0s autopkgtest [17:50:51]: starting date and time: 2025-03-15 17:50:51+0000 0s autopkgtest [17:50:51]: git checkout: 325255d2 Merge branch 'pin-any-arch' into 'ubuntu/production' 0s autopkgtest [17:50:51]: host juju-7f2275-prod-proposed-migration-environment-9; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.q1rk0g5m/out --timeout-copy=6000 --setup-commands 'ln -s /dev/null /etc/systemd/system/bluetooth.service; printf "http_proxy=http://squid.internal:3128\nhttps_proxy=http://squid.internal:3128\nno_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com,radosgw.ps5.canonical.com\n" >> /etc/environment' --apt-pocket=proposed=src:glibc --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=glibc/2.41-1ubuntu2 -- lxd -r lxd-armhf-10.145.243.242 lxd-armhf-10.145.243.242:autopkgtest/ubuntu/plucky/armhf 24s autopkgtest [17:51:15]: testbed dpkg architecture: armhf 26s autopkgtest [17:51:17]: testbed apt version: 2.9.33 30s autopkgtest [17:51:20]: @@@@@@@@@@@@@@@@@@@@ test bed setup 31s autopkgtest [17:51:22]: testbed release detected to be: None 39s autopkgtest [17:51:30]: updating testbed package index (apt update) 41s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [126 kB] 41s Get:2 http://ftpmaster.internal/ubuntu plucky InRelease [257 kB] 41s Get:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease [126 kB] 41s Get:4 http://ftpmaster.internal/ubuntu plucky-security InRelease [126 kB] 42s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [15.8 kB] 42s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [99.7 kB] 42s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [379 kB] 42s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main armhf Packages [114 kB] 42s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main armhf c-n-f Metadata [1832 B] 42s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted armhf c-n-f Metadata [116 B] 42s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe armhf Packages [312 kB] 43s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/universe armhf c-n-f Metadata [11.1 kB] 43s Get:13 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse armhf Packages [3472 B] 43s Get:14 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse armhf c-n-f Metadata [240 B] 43s Get:15 http://ftpmaster.internal/ubuntu plucky/multiverse Sources [299 kB] 43s Get:16 http://ftpmaster.internal/ubuntu plucky/universe Sources [21.0 MB] 52s Get:17 http://ftpmaster.internal/ubuntu plucky/main Sources [1394 kB] 53s Get:18 http://ftpmaster.internal/ubuntu plucky/main armhf Packages [1378 kB] 53s Get:19 http://ftpmaster.internal/ubuntu plucky/main armhf c-n-f Metadata [29.4 kB] 53s Get:20 http://ftpmaster.internal/ubuntu plucky/restricted armhf c-n-f Metadata [108 B] 53s Get:21 http://ftpmaster.internal/ubuntu plucky/universe armhf Packages [15.1 MB] 59s Get:22 http://ftpmaster.internal/ubuntu plucky/multiverse armhf Packages [172 kB] 61s Fetched 41.0 MB in 20s (2078 kB/s) 62s Reading package lists... 68s autopkgtest [17:51:59]: upgrading testbed (apt dist-upgrade and autopurge) 69s Reading package lists... 70s Building dependency tree... 70s Reading state information... 70s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 70s Starting 2 pkgProblemResolver with broken count: 0 70s Done 71s Entering ResolveByKeep 71s 71s Calculating upgrade... 72s The following packages will be upgraded: 72s libc-bin libc6 locales pinentry-curses python3-jinja2 sos strace 72s 7 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 72s Need to get 8683 kB of archives. 72s After this operation, 23.6 kB of additional disk space will be used. 72s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main armhf libc6 armhf 2.41-1ubuntu2 [2932 kB] 75s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main armhf libc-bin armhf 2.41-1ubuntu2 [545 kB] 75s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main armhf locales all 2.41-1ubuntu2 [4246 kB] 80s Get:4 http://ftpmaster.internal/ubuntu plucky/main armhf strace armhf 6.13+ds-1ubuntu1 [445 kB] 80s Get:5 http://ftpmaster.internal/ubuntu plucky/main armhf pinentry-curses armhf 1.3.1-2ubuntu3 [40.6 kB] 80s Get:6 http://ftpmaster.internal/ubuntu plucky/main armhf python3-jinja2 all 3.1.5-2ubuntu1 [109 kB] 80s Get:7 http://ftpmaster.internal/ubuntu plucky/main armhf sos all 4.9.0-5 [365 kB] 81s Preconfiguring packages ... 81s Fetched 8683 kB in 8s (1035 kB/s) 81s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 64655 files and directories currently installed.) 81s Preparing to unpack .../libc6_2.41-1ubuntu2_armhf.deb ... 81s Unpacking libc6:armhf (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 81s Setting up libc6:armhf (2.41-1ubuntu2) ... 82s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 64655 files and directories currently installed.) 82s Preparing to unpack .../libc-bin_2.41-1ubuntu2_armhf.deb ... 82s Unpacking libc-bin (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 82s Setting up libc-bin (2.41-1ubuntu2) ... 82s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 64655 files and directories currently installed.) 82s Preparing to unpack .../locales_2.41-1ubuntu2_all.deb ... 82s Unpacking locales (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 82s Preparing to unpack .../strace_6.13+ds-1ubuntu1_armhf.deb ... 82s Unpacking strace (6.13+ds-1ubuntu1) over (6.11-0ubuntu1) ... 82s Preparing to unpack .../pinentry-curses_1.3.1-2ubuntu3_armhf.deb ... 82s Unpacking pinentry-curses (1.3.1-2ubuntu3) over (1.3.1-2ubuntu2) ... 82s Preparing to unpack .../python3-jinja2_3.1.5-2ubuntu1_all.deb ... 82s Unpacking python3-jinja2 (3.1.5-2ubuntu1) over (3.1.5-2) ... 82s Preparing to unpack .../archives/sos_4.9.0-5_all.deb ... 83s Unpacking sos (4.9.0-5) over (4.9.0-4) ... 83s Setting up sos (4.9.0-5) ... 84s Setting up pinentry-curses (1.3.1-2ubuntu3) ... 84s Setting up locales (2.41-1ubuntu2) ... 84s Generating locales (this might take a while)... 86s en_US.UTF-8... done 86s Generation complete. 86s Setting up python3-jinja2 (3.1.5-2ubuntu1) ... 87s Setting up strace (6.13+ds-1ubuntu1) ... 87s Processing triggers for man-db (2.13.0-1) ... 88s Processing triggers for systemd (257.3-1ubuntu3) ... 90s Reading package lists... 91s Building dependency tree... 91s Reading state information... 91s Starting pkgProblemResolver with broken count: 0 91s Starting 2 pkgProblemResolver with broken count: 0 91s Done 91s Solving dependencies... 92s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 94s autopkgtest [17:52:25]: rebooting testbed after setup commands that affected boot 134s autopkgtest [17:53:05]: testbed running kernel: Linux 6.8.0-52-generic #53~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Jan 15 18:10:51 UTC 2 159s autopkgtest [17:53:30]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 277s Get:1 http://ftpmaster.internal/ubuntu plucky/main sssd 2.10.1-2ubuntu3 (dsc) [5083 B] 277s Get:2 http://ftpmaster.internal/ubuntu plucky/main sssd 2.10.1-2ubuntu3 (tar) [9197 kB] 277s Get:3 http://ftpmaster.internal/ubuntu plucky/main sssd 2.10.1-2ubuntu3 (diff) [50.0 kB] 278s gpgv: Signature made Thu Feb 20 17:50:10 2025 UTC 278s gpgv: using RSA key 8AFD08D3D1B817B2DF8982F501AC4B4083590A98 278s gpgv: Can't check signature: No public key 278s dpkg-source: warning: cannot verify inline signature for ./sssd_2.10.1-2ubuntu3.dsc: no acceptable signature found 279s autopkgtest [17:55:30]: testing package sssd version 2.10.1-2ubuntu3 286s autopkgtest [17:55:37]: build not needed 296s autopkgtest [17:55:47]: test ldap-user-group-ldap-auth: preparing testbed 299s Reading package lists... 299s Building dependency tree... 299s Reading state information... 299s Starting pkgProblemResolver with broken count: 0 299s Starting 2 pkgProblemResolver with broken count: 0 299s Done 301s The following NEW packages will be installed: 301s expect ldap-utils libargon2-1 libavahi-client3 libavahi-common-data 301s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 301s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 301s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 301s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 301s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 301s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 301s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 301s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 301s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 301s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 301s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 301s tcl-expect tcl8.6 301s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 301s Need to get 12.3 MB of archives. 