed -n 's/ *commonName *= //p' 671s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 671s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 671s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 671s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 671s + token_name='Test Organization Sub Int Token' 671s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 671s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 671s + echo 'Test Organization Sub Int Token' 671s + '[' -n '' ']' 671s + local output_base_name=SSSD-child-4627 671s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-4627.output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-4627.pem 671s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 671s [p11_child[2426]] [main] (0x0400): p11_child started. 671s [p11_child[2426]] [main] (0x2000): Running in [pre-auth] mode. 671s [p11_child[2426]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2426]] [main] (0x2000): Running with real IDs [0][0]. 671s Test Organization Sub Int Token 671s [p11_child[2426]] [do_card] (0x4000): Module List: 671s [p11_child[2426]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2426]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2426]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2426]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 671s [p11_child[2426]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2426]] [do_card] (0x4000): Login NOT required. 671s [p11_child[2426]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 671s [p11_child[2426]] [do_verification] (0x0040): X509_verify_cert failed [0]. 671s [p11_child[2426]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 671s [p11_child[2426]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 671s [p11_child[2426]] [do_card] (0x4000): No certificate found. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-4627.output 671s + return 2 671s + invalid_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-root-intermediate-chain-CA.pem partial_chain 671s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-root-intermediate-chain-CA.pem partial_chain 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-root-intermediate-chain-CA.pem 671s + local verify_option=partial_chain 671s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_cn 671s + local key_name 671s + local tokens_dir 671s + local output_cert_file 671s + token_name= 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 671s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 671s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s ++ sed -n 's/ *commonName *= //p' 671s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 671s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 671s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 671s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 671s + token_name='Test Organization Sub Int Token' 671s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 671s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 671s Test Organization Sub Int Token 671s + echo 'Test Organization Sub Int Token' 671s + '[' -n partial_chain ']' 671s + local verify_arg=--verify=partial_chain 671s + local output_base_name=SSSD-child-268 671s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-268.output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-268.pem 671s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-root-intermediate-chain-CA.pem 671s [p11_child[2433]] [main] (0x0400): p11_child started. 671s [p11_child[2433]] [main] (0x2000): Running in [pre-auth] mode. 671s [p11_child[2433]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2433]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2433]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 671s [p11_child[2433]] [do_card] (0x4000): Module List: 671s [p11_child[2433]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2433]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2433]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2433]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 671s [p11_child[2433]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2433]] [do_card] (0x4000): Login NOT required. 671s [p11_child[2433]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 671s [p11_child[2433]] [do_verification] (0x0040): X509_verify_cert failed [0]. 671s [p11_child[2433]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 671s [p11_child[2433]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 671s [p11_child[2433]] [do_card] (0x4000): No certificate found. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-268.output 671s + return 2 671s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem partial_chain 671s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem partial_chain 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 671s + local verify_option=partial_chain 671s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_cn 671s + local key_name 671s + local tokens_dir 671s + local output_cert_file 671s + token_name= 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 671s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 671s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s ++ sed -n 's/ *commonName *= //p' 671s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 671s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 671s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 671s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 671s + token_name='Test Organization Sub Int Token' 671s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 671s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 671s + echo 'Test Organization Sub Int Token' 671s + '[' -n partial_chain ']' 671s + local verify_arg=--verify=partial_chain 671s + local output_base_name=SSSD-child-9414 671s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414.output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414.pem 671s Test Organization Sub Int Token 671s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem 671s [p11_child[2440]] [main] (0x0400): p11_child started. 671s [p11_child[2440]] [main] (0x2000): Running in [pre-auth] mode. 671s [p11_child[2440]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2440]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2440]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 671s [p11_child[2440]] [do_card] (0x4000): Module List: 671s [p11_child[2440]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2440]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2440]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2440]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 671s [p11_child[2440]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2440]] [do_card] (0x4000): Login NOT required. 671s [p11_child[2440]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 671s [p11_child[2440]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 671s [p11_child[2440]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 671s [p11_child[2440]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1355e218;slot-manufacturer=SoftHSM%20project;slot-id=324395544;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4c6125751355e218;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 671s [p11_child[2440]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414.output 671s + echo '-----BEGIN CERTIFICATE-----' 671s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414.output 671s + echo '-----END CERTIFICATE-----' 671s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414.pem 671s Certificate: 671s Data: 671s Version: 3 (0x2) 671s Serial Number: 5 (0x5) 671s Signature Algorithm: sha256WithRSAEncryption 671s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 671s Validity 671s Not Before: Mar 15 15:15:28 2025 GMT 671s Not After : Mar 15 15:15:28 2026 GMT 671s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 671s Subject Public Key Info: 671s Public Key Algorithm: rsaEncryption 671s Public-Key: (1024 bit) 671s Modulus: 671s 00:b2:3b:00:52:d1:b7:4c:15:04:88:34:c9:99:23: 671s aa:86:6e:a2:f8:3b:07:ca:e9:6a:c8:7f:1d:62:23: 671s fa:9d:64:0c:d7:f2:57:1a:af:38:39:47:90:7d:5c: 671s ea:5a:92:81:40:4e:22:3a:99:de:36:8e:35:ee:11: 671s 5a:bb:f3:06:4e:71:ca:67:f4:1a:73:82:e3:37:b9: 671s 4a:93:86:ea:8e:65:e7:72:41:ce:e1:33:e6:9a:1e: 671s db:c8:ac:da:c0:c5:81:43:4d:0a:f6:77:c0:02:d8: 671s ee:ee:8a:63:15:cb:67:7d:f0:4e:ce:c2:1e:ac:22: 671s ad:d2:48:d7:1f:92:13:bf:95 671s Exponent: 65537 (0x10001) 671s X509v3 extensions: 671s X509v3 Authority Key Identifier: 671s 54:73:97:72:7C:F8:8B:30:C5:22:0C:59:28:77:A5:E8:79:97:C3:6B 671s X509v3 Basic Constraints: 671s CA:FALSE 671s Netscape Cert Type: 671s SSL Client, S/MIME 671s Netscape Comment: 671s Test Organization Sub Intermediate CA trusted Certificate 671s X509v3 Subject Key Identifier: 671s 5B:C3:25:58:F1:0B:0B:63:A0:60:B1:F1:F9:F2:F2:61:B4:16:D5:0E 671s X509v3 Key Usage: critical 671s Digital Signature, Non Repudiation, Key Encipherment 671s X509v3 Extended Key Usage: 671s TLS Web Client Authentication, E-mail Protection 671s X509v3 Subject Alternative Name: 671s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 671s Signature Algorithm: sha256WithRSAEncryption 671s Signature Value: 671s 47:0b:90:1e:51:5f:b2:66:59:6d:d4:e2:2d:89:b0:31:c6:b5: 671s 49:88:2d:fc:96:13:42:ce:da:ed:ee:ec:e1:a4:44:6b:dd:57: 671s 5c:0a:76:ed:ab:cc:3a:2a:ef:d8:45:31:21:5d:76:ce:a8:73: 671s 55:5d:8e:5b:ff:0f:de:20:c5:a8:ca:0f:2d:41:00:d4:64:50: 671s a9:36:d4:34:98:a1:88:95:b3:4b:b8:bd:d5:6a:e7:27:ac:82: 671s 0f:2e:0c:92:9c:0f:af:cd:80:c6:2b:7d:46:c6:b7:3c:20:1f: 671s 05:88:86:64:77:21:cb:bd:a0:6e:bf:1f:92:34:c7:12:d7:7a: 671s 0b:6a 671s + local found_md5 expected_md5 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + expected_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414.pem 671s + found_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 671s + '[' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 '!=' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 ']' 671s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414-auth.output 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414-auth.output .output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414-auth.pem 671s + echo -n 053350 671s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 671s [p11_child[2448]] [main] (0x0400): p11_child started. 671s [p11_child[2448]] [main] (0x2000): Running in [auth] mode. 671s [p11_child[2448]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2448]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2448]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 671s [p11_child[2448]] [do_card] (0x4000): Module List: 671s [p11_child[2448]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2448]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2448]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2448]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 671s [p11_child[2448]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2448]] [do_card] (0x4000): Login required. 