301s After this operation, 49.0 MB of additional disk space will be used. 301s Get:1 http://ftpmaster.internal/ubuntu plucky/main armhf libargon2-1 armhf 0~20190702+dfsg-4build1 [22.6 kB] 301s Get:2 http://ftpmaster.internal/ubuntu plucky/main armhf libltdl7 armhf 2.5.4-4 [39.8 kB] 301s Get:3 http://ftpmaster.internal/ubuntu plucky/main armhf libodbc2 armhf 2.3.12-2ubuntu1 [145 kB] 301s Get:4 http://ftpmaster.internal/ubuntu plucky/main armhf slapd armhf 2.6.9+dfsg-1~exp2ubuntu1 [1447 kB] 303s Get:5 http://ftpmaster.internal/ubuntu plucky/main armhf libtcl8.6 armhf 8.6.16+dfsg-1 [909 kB] 304s Get:6 http://ftpmaster.internal/ubuntu plucky/main armhf tcl8.6 armhf 8.6.16+dfsg-1 [14.6 kB] 304s Get:7 http://ftpmaster.internal/ubuntu plucky/universe armhf tcl-expect armhf 5.45.4-4 [99.7 kB] 304s Get:8 http://ftpmaster.internal/ubuntu plucky/universe armhf expect armhf 5.45.4-4 [136 kB] 304s Get:9 http://ftpmaster.internal/ubuntu plucky/main armhf ldap-utils armhf 2.6.9+dfsg-1~exp2ubuntu1 [131 kB] 304s Get:10 http://ftpmaster.internal/ubuntu plucky/main armhf libavahi-common-data armhf 0.8-16ubuntu1 [30.9 kB] 304s Get:11 http://ftpmaster.internal/ubuntu plucky/main armhf libavahi-common3 armhf 0.8-16ubuntu1 [20.2 kB] 304s Get:12 http://ftpmaster.internal/ubuntu plucky/main armhf libavahi-client3 armhf 0.8-16ubuntu1 [24.1 kB] 304s Get:13 http://ftpmaster.internal/ubuntu plucky/main armhf libbasicobjects0t64 armhf 0.6.2-3 [5434 B] 304s Get:14 http://ftpmaster.internal/ubuntu plucky/main armhf libcares2 armhf 1.34.4-2.1 [85.0 kB] 304s Get:15 http://ftpmaster.internal/ubuntu plucky/main armhf libcollection4t64 armhf 0.6.2-3 [18.8 kB] 304s Get:16 http://ftpmaster.internal/ubuntu plucky/main armhf libcrack2 armhf 2.9.6-5.2build1 [27.1 kB] 304s Get:17 http://ftpmaster.internal/ubuntu plucky/main armhf libdhash1t64 armhf 0.6.2-3 [7876 B] 304s Get:18 http://ftpmaster.internal/ubuntu plucky/main armhf libevent-2.1-7t64 armhf 2.1.12-stable-10 [127 kB] 304s Get:19 http://ftpmaster.internal/ubuntu plucky/main armhf libpath-utils1t64 armhf 0.6.2-3 [7776 B] 304s Get:20 http://ftpmaster.internal/ubuntu plucky/main armhf libref-array1t64 armhf 0.6.2-3 [6382 B] 304s Get:21 http://ftpmaster.internal/ubuntu plucky/main armhf libini-config5t64 armhf 0.6.2-3 [37.2 kB] 304s Get:22 http://ftpmaster.internal/ubuntu plucky/main armhf libipa-hbac0t64 armhf 2.10.1-2ubuntu3 [18.1 kB] 304s Get:23 http://ftpmaster.internal/ubuntu plucky/universe armhf libjose0 armhf 14-1 [39.7 kB] 304s Get:24 http://ftpmaster.internal/ubuntu plucky/main armhf libverto-libevent1t64 armhf 0.3.1-1.2ubuntu3 [6324 B] 304s Get:25 http://ftpmaster.internal/ubuntu plucky/main armhf libverto1t64 armhf 0.3.1-1.2ubuntu3 [9364 B] 304s Get:26 http://ftpmaster.internal/ubuntu plucky/main armhf libkrad0 armhf 1.21.3-4ubuntu2 [21.0 kB] 304s Get:27 http://ftpmaster.internal/ubuntu plucky/main armhf libtalloc2 armhf 2:2.4.2+samba4.21.4+dfsg-1ubuntu3 [70.3 kB] 304s Get:28 http://ftpmaster.internal/ubuntu plucky/main armhf libtdb1 armhf 2:1.4.12+samba4.21.4+dfsg-1ubuntu3 [87.9 kB] 305s Get:29 http://ftpmaster.internal/ubuntu plucky/main armhf libtevent0t64 armhf 2:0.16.1+samba4.21.4+dfsg-1ubuntu3 [36.1 kB] 305s Get:30 http://ftpmaster.internal/ubuntu plucky/main armhf libldb2 armhf 2:2.10.0+samba4.21.4+dfsg-1ubuntu3 [126 kB] 305s Get:31 http://ftpmaster.internal/ubuntu plucky/main armhf libnfsidmap1 armhf 1:2.8.2-2ubuntu1 [56.6 kB] 305s Get:32 http://ftpmaster.internal/ubuntu plucky/universe armhf libnss-sudo all 1.9.16p2-1ubuntu1 [16.7 kB] 305s Get:33 http://ftpmaster.internal/ubuntu plucky/main armhf libpwquality-common all 1.4.5-4 [7714 B] 305s Get:34 http://ftpmaster.internal/ubuntu plucky/main armhf libpwquality1 armhf 1.4.5-4 [12.3 kB] 305s Get:35 http://ftpmaster.internal/ubuntu plucky/main armhf libpam-pwquality armhf 1.4.5-4 [11.4 kB] 305s Get:36 http://ftpmaster.internal/ubuntu plucky/main armhf libwbclient0 armhf 2:4.21.4+dfsg-1ubuntu3 [76.8 kB] 305s Get:37 http://ftpmaster.internal/ubuntu plucky/main armhf samba-libs armhf 2:4.21.4+dfsg-1ubuntu3 [6026 kB] 309s Get:38 http://ftpmaster.internal/ubuntu plucky/main armhf libsmbclient0 armhf 2:4.21.4+dfsg-1ubuntu3 [58.2 kB] 309s Get:39 http://ftpmaster.internal/ubuntu plucky/main armhf libnss-sss armhf 2.10.1-2ubuntu3 [30.1 kB] 309s Get:40 http://ftpmaster.internal/ubuntu plucky/main armhf libpam-sss armhf 2.10.1-2ubuntu3 [46.4 kB] 309s Get:41 http://ftpmaster.internal/ubuntu plucky/main armhf python3-sss armhf 2.10.1-2ubuntu3 [45.4 kB] 309s Get:42 http://ftpmaster.internal/ubuntu plucky/main armhf libsss-certmap0 armhf 2.10.1-2ubuntu3 [44.2 kB] 309s Get:43 http://ftpmaster.internal/ubuntu plucky/main armhf libsss-idmap0 armhf 2.10.1-2ubuntu3 [21.2 kB] 309s Get:44 http://ftpmaster.internal/ubuntu plucky/main armhf libsss-nss-idmap0 armhf 2.10.1-2ubuntu3 [28.4 kB] 309s Get:45 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-common armhf 2.10.1-2ubuntu3 [1054 kB] 310s Get:46 http://ftpmaster.internal/ubuntu plucky/universe armhf sssd-idp armhf 2.10.1-2ubuntu3 [25.2 kB] 310s Get:47 http://ftpmaster.internal/ubuntu plucky/universe armhf sssd-passkey armhf 2.10.1-2ubuntu3 [29.6 kB] 310s Get:48 http://ftpmaster.internal/ubuntu plucky/main armhf libipa-hbac-dev armhf 2.10.1-2ubuntu3 [6676 B] 310s Get:49 http://ftpmaster.internal/ubuntu plucky/main armhf libsss-certmap-dev armhf 2.10.1-2ubuntu3 [5728 B] 310s Get:50 http://ftpmaster.internal/ubuntu plucky/main armhf libsss-idmap-dev armhf 2.10.1-2ubuntu3 [8386 B] 310s Get:51 http://ftpmaster.internal/ubuntu plucky/main armhf libsss-nss-idmap-dev armhf 2.10.1-2ubuntu3 [6716 B] 310s Get:52 http://ftpmaster.internal/ubuntu plucky/universe armhf libsss-sudo armhf 2.10.1-2ubuntu3 [20.3 kB] 310s Get:53 http://ftpmaster.internal/ubuntu plucky/universe armhf python3-libipa-hbac armhf 2.10.1-2ubuntu3 [14.6 kB] 310s Get:54 http://ftpmaster.internal/ubuntu plucky/universe armhf python3-libsss-nss-idmap armhf 2.10.1-2ubuntu3 [8488 B] 310s Get:55 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-ad-common armhf 2.10.1-2ubuntu3 [67.6 kB] 310s Get:56 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-krb5-common armhf 2.10.1-2ubuntu3 [82.0 kB] 310s Get:57 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-ad armhf 2.10.1-2ubuntu3 [130 kB] 310s Get:58 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-ipa armhf 2.10.1-2ubuntu3 [214 kB] 310s Get:59 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-krb5 armhf 2.10.1-2ubuntu3 [14.0 kB] 310s Get:60 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-ldap armhf 2.10.1-2ubuntu3 [31.2 kB] 310s Get:61 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-proxy armhf 2.10.1-2ubuntu3 [43.4 kB] 310s Get:62 http://ftpmaster.internal/ubuntu plucky/main armhf sssd armhf 2.10.1-2ubuntu3 [4122 B] 310s Get:63 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-dbus armhf 2.10.1-2ubuntu3 [92.3 kB] 310s Get:64 http://ftpmaster.internal/ubuntu plucky/universe armhf sssd-kcm armhf 2.10.1-2ubuntu3 [128 kB] 310s Get:65 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-tools armhf 2.10.1-2ubuntu3 [94.8 kB] 311s Preconfiguring packages ... 311s Fetched 12.3 MB in 10s (1222 kB/s) 311s Selecting previously unselected package libargon2-1:armhf. 311s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 64655 files and directories currently installed.) 311s Preparing to unpack .../00-libargon2-1_0~20190702+dfsg-4build1_armhf.deb ... 311s Unpacking libargon2-1:armhf (0~20190702+dfsg-4build1) ... 311s Selecting previously unselected package libltdl7:armhf. 311s Preparing to unpack .../01-libltdl7_2.5.4-4_armhf.deb ... 311s Unpacking libltdl7:armhf (2.5.4-4) ... 311s Selecting previously unselected package libodbc2:armhf. 311s Preparing to unpack .../02-libodbc2_2.3.12-2ubuntu1_armhf.deb ... 311s Unpacking libodbc2:armhf (2.3.12-2ubuntu1) ... 311s Selecting previously unselected package slapd. 311s Preparing to unpack .../03-slapd_2.6.9+dfsg-1~exp2ubuntu1_armhf.deb ... 311s Unpacking slapd (2.6.9+dfsg-1~exp2ubuntu1) ... 312s Selecting previously unselected package libtcl8.6:armhf. 312s Preparing to unpack .../04-libtcl8.6_8.6.16+dfsg-1_armhf.deb ... 312s Unpacking libtcl8.6:armhf (8.6.16+dfsg-1) ... 312s Selecting previously unselected package tcl8.6. 312s Preparing to unpack .../05-tcl8.6_8.6.16+dfsg-1_armhf.deb ... 312s Unpacking tcl8.6 (8.6.16+dfsg-1) ... 312s Selecting previously unselected package tcl-expect:armhf. 312s Preparing to unpack .../06-tcl-expect_5.45.4-4_armhf.deb ... 312s Unpacking tcl-expect:armhf (5.45.4-4) ... 312s Selecting previously unselected package expect. 312s Preparing to unpack .../07-expect_5.45.4-4_armhf.deb ... 312s Unpacking expect (5.45.4-4) ... 312s Selecting previously unselected package ldap-utils. 312s Preparing to unpack .../08-ldap-utils_2.6.9+dfsg-1~exp2ubuntu1_armhf.deb ... 312s Unpacking ldap-utils (2.6.9+dfsg-1~exp2ubuntu1) ... 312s Selecting previously unselected package libavahi-common-data:armhf. 312s Preparing to unpack .../09-libavahi-common-data_0.8-16ubuntu1_armhf.deb ... 312s Unpacking libavahi-common-data:armhf (0.8-16ubuntu1) ... 312s Selecting previously unselected package libavahi-common3:armhf. 312s Preparing to unpack .../10-libavahi-common3_0.8-16ubuntu1_armhf.deb ... 312s Unpacking libavahi-common3:armhf (0.8-16ubuntu1) ... 312s Selecting previously unselected package libavahi-client3:armhf. 312s Preparing to unpack .../11-libavahi-client3_0.8-16ubuntu1_armhf.deb ... 312s Unpacking libavahi-client3:armhf (0.8-16ubuntu1) ... 312s Selecting previously unselected package libbasicobjects0t64:armhf. 312s Preparing to unpack .../12-libbasicobjects0t64_0.6.2-3_armhf.deb ... 312s Unpacking libbasicobjects0t64:armhf (0.6.2-3) ... 312s Selecting previously unselected package libcares2:armhf. 312s Preparing to unpack .../13-libcares2_1.34.4-2.1_armhf.deb ... 312s Unpacking libcares2:armhf (1.34.4-2.1) ... 312s Selecting previously unselected package libcollection4t64:armhf. 312s Preparing to unpack .../14-libcollection4t64_0.6.2-3_armhf.deb ... 312s Unpacking libcollection4t64:armhf (0.6.2-3) ... 312s Selecting previously unselected package libcrack2:armhf. 312s Preparing to unpack .../15-libcrack2_2.9.6-5.2build1_armhf.deb ... 312s Unpacking libcrack2:armhf (2.9.6-5.2build1) ... 312s Selecting previously unselected package libdhash1t64:armhf. 312s Preparing to unpack .../16-libdhash1t64_0.6.2-3_armhf.deb ... 312s Unpacking libdhash1t64:armhf (0.6.2-3) ... 312s Selecting previously unselected package libevent-2.1-7t64:armhf. 312s Preparing to unpack .../17-libevent-2.1-7t64_2.1.12-stable-10_armhf.deb ... 312s Unpacking libevent-2.1-7t64:armhf (2.1.12-stable-10) ... 312s Selecting previously unselected package libpath-utils1t64:armhf. 312s Preparing to unpack .../18-libpath-utils1t64_0.6.2-3_armhf.deb ... 312s Unpacking libpath-utils1t64:armhf (0.6.2-3) ... 312s Selecting previously unselected package libref-array1t64:armhf. 312s Preparing to unpack .../19-libref-array1t64_0.6.2-3_armhf.deb ... 312s Unpacking libref-array1t64:armhf (0.6.2-3) ... 312s Selecting previously unselected package libini-config5t64:armhf. 312s Preparing to unpack .../20-libini-config5t64_0.6.2-3_armhf.deb ... 312s Unpacking libini-config5t64:armhf (0.6.2-3) ... 312s Selecting previously unselected package libipa-hbac0t64. 312s Preparing to unpack .../21-libipa-hbac0t64_2.10.1-2ubuntu3_armhf.deb ... 312s Unpacking libipa-hbac0t64 (2.10.1-2ubuntu3) ... 312s Selecting previously unselected package libjose0:armhf. 312s Preparing to unpack .../22-libjose0_14-1_armhf.deb ... 312s Unpacking libjose0:armhf (14-1) ... 312s Selecting previously unselected package libverto-libevent1t64:armhf. 312s Preparing to unpack .../23-libverto-libevent1t64_0.3.1-1.2ubuntu3_armhf.deb ... 312s Unpacking libverto-libevent1t64:armhf (0.3.1-1.2ubuntu3) ... 312s Selecting previously unselected package libverto1t64:armhf. 312s Preparing to unpack .../24-libverto1t64_0.3.1-1.2ubuntu3_armhf.deb ... 312s Unpacking libverto1t64:armhf (0.3.1-1.2ubuntu3) ... 312s Selecting previously unselected package libkrad0:armhf. 312s Preparing to unpack .../25-libkrad0_1.21.3-4ubuntu2_armhf.deb ... 312s Unpacking libkrad0:armhf (1.21.3-4ubuntu2) ... 312s Selecting previously unselected package libtalloc2:armhf. 312s Preparing to unpack .../26-libtalloc2_2%3a2.4.2+samba4.21.4+dfsg-1ubuntu3_armhf.deb ... 312s Unpacking libtalloc2:armhf (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 312s Selecting previously unselected package libtdb1:armhf. 312s Preparing to unpack .../27-libtdb1_2%3a1.4.12+samba4.21.4+dfsg-1ubuntu3_armhf.deb ... 312s Unpacking libtdb1:armhf (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 312s Selecting previously unselected package libtevent0t64:armhf. 312s Preparing to unpack .../28-libtevent0t64_2%3a0.16.1+samba4.21.4+dfsg-1ubuntu3_armhf.deb ... 312s Unpacking libtevent0t64:armhf (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 312s Selecting previously unselected package libldb2:armhf. 312s Preparing to unpack .../29-libldb2_2%3a2.10.0+samba4.21.4+dfsg-1ubuntu3_armhf.deb ... 312s Unpacking libldb2:armhf (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 312s Selecting previously unselected package libnfsidmap1:armhf. 313s Preparing to unpack .../30-libnfsidmap1_1%3a2.8.2-2ubuntu1_armhf.deb ... 313s Unpacking libnfsidmap1:armhf (1:2.8.2-2ubuntu1) ... 313s Selecting previously unselected package libnss-sudo. 313s Preparing to unpack .../31-libnss-sudo_1.9.16p2-1ubuntu1_all.deb ... 313s Unpacking libnss-sudo (1.9.16p2-1ubuntu1) ... 313s Selecting previously unselected package libpwquality-common. 313s Preparing to unpack .../32-libpwquality-common_1.4.5-4_all.deb ... 313s Unpacking libpwquality-common (1.4.5-4) ... 313s Selecting previously unselected package libpwquality1:armhf. 313s Preparing to unpack .../33-libpwquality1_1.4.5-4_armhf.deb ... 313s Unpacking libpwquality1:armhf (1.4.5-4) ... 313s Selecting previously unselected package libpam-pwquality:armhf. 313s Preparing to unpack .../34-libpam-pwquality_1.4.5-4_armhf.deb ... 313s Unpacking libpam-pwquality:armhf (1.4.5-4) ... 313s Selecting previously unselected package libwbclient0:armhf. 313s Preparing to unpack .../35-libwbclient0_2%3a4.21.4+dfsg-1ubuntu3_armhf.deb ... 313s Unpacking libwbclient0:armhf (2:4.21.4+dfsg-1ubuntu3) ... 313s Selecting previously unselected package samba-libs:armhf. 313s Preparing to unpack .../36-samba-libs_2%3a4.21.4+dfsg-1ubuntu3_armhf.deb ... 313s Unpacking samba-libs:armhf (2:4.21.4+dfsg-1ubuntu3) ... 313s Selecting previously unselected package libsmbclient0:armhf. 313s Preparing to unpack .../37-libsmbclient0_2%3a4.21.4+dfsg-1ubuntu3_armhf.deb ... 313s Unpacking libsmbclient0:armhf (2:4.21.4+dfsg-1ubuntu3) ... 313s Selecting previously unselected package libnss-sss:armhf. 313s Preparing to unpack .../38-libnss-sss_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking libnss-sss:armhf (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package libpam-sss:armhf. 313s Preparing to unpack .../39-libpam-sss_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking libpam-sss:armhf (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package python3-sss. 313s Preparing to unpack .../40-python3-sss_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking python3-sss (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package libsss-certmap0. 313s Preparing to unpack .../41-libsss-certmap0_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking libsss-certmap0 (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package libsss-idmap0. 313s Preparing to unpack .../42-libsss-idmap0_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking libsss-idmap0 (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package libsss-nss-idmap0. 313s Preparing to unpack .../43-libsss-nss-idmap0_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package sssd-common. 313s Preparing to unpack .../44-sssd-common_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking sssd-common (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package sssd-idp. 313s Preparing to unpack .../45-sssd-idp_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking sssd-idp (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package sssd-passkey. 313s Preparing to unpack .../46-sssd-passkey_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking sssd-passkey (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package libipa-hbac-dev. 313s Preparing to unpack .../47-libipa-hbac-dev_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking libipa-hbac-dev (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package libsss-certmap-dev. 313s Preparing to unpack .../48-libsss-certmap-dev_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking libsss-certmap-dev (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package libsss-idmap-dev. 313s Preparing to unpack .../49-libsss-idmap-dev_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking libsss-idmap-dev (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package libsss-nss-idmap-dev. 313s Preparing to unpack .../50-libsss-nss-idmap-dev_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking libsss-nss-idmap-dev (2.10.1-2ubuntu3) ... 313s Selecting previously unselected package libsss-sudo. 313s Preparing to unpack .../51-libsss-sudo_2.10.1-2ubuntu3_armhf.deb ... 313s Unpacking libsss-sudo (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package python3-libipa-hbac. 314s Preparing to unpack .../52-python3-libipa-hbac_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking python3-libipa-hbac (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package python3-libsss-nss-idmap. 314s Preparing to unpack .../53-python3-libsss-nss-idmap_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking python3-libsss-nss-idmap (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package sssd-ad-common. 314s Preparing to unpack .../54-sssd-ad-common_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking sssd-ad-common (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package sssd-krb5-common. 314s Preparing to unpack .../55-sssd-krb5-common_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking sssd-krb5-common (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package sssd-ad. 314s Preparing to unpack .../56-sssd-ad_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking sssd-ad (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package sssd-ipa. 314s Preparing to unpack .../57-sssd-ipa_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking sssd-ipa (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package sssd-krb5. 314s Preparing to unpack .../58-sssd-krb5_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking sssd-krb5 (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package sssd-ldap. 314s Preparing to unpack .../59-sssd-ldap_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking sssd-ldap (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package sssd-proxy. 314s Preparing to unpack .../60-sssd-proxy_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking sssd-proxy (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package sssd. 314s Preparing to unpack .../61-sssd_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking sssd (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package sssd-dbus. 314s Preparing to unpack .../62-sssd-dbus_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking sssd-dbus (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package sssd-kcm. 314s Preparing to unpack .../63-sssd-kcm_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking sssd-kcm (2.10.1-2ubuntu3) ... 314s Selecting previously unselected package sssd-tools. 314s Preparing to unpack .../64-sssd-tools_2.10.1-2ubuntu3_armhf.deb ... 314s Unpacking sssd-tools (2.10.1-2ubuntu3) ... 314s Setting up libpwquality-common (1.4.5-4) ... 314s Setting up libnfsidmap1:armhf (1:2.8.2-2ubuntu1) ... 314s Setting up libsss-idmap0 (2.10.1-2ubuntu3) ... 314s Setting up libbasicobjects0t64:armhf (0.6.2-3) ... 314s Setting up libipa-hbac0t64 (2.10.1-2ubuntu3) ... 314s Setting up libsss-idmap-dev (2.10.1-2ubuntu3) ... 314s Setting up libref-array1t64:armhf (0.6.2-3) ... 