671s [p11_child[2448]] [do_card] (0x4000): Token flags [1069]. 671s [p11_child[2448]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 671s [p11_child[2448]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 671s [p11_child[2448]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 671s [p11_child[2448]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1355e218;slot-manufacturer=SoftHSM%20project;slot-id=324395544;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4c6125751355e218;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 671s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 671s [p11_child[2448]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 671s [p11_child[2448]] [do_card] (0x4000): Certificate verified and validated. 671s [p11_child[2448]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414-auth.output 671s + echo '-----BEGIN CERTIFICATE-----' 671s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414-auth.output 671s + echo '-----END CERTIFICATE-----' 671s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414-auth.pem 671s Certificate: 671s Data: 671s Version: 3 (0x2) 671s Serial Number: 5 (0x5) 671s Signature Algorithm: sha256WithRSAEncryption 671s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 671s Validity 671s Not Before: Mar 15 15:15:28 2025 GMT 671s Not After : Mar 15 15:15:28 2026 GMT 671s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 671s Subject Public Key Info: 671s Public Key Algorithm: rsaEncryption 671s Public-Key: (1024 bit) 671s Modulus: 671s 00:b2:3b:00:52:d1:b7:4c:15:04:88:34:c9:99:23: 671s aa:86:6e:a2:f8:3b:07:ca:e9:6a:c8:7f:1d:62:23: 671s fa:9d:64:0c:d7:f2:57:1a:af:38:39:47:90:7d:5c: 671s ea:5a:92:81:40:4e:22:3a:99:de:36:8e:35:ee:11: 671s 5a:bb:f3:06:4e:71:ca:67:f4:1a:73:82:e3:37:b9: 671s 4a:93:86:ea:8e:65:e7:72:41:ce:e1:33:e6:9a:1e: 671s db:c8:ac:da:c0:c5:81:43:4d:0a:f6:77:c0:02:d8: 671s ee:ee:8a:63:15:cb:67:7d:f0:4e:ce:c2:1e:ac:22: 671s ad:d2:48:d7:1f:92:13:bf:95 671s Exponent: 65537 (0x10001) 671s X509v3 extensions: 671s X509v3 Authority Key Identifier: 671s 54:73:97:72:7C:F8:8B:30:C5:22:0C:59:28:77:A5:E8:79:97:C3:6B 671s X509v3 Basic Constraints: 671s CA:FALSE 671s Netscape Cert Type: 671s SSL Client, S/MIME 671s Netscape Comment: 671s Test Organization Sub Intermediate CA trusted Certificate 671s X509v3 Subject Key Identifier: 671s 5B:C3:25:58:F1:0B:0B:63:A0:60:B1:F1:F9:F2:F2:61:B4:16:D5:0E 671s X509v3 Key Usage: critical 671s Digital Signature, Non Repudiation, Key Encipherment 671s X509v3 Extended Key Usage: 671s TLS Web Client Authentication, E-mail Protection 671s X509v3 Subject Alternative Name: 671s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 671s Signature Algorithm: sha256WithRSAEncryption 671s Signature Value: 671s 47:0b:90:1e:51:5f:b2:66:59:6d:d4:e2:2d:89:b0:31:c6:b5: 671s 49:88:2d:fc:96:13:42:ce:da:ed:ee:ec:e1:a4:44:6b:dd:57: 671s 5c:0a:76:ed:ab:cc:3a:2a:ef:d8:45:31:21:5d:76:ce:a8:73: 671s 55:5d:8e:5b:ff:0f:de:20:c5:a8:ca:0f:2d:41:00:d4:64:50: 671s a9:36:d4:34:98:a1:88:95:b3:4b:b8:bd:d5:6a:e7:27:ac:82: 671s 0f:2e:0c:92:9c:0f:af:cd:80:c6:2b:7d:46:c6:b7:3c:20:1f: 671s 05:88:86:64:77:21:cb:bd:a0:6e:bf:1f:92:34:c7:12:d7:7a: 671s 0b:6a 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-9414-auth.pem 671s + found_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 671s + '[' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 '!=' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 ']' 671s + valid_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-intermediate-sub-chain-CA.pem partial_chain 671s + check_certificate /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 /tmp/sssd-softhsm2-NiH3EW/test-intermediate-sub-chain-CA.pem partial_chain 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_ring=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-sub-chain-CA.pem 671s + local verify_option=partial_chain 671s + prepare_softhsm2_card /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local certificate=/tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29050 671s + local key_cn 671s + local key_name 671s + local tokens_dir 671s + local output_cert_file 671s + token_name= 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 671s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 671s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s ++ sed -n 's/ *commonName *= //p' 671s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 671s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 671s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 671s ++ basename /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 671s + tokens_dir=/tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 671s + token_name='Test Organization Sub Int Token' 671s + '[' '!' -e /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 671s + '[' '!' -d /tmp/sssd-softhsm2-NiH3EW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 671s + echo 'Test Organization Sub Int Token' 671s Test Organization Sub Int Token 671s + '[' -n partial_chain ']' 671s + local verify_arg=--verify=partial_chain 671s + local output_base_name=SSSD-child-3256 671s + local output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256.output 671s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256.pem 671s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-sub-chain-CA.pem 671s [p11_child[2458]] [main] (0x0400): p11_child started. 671s [p11_child[2458]] [main] (0x2000): Running in [pre-auth] mode. 671s [p11_child[2458]] [main] (0x2000): Running with effective IDs: [0][0]. 671s [p11_child[2458]] [main] (0x2000): Running with real IDs [0][0]. 671s [p11_child[2458]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 671s [p11_child[2458]] [do_card] (0x4000): Module List: 671s [p11_child[2458]] [do_card] (0x4000): common name: [softhsm2]. 671s [p11_child[2458]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2458]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 671s [p11_child[2458]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 671s [p11_child[2458]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 671s [p11_child[2458]] [do_card] (0x4000): Login NOT required. 671s [p11_child[2458]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 671s [p11_child[2458]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 671s [p11_child[2458]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 671s [p11_child[2458]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1355e218;slot-manufacturer=SoftHSM%20project;slot-id=324395544;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4c6125751355e218;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 671s [p11_child[2458]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 671s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256.output 671s + echo '-----BEGIN CERTIFICATE-----' 671s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256.output 671s + echo '-----END CERTIFICATE-----' 671s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256.pem 671s Certificate: 671s Data: 671s Version: 3 (0x2) 671s Serial Number: 5 (0x5) 671s Signature Algorithm: sha256WithRSAEncryption 671s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 671s Validity 671s Not Before: Mar 15 15:15:28 2025 GMT 671s Not After : Mar 15 15:15:28 2026 GMT 671s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 671s Subject Public Key Info: 671s Public Key Algorithm: rsaEncryption 671s Public-Key: (1024 bit) 671s Modulus: 671s 00:b2:3b:00:52:d1:b7:4c:15:04:88:34:c9:99:23: 671s aa:86:6e:a2:f8:3b:07:ca:e9:6a:c8:7f:1d:62:23: 671s fa:9d:64:0c:d7:f2:57:1a:af:38:39:47:90:7d:5c: 671s ea:5a:92:81:40:4e:22:3a:99:de:36:8e:35:ee:11: 671s 5a:bb:f3:06:4e:71:ca:67:f4:1a:73:82:e3:37:b9: 671s 4a:93:86:ea:8e:65:e7:72:41:ce:e1:33:e6:9a:1e: 671s db:c8:ac:da:c0:c5:81:43:4d:0a:f6:77:c0:02:d8: 671s ee:ee:8a:63:15:cb:67:7d:f0:4e:ce:c2:1e:ac:22: 671s ad:d2:48:d7:1f:92:13:bf:95 671s Exponent: 65537 (0x10001) 671s X509v3 extensions: 671s X509v3 Authority Key Identifier: 671s 54:73:97:72:7C:F8:8B:30:C5:22:0C:59:28:77:A5:E8:79:97:C3:6B 671s X509v3 Basic Constraints: 671s CA:FALSE 671s Netscape Cert Type: 671s SSL Client, S/MIME 671s Netscape Comment: 671s Test Organization Sub Intermediate CA trusted Certificate 671s X509v3 Subject Key Identifier: 671s 5B:C3:25:58:F1:0B:0B:63:A0:60:B1:F1:F9:F2:F2:61:B4:16:D5:0E 671s X509v3 Key Usage: critical 671s Digital Signature, Non Repudiation, Key Encipherment 671s X509v3 Extended Key Usage: 671s TLS Web Client Authentication, E-mail Protection 671s X509v3 Subject Alternative Name: 671s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 671s Signature Algorithm: sha256WithRSAEncryption 671s Signature Value: 671s 47:0b:90:1e:51:5f:b2:66:59:6d:d4:e2:2d:89:b0:31:c6:b5: 671s 49:88:2d:fc:96:13:42:ce:da:ed:ee:ec:e1:a4:44:6b:dd:57: 671s 5c:0a:76:ed:ab:cc:3a:2a:ef:d8:45:31:21:5d:76:ce:a8:73: 671s 55:5d:8e:5b:ff:0f:de:20:c5:a8:ca:0f:2d:41:00:d4:64:50: 671s a9:36:d4:34:98:a1:88:95:b3:4b:b8:bd:d5:6a:e7:27:ac:82: 671s 0f:2e:0c:92:9c:0f:af:cd:80:c6:2b:7d:46:c6:b7:3c:20:1f: 671s 05:88:86:64:77:21:cb:bd:a0:6e:bf:1f:92:34:c7:12:d7:7a: 671s 0b:6a 671s + local found_md5 expected_md5 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/test-sub-intermediate-CA-trusted-certificate-0001.pem 671s + expected_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 671s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256.pem 672s + found_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 672s + '[' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 '!=' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 ']' 672s + output_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256-auth.output 672s ++ basename /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256-auth.output .output 672s + output_cert_file=/tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256-auth.pem 672s + echo -n 053350 672s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-NiH3EW/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 672s [p11_child[2466]] [main] (0x0400): p11_child started. 672s [p11_child[2466]] [main] (0x2000): Running in [auth] mode. 672s [p11_child[2466]] [main] (0x2000): Running with effective IDs: [0][0]. 672s [p11_child[2466]] [main] (0x2000): Running with real IDs [0][0]. 672s [p11_child[2466]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 672s [p11_child[2466]] [do_card] (0x4000): Module List: 672s [p11_child[2466]] [do_card] (0x4000): common name: [softhsm2]. 672s [p11_child[2466]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 672s [p11_child[2466]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1355e218] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 672s [p11_child[2466]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 672s [p11_child[2466]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x1355e218][324395544] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 672s [p11_child[2466]] [do_card] (0x4000): Login required. 672s [p11_child[2466]] [do_card] (0x4000): Token flags [1069]. 672s [p11_child[2466]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 672s [p11_child[2466]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 672s [p11_child[2466]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 672s [p11_child[2466]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1355e218;slot-manufacturer=SoftHSM%20project;slot-id=324395544;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4c6125751355e218;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 672s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 672s [p11_child[2466]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 672s [p11_child[2466]] [do_card] (0x4000): Certificate verified and validated. 672s [p11_child[2466]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 672s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256-auth.output 672s + echo '-----BEGIN CERTIFICATE-----' 672s + tail -n1 /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256-auth.output 672s + echo '-----END CERTIFICATE-----' 672s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256-auth.pem 672s Certificate: 672s Data: 672s Version: 3 (0x2) 672s Serial Number: 5 (0x5) 672s Signature Algorithm: sha256WithRSAEncryption 672s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 672s Validity 672s Not Before: Mar 15 15:15:28 2025 GMT 672s Not After : Mar 15 15:15:28 2026 GMT 672s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 672s Subject Public Key Info: 672s Public Key Algorithm: rsaEncryption 672s Public-Key: (1024 bit) 672s Modulus: 672s 00:b2:3b:00:52:d1:b7:4c:15:04:88:34:c9:99:23: 672s aa:86:6e:a2:f8:3b:07:ca:e9:6a:c8:7f:1d:62:23: 672s fa:9d:64:0c:d7:f2:57:1a:af:38:39:47:90:7d:5c: 672s ea:5a:92:81:40:4e:22:3a:99:de:36:8e:35:ee:11: 672s 5a:bb:f3:06:4e:71:ca:67:f4:1a:73:82:e3:37:b9: 672s 4a:93:86:ea:8e:65:e7:72:41:ce:e1:33:e6:9a:1e: 672s db:c8:ac:da:c0:c5:81:43:4d:0a:f6:77:c0:02:d8: 672s ee:ee:8a:63:15:cb:67:7d:f0:4e:ce:c2:1e:ac:22: 672s ad:d2:48:d7:1f:92:13:bf:95 672s Exponent: 65537 (0x10001) 672s X509v3 extensions: 672s X509v3 Authority Key Identifier: 672s 54:73:97:72:7C:F8:8B:30:C5:22:0C:59:28:77:A5:E8:79:97:C3:6B 672s X509v3 Basic Constraints: 672s CA:FALSE 672s Netscape Cert Type: 672s SSL Client, S/MIME 672s Netscape Comment: 672s Test Organization Sub Intermediate CA trusted Certificate 672s X509v3 Subject Key Identifier: 672s 5B:C3:25:58:F1:0B:0B:63:A0:60:B1:F1:F9:F2:F2:61:B4:16:D5:0E 672s X509v3 Key Usage: critical 672s Digital Signature, Non Repudiation, Key Encipherment 672s X509v3 Extended Key Usage: 672s TLS Web Client Authentication, E-mail Protection 672s X509v3 Subject Alternative Name: 672s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 672s Signature Algorithm: sha256WithRSAEncryption 672s Signature Value: 672s 47:0b:90:1e:51:5f:b2:66:59:6d:d4:e2:2d:89:b0:31:c6:b5: 672s 49:88:2d:fc:96:13:42:ce:da:ed:ee:ec:e1:a4:44:6b:dd:57: 672s 5c:0a:76:ed:ab:cc:3a:2a:ef:d8:45:31:21:5d:76:ce:a8:73: 672s 55:5d:8e:5b:ff:0f:de:20:c5:a8:ca:0f:2d:41:00:d4:64:50: 672s a9:36:d4:34:98:a1:88:95:b3:4b:b8:bd:d5:6a:e7:27:ac:82: 672s 0f:2e:0c:92:9c:0f:af:cd:80:c6:2b:7d:46:c6:b7:3c:20:1f: 672s 05:88:86:64:77:21:cb:bd:a0:6e:bf:1f:92:34:c7:12:d7:7a: 672s 0b:6a 672s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-NiH3EW/SSSD-child-3256-auth.pem 672s 672s Test completed, Root CA and intermediate issued certificates verified! 672s + found_md5=Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 672s + '[' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 '!=' Modulus=B23B0052D1B74C15048834C99923AA866EA2F83B07CAE96AC87F1D6223FA9D640CD7F2571AAF383947907D5CEA5A9281404E223A99DE368E35EE115ABBF3064E71CA67F41A7382E337B94A9386EA8E65E77241CEE133E69A1EDBC8ACDAC0C581434D0AF677C002D8EEEE8A6315CB677DF04ECEC21EAC22ADD248D71F9213BF95 ']' 672s + set +x 672s autopkgtest [15:15:32]: test sssd-softhism2-certificates-tests.sh: -----------------------] 673s sssd-softhism2-certificates-tests.sh PASS 673s autopkgtest [15:15:33]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 673s autopkgtest [15:15:33]: test sssd-smart-card-pam-auth-configs: preparing testbed 673s Reading package lists... 674s Building dependency tree... 674s Reading state information... 674s Starting pkgProblemResolver with broken count: 0 675s Starting 2 pkgProblemResolver with broken count: 0 675s Done 676s The following NEW packages will be installed: 676s pamtester 676s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 676s Need to get 12.3 kB of archives. 676s After this operation, 36.9 kB of additional disk space will be used. 676s Get:1 http://ftpmaster.internal/ubuntu plucky/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 676s Fetched 12.3 kB in 0s (67.9 kB/s) 676s Selecting previously unselected package pamtester. 676s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 82232 files and directories currently installed.) 676s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 676s Unpacking pamtester (0.1.2-4) ... 676s Setting up pamtester (0.1.2-4) ... 676s Processing triggers for man-db (2.13.0-1) ... 678s autopkgtest [15:15:38]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 678s autopkgtest [15:15:38]: test sssd-smart-card-pam-auth-configs: [----------------------- 678s + '[' -z ubuntu ']' 678s + export DEBIAN_FRONTEND=noninteractive 678s + DEBIAN_FRONTEND=noninteractive 678s + required_tools=(pamtester softhsm2-util sssd) 678s + [[ ! -v OFFLINE_MODE ]] 678s + for cmd in "${required_tools[@]}" 678s + command -v pamtester 678s + for cmd in "${required_tools[@]}" 678s + command -v softhsm2-util 678s + for cmd in "${required_tools[@]}" 678s + command -v sssd 678s + PIN=123456 678s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 678s + tmpdir=/tmp/sssd-softhsm2-certs-1DTH7D 678s + backupsdir= 678s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 678s + declare -a restore_paths 678s + declare -a delete_paths 678s + trap handle_exit EXIT 678s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 678s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 678s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 678s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 678s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-1DTH7D GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 678s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-1DTH7D 678s + GENERATE_SMART_CARDS=1 678s + KEEP_TEMPORARY_FILES=1 678s + NO_SSSD_TESTS=1 678s + bash debian/tests/sssd-softhism2-certificates-tests.sh 678s + '[' -z ubuntu ']' 678s + required_tools=(p11tool openssl softhsm2-util) 678s + for cmd in "${required_tools[@]}" 678s + command -v p11tool 678s + for cmd in "${required_tools[@]}" 678s + command -v openssl 678s + for cmd in "${required_tools[@]}" 678s + command -v softhsm2-util 678s + PIN=123456 678s +++ find /usr/lib/softhsm/libsofthsm2.so 678s +++ head -n 1 678s ++ realpath /usr/lib/softhsm/libsofthsm2.so 678s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 678s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 678s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 678s + '[' '!' -v NO_SSSD_TESTS ']' 678s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 678s + tmpdir=/tmp/sssd-softhsm2-certs-1DTH7D 678s + keys_size=1024 678s + [[ ! -v KEEP_TEMPORARY_FILES ]] 678s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 678s + echo -n 01 678s + touch /tmp/sssd-softhsm2-certs-1DTH7D/index.txt 678s + mkdir -p /tmp/sssd-softhsm2-certs-1DTH7D/new_certs 678s + cat 678s + root_ca_key_pass=pass:random-root-CA-password-32168 678s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-key.pem -passout pass:random-root-CA-password-32168 1024 678s + openssl req -passin pass:random-root-CA-password-32168 -batch -config /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.pem 678s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.pem 678s + cat 678s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-15633 678s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-15633 1024 678s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-15633 -config /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-32168 -sha256 -out /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-certificate-request.pem 678s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-certificate-request.pem 678s Certificate Request: 678s Data: 678s Version: 1 (0x0) 678s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 678s Subject Public Key Info: 678s Public Key Algorithm: rsaEncryption 678s Public-Key: (1024 bit) 678s Modulus: 678s 00:cb:9a:3c:6f:75:79:63:c0:ae:7a:c9:90:96:28: 678s 85:ab:cf:cd:ea:41:25:05:8d:41:28:21:59:24:ad: 678s ce:15:43:f4:46:6c:1c:6b:5d:db:ad:ca:51:31:3f: 678s 1f:f3:9d:95:7f:d5:74:11:dd:e2:70:62:97:39:dd: 678s 94:14:0a:6b:df:79:37:d0:e7:a3:f3:25:36:f7:0a: 678s 78:c7:50:92:a0:67:60:26:a3:ad:d4:de:5b:5c:54: 678s 54:20:1e:ce:67:71:8d:3a:65:b5:04:85:e0:9a:aa: 678s 38:10:e2:83:5d:00:cf:d4:e4:fe:f2:3a:81:84:45: 678s 25:a9:40:b7:43:8a:f2:fa:83 678s Exponent: 65537 (0x10001) 678s Attributes: 678s (none) 678s Requested Extensions: 678s Signature Algorithm: sha256WithRSAEncryption 678s Signature Value: 678s 3e:cd:c2:bf:04:fc:5d:cb:b7:0b:f6:a4:67:dd:5b:26:8e:61: 678s 4e:08:be:88:77:57:d6:44:4c:90:d9:c2:e0:61:0d:d1:3d:1e: 678s 2b:40:d5:a2:18:bd:d8:8b:c5:a7:1b:8d:c7:2f:ea:c4:34:48: 678s 8c:d0:73:5c:0d:a4:75:fb:dc:ec:69:f2:be:57:0c:0b:30:70: 678s f5:c3:f7:16:3c:c5:b7:fd:d6:44:95:0d:ea:cd:7e:be:94:a1: 678s 69:0c:36:e8:9e:da:b7:b0:0b:fe:42:09:af:4b:91:c4:71:5d: 678s d2:82:fc:2c:ee:f8:58:ea:9d:34:e7:5f:7f:2b:14:7a:3a:f4: 678s f7:42 678s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.config -passin pass:random-root-CA-password-32168 -keyfile /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem 678s Using configuration from /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.config 678s Check that the request matches the signature 678s Signature ok 678s Certificate Details: 678s Serial Number: 1 (0x1) 678s Validity 678s Not Before: Mar 15 15:15:38 2025 GMT 678s Not After : Mar 15 15:15:38 2026 GMT 678s Subject: 678s organizationName = Test Organization 678s organizationalUnitName = Test Organization Unit 678s commonName = Test Organization Intermediate CA 678s X509v3 extensions: 678s X509v3 Subject Key Identifier: 678s 4D:9C:C8:2C:A9:8F:2B:AA:D9:51:98:CE:EF:40:BD:A0:91:E9:F0:D5 678s X509v3 Authority Key Identifier: 678s keyid:64:DC:E9:CD:7A:51:2A:BA:99:AC:B8:06:93:7F:B6:02:97:A3:C1:59 678s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 678s serial:00 678s X509v3 Basic Constraints: 678s CA:TRUE 678s X509v3 Key Usage: critical 678s Digital Signature, Certificate Sign, CRL Sign 678s Certificate is to be certified until Mar 15 15:15:38 2026 GMT (365 days) 678s 678s Write out database with 1 new entries 678s Database updated 678s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem 678s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem 678s /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem: OK 678s + cat 678s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-6294 678s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-6294 1024 678s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-6294 -config /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-15633 -sha256 -out /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-certificate-request.pem 679s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-certificate-request.pem 679s Certificate Request: 679s Data: 679s Version: 1 (0x0) 679s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 679s Subject Public Key Info: 679s Public Key Algorithm: rsaEncryption 679s Public-Key: (1024 bit) 679s Modulus: 679s 00:e1:49:62:0a:d9:32:67:74:5b:4a:fb:34:42:91: 679s f2:71:6b:fe:8d:a0:02:30:0c:05:26:04:e4:cd:60: 679s ae:45:8a:e0:73:66:40:80:8d:02:05:74:2c:4b:98: 679s f5:46:5d:a2:70:54:7c:e3:70:86:b5:6b:75:6b:68: 679s 0c:62:26:fb:e1:63:d2:f3:00:77:46:e8:31:79:b7: 679s e3:73:01:cd:95:95:b3:e6:1e:49:05:ed:9f:aa:63: 679s 0a:38:e0:dd:8e:4d:a1:0d:b1:64:bc:8a:e2:40:ae: 679s 49:2a:81:86:7f:17:1f:04:5e:5c:69:01:c2:2e:64: 679s 4e:ad:07:bc:9f:d3:04:a8:73 679s Exponent: 65537 (0x10001) 679s Attributes: 679s (none) 679s Requested Extensions: 679s Signature Algorithm: sha256WithRSAEncryption 679s Signature Value: 679s 8e:43:33:6c:da:c8:76:d0:cd:e4:2f:ab:e0:0c:a2:ee:38:ef: 679s 8b:70:76:72:8f:ca:7b:83:ce:6e:b2:5c:96:3e:ab:8d:dd:ef: 679s 18:bb:52:4d:6d:57:33:89:83:45:fb:80:bf:ae:a2:f5:2a:c6: 679s 5d:ab:91:8a:f3:5e:e4:6e:3b:20:d3:8e:3c:cc:da:90:26:b5: 679s c3:c0:07:10:07:9b:3c:eb:cd:ec:af:d8:02:a3:6f:cf:59:b8: 679s 2c:69:be:56:e7:f8:f5:b1:30:1d:70:75:34:2e:17:20:69:ef: 679s d9:9b:52:89:92:d9:9d:2c:b4:c3:17:7c:0a:eb:d1:c2:0c:e2: 679s 44:4e 679s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-15633 -keyfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem 679s Using configuration from /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.config 679s Check that the request matches the signature 679s Signature ok 679s Certificate Details: 679s Serial Number: 2 (0x2) 679s Validity 679s Not Before: Mar 15 15:15:38 2025 GMT 679s Not After : Mar 15 15:15:38 2026 GMT 679s Subject: 679s organizationName = Test Organization 679s organizationalUnitName = Test Organization Unit 679s commonName = Test Organization Sub Intermediate CA 679s X509v3 extensions: 679s X509v3 Subject Key Identifier: 679s 2E:57:91:FF:71:60:54:77:FB:96:87:E8:20:44:1E:A1:F6:6C:26:A1 679s X509v3 Authority Key Identifier: 679s keyid:4D:9C:C8:2C:A9:8F:2B:AA:D9:51:98:CE:EF:40:BD:A0:91:E9:F0:D5 679s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 679s serial:01 679s X509v3 Basic Constraints: 679s CA:TRUE 679s X509v3 Key Usage: critical 679s Digital Signature, Certificate Sign, CRL Sign 679s Certificate is to be certified until Mar 15 15:15:38 2026 GMT (365 days) 679s 679s Write out database with 1 new entries 679s Database updated 679s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem 679s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem 679s /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem: OK 679s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem 679s + local cmd=openssl 679s + shift 679s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem 679s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 679s error 20 at 0 depth lookup: unable to get local issuer certificate 679s error /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem: verification failed 679s + cat 679s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-4911 679s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-4911 1024 679s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-4911 -key /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001-request.pem 679s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001-request.pem 679s Certificate Request: 679s Data: 679s Version: 1 (0x0) 679s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 679s Subject Public Key Info: 679s Public Key Algorithm: rsaEncryption 679s Public-Key: (1024 bit) 679s Modulus: 679s 00:e7:c9:1c:d1:66:d3:1f:d5:f7:8a:ae:5a:0c:42: 679s 9d:56:df:b7:5b:6b:db:ff:12:e7:e6:0b:17:0c:1c: 679s 7f:98:4a:27:aa:be:31:b9:d8:b7:e2:e6:4a:a2:f6: 679s 5a:08:d1:4c:c9:ca:fa:08:17:2c:2c:d3:09:bf:08: 679s 7a:c6:d1:f5:90:9d:e6:8c:21:9a:23:51:e7:18:3d: 679s 94:09:0b:68:83:ab:82:84:7f:71:f3:ba:65:62:c2: 679s 98:5d:b3:30:5f:7e:66:9d:8a:82:8b:50:ee:c9:2c: 679s d7:6c:b5:ee:e5:03:5c:18:36:1f:79:6f:28:dc:c3: 679s 44:98:21:7b:b1:49:e9:02:ab 679s Exponent: 65537 (0x10001) 679s Attributes: 679s Requested Extensions: 679s X509v3 Basic Constraints: 679s CA:FALSE 679s Netscape Cert Type: 679s SSL Client, S/MIME 679s Netscape Comment: 679s Test Organization Root CA trusted Certificate 679s X509v3 Subject Key Identifier: 679s EC:A5:8E:C7:7A:A5:74:82:E1:05:21:55:30:33:25:53:38:EB:05:A9 679s X509v3 Key Usage: critical 679s Digital Signature, Non Repudiation, Key Encipherment 679s X509v3 Extended Key Usage: 679s TLS Web Client Authentication, E-mail Protection 679s X509v3 Subject Alternative Name: 679s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 679s Signature Algorithm: sha256WithRSAEncryption 679s Signature Value: 679s dd:dd:e4:eb:15:9e:fc:1c:d7:c0:2c:e4:47:ed:cb:f5:6e:18: 679s 09:90:32:24:ac:b3:94:86:09:66:7e:04:95:7b:a5:b6:e6:ff: 679s 3d:7f:b6:a1:d6:85:4a:81:28:75:45:4b:6b:ba:56:53:f7:7f: 679s 04:e6:83:09:d6:6e:d8:17:a5:0e:9d:d0:58:b1:12:e8:8e:05: 679s b4:ab:c4:c3:bf:3c:90:c7:bb:cd:20:44:e6:de:65:6c:1b:b6: 679s 28:3f:05:78:18:eb:12:23:95:9b:a2:00:df:97:a7:7a:31:89: 679s 5c:ba:ca:60:dc:4c:de:7f:1a:b6:a6:c6:b3:fe:bd:33:dc:05: 679s 96:54 679s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.config -passin pass:random-root-CA-password-32168 -keyfile /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem 679s Using configuration from /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.config 679s Check that the request matches the signature 679s Signature ok 679s Certificate Details: 679s Serial Number: 3 (0x3) 679s Validity 679s Not Before: Mar 15 15:15:39 2025 GMT 679s Not After : Mar 15 15:15:39 2026 GMT 679s Subject: 679s organizationName = Test Organization 679s organizationalUnitName = Test Organization Unit 679s commonName = Test Organization Root Trusted Certificate 0001 679s X509v3 extensions: 679s X509v3 Authority Key Identifier: 679s 64:DC:E9:CD:7A:51:2A:BA:99:AC:B8:06:93:7F:B6:02:97:A3:C1:59 679s X509v3 Basic Constraints: 679s CA:FALSE 679s Netscape Cert Type: 679s SSL Client, S/MIME 679s Netscape Comment: 679s Test Organization Root CA trusted Certificate 679s X509v3 Subject Key Identifier: 679s EC:A5:8E:C7:7A:A5:74:82:E1:05:21:55:30:33:25:53:38:EB:05:A9 679s X509v3 Key Usage: critical 679s Digital Signature, Non Repudiation, Key Encipherment 679s X509v3 Extended Key Usage: 679s TLS Web Client Authentication, E-mail Protection 679s X509v3 Subject Alternative Name: 679s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 679s Certificate is to be certified until Mar 15 15:15:39 2026 GMT (365 days) 679s 679s Write out database with 1 new entries 679s Database updated 679s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem 679s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem 679s /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem: OK 679s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem 679s + local cmd=openssl 679s + shift 679s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem 679s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 679s error 20 at 0 depth lookup: unable to get local issuer certificate 679s error /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem: verification failed 679s + cat 679s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-17448 679s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-17448 1024 679s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-17448 -key /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001-request.pem 679s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001-request.pem 679s Certificate Request: 679s Data: 679s Version: 1 (0x0) 679s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 679s Subject Public Key Info: 679s Public Key Algorithm: rsaEncryption 679s Public-Key: (1024 bit) 679s Modulus: 679s 00:ae:4e:b5:8e:2a:73:85:cf:b7:4e:df:f3:93:dd: 679s c3:d8:27:be:a9:20:50:98:94:b0:fd:70:5a:5c:34: 679s 53:3c:e4:24:2f:9d:12:aa:9d:ad:96:7f:23:4e:e3: 679s ba:88:11:2a:27:e5:2d:f4:0c:49:ad:5d:94:68:14: 679s db:04:22:fe:7a:79:c6:ab:e9:ac:fe:73:20:c5:f6: 679s e1:71:f8:4b:25:0c:ba:6f:11:0b:5f:3c:77:2e:ba: 679s fe:9a:5e:ff:84:9e:18:b8:30:49:0c:7f:9e:aa:db: 679s 04:99:ac:aa:bb:89:a0:f9:c2:df:23:b1:8f:42:84: 679s ed:d9:54:50:1e:8e:58:b5:89 679s Exponent: 65537 (0x10001) 679s Attributes: 679s Requested Extensions: 679s X509v3 Basic Constraints: 679s CA:FALSE 679s Netscape Cert Type: 679s SSL Client, S/MIME 679s Netscape Comment: 679s Test Organization Intermediate CA trusted Certificate 679s X509v3 Subject Key Identifier: 679s 58:FE:CA:D3:BD:F6:E5:57:B1:81:DB:69:C0:F2:A3:0A:58:38:A5:D3 679s X509v3 Key Usage: critical 679s Digital Signature, Non Repudiation, Key Encipherment 679s X509v3 Extended Key Usage: 679s TLS Web Client Authentication, E-mail Protection 679s X509v3 Subject Alternative Name: 679s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 679s Signature Algorithm: sha256WithRSAEncryption 679s Signature Value: 679s 9e:ec:69:1c:b8:ed:b8:c7:63:ca:e9:e9:72:31:37:f3:a1:f1: 679s c4:49:1b:30:aa:64:09:ac:7f:89:6e:fc:76:2b:5a:dc:ed:d1: 679s 08:f2:d5:06:a4:f3:3b:96:c6:85:f0:44:6f:36:ef:bf:9f:67: 679s 40:b4:08:30:96:bb:0b:04:0d:27:c7:a0:62:2c:38:d2:ff:ec: 679s a6:20:a7:22:86:59:b5:e9:1d:4f:76:b3:a3:8e:3c:ba:fb:1c: 679s fe:03:bc:3e:1d:f3:98:6b:db:52:55:9f:05:52:51:00:0c:4a: 679s 79:0b:89:17:38:f2:e3:2f:14:0e:4a:20:85:1b:77:32:48:d1: 679s 9e:db 679s + openssl ca -passin pass:random-intermediate-CA-password-15633 -config /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem 679s Using configuration from /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.config 679s Check that the request matches the signature 679s Signature ok 679s Certificate Details: 679s Serial Number: 4 (0x4) 679s Validity 679s Not Before: Mar 15 15:15:39 2025 GMT 679s Not After : Mar 15 15:15:39 2026 GMT 679s Subject: 679s organizationName = Test Organization 679s organizationalUnitName = Test Organization Unit 679s commonName = Test Organization Intermediate Trusted Certificate 0001 679s X509v3 extensions: 679s X509v3 Authority Key Identifier: 679s 4D:9C:C8:2C:A9:8F:2B:AA:D9:51:98:CE:EF:40:BD:A0:91:E9:F0:D5 679s X509v3 Basic Constraints: 679s CA:FALSE 679s Netscape Cert Type: 679s SSL Client, S/MIME 679s Netscape Comment: 679s Test Organization Intermediate CA trusted Certificate 679s X509v3 Subject Key Identifier: 679s 58:FE:CA:D3:BD:F6:E5:57:B1:81:DB:69:C0:F2:A3:0A:58:38:A5:D3 679s X509v3 Key Usage: critical 679s Digital Signature, Non Repudiation, Key Encipherment 679s X509v3 Extended Key Usage: 679s TLS Web