314s Setting up libipa-hbac-dev (2.10.1-2ubuntu3) ... 314s Setting up libtdb1:armhf (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 314s Setting up libargon2-1:armhf (0~20190702+dfsg-4build1) ... 314s Setting up libcollection4t64:armhf (0.6.2-3) ... 314s Setting up libevent-2.1-7t64:armhf (2.1.12-stable-10) ... 314s Setting up ldap-utils (2.6.9+dfsg-1~exp2ubuntu1) ... 314s Setting up libjose0:armhf (14-1) ... 314s Setting up libwbclient0:armhf (2:4.21.4+dfsg-1ubuntu3) ... 314s Setting up libtalloc2:armhf (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 314s Setting up libpath-utils1t64:armhf (0.6.2-3) ... 314s Setting up libavahi-common-data:armhf (0.8-16ubuntu1) ... 314s Setting up libcares2:armhf (1.34.4-2.1) ... 314s Setting up libdhash1t64:armhf (0.6.2-3) ... 314s Setting up libtcl8.6:armhf (8.6.16+dfsg-1) ... 314s Setting up libltdl7:armhf (2.5.4-4) ... 314s Setting up libcrack2:armhf (2.9.6-5.2build1) ... 314s Setting up libodbc2:armhf (2.3.12-2ubuntu1) ... 314s Setting up python3-libipa-hbac (2.10.1-2ubuntu3) ... 314s Setting up libnss-sudo (1.9.16p2-1ubuntu1) ... 314s Setting up libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 314s Setting up libini-config5t64:armhf (0.6.2-3) ... 314s Setting up libtevent0t64:armhf (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 314s Setting up libnss-sss:armhf (2.10.1-2ubuntu3) ... 314s Setting up slapd (2.6.9+dfsg-1~exp2ubuntu1) ... 314s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 314s Can't find configuration db, was SSSD configured and run? 314s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 314s Can't find configuration db, was SSSD configured and run? 314s Creating new user openldap... [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 314s Can't find configuration db, was SSSD configured and run? 314s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 314s Can't find configuration db, was SSSD configured and run? 314s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 314s Can't find configuration db, was SSSD configured and run? 314s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 314s Can't find configuration db, was SSSD configured and run? 314s done. 314s Creating initial configuration... done. 315s Creating LDAP directory... done. 315s Created symlink '/etc/systemd/system/multi-user.target.wants/slapd.service' → '/usr/lib/systemd/system/slapd.service'. 315s Setting up tcl8.6 (8.6.16+dfsg-1) ... 315s Setting up libsss-sudo (2.10.1-2ubuntu3) ... 315s Setting up libsss-nss-idmap-dev (2.10.1-2ubuntu3) ... 315s Setting up libavahi-common3:armhf (0.8-16ubuntu1) ... 315s Setting up tcl-expect:armhf (5.45.4-4) ... 315s Setting up libsss-certmap0 (2.10.1-2ubuntu3) ... 315s Setting up libpwquality1:armhf (1.4.5-4) ... 315s Setting up python3-libsss-nss-idmap (2.10.1-2ubuntu3) ... 315s Setting up libldb2:armhf (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 315s Setting up libavahi-client3:armhf (0.8-16ubuntu1) ... 315s Setting up expect (5.45.4-4) ... 315s Setting up libpam-pwquality:armhf (1.4.5-4) ... 316s Setting up samba-libs:armhf (2:4.21.4+dfsg-1ubuntu3) ... 316s Setting up libsss-certmap-dev (2.10.1-2ubuntu3) ... 316s Setting up python3-sss (2.10.1-2ubuntu3) ... 316s Setting up libsmbclient0:armhf (2:4.21.4+dfsg-1ubuntu3) ... 316s Setting up libpam-sss:armhf (2.10.1-2ubuntu3) ... 316s Setting up sssd-common (2.10.1-2ubuntu3) ... 316s Creating SSSD system user & group... 316s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 316s Can't find configuration db, was SSSD configured and run? 316s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 316s Can't find configuration db, was SSSD configured and run? 316s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 316s Can't find configuration db, was SSSD configured and run? 316s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 316s Can't find configuration db, was SSSD configured and run? 316s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 316s Can't find configuration db, was SSSD configured and run? 316s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 316s Can't find configuration db, was SSSD configured and run? 316s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 316s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 316s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 316s apparmor_parser: Unable to replace "/usr/sbin/sssd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 316s 317s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 317s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 317s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 317s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 318s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 318s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 318s sssd-autofs.service is a disabled or a static unit, not starting it. 318s sssd-nss.service is a disabled or a static unit, not starting it. 318s sssd-pam.service is a disabled or a static unit, not starting it. 318s sssd-ssh.service is a disabled or a static unit, not starting it. 318s sssd-sudo.service is a disabled or a static unit, not starting it. 319s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 319s Setting up sssd-proxy (2.10.1-2ubuntu3) ... 319s Setting up sssd-kcm (2.10.1-2ubuntu3) ... 319s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 319s sssd-kcm.service is a disabled or a static unit, not starting it. 319s Setting up sssd-dbus (2.10.1-2ubuntu3) ... 319s sssd-ifp.service is a disabled or a static unit, not starting it. 319s Setting up sssd-ad-common (2.10.1-2ubuntu3) ... 320s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 320s sssd-pac.service is a disabled or a static unit, not starting it. 320s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 320s Setting up sssd-krb5-common (2.10.1-2ubuntu3) ... 320s Setting up sssd-krb5 (2.10.1-2ubuntu3) ... 320s Setting up sssd-ldap (2.10.1-2ubuntu3) ... 320s Setting up sssd-ad (2.10.1-2ubuntu3) ... 320s Setting up sssd-tools (2.10.1-2ubuntu3) ... 320s Setting up sssd-ipa (2.10.1-2ubuntu3) ... 320s Setting up sssd (2.10.1-2ubuntu3) ... 320s Setting up libverto1t64:armhf (0.3.1-1.2ubuntu3) ... 320s Setting up libkrad0:armhf (1.21.3-4ubuntu2) ... 320s Setting up libverto-libevent1t64:armhf (0.3.1-1.2ubuntu3) ... 320s Setting up sssd-passkey (2.10.1-2ubuntu3) ... 320s Setting up sssd-idp (2.10.1-2ubuntu3) ... 320s Processing triggers for libc-bin (2.41-1ubuntu2) ... 320s Processing triggers for man-db (2.13.0-1) ... 322s Processing triggers for dbus (1.16.2-1ubuntu1) ... 379s autopkgtest [17:57:10]: test ldap-user-group-ldap-auth: [----------------------- 381s + . debian/tests/util 381s + . debian/tests/common-tests 381s + trap cleanup EXIT 381s + mydomain=example.com 381s + myhostname=ldap.example.com 381s + mysuffix=dc=example,dc=com 381s + admin_dn=cn=admin,dc=example,dc=com 381s + admin_pw=secret 381s + ldap_user=testuser1 381s + ldap_user_pw=testuser1secret 381s + ldap_group=ldapusers 381s + adjust_hostname ldap.example.com 381s + local myhostname=ldap.example.com 381s + echo ldap.example.com 381s + hostname ldap.example.com 381s + grep -qE ldap.example.com /etc/hosts 381s + echo 127.0.1.10 ldap.example.com 381s + reconfigure_slapd 381s + debconf-set-selections 381s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 381s + dpkg-reconfigure -fnoninteractive -pcritical slapd 382s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1... done. 382s Moving old database directory to /var/backups: 382s - directory unknown... done. 382s Creating initial configuration... done. 382s Creating LDAP directory... done. 383s + generate_certs ldap.example.com 383s + local cn=ldap.example.com 383s + local cert=/etc/ldap/server.pem 383s + local key=/etc/ldap/server.key 383s + local cnf=/etc/ldap/openssl.cnf 383s + cat 383s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 383s ......+.+............+..+.........+.......+........+.+..............+......+....+......+...+...+..................+..+.......+......+..+.......+++++++++++++++++++++++++++++++++++++++*.....+.......+..+.+++++++++++++++++++++++++++++++++++++++*............+.......+.........+.....+.+.........+..+...+....+..+......+....+......+............+.....+..........+..+...+.......+..............+......+....+.....+......+....+.........+.................+....+.........+...............+.....+.+..+....+......+.....+.......+..+..................+.+...........+.+..+......+............+...+.......+...+.........++++++ 383s ...+...+......+....+...+..+.......+...+........+.........+...................+..+...+.........+.+..+...+.+........+.+......+...............+...........+.........+++++++++++++++++++++++++++++++++++++++*..+....+..+.+.......................+............+...+++++++++++++++++++++++++++++++++++++++*..+..........+...+.........+...+........+.......+...+..+.+.........+..+....+.....+.......+..+...+..........+.........+...........+...+.+......+........+.+...+..+......+......................+.....+...+.......+......+..+....+...+..+...+......+......+.+...+......+...........+.........+....+..+.........