Client Authentication, E-mail Protection 679s X509v3 Subject Alternative Name: 679s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 679s Certificate is to be certified until Mar 15 15:15:39 2026 GMT (365 days) 679s 679s Write out database with 1 new entries 679s Database updated 679s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem 679s + echo 'This certificate should not be trusted fully' 679s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem 679s + local cmd=openssl 679s + shift 679s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem 679s This certificate should not be trusted fully 679s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 679s error 2 at 1 depth lookup: unable to get issuer certificate 679s error /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 679s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem 679s /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem: OK 679s + cat 679s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26453 679s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-26453 1024 679s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-26453 -key /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 679s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 679s Certificate Request: 679s Data: 679s Version: 1 (0x0) 679s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 679s Subject Public Key Info: 679s Public Key Algorithm: rsaEncryption 679s Public-Key: (1024 bit) 679s Modulus: 679s 00:b8:19:fe:5a:7a:4f:34:ae:be:cc:4d:be:5c:9b: 679s f3:51:b0:e8:f7:5b:fa:43:d6:2e:a7:5a:31:d4:4c: 679s 53:78:0f:6e:a3:1a:39:03:69:c7:b4:1c:59:21:50: 679s 19:63:60:11:fe:27:a0:6d:5f:3e:5a:6d:e1:31:8e: 679s b1:40:ee:da:b8:e6:79:db:98:3f:23:22:f2:4b:15: 679s b5:ba:43:67:e9:55:c5:00:54:61:84:b1:a6:ef:5d: 679s 10:0e:39:87:86:ba:f9:9d:35:07:a0:1f:64:76:da: 679s c1:b2:be:4c:de:c5:5b:45:9e:15:b3:5c:cf:20:39: 679s be:7e:b3:0c:ce:7c:8f:12:d9 679s Exponent: 65537 (0x10001) 679s Attributes: 679s Requested Extensions: 679s X509v3 Basic Constraints: 679s CA:FALSE 679s Netscape Cert Type: 679s SSL Client, S/MIME 679s Netscape Comment: 679s Test Organization Sub Intermediate CA trusted Certificate 679s X509v3 Subject Key Identifier: 679s 30:43:85:49:4A:CB:5E:14:96:7F:8A:E6:AE:5B:78:C2:DB:75:AE:83 679s X509v3 Key Usage: critical 679s Digital Signature, Non Repudiation, Key Encipherment 679s X509v3 Extended Key Usage: 679s TLS Web Client Authentication, E-mail Protection 679s X509v3 Subject Alternative Name: 679s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 679s Signature Algorithm: sha256WithRSAEncryption 679s Signature Value: 679s 80:40:50:80:1b:3a:ba:c9:9d:d8:42:3e:b7:08:89:fc:fe:6c: 679s d6:a9:57:f8:61:2e:6f:9e:8d:86:38:dd:67:77:fe:e5:16:41: 679s da:95:4c:65:e6:6c:63:56:df:0a:fe:d4:f5:e4:bd:2e:d9:93: 679s d4:47:dc:61:43:4d:f0:29:43:ef:91:23:c5:01:f6:78:80:dc: 679s 1c:88:db:2c:a9:a5:3e:a8:2c:6f:84:4a:84:fa:d4:69:68:25: 679s 62:cf:06:a5:88:f9:a7:07:e3:f2:f8:b6:ff:7f:90:e4:b6:89: 679s 00:58:21:d4:18:30:63:55:94:0d:df:fd:6c:78:21:a0:b5:ad: 679s a2:15 679s + openssl ca -passin pass:random-sub-intermediate-CA-password-6294 -config /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s Using configuration from /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.config 679s Check that the request matches the signature 679s Signature ok 679s Certificate Details: 679s Serial Number: 5 (0x5) 679s Validity 679s Not Before: Mar 15 15:15:39 2025 GMT 679s Not After : Mar 15 15:15:39 2026 GMT 679s Subject: 679s organizationName = Test Organization 679s organizationalUnitName = Test Organization Unit 679s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 679s X509v3 extensions: 679s X509v3 Authority Key Identifier: 679s 2E:57:91:FF:71:60:54:77:FB:96:87:E8:20:44:1E:A1:F6:6C:26:A1 679s X509v3 Basic Constraints: 679s CA:FALSE 679s Netscape Cert Type: 679s SSL Client, S/MIME 679s Netscape Comment: 679s Test Organization Sub Intermediate CA trusted Certificate 679s X509v3 Subject Key Identifier: 679s 30:43:85:49:4A:CB:5E:14:96:7F:8A:E6:AE:5B:78:C2:DB:75:AE:83 679s X509v3 Key Usage: critical 679s Digital Signature, Non Repudiation, Key Encipherment 679s X509v3 Extended Key Usage: 679s TLS Web Client Authentication, E-mail Protection 679s X509v3 Subject Alternative Name: 679s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 679s Certificate is to be certified until Mar 15 15:15:39 2026 GMT (365 days) 679s 679s Write out database with 1 new entries 679s Database updated 679s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s This certificate should not be trusted fully 679s + echo 'This certificate should not be trusted fully' 679s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s + local cmd=openssl 679s + shift 679s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 679s error 2 at 1 depth lookup: unable to get issuer certificate 679s error /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 679s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s + local cmd=openssl 679s + shift 679s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 679s error 20 at 0 depth lookup: unable to get local issuer certificate 679s error /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 679s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 679s Building a the full-chain CA file... 679s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s + local cmd=openssl 679s + shift 679s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 679s error 20 at 0 depth lookup: unable to get local issuer certificate 679s error /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 679s + echo 'Building a the full-chain CA file...' 679s + cat /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem 679s + cat /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem 679s + cat /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem 679s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem 679s + openssl pkcs7 -print_certs -noout 679s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 679s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 679s 679s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 679s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 679s 679s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 679s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 679s 679s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem 679s /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA.pem: OK 679s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem 679s /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem: OK 679s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem 679s /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem: OK 679s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-root-intermediate-chain-CA.pem 679s /tmp/sssd-softhsm2-certs-1DTH7D/test-root-intermediate-chain-CA.pem: OK 679s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 679s Certificates generation completed! 679s + echo 'Certificates generation completed!' 679s + [[ -v NO_SSSD_TESTS ]] 679s + [[ -v GENERATE_SMART_CARDS ]] 679s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4911 679s + local certificate=/tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem 679s + local key_pass=pass:random-root-ca-trusted-cert-0001-4911 679s + local key_cn 679s + local key_name 679s + local tokens_dir 679s + local output_cert_file 679s + token_name= 679s ++ basename /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem .pem 679s + key_name=test-root-CA-trusted-certificate-0001 679s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem 679s ++ sed -n 's/ *commonName *= //p' 679s + key_cn='Test Organization Root Trusted Certificate 0001' 679s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 679s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-root-CA-trusted-certificate-0001.conf 679s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-root-CA-trusted-certificate-0001.conf 679s ++ basename /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 679s + tokens_dir=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-root-CA-trusted-certificate-0001 679s + token_name='Test Organization Root Tr Token' 679s + '[' '!' -e /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 679s + local key_file 679s + local decrypted_key 679s + mkdir -p /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-root-CA-trusted-certificate-0001 679s + key_file=/tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001-key.pem 679s + decrypted_key=/tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001-key-decrypted.pem 679s + cat 679s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 679s Slot 0 has a free/uninitialized token. 679s The token has been initialized and is reassigned to slot 1817725555 679s + softhsm2-util --show-slots 679s Available slots: 679s Slot 1817725555 679s Slot info: 679s Description: SoftHSM slot ID 0x6c584a73 679s Manufacturer ID: SoftHSM project 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Token present: yes 679s Token info: 679s Manufacturer ID: SoftHSM project 679s Model: SoftHSM v2 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Serial number: 1d5e91d2ec584a73 679s Initialized: yes 679s User PIN init.: yes 679s Label: Test Organization Root Tr Token 679s Slot 1 679s Slot info: 679s Description: SoftHSM slot ID 0x1 679s Manufacturer ID: SoftHSM project 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Token present: yes 679s Token info: 679s Manufacturer ID: SoftHSM project 679s Model: SoftHSM v2 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Serial number: 679s Initialized: no 679s User PIN init.: no 679s Label: 679s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 679s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-4911 -in /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001-key-decrypted.pem 679s writing RSA key 679s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 679s + rm /tmp/sssd-softhsm2-certs-1DTH7D/test-root-CA-trusted-certificate-0001-key-decrypted.pem 679s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 679s Object 0: 679s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1d5e91d2ec584a73;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 679s Type: X.509 Certificate (RSA-1024) 679s Expires: Sun Mar 15 15:15:39 2026 679s Label: Test Organization Root Trusted Certificate 0001 679s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 679s 679s Test Organization Root Tr Token 679s + echo 'Test Organization Root Tr Token' 679s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17448 679s + local certificate=/tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem 679s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17448 679s + local key_cn 679s + local key_name 679s + local tokens_dir 679s + local output_cert_file 679s + token_name= 679s ++ basename /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem .pem 679s + key_name=test-intermediate-CA-trusted-certificate-0001 679s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem 679s ++ sed -n 's/ *commonName *= //p' 679s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 679s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 679s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 679s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 679s ++ basename /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 679s + tokens_dir=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-intermediate-CA-trusted-certificate-0001 679s + token_name='Test Organization Interme Token' 679s + '[' '!' -e /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 679s + local key_file 679s + local decrypted_key 679s + mkdir -p /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-intermediate-CA-trusted-certificate-0001 679s + key_file=/tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001-key.pem 679s + decrypted_key=/tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 679s + cat 679s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 679s Slot 0 has a free/uninitialized token. 