++++++ 383s ----- 383s + chmod 0640 /etc/ldap/server.key 383s + chgrp openldap /etc/ldap/server.key 383s + [ ! -f /etc/ldap/server.pem ] 383s + [ ! -f /etc/ldap/server.key ] 383s + enable_ldap_ssl 383s + cat 383s + cat 383s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 383s modifying entry "cn=config" 383s 383s + populate_ldap_rfc2307 383s + cat 383s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 383s adding new entry "ou=People,dc=example,dc=com" 383s 383s adding new entry "ou=Group,dc=example,dc=com" 383s 383s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 383s 383s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 383s 383s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 383s 383s + configure_sssd_ldap_rfc2307 383s + cat 383s + chmod 0600 /etc/sssd/sssd.conf 383s + systemctl restart sssd 384s + enable_pam_mkhomedir 384s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 384s Assert local user databases do not have our LDAP test data 384s + echo session optional pam_mkhomedir.so 384s + run_common_tests 384s + echo Assert local user databases do not have our LDAP test data 384s + check_local_user testuser1 384s + local local_user=testuser1 384s + grep -q ^testuser1 /etc/passwd 384s + check_local_group testuser1 384s + local local_group=testuser1 384s + grep -q ^testuser1 /etc/group 384s + check_local_group ldapusers 384s + local local_group=ldapusers 384s + grep -q ^ldapusers /etc/group 384s + echo The LDAP user is known to the system via getent 384s + check_getent_user testuser1 384s + local getent_user=testuser1 384s + local output 384s The LDAP user is known to the system via getent 384s + getent passwd testuser1 384s The LDAP user's private group is known to the system via getent 384s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 384s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 384s + echo The LDAP user's private group is known to the system via getent 384s + check_getent_group testuser1 384s + local getent_group=testuser1 384s + local output 384s + getent group testuser1 384s + output=testuser1:*:10001:testuser1 384s + [ -z testuser1:*:10001:testuser1 ] 384s + echo The LDAP group ldapusers is known to the system via getent 384s + check_getent_group ldapusers 384s + local getent_group=ldapusers 384s + local output 384s + getent group ldapusers 384s The LDAP group ldapusers is known to the system via getent 384s + output=ldapusers:*:10100:testuser1 384s + [ -z ldapusers:*:10100:testuser1 ] 384s + echo The id(1) command can resolve the group membership of the LDAP user 384s + id -Gn testuser1 384s The id(1) command can resolve the group membership of the LDAP user 384s The LDAP user can login via ssh 384s + output=testuser1 ldapusers 384s + [ testuser1 ldapusers != testuser1 ldapusers ] 384s + echo The LDAP user can login via ssh 384s + setup_sshd_password_auth 384s + cat 384s + systemctl restart ssh 384s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 384s spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no testuser1@localhost 384s Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. 384s testuser1@localhost's password: 385s Creating directory '/home/testuser1'. 385s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.8.0-52-generic armv7l) 385s 385s * Documentation: https://help.ubuntu.com 385s * Management: https://landscape.canonical.com 385s * Support: https://ubuntu.com/pro 385s 385s The programs included with the Ubuntu system are free software; 385s the exact distribution terms for each program are described in the 385s individual files in /usr/share/doc/*/copyright. 385s 385s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 385s applicable law. 385s 385s testuser1@ldap:~$ id -un 385s testuser1 385s testuser1@ldap:~$ + cleanup 385s + result=0 385s + set +e 385s + [ 0 -ne 0 ] 385s + echo ## All tests passed, phew 385s + cleanup_sshd_config 385s + rm -f /etc/ssh/sshd_config.d/00-dep8.conf 385s ## All tests passed, phew 385s + systemctl restart ssh 385s autopkgtest [17:57:16]: test ldap-user-group-ldap-auth: -----------------------] 389s autopkgtest [17:57:20]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 389s ldap-user-group-ldap-auth PASS 394s autopkgtest [17:57:25]: test ldap-user-group-krb5-auth: preparing testbed 395s Reading package lists... 396s Building dependency tree... 396s Reading state information... 399s Starting pkgProblemResolver with broken count: 0 399s Starting 2 pkgProblemResolver with broken count: 0 399s Done 399s The following NEW packages will be installed: 399s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 399s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 399s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 399s Need to get 570 kB of archives. 399s After this operation, 2578 kB of additional disk space will be used. 399s Get:1 http://ftpmaster.internal/ubuntu plucky/main armhf krb5-config all 2.7 [22.0 kB] 399s Get:2 http://ftpmaster.internal/ubuntu plucky/main armhf libgssrpc4t64 armhf 1.21.3-4ubuntu2 [51.5 kB] 399s Get:3 http://ftpmaster.internal/ubuntu plucky/main armhf libkadm5clnt-mit12 armhf 1.21.3-4ubuntu2 [35.7 kB] 399s Get:4 http://ftpmaster.internal/ubuntu plucky/main armhf libkdb5-10t64 armhf 1.21.3-4ubuntu2 [35.2 kB] 399s Get:5 http://ftpmaster.internal/ubuntu plucky/main armhf libkadm5srv-mit12 armhf 1.21.3-4ubuntu2 [46.3 kB] 399s Get:6 http://ftpmaster.internal/ubuntu plucky/universe armhf krb5-user armhf 1.21.3-4ubuntu2 [111 kB] 399s Get:7 http://ftpmaster.internal/ubuntu plucky/universe armhf krb5-kdc armhf 1.21.3-4ubuntu2 [177 kB] 399s Get:8 http://ftpmaster.internal/ubuntu plucky/universe armhf krb5-admin-server armhf 1.21.3-4ubuntu2 [91.3 kB] 399s Preconfiguring packages ... 400s Fetched 570 kB in 1s (563 kB/s) 400s Selecting previously unselected package krb5-config. 400s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 65939 files and directories currently installed.) 400s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 400s Unpacking krb5-config (2.7) ... 400s Selecting previously unselected package libgssrpc4t64:armhf. 400s Preparing to unpack .../1-libgssrpc4t64_1.21.3-4ubuntu2_armhf.deb ... 400s Unpacking libgssrpc4t64:armhf (1.21.3-4ubuntu2) ... 400s Selecting previously unselected package libkadm5clnt-mit12:armhf. 400s Preparing to unpack .../2-libkadm5clnt-mit12_1.21.3-4ubuntu2_armhf.deb ... 400s Unpacking libkadm5clnt-mit12:armhf (1.21.3-4ubuntu2) ... 400s Selecting previously unselected package libkdb5-10t64:armhf. 400s Preparing to unpack .../3-libkdb5-10t64_1.21.3-4ubuntu2_armhf.deb ... 400s Unpacking libkdb5-10t64:armhf (1.21.3-4ubuntu2) ... 400s Selecting previously unselected package libkadm5srv-mit12:armhf. 400s Preparing to unpack .../4-libkadm5srv-mit12_1.21.3-4ubuntu2_armhf.deb ... 400s Unpacking libkadm5srv-mit12:armhf (1.21.3-4ubuntu2) ... 400s Selecting previously unselected package krb5-user. 400s Preparing to unpack .../5-krb5-user_1.21.3-4ubuntu2_armhf.deb ... 400s Unpacking krb5-user (1.21.3-4ubuntu2) ... 400s Selecting previously unselected package krb5-kdc. 400s Preparing to unpack .../6-krb5-kdc_1.21.3-4ubuntu2_armhf.deb ... 400s Unpacking krb5-kdc (1.21.3-4ubuntu2) ... 400s Selecting previously unselected package krb5-admin-server. 400s Preparing to unpack .../7-krb5-admin-server_1.21.3-4ubuntu2_armhf.deb ... 400s Unpacking krb5-admin-server (1.21.3-4ubuntu2) ... 400s Setting up libgssrpc4t64:armhf (1.21.3-4ubuntu2) ... 400s Setting up krb5-config (2.7) ... 401s Setting up libkadm5clnt-mit12:armhf (1.21.3-4ubuntu2) ... 401s Setting up libkdb5-10t64:armhf (1.21.3-4ubuntu2) ... 401s Setting up libkadm5srv-mit12:armhf (1.21.3-4ubuntu2) ... 401s Setting up krb5-user (1.21.3-4ubuntu2) ... 401s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 401s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 401s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 401s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 401s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 401s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 401s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 401s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 401s Setting up krb5-kdc (1.21.3-4ubuntu2) ... 401s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 402s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 402s Setting up krb5-admin-server (1.21.3-4ubuntu2) ... 402s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 403s Processing triggers for man-db (2.13.0-1) ... 404s Processing triggers for libc-bin (2.41-1ubuntu2) ... 461s autopkgtest [17:58:32]: test ldap-user-group-krb5-auth: [----------------------- 462s + . debian/tests/util 462s + . debian/tests/common-tests 462s + trap cleanup EXIT 462s + mydomain=example.com 462s + myhostname=ldap.example.com 462s + mysuffix=dc=example,dc=com 462s + myrealm=EXAMPLE.COM 462s + admin_dn=cn=admin,dc=example,dc=com 462s + admin_pw=secret 462s + ldap_user=testuser1 462s + ldap_user_pw=testuser1secret 462s + kerberos_principal_pw=testuser1kerberos 462s + ldap_group=ldapusers 462s + adjust_hostname ldap.example.com 462s + local myhostname=ldap.example.com 462s + echo ldap.example.com 462s + hostname ldap.example.com 462s + grep -qE ldap.example.com /etc/hosts 462s + reconfigure_slapd 462s + debconf-set-selections 463s + rm -rf /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1 /var/backups/unknown-2.6.9+dfsg-1~exp2ubuntu1-20250315-175713.ldapdb 463s + dpkg-reconfigure -fnoninteractive -pcritical slapd 463s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1... done. 463s Moving old database directory to /var/backups: 463s - directory unknown... done. 463s Creating initial configuration... done. 463s Creating LDAP directory... done. 464s + generate_certs ldap.example.com 464s + local cn=ldap.example.com 464s + local cert=/etc/ldap/server.pem 464s + local key=/etc/ldap/server.key 464s + local cnf=/etc/ldap/openssl.cnf 464s + cat 464s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 464s ....+...+.....+....+...+......+.....+......+.+.........+...........+...+...............+....+.....+......+.+++++++++++++++++++++++++++++++++++++++*.....+......+..+...+....+...+.....+......+.......+...+...............+..+.......+..+....+......+++++++++++++++++++++++++++++++++++++++*..+...+....+..+.+...+..+.........+..........+.....+.........+.+...........+....+...+..+....+...........+...+...+..........+..+...+.......+...............+.....+.......+...+..+................+...+..+..................+...............+.+...+..+.+.....+.........+.+............+.....+...+.......+......+..++++++ 464s ..........+..+++++++++++++++++++++++++++++++++++++++*.........+++++++++++++++++++++++++++++++++++++++*........+.........+...............+.+.....+.+..............................+.....+......+....+...++++++ 464s ----- 464s + chmod 0640 /etc/ldap/server.key 464s + chgrp openldap /etc/ldap/server.key 464s + [ ! -f /etc/ldap/server.pem ] 464s + [ ! -f /etc/ldap/server.key ] 464s + enable_ldap_ssl 464s + cat 464s + cat 464s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 464s + populate_ldap_rfc2307 464s + cat 464s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 464s modifying entry "cn=config" 464s 464s + create_realm EXAMPLE.COM ldap.example.com 464s + local realm_name=EXAMPLE.COM 464s + local kerberos_server=ldap.example.com 464s + rm -rf /var/lib/krb5kdc/* 464s adding new entry "ou=People,dc=example,dc=com" 464s 464s adding new entry "ou=Group,dc=example,dc=com" 464s 464s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 464s 464s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 464s 464s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 464s 464s + rm -rf /etc/krb5kdc/kdc.conf 464s + rm -f /etc/krb5.keytab 464s + cat 464s + cat 464s + echo # */admin * 464s + kdb5_util create -s -P secretpassword 464s + systemctl restart krb5-kdc.service krb5-admin-server.service 464s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 464s master key name 'K/M@EXAMPLE.COM' 464s + create_krb_principal testuser1 testuser1kerberos 464s + local principal=testuser1 464s + local password=testuser1kerberos 464s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 464s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 464s + configure_sssd_ldap_rfc2307_krb5_auth 464s + cat 464s Authenticating as principal root/admin@EXAMPLE.COM with password. 464s Principal "testuser1@EXAMPLE.COM" created. 464s + chmod 0600 /etc/sssd/sssd.conf 464s + systemctl restart sssd 465s + enable_pam_mkhomedir 465s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 465s + run_common_tests 465s + echo Assert local user databases do not have our LDAP test data 465s + check_local_user testuser1 465s + local local_user=testuser1 465s + grep -q ^testuser1 /etc/passwd 465s + check_local_group testuser1 465s + local local_group=testuser1 465s + grep -q ^testuser1 /etc/group 465s + check_local_group ldapusers 465s + local local_group=ldapusers 465s + grep -q ^ldapusers /etc/group 465s Assert local user databases do not have our LDAP test data 465s + echo The LDAP user is known to the system via getent 465s + check_getent_user testuser1 465s + local getent_user=testuser1 465s + local output 465s + getent passwd testuser1 465s The LDAP user is known to the system via getent 465s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 465s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 465s + echo The LDAP user's private group is known to the system via getent 465s + check_getent_group testuser1 465s + local getent_group=testuser1 465s + local output 465s + getent group testuser1 465s The LDAP user's private group is known to the system via getent 465s + output=testuser1:*:10001:testuser1 465s + [ -z testuser1:*:10001:testuser1 ] 465s + echo The LDAP group ldapusers is known to the system via getent 465s + check_getent_group ldapusers 465s + local getent_group=ldapusers 465s + local output 465s + getent group ldapusers 465s The LDAP group ldapusers is known to the system via getent 465s + output=ldapusers:*:10100:testuser1 465s + [ -z ldapusers:*:10100:testuser1 ] 465s + echo The id(1) command can resolve the group membership of the LDAP user 465s + id -Gn testuser1 465s The id(1) command can resolve the group membership of the LDAP user 465s + output=testuser1 ldapusers 465s + [ testuser1 ldapusers != testuser1 ldapusers ] 465s + echo The Kerberos principal can login via ssh 465s + setup_sshd_password_auth 465s + cat 465s + systemctl restart ssh 465s The Kerberos principal can login via ssh 465s + kdestroy 465s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 465s spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no testuser1@localhost 465s Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. 465s testuser1@localhost's password: 466s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.8.0-52-generic armv7l) 466s 466s * Documentation: https://help.ubuntu.com 466s * Management: https://landscape.canonical.com 466s * Support: https://ubuntu.com/pro 466s 466s Last login: Sat Mar 15 17:57:16 2025 from 127.0.0.1 466s testuser1@ldap:~$ id -un 466s testuser1 466s testuser1@ldap:~$ klist 466s Ticket cache: FILE:/tmp/krb5cc_10001_yPAjRh 466s Default principal: testuser1@EXAMPLE.COM 466s 466s Valid starting Expires Service principal 466s 03/15/25 17:58:36 03/16/25 03:58:36 krbtgt/EXAMPLE.COM@EXAMPLE.COM 466s renew until 03/16/25 17:58:36 466s + cleanup 466s + result=0 466s + set +e 466s + [ 0 -ne 0 ] 466s + echo ## All tests passed, phew 466s + cleanup_sshd_config 466s + rm -f /etc/ssh/sshd_config.d/00-dep8.conf 466s + systemctl restart ssh 466s ## All tests passed, phew 466s autopkgtest [17:58:37]: test ldap-user-group-krb5-auth: -----------------------] 470s autopkgtest [17:58:41]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 470s ldap-user-group-krb5-auth PASS 473s autopkgtest [17:58:44]: test sssd-softhism2-certificates-tests.sh: preparing testbed 496s autopkgtest [17:59:07]: testbed dpkg architecture: armhf 498s autopkgtest [17:59:09]: testbed apt version: 2.9.33 501s autopkgtest [17:59:12]: @@@@@@@@@@@@@@@@@@@@ test bed setup 503s autopkgtest [17:59:14]: testbed release detected to be: plucky 511s autopkgtest [17:59:22]: updating testbed package index (apt update) 513s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [126 kB] 513s Get:2 http://ftpmaster.internal/ubuntu plucky InRelease [257 kB] 514s Get:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease [126 kB] 514s Get:4 http://ftpmaster.internal/ubuntu plucky-security InRelease [126 kB] 514s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [379 kB] 514s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [99.7 kB] 514s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [15.8 kB] 514s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main armhf Packages [114 kB] 515s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main armhf c-n-f Metadata [1832 B] 515s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted armhf c-n-f Metadata [116 B] 515s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe armhf Packages [312 kB] 515s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/universe armhf c-n-f Metadata [11.1 kB] 515s Get:13 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse armhf Packages [3472 B] 515s Get:14 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse armhf c-n-f Metadata [240 B] 515s Get:15 http://ftpmaster.internal/ubuntu plucky/multiverse Sources [299 kB] 515s Get:16 http://ftpmaster.internal/ubuntu plucky/main Sources [1394 kB] 516s Get:17 http://ftpmaster.internal/ubuntu plucky/universe Sources [21.0 MB] 531s Get:18 http://ftpmaster.internal/ubuntu plucky/main armhf Packages [1378 kB] 532s Get:19 http://ftpmaster.internal/ubuntu plucky/main armhf c-n-f Metadata [29.4 kB] 532s Get:20 http://ftpmaster.internal/ubuntu plucky/restricted armhf c-n-f Metadata [108 B] 532s Get:21 http://ftpmaster.internal/ubuntu plucky/universe armhf Packages [15.1 MB] 544s Get:22 http://ftpmaster.internal/ubuntu plucky/multiverse armhf Packages [172 kB] 545s Fetched 41.0 MB in 32s (1279 kB/s) 546s Reading package lists... 558s autopkgtest [18:00:09]: upgrading testbed (apt dist-upgrade and autopurge) 562s Reading package lists... 563s Building dependency tree... 563s Reading state information... 563s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 563s Starting 2 pkgProblemResolver with broken count: 0 563s Done 564s Entering ResolveByKeep 564s 565s Calculating upgrade... 565s The following packages will be upgraded: 565s libc-bin libc6 locales pinentry-curses python3-jinja2 sos strace 565s 7 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 565s Need to get 8683 kB of archives. 565s After this operation, 23.6 kB of additional disk space will be used. 565s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main armhf libc6 armhf 2.41-1ubuntu2 [2932 kB] 568s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main armhf libc-bin armhf 2.41-1ubuntu2 [545 kB] 569s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main armhf locales all 2.41-1ubuntu2 [4246 kB] 573s Get:4 http://ftpmaster.internal/ubuntu plucky/main armhf strace armhf 6.13+ds-1ubuntu1 [445 kB] 573s Get:5 http://ftpmaster.internal/ubuntu plucky/main armhf pinentry-curses armhf 1.3.1-2ubuntu3 [40.6 kB] 573s Get:6 http://ftpmaster.internal/ubuntu plucky/main armhf python3-jinja2 all 3.1.5-2ubuntu1 [109 kB] 573s Get:7 http://ftpmaster.internal/ubuntu plucky/main armhf sos all 4.9.0-5 [365 kB] 574s Preconfiguring packages ... 574s Fetched 8683 kB in 8s (1040 kB/s) 574s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 64655 files and directories currently installed.) 574s Preparing to unpack .../libc6_2.41-1ubuntu2_armhf.deb ... 575s Unpacking libc6:armhf (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 575s Setting up libc6:armhf (2.41-1ubuntu2) ... 