679s The token has been initialized and is reassigned to slot 137177357 679s + softhsm2-util --show-slots 679s Available slots: 679s Slot 137177357 679s Slot info: 679s Description: SoftHSM slot ID 0x82d290d 679s Manufacturer ID: SoftHSM project 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Token present: yes 679s Token info: 679s Manufacturer ID: SoftHSM project 679s Model: SoftHSM v2 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Serial number: fb1ca6a2882d290d 679s Initialized: yes 679s User PIN init.: yes 679s Label: Test Organization Interme Token 679s Slot 1 679s Slot info: 679s Description: SoftHSM slot ID 0x1 679s Manufacturer ID: SoftHSM project 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Token present: yes 679s Token info: 679s Manufacturer ID: SoftHSM project 679s Model: SoftHSM v2 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Serial number: 679s Initialized: no 679s User PIN init.: no 679s Label: 679s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 679s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-17448 -in /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 679s writing RSA key 679s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 679s + rm /tmp/sssd-softhsm2-certs-1DTH7D/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 679s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 679s Object 0: 679s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fb1ca6a2882d290d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 679s Type: X.509 Certificate (RSA-1024) 679s Expires: Sun Mar 15 15:15:39 2026 679s Label: Test Organization Intermediate Trusted Certificate 0001 679s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 679s 679s Test Organization Interme Token 679s + echo 'Test Organization Interme Token' 679s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-26453 679s + local certificate=/tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-26453 679s + local key_cn 679s + local key_name 679s + local tokens_dir 679s + local output_cert_file 679s + token_name= 679s ++ basename /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 679s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 679s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem 679s ++ sed -n 's/ *commonName *= //p' 679s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 679s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 679s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 679s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 679s ++ basename /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 679s + tokens_dir=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 679s + token_name='Test Organization Sub Int Token' 679s + '[' '!' -e /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 679s + local key_file 679s + local decrypted_key 679s + mkdir -p /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 679s + key_file=/tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 679s + decrypted_key=/tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 679s + cat 679s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 679s Slot 0 has a free/uninitialized token. 679s The token has been initialized and is reassigned to slot 565171806 679s + softhsm2-util --show-slots 679s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 679s Available slots: 679s Slot 565171806 679s Slot info: 679s Description: SoftHSM slot ID 0x21afd65e 679s Manufacturer ID: SoftHSM project 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Token present: yes 679s Token info: 679s Manufacturer ID: SoftHSM project 679s Model: SoftHSM v2 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Serial number: 15aad845a1afd65e 679s Initialized: yes 679s User PIN init.: yes 679s Label: Test Organization Sub Int Token 679s Slot 1 679s Slot info: 679s Description: SoftHSM slot ID 0x1 679s Manufacturer ID: SoftHSM project 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Token present: yes 679s Token info: 679s Manufacturer ID: SoftHSM project 679s Model: SoftHSM v2 679s Hardware version: 2.6 679s Firmware version: 2.6 679s Serial number: 679s Initialized: no 679s User PIN init.: no 679s Label: 679s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-26453 -in /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 679s writing RSA key 679s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 679s + rm /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 679s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 679s Object 0: 679s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=15aad845a1afd65e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 679s Type: X.509 Certificate (RSA-1024) 679s Expires: Sun Mar 15 15:15:39 2026 679s Label: Test Organization Sub Intermediate Trusted Certificate 0001 679s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 679s 679s Test Organization Sub Int Token 679s Certificates generation completed! 679s + echo 'Test Organization Sub Int Token' 679s + echo 'Certificates generation completed!' 679s + exit 0 679s + find /tmp/sssd-softhsm2-certs-1DTH7D -type d -exec chmod 777 '{}' ';' 679s + find /tmp/sssd-softhsm2-certs-1DTH7D -type f -exec chmod 666 '{}' ';' 680s + backup_file /etc/sssd/sssd.conf 680s + '[' -z '' ']' 680s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 680s + backupsdir=/tmp/sssd-softhsm2-backups-8nGmnR 680s + '[' -e /etc/sssd/sssd.conf ']' 680s + delete_paths+=("$1") 680s + rm -f /etc/sssd/sssd.conf 680s ++ runuser -u ubuntu -- sh -c 'echo ~' 680s + user_home=/home/ubuntu 680s + mkdir -p /home/ubuntu 680s + chown ubuntu:ubuntu /home/ubuntu 680s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 680s + user_config=/home/ubuntu/.config 680s + system_config=/etc 680s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 680s + for path_pair in "${softhsm2_conf_paths[@]}" 680s + IFS=: 680s + read -r -a path 680s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 680s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 680s + '[' -z /tmp/sssd-softhsm2-backups-8nGmnR ']' 680s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 680s + delete_paths+=("$1") 680s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 680s + for path_pair in "${softhsm2_conf_paths[@]}" 680s + IFS=: 680s + read -r -a path 680s + path=/etc/softhsm/softhsm2.conf 680s + backup_file /etc/softhsm/softhsm2.conf 680s + '[' -z /tmp/sssd-softhsm2-backups-8nGmnR ']' 680s + '[' -e /etc/softhsm/softhsm2.conf ']' 680s ++ dirname /etc/softhsm/softhsm2.conf 680s + local back_dir=/tmp/sssd-softhsm2-backups-8nGmnR//etc/softhsm 680s ++ basename /etc/softhsm/softhsm2.conf 680s + local back_path=/tmp/sssd-softhsm2-backups-8nGmnR//etc/softhsm/softhsm2.conf 680s + '[' '!' -e /tmp/sssd-softhsm2-backups-8nGmnR//etc/softhsm/softhsm2.conf ']' 680s + mkdir -p /tmp/sssd-softhsm2-backups-8nGmnR//etc/softhsm 680s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-8nGmnR//etc/softhsm/softhsm2.conf 680s + restore_paths+=("$back_path") 680s + rm -f /etc/softhsm/softhsm2.conf 680s + test_authentication login /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem 680s + pam_service=login 680s + certificate_config=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-root-CA-trusted-certificate-0001.conf 680s + ca_db=/tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem 680s + verification_options= 680s + mkdir -p -m 700 /etc/sssd 680s Using CA DB '/tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem' with verification options: '' 680s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 680s + cat 680s + chmod 600 /etc/sssd/sssd.conf 680s + for path_pair in "${softhsm2_conf_paths[@]}" 680s + IFS=: 680s + read -r -a path 680s + user=ubuntu 680s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 680s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 680s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 680s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 680s + runuser -u ubuntu -- softhsm2-util --show-slots 680s + grep 'Test Organization' 680s Label: Test Organization Root Tr Token 680s + for path_pair in "${softhsm2_conf_paths[@]}" 680s + IFS=: 680s + read -r -a path 680s + user=root 680s + path=/etc/softhsm/softhsm2.conf 680s ++ dirname /etc/softhsm/softhsm2.conf 680s + runuser -u root -- mkdir -p /etc/softhsm 680s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 680s + runuser -u root -- softhsm2-util --show-slots 680s + grep 'Test Organization' 680s Label: Test Organization Root Tr Token 680s + systemctl restart sssd 680s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 680s + for alternative in "${alternative_pam_configs[@]}" 680s + pam-auth-update --enable sss-smart-card-optional 680s + cat /etc/pam.d/common-auth 680s + echo -n -e 123456 680s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 680s # 680s # /etc/pam.d/common-auth - authentication settings common to all services 680s # 680s # This file is included from other service-specific PAM config files, 680s # and should contain a list of the authentication modules that define 680s # the central authentication scheme for use on the system 680s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 680s # traditional Unix authentication mechanisms. 680s # 680s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 680s # To take advantage of this, it is recommended that you configure any 680s # local modules either before or after the default block, and use 680s # pam-auth-update to manage selection of other modules. See 680s # pam-auth-update(8) for details. 680s 680s # here are the per-package modules (the "Primary" block) 680s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 680s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 680s auth [success=1 default=ignore] pam_sss.so use_first_pass 680s # here's the fallback if no module succeeds 680s auth requisite pam_deny.so 680s # prime the stack with a positive return value if there isn't one already; 680s # this avoids us returning an error just because nothing sets a success code 680s # since the modules above will each just jump around 680s auth required pam_permit.so 680s # and here are more per-package modules (the "Additional" block) 680s auth optional pam_cap.so 680s # end of pam-auth-update config 681s pamtester: invoking pam_start(login, ubuntu, ...) 681s pamtester: performing operation - authenticate 681s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 681s + echo -n -e 123456 681s + runuser -u ubuntu -- pamtester -v login '' authenticate 681s pamtester: invoking pam_start(login, , ...) 681s pamtester: performing operation - authenticate 681s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 681s + echo -n -e wrong123456 681s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 681s pamtester: invoking pam_start(login, ubuntu, ...) 681s pamtester: performing operation - authenticate 684s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 684s + echo -n -e wrong123456 684s + runuser -u ubuntu -- pamtester -v login '' authenticate 684s pamtester: invoking pam_start(login, , ...) 684s pamtester: performing operation - authenticate 686s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 686s + echo -n -e 123456 686s + pamtester -v login root authenticate 686s pamtester: invoking pam_start(login, root, ...) 686s pamtester: performing operation - authenticate 689s Password: pamtester: Authentication failure 689s + for alternative in "${alternative_pam_configs[@]}" 689s + pam-auth-update --enable sss-smart-card-required 689s PAM configuration 689s ----------------- 689s 689s Incompatible PAM profiles selected. 689s 689s The following PAM profiles cannot be used together: 689s 689s SSS required smart card authentication, SSS optional smart card 689s authentication 689s 689s Please select a different set of modules to enable. 689s 689s + cat /etc/pam.d/common-auth 689s # 689s # /etc/pam.d/common-auth - authentication settings common to all services 689s # 689s # This file is included from other service-specific PAM config files, 689s # and should contain a list of the authentication modules that define 689s # the central authentication scheme for use on the system 689s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 689s # traditional Unix authentication mechanisms. 689s # 689s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 689s # To take advantage of this, it is recommended that you configure any 689s # local modules either before or after the default block, and use 689s # pam-auth-update to manage selection of other modules. See 689s # pam-auth-update(8) for details. 689s 689s # here are the per-package modules (the "Primary" block) 689s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 689s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 689s auth [success=1 default=ignore] pam_sss.so use_first_pass 689s # here's the fallback if no module succeeds 689s auth requisite pam_deny.so 689s # prime the stack with a positive return value if there isn't one already; 689s # this avoids us returning an error just because nothing sets a success code 689s # since the modules above will each just jump around 689s auth required pam_permit.so 689s # and here are more per-package modules (the "Additional" block) 689s auth optional pam_cap.so 689s # end of pam-auth-update config 689s + echo -n -e 123456 689s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 689s pamtester: invoking pam_start(login, ubuntu, ...) 689s pamtester: performing operation - authenticate 689s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 689s + echo -n -e 123456 689s + runuser -u ubuntu -- pamtester -v login '' authenticate 689s pamtester: invoking pam_start(login, , ...) 689s pamtester: performing operation - authenticate 689s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 689s + echo -n -e wrong123456 689s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 689s pamtester: invoking pam_start(login, ubuntu, ...) 689s pamtester: performing operation - authenticate 692s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 692s + echo -n -e wrong123456 692s + runuser -u ubuntu -- pamtester -v login '' authenticate 692s pamtester: invoking pam_start(login, , ...) 692s pamtester: performing operation - authenticate 695s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 695s + echo -n -e 123456 695s + pamtester -v login root authenticate 695s pamtester: invoking pam_start(login, root, ...) 695s pamtester: performing operation - authenticate 697s pamtester: Authentication service cannot retrieve authentication info 697s + test_authentication login /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem 697s + pam_service=login 697s + certificate_config=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 697s + ca_db=/tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem 697s + verification_options= 697s + mkdir -p -m 700 /etc/sssd 697s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 697s + cat 697s Using CA DB '/tmp/sssd-softhsm2-certs-1DTH7D/test-full-chain-CA.pem' with verification options: '' 697s + chmod 600 /etc/sssd/sssd.conf 697s + for path_pair in "${softhsm2_conf_paths[@]}" 697s + IFS=: 697s + read -r -a path 697s + user=ubuntu 697s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 697s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 697s Label: Test Organization Sub Int Token 697s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 697s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 697s + runuser -u ubuntu -- softhsm2-util --show-slots 697s + grep 'Test Organization' 697s + for path_pair in "${softhsm2_conf_paths[@]}" 697s + IFS=: 697s + read -r -a path 697s + user=root 697s + path=/etc/softhsm/softhsm2.conf 697s ++ dirname /etc/softhsm/softhsm2.conf 697s + runuser -u root -- mkdir -p /etc/softhsm 697s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 697s + runuser -u root -- softhsm2-util --show-slots 697s Label: Test Organization Sub Int Token 697s + grep 'Test Organization' 697s + systemctl restart sssd 697s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 698s + for alternative in "${alternative_pam_configs[@]}" 698s + pam-auth-update --enable sss-smart-card-optional 698s + cat /etc/pam.d/common-auth 698s # 698s # /etc/pam.d/common-auth - authentication settings common to all services 698s # 698s # This file is included from other service-specific PAM config files, 698s # and should contain a list of the authentication modules that define 698s # the central authentication scheme for use on the system 698s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 698s # traditional Unix authentication mechanisms. 698s # 698s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 698s # To take advantage of this, it is recommended that you configure any 698s # local modules either before or after the default block, and use 698s # pam-auth-update to manage selection of other modules. See 698s # pam-auth-update(8) for details. 698s 698s # here are the per-package modules (the "Primary" block) 698s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 698s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 698s auth [success=1 default=ignore] pam_sss.so use_first_pass 698s # here's the fallback if no module succeeds 698s auth requisite pam_deny.so 698s # prime the stack with a positive return value if there isn't one already; 698s # this avoids us returning an error just because nothing sets a success code 698s # since the modules above will each just jump around 698s auth required pam_permit.so 698s # and here are more per-package modules (the "Additional" block) 698s auth optional pam_cap.so 698s # end of pam-auth-update config 698s + echo -n -e 123456 698s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 698s pamtester: invoking pam_start(login, ubuntu, ...) 698s pamtester: performing operation - authenticate 698s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 698s + echo -n -e 123456 698s + runuser -u ubuntu -- pamtester -v login '' authenticate 698s pamtester: invoking pam_start(login, , ...) 698s pamtester: performing operation - authenticate 698s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 698s + echo -n -e wrong123456 698s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 698s pamtester: invoking pam_start(login, ubuntu, ...) 698s pamtester: performing operation - authenticate 700s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 700s + echo -n -e wrong123456 700s + runuser -u ubuntu -- pamtester -v login '' authenticate 700s pamtester: invoking pam_start(login, , ...) 700s pamtester: performing operation - authenticate 704s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 704s + echo -n -e 123456 704s + pamtester -v login root authenticate 704s pamtester: invoking pam_start(login, root, ...) 704s pamtester: performing operation - authenticate 708s Password: pamtester: Authentication failure 708s + for alternative in "${alternative_pam_configs[@]}" 708s + pam-auth-update --enable sss-smart-card-required 708s PAM configuration 708s ----------------- 708s 708s Incompatible PAM profiles selected. 708s 708s The following PAM profiles cannot be used together: 708s 708s SSS required smart card authentication, SSS optional smart card 708s authentication 708s 708s Please select a different set of modules to enable. 708s 708s + cat /etc/pam.d/common-auth 708s # 708s # /etc/pam.d/common-auth - authentication settings common to all services 708s # 708s # This file is included from other service-specific PAM config files, 708s # and should contain a list of the authentication modules that define 708s # the central authentication scheme for use on the system 708s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 708s # traditional Unix authentication mechanisms. 708s # 708s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 708s # To take advantage of this, it is recommended that you configure any 708s # local modules either before or after the default block, and use 708s # pam-auth-update to manage selection of other modules. See 708s # pam-auth-update(8) for details. 708s 708s # here are the per-package modules (the "Primary" block) 708s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 708s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 708s auth [success=1 default=ignore] pam_sss.so use_first_pass 708s # here's the fallback if no module succeeds 708s auth requisite pam_deny.so 708s # prime the stack with a positive return value if there isn't one already; 708s # this avoids us returning an error just because nothing sets a success code 708s # since the modules above will each just jump around 708s auth required pam_permit.so 708s # and here are more per-package modules (the "Additional" block) 708s auth optional pam_cap.so 708s # end of pam-auth-update config 708s + echo -n -e 123456 708s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 708s pamtester: invoking pam_start(login, ubuntu, ...) 