575s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 64655 files and directories currently installed.) 575s Preparing to unpack .../libc-bin_2.41-1ubuntu2_armhf.deb ... 575s Unpacking libc-bin (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 575s Setting up libc-bin (2.41-1ubuntu2) ... 576s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 64655 files and directories currently installed.) 576s Preparing to unpack .../locales_2.41-1ubuntu2_all.deb ... 576s Unpacking locales (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 576s Preparing to unpack .../strace_6.13+ds-1ubuntu1_armhf.deb ... 576s Unpacking strace (6.13+ds-1ubuntu1) over (6.11-0ubuntu1) ... 576s Preparing to unpack .../pinentry-curses_1.3.1-2ubuntu3_armhf.deb ... 576s Unpacking pinentry-curses (1.3.1-2ubuntu3) over (1.3.1-2ubuntu2) ... 576s Preparing to unpack .../python3-jinja2_3.1.5-2ubuntu1_all.deb ... 576s Unpacking python3-jinja2 (3.1.5-2ubuntu1) over (3.1.5-2) ... 576s Preparing to unpack .../archives/sos_4.9.0-5_all.deb ... 576s Unpacking sos (4.9.0-5) over (4.9.0-4) ... 577s Setting up sos (4.9.0-5) ... 577s Setting up pinentry-curses (1.3.1-2ubuntu3) ... 577s Setting up locales (2.41-1ubuntu2) ... 578s Generating locales (this might take a while)... 583s en_US.UTF-8... done 583s Generation complete. 583s Setting up python3-jinja2 (3.1.5-2ubuntu1) ... 583s Setting up strace (6.13+ds-1ubuntu1) ... 583s Processing triggers for man-db (2.13.0-1) ... 584s Processing triggers for systemd (257.3-1ubuntu3) ... 587s Reading package lists... 587s Building dependency tree... 587s Reading state information... 588s Starting pkgProblemResolver with broken count: 0 588s Starting 2 pkgProblemResolver with broken count: 0 588s Done 588s Solving dependencies... 589s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 591s autopkgtest [18:00:42]: rebooting testbed after setup commands that affected boot 658s Reading package lists... 658s Building dependency tree... 658s Reading state information... 659s Starting pkgProblemResolver with broken count: 0 659s Starting 2 pkgProblemResolver with broken count: 0 659s Done 660s The following NEW packages will be installed: 660s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 660s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 660s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 660s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 660s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 660s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 660s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 660s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 660s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 660s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 660s Need to get 9971 kB of archives. 660s After this operation, 38.8 MB of additional disk space will be used. 660s Get:1 http://ftpmaster.internal/ubuntu plucky/main armhf libevent-2.1-7t64 armhf 2.1.12-stable-10 [127 kB] 660s Get:2 http://ftpmaster.internal/ubuntu plucky/main armhf libunbound8 armhf 1.22.0-1ubuntu1 [423 kB] 661s Get:3 http://ftpmaster.internal/ubuntu plucky/main armhf libgnutls-dane0t64 armhf 3.8.9-2ubuntu2 [34.9 kB] 661s Get:4 http://ftpmaster.internal/ubuntu plucky/universe armhf gnutls-bin armhf 3.8.9-2ubuntu2 [278 kB] 661s Get:5 http://ftpmaster.internal/ubuntu plucky/main armhf libavahi-common-data armhf 0.8-16ubuntu1 [30.9 kB] 661s Get:6 http://ftpmaster.internal/ubuntu plucky/main armhf libavahi-common3 armhf 0.8-16ubuntu1 [20.2 kB] 661s Get:7 http://ftpmaster.internal/ubuntu plucky/main armhf libavahi-client3 armhf 0.8-16ubuntu1 [24.1 kB] 661s Get:8 http://ftpmaster.internal/ubuntu plucky/main armhf libbasicobjects0t64 armhf 0.6.2-3 [5434 B] 661s Get:9 http://ftpmaster.internal/ubuntu plucky/main armhf libcares2 armhf 1.34.4-2.1 [85.0 kB] 661s Get:10 http://ftpmaster.internal/ubuntu plucky/main armhf libcollection4t64 armhf 0.6.2-3 [18.8 kB] 661s Get:11 http://ftpmaster.internal/ubuntu plucky/main armhf libcrack2 armhf 2.9.6-5.2build1 [27.1 kB] 661s Get:12 http://ftpmaster.internal/ubuntu plucky/main armhf libdhash1t64 armhf 0.6.2-3 [7876 B] 661s Get:13 http://ftpmaster.internal/ubuntu plucky/main armhf libpath-utils1t64 armhf 0.6.2-3 [7776 B] 661s Get:14 http://ftpmaster.internal/ubuntu plucky/main armhf libref-array1t64 armhf 0.6.2-3 [6382 B] 661s Get:15 http://ftpmaster.internal/ubuntu plucky/main armhf libini-config5t64 armhf 0.6.2-3 [37.2 kB] 661s Get:16 http://ftpmaster.internal/ubuntu plucky/main armhf libipa-hbac0t64 armhf 2.10.1-2ubuntu3 [18.1 kB] 661s Get:17 http://ftpmaster.internal/ubuntu plucky/main armhf libtalloc2 armhf 2:2.4.2+samba4.21.4+dfsg-1ubuntu3 [70.3 kB] 661s Get:18 http://ftpmaster.internal/ubuntu plucky/main armhf libtdb1 armhf 2:1.4.12+samba4.21.4+dfsg-1ubuntu3 [87.9 kB] 661s Get:19 http://ftpmaster.internal/ubuntu plucky/main armhf libtevent0t64 armhf 2:0.16.1+samba4.21.4+dfsg-1ubuntu3 [36.1 kB] 661s Get:20 http://ftpmaster.internal/ubuntu plucky/main armhf libldb2 armhf 2:2.10.0+samba4.21.4+dfsg-1ubuntu3 [126 kB] 661s Get:21 http://ftpmaster.internal/ubuntu plucky/main armhf libnfsidmap1 armhf 1:2.8.2-2ubuntu1 [56.6 kB] 661s Get:22 http://ftpmaster.internal/ubuntu plucky/main armhf libpwquality-common all 1.4.5-4 [7714 B] 661s Get:23 http://ftpmaster.internal/ubuntu plucky/main armhf libpwquality1 armhf 1.4.5-4 [12.3 kB] 661s Get:24 http://ftpmaster.internal/ubuntu plucky/main armhf libpam-pwquality armhf 1.4.5-4 [11.4 kB] 661s Get:25 http://ftpmaster.internal/ubuntu plucky/main armhf libwbclient0 armhf 2:4.21.4+dfsg-1ubuntu3 [76.8 kB] 661s Get:26 http://ftpmaster.internal/ubuntu plucky/main armhf samba-libs armhf 2:4.21.4+dfsg-1ubuntu3 [6026 kB] 666s Get:27 http://ftpmaster.internal/ubuntu plucky/main armhf libsmbclient0 armhf 2:4.21.4+dfsg-1ubuntu3 [58.2 kB] 666s Get:28 http://ftpmaster.internal/ubuntu plucky/main armhf libnss-sss armhf 2.10.1-2ubuntu3 [30.1 kB] 666s Get:29 http://ftpmaster.internal/ubuntu plucky/main armhf libpam-sss armhf 2.10.1-2ubuntu3 [46.4 kB] 666s Get:30 http://ftpmaster.internal/ubuntu plucky/universe armhf softhsm2-common armhf 2.6.1-2.2ubuntu3 [6194 B] 666s Get:31 http://ftpmaster.internal/ubuntu plucky/universe armhf libsofthsm2 armhf 2.6.1-2.2ubuntu3 [230 kB] 666s Get:32 http://ftpmaster.internal/ubuntu plucky/main armhf libsss-certmap0 armhf 2.10.1-2ubuntu3 [44.2 kB] 666s Get:33 http://ftpmaster.internal/ubuntu plucky/main armhf libsss-idmap0 armhf 2.10.1-2ubuntu3 [21.2 kB] 666s Get:34 http://ftpmaster.internal/ubuntu plucky/main armhf libsss-nss-idmap0 armhf 2.10.1-2ubuntu3 [28.4 kB] 666s Get:35 http://ftpmaster.internal/ubuntu plucky/main armhf python3-sss armhf 2.10.1-2ubuntu3 [45.4 kB] 666s Get:36 http://ftpmaster.internal/ubuntu plucky/universe armhf softhsm2 armhf 2.6.1-2.2ubuntu3 [155 kB] 666s Get:37 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-common armhf 2.10.1-2ubuntu3 [1054 kB] 667s Get:38 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-ad-common armhf 2.10.1-2ubuntu3 [67.6 kB] 667s Get:39 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-krb5-common armhf 2.10.1-2ubuntu3 [82.0 kB] 667s Get:40 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-ad armhf 2.10.1-2ubuntu3 [130 kB] 667s Get:41 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-ipa armhf 2.10.1-2ubuntu3 [214 kB] 667s Get:42 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-krb5 armhf 2.10.1-2ubuntu3 [14.0 kB] 667s Get:43 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-ldap armhf 2.10.1-2ubuntu3 [31.2 kB] 667s Get:44 http://ftpmaster.internal/ubuntu plucky/main armhf sssd-proxy armhf 2.10.1-2ubuntu3 [43.4 kB] 667s Get:45 http://ftpmaster.internal/ubuntu plucky/main armhf sssd armhf 2.10.1-2ubuntu3 [4122 B] 668s Fetched 9971 kB in 8s (1292 kB/s) 668s Selecting previously unselected package libevent-2.1-7t64:armhf. 668s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 64655 files and directories currently installed.) 668s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10_armhf.deb ... 668s Unpacking libevent-2.1-7t64:armhf (2.1.12-stable-10) ... 668s Selecting previously unselected package libunbound8:armhf. 668s Preparing to unpack .../01-libunbound8_1.22.0-1ubuntu1_armhf.deb ... 668s Unpacking libunbound8:armhf (1.22.0-1ubuntu1) ... 668s Selecting previously unselected package libgnutls-dane0t64:armhf. 668s Preparing to unpack .../02-libgnutls-dane0t64_3.8.9-2ubuntu2_armhf.deb ... 668s Unpacking libgnutls-dane0t64:armhf (3.8.9-2ubuntu2) ... 668s Selecting previously unselected package gnutls-bin. 668s Preparing to unpack .../03-gnutls-bin_3.8.9-2ubuntu2_armhf.deb ... 668s Unpacking gnutls-bin (3.8.9-2ubuntu2) ... 668s Selecting previously unselected package libavahi-common-data:armhf. 668s Preparing to unpack .../04-libavahi-common-data_0.8-16ubuntu1_armhf.deb ... 668s Unpacking libavahi-common-data:armhf (0.8-16ubuntu1) ... 668s Selecting previously unselected package libavahi-common3:armhf. 668s Preparing to unpack .../05-libavahi-common3_0.8-16ubuntu1_armhf.deb ... 668s Unpacking libavahi-common3:armhf (0.8-16ubuntu1) ... 668s Selecting previously unselected package libavahi-client3:armhf. 668s Preparing to unpack .../06-libavahi-client3_0.8-16ubuntu1_armhf.deb ... 668s Unpacking libavahi-client3:armhf (0.8-16ubuntu1) ... 668s Selecting previously unselected package libbasicobjects0t64:armhf. 668s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-3_armhf.deb ... 668s Unpacking libbasicobjects0t64:armhf (0.6.2-3) ... 668s Selecting previously unselected package libcares2:armhf. 