708s pamtester: performing operation - authenticate 708s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 708s + echo -n -e 123456 708s + runuser -u ubuntu -- pamtester -v login '' authenticate 708s pamtester: invoking pam_start(login, , ...) 708s pamtester: performing operation - authenticate 708s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 708s + echo -n -e wrong123456 708s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 708s pamtester: invoking pam_start(login, ubuntu, ...) 708s pamtester: performing operation - authenticate 711s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 711s + echo -n -e wrong123456 711s + runuser -u ubuntu -- pamtester -v login '' authenticate 711s pamtester: invoking pam_start(login, , ...) 711s pamtester: performing operation - authenticate 714s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 714s + echo -n -e 123456 714s + pamtester -v login root authenticate 714s pamtester: invoking pam_start(login, root, ...) 714s pamtester: performing operation - authenticate 716s pamtester: Authentication service cannot retrieve authentication info 716s + test_authentication login /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem partial_chain 716s + pam_service=login 716s + certificate_config=/tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 716s + ca_db=/tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem 716s + verification_options=partial_chain 716s + mkdir -p -m 700 /etc/sssd 716s Using CA DB '/tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 716s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-1DTH7D/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 716s + cat 716s + chmod 600 /etc/sssd/sssd.conf 716s + for path_pair in "${softhsm2_conf_paths[@]}" 716s + IFS=: 716s + read -r -a path 716s + user=ubuntu 716s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 716s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 716s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 717s Label: Test Organization Sub Int Token 717s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 717s + runuser -u ubuntu -- softhsm2-util --show-slots 717s + grep 'Test Organization' 717s + for path_pair in "${softhsm2_conf_paths[@]}" 717s + IFS=: 717s + read -r -a path 717s + user=root 717s + path=/etc/softhsm/softhsm2.conf 717s ++ dirname /etc/softhsm/softhsm2.conf 717s + runuser -u root -- mkdir -p /etc/softhsm 717s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-1DTH7D/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 717s + runuser -u root -- softhsm2-util --show-slots 717s + grep 'Test Organization' 717s Label: Test Organization Sub Int Token 717s + systemctl restart sssd 717s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 717s + for alternative in "${alternative_pam_configs[@]}" 717s + pam-auth-update --enable sss-smart-card-optional 717s + cat /etc/pam.d/common-auth 717s # 717s # /etc/pam.d/common-auth - authentication settings common to all services 717s # 717s # This file is included from other service-specific PAM config files, 717s # and should contain a list of the authentication modules that define 717s # the central authentication scheme for use on the system 717s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 717s # traditional Unix authentication mechanisms. 717s # 717s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 717s # To take advantage of this, it is recommended that you configure any 717s # local modules either before or after the default block, and use 717s # pam-auth-update to manage selection of other modules. See 717s # pam-auth-update(8) for details. 717s 717s # here are the per-package modules (the "Primary" block) 717s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 717s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 717s auth [success=1 default=ignore] pam_sss.so use_first_pass 717s # here's the fallback if no module succeeds 717s auth requisite pam_deny.so 717s # prime the stack with a positive return value if there isn't one already; 717s # this avoids us returning an error just because nothing sets a success code 717s # since the modules above will each just jump around 717s auth required pam_permit.so 717s # and here are more per-package modules (the "Additional" block) 717s auth optional pam_cap.so 717s # end of pam-auth-update config 717s + echo -n -e 123456 717s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 717s pamtester: invoking pam_start(login, ubuntu, ...) 717s pamtester: performing operation - authenticate 717s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 717s + echo -n -e 123456 717s + runuser -u ubuntu -- pamtester -v login '' authenticate 717s pamtester: invoking pam_start(login, , ...) 717s pamtester: performing operation - authenticate 717s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 717s + echo -n -e wrong123456 717s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 717s pamtester: invoking pam_start(login, ubuntu, ...) 717s pamtester: performing operation - authenticate 720s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 720s + echo -n -e wrong123456 720s + runuser -u ubuntu -- pamtester -v login '' authenticate 720s pamtester: invoking pam_start(login, , ...) 720s pamtester: performing operation - authenticate 723s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 723s + echo -n -e 123456 723s + pamtester -v login root authenticate 723s pamtester: invoking pam_start(login, root, ...) 723s pamtester: performing operation - authenticate 727s Password: pamtester: Authentication failure 727s + for alternative in "${alternative_pam_configs[@]}" 727s + pam-auth-update --enable sss-smart-card-required 727s PAM configuration 727s ----------------- 727s 727s Incompatible PAM profiles selected. 727s 727s The following PAM profiles cannot be used together: 727s 727s SSS required smart card authentication, SSS optional smart card 727s authentication 727s 727s Please select a different set of modules to enable. 727s 727s # 727s # /etc/pam.d/common-auth - authentication settings common to all services 727s # 727s # This file is included from other service-specific PAM config files, 727s # and should contain a list of the authentication modules that define 727s # the central authentication scheme for use on the system 727s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 727s # traditional Unix authentication mechanisms. 727s # 727s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 727s # To take advantage of this, it is recommended that you configure any 727s # local modules either before or after the default block, and use 727s # pam-auth-update to manage selection of other modules. See 727s # pam-auth-update(8) for details. 727s 727s # here are the per-package modules (the "Primary" block) 727s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 727s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 727s auth [success=1 default=ignore] pam_sss.so use_first_pass 727s # here's the fallback if no module succeeds 727s auth requisite pam_deny.so 727s # prime the stack with a positive return value if there isn't one already; 727s # this avoids us returning an error just because nothing sets a success code 727s # since the modules above will each just jump around 727s auth required pam_permit.so 727s # and here are more per-package modules (the "Additional" block) 727s auth optional pam_cap.so 727s # end of pam-auth-update config 727s + cat /etc/pam.d/common-auth 727s + echo -n -e 123456 727s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 727s pamtester: invoking pam_start(login, ubuntu, ...) 727s pamtester: performing operation - authenticate 727s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 727s + echo -n -e 123456 727s + runuser -u ubuntu -- pamtester -v login '' authenticate 727s pamtester: invoking pam_start(login, , ...) 727s pamtester: performing operation - authenticate 727s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 727s + echo -n -e wrong123456 727s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 727s pamtester: invoking pam_start(login, ubuntu, ...) 727s pamtester: performing operation - authenticate 730s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 730s + echo -n -e wrong123456 730s + runuser -u ubuntu -- pamtester -v login '' authenticate 730s pamtester: invoking pam_start(login, , ...) 730s pamtester: performing operation - authenticate 734s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 734s + echo -n -e 123456 734s + pamtester -v login root authenticate 734s pamtester: invoking pam_start(login, root, ...) 734s pamtester: performing operation - authenticate 736s pamtester: Authentication service cannot retrieve authentication info 736s + handle_exit 736s + exit_code=0 736s + restore_changes 736s + for path in "${restore_paths[@]}" 736s + local original_path 736s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-8nGmnR /tmp/sssd-softhsm2-backups-8nGmnR//etc/softhsm/softhsm2.conf 736s + original_path=/etc/softhsm/softhsm2.conf 736s + rm /etc/softhsm/softhsm2.conf 736s + mv /tmp/sssd-softhsm2-backups-8nGmnR//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 736s + for path in "${delete_paths[@]}" 736s + rm -f /etc/sssd/sssd.conf 736s + for path in "${delete_paths[@]}" 736s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 736s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 736s + '[' -e /etc/sssd/sssd.conf ']' 736s + systemctl stop sssd 736s + '[' -e /etc/softhsm/softhsm2.conf ']' 736s + chmod 600 /etc/softhsm/softhsm2.conf 736s + rm -rf /tmp/sssd-softhsm2-certs-1DTH7D 736s + '[' 0 = 0 ']' 736s + rm -rf /tmp/sssd-softhsm2-backups-8nGmnR 736s Script completed successfully! 736s + set +x 737s autopkgtest [15:16:37]: test sssd-smart-card-pam-auth-configs: -----------------------] 737s sssd-smart-card-pam-auth-configs PASS 737s autopkgtest [15:16:37]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 738s autopkgtest [15:16:38]: @@@@@@@@@@@@@@@@@@@@ summary 738s ldap-user-group-ldap-auth PASS 738s ldap-user-group-krb5-auth PASS 738s sssd-softhism2-certificates-tests.sh PASS 738s sssd-smart-card-pam-auth-configs PASS 756s nova [W] Using flock in prodstack6-arm64 756s flock: timeout while waiting to get lock 756s Creating nova instance adt-plucky-arm64-sssd-20250315-150420-juju-7f2275-prod-proposed-migration-environment-2-5470177e-3999-4082-90ee-693dc74b8015 from image adt/ubuntu-plucky-arm64-server-20250315.img (UUID bd6e766c-b51f-4b53-86d6-23aa4d18f524)... 756s nova [W] Timed out waiting for 01b4e778-87df-49f0-8cff-b749dd5b9710 to get deleted. 756s nova [W] Using flock in prodstack6-arm64 756s Creating nova instance adt-plucky-arm64-sssd-20250315-150420-juju-7f2275-prod-proposed-migration-environment-2-5470177e-3999-4082-90ee-693dc74b8015 from image adt/ubuntu-plucky-arm64-server-20250315.img (UUID bd6e766c-b51f-4b53-86d6-23aa4d18f524)... 756s nova [W] Timed out waiting for 008dd789-099f-487c-b44d-85e64a141e65 to get deleted.