668s Preparing to unpack .../08-libcares2_1.34.4-2.1_armhf.deb ... 668s Unpacking libcares2:armhf (1.34.4-2.1) ... 668s Selecting previously unselected package libcollection4t64:armhf. 668s Preparing to unpack .../09-libcollection4t64_0.6.2-3_armhf.deb ... 668s Unpacking libcollection4t64:armhf (0.6.2-3) ... 668s Selecting previously unselected package libcrack2:armhf. 668s Preparing to unpack .../10-libcrack2_2.9.6-5.2build1_armhf.deb ... 668s Unpacking libcrack2:armhf (2.9.6-5.2build1) ... 668s Selecting previously unselected package libdhash1t64:armhf. 668s Preparing to unpack .../11-libdhash1t64_0.6.2-3_armhf.deb ... 668s Unpacking libdhash1t64:armhf (0.6.2-3) ... 668s Selecting previously unselected package libpath-utils1t64:armhf. 668s Preparing to unpack .../12-libpath-utils1t64_0.6.2-3_armhf.deb ... 668s Unpacking libpath-utils1t64:armhf (0.6.2-3) ... 668s Selecting previously unselected package libref-array1t64:armhf. 668s Preparing to unpack .../13-libref-array1t64_0.6.2-3_armhf.deb ... 668s Unpacking libref-array1t64:armhf (0.6.2-3) ... 668s Selecting previously unselected package libini-config5t64:armhf. 668s Preparing to unpack .../14-libini-config5t64_0.6.2-3_armhf.deb ... 668s Unpacking libini-config5t64:armhf (0.6.2-3) ... 668s Selecting previously unselected package libipa-hbac0t64. 668s Preparing to unpack .../15-libipa-hbac0t64_2.10.1-2ubuntu3_armhf.deb ... 668s Unpacking libipa-hbac0t64 (2.10.1-2ubuntu3) ... 669s Selecting previously unselected package libtalloc2:armhf. 669s Preparing to unpack .../16-libtalloc2_2%3a2.4.2+samba4.21.4+dfsg-1ubuntu3_armhf.deb ... 669s Unpacking libtalloc2:armhf (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 669s Selecting previously unselected package libtdb1:armhf. 669s Preparing to unpack .../17-libtdb1_2%3a1.4.12+samba4.21.4+dfsg-1ubuntu3_armhf.deb ... 669s Unpacking libtdb1:armhf (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 669s Selecting previously unselected package libtevent0t64:armhf. 669s Preparing to unpack .../18-libtevent0t64_2%3a0.16.1+samba4.21.4+dfsg-1ubuntu3_armhf.deb ... 669s Unpacking libtevent0t64:armhf (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 669s Selecting previously unselected package libldb2:armhf. 669s Preparing to unpack .../19-libldb2_2%3a2.10.0+samba4.21.4+dfsg-1ubuntu3_armhf.deb ... 669s Unpacking libldb2:armhf (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 669s Selecting previously unselected package libnfsidmap1:armhf. 669s Preparing to unpack .../20-libnfsidmap1_1%3a2.8.2-2ubuntu1_armhf.deb ... 669s Unpacking libnfsidmap1:armhf (1:2.8.2-2ubuntu1) ... 669s Selecting previously unselected package libpwquality-common. 669s Preparing to unpack .../21-libpwquality-common_1.4.5-4_all.deb ... 669s Unpacking libpwquality-common (1.4.5-4) ... 669s Selecting previously unselected package libpwquality1:armhf. 669s Preparing to unpack .../22-libpwquality1_1.4.5-4_armhf.deb ... 669s Unpacking libpwquality1:armhf (1.4.5-4) ... 669s Selecting previously unselected package libpam-pwquality:armhf. 669s Preparing to unpack .../23-libpam-pwquality_1.4.5-4_armhf.deb ... 669s Unpacking libpam-pwquality:armhf (1.4.5-4) ... 669s Selecting previously unselected package libwbclient0:armhf. 669s Preparing to unpack .../24-libwbclient0_2%3a4.21.4+dfsg-1ubuntu3_armhf.deb ... 669s Unpacking libwbclient0:armhf (2:4.21.4+dfsg-1ubuntu3) ... 669s Selecting previously unselected package samba-libs:armhf. 669s Preparing to unpack .../25-samba-libs_2%3a4.21.4+dfsg-1ubuntu3_armhf.deb ... 669s Unpacking samba-libs:armhf (2:4.21.4+dfsg-1ubuntu3) ... 669s Selecting previously unselected package libsmbclient0:armhf. 669s Preparing to unpack .../26-libsmbclient0_2%3a4.21.4+dfsg-1ubuntu3_armhf.deb ... 669s Unpacking libsmbclient0:armhf (2:4.21.4+dfsg-1ubuntu3) ... 669s Selecting previously unselected package libnss-sss:armhf. 669s Preparing to unpack .../27-libnss-sss_2.10.1-2ubuntu3_armhf.deb ... 669s Unpacking libnss-sss:armhf (2.10.1-2ubuntu3) ... 669s Selecting previously unselected package libpam-sss:armhf. 669s Preparing to unpack .../28-libpam-sss_2.10.1-2ubuntu3_armhf.deb ... 669s Unpacking libpam-sss:armhf (2.10.1-2ubuntu3) ... 669s Selecting previously unselected package softhsm2-common. 669s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_armhf.deb ... 669s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 669s Selecting previously unselected package libsofthsm2. 669s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_armhf.deb ... 669s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 669s Selecting previously unselected package libsss-certmap0. 669s Preparing to unpack .../31-libsss-certmap0_2.10.1-2ubuntu3_armhf.deb ... 669s Unpacking libsss-certmap0 (2.10.1-2ubuntu3) ... 669s Selecting previously unselected package libsss-idmap0. 669s Preparing to unpack .../32-libsss-idmap0_2.10.1-2ubuntu3_armhf.deb ... 669s Unpacking libsss-idmap0 (2.10.1-2ubuntu3) ... 669s Selecting previously unselected package libsss-nss-idmap0. 669s Preparing to unpack .../33-libsss-nss-idmap0_2.10.1-2ubuntu3_armhf.deb ... 669s Unpacking libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 669s Selecting previously unselected package python3-sss. 669s Preparing to unpack .../34-python3-sss_2.10.1-2ubuntu3_armhf.deb ... 669s Unpacking python3-sss (2.10.1-2ubuntu3) ... 669s Selecting previously unselected package softhsm2. 669s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_armhf.deb ... 669s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 669s Selecting previously unselected package sssd-common. 669s Preparing to unpack .../36-sssd-common_2.10.1-2ubuntu3_armhf.deb ... 669s Unpacking sssd-common (2.10.1-2ubuntu3) ... 670s Selecting previously unselected package sssd-ad-common. 670s Preparing to unpack .../37-sssd-ad-common_2.10.1-2ubuntu3_armhf.deb ... 670s Unpacking sssd-ad-common (2.10.1-2ubuntu3) ... 670s Selecting previously unselected package sssd-krb5-common. 670s Preparing to unpack .../38-sssd-krb5-common_2.10.1-2ubuntu3_armhf.deb ... 670s Unpacking sssd-krb5-common (2.10.1-2ubuntu3) ... 670s Selecting previously unselected package sssd-ad. 670s Preparing to unpack .../39-sssd-ad_2.10.1-2ubuntu3_armhf.deb ... 670s Unpacking sssd-ad (2.10.1-2ubuntu3) ... 670s Selecting previously unselected package sssd-ipa. 670s Preparing to unpack .../40-sssd-ipa_2.10.1-2ubuntu3_armhf.deb ... 670s Unpacking sssd-ipa (2.10.1-2ubuntu3) ... 670s Selecting previously unselected package sssd-krb5. 670s Preparing to unpack .../41-sssd-krb5_2.10.1-2ubuntu3_armhf.deb ... 670s Unpacking sssd-krb5 (2.10.1-2ubuntu3) ... 670s Selecting previously unselected package sssd-ldap. 670s Preparing to unpack .../42-sssd-ldap_2.10.1-2ubuntu3_armhf.deb ... 670s Unpacking sssd-ldap (2.10.1-2ubuntu3) ... 670s Selecting previously unselected package sssd-proxy. 670s Preparing to unpack .../43-sssd-proxy_2.10.1-2ubuntu3_armhf.deb ... 670s Unpacking sssd-proxy (2.10.1-2ubuntu3) ... 670s Selecting previously unselected package sssd. 670s Preparing to unpack .../44-sssd_2.10.1-2ubuntu3_armhf.deb ... 670s Unpacking sssd (2.10.1-2ubuntu3) ... 670s Setting up libpwquality-common (1.4.5-4) ... 670s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 670s Creating config file /etc/softhsm/softhsm2.conf with new version 670s Setting up libnfsidmap1:armhf (1:2.8.2-2ubuntu1) ... 670s Setting up libsss-idmap0 (2.10.1-2ubuntu3) ... 670s Setting up libbasicobjects0t64:armhf (0.6.2-3) ... 670s Setting up libipa-hbac0t64 (2.10.1-2ubuntu3) ... 670s Setting up libref-array1t64:armhf (0.6.2-3) ... 670s Setting up libtdb1:armhf (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 670s Setting up libcollection4t64:armhf (0.6.2-3) ... 670s Setting up libevent-2.1-7t64:armhf (2.1.12-stable-10) ... 670s Setting up libwbclient0:armhf (2:4.21.4+dfsg-1ubuntu3) ... 670s Setting up libtalloc2:armhf (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 670s Setting up libpath-utils1t64:armhf (0.6.2-3) ... 670s Setting up libunbound8:armhf (1.22.0-1ubuntu1) ... 670s Setting up libgnutls-dane0t64:armhf (3.8.9-2ubuntu2) ... 670s Setting up libavahi-common-data:armhf (0.8-16ubuntu1) ... 670s Setting up libcares2:armhf (1.34.4-2.1) ... 670s Setting up libdhash1t64:armhf (0.6.2-3) ... 670s Setting up libcrack2:armhf (2.9.6-5.2build1) ... 670s Setting up libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 670s Setting up libini-config5t64:armhf (0.6.2-3) ... 670s Setting up libtevent0t64:armhf (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 670s Setting up libnss-sss:armhf (2.10.1-2ubuntu3) ... 670s Setting up gnutls-bin (3.8.9-2ubuntu2) ... 670s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 670s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 670s Setting up libavahi-common3:armhf (0.8-16ubuntu1) ... 670s Setting up libsss-certmap0 (2.10.1-2ubuntu3) ... 670s Setting up libpwquality1:armhf (1.4.5-4) ... 670s Setting up libldb2:armhf (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 670s Setting up libavahi-client3:armhf (0.8-16ubuntu1) ... 670s Setting up libpam-pwquality:armhf (1.4.5-4) ... 670s Setting up samba-libs:armhf (2:4.21.4+dfsg-1ubuntu3) ... 670s Setting up python3-sss (2.10.1-2ubuntu3) ... 670s Setting up libsmbclient0:armhf (2:4.21.4+dfsg-1ubuntu3) ... 670s Setting up libpam-sss:armhf (2.10.1-2ubuntu3) ... 671s Setting up sssd-common (2.10.1-2ubuntu3) ... 671s Creating SSSD system user & group... 671s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 671s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 671s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 671s apparmor_parser: Unable to replace "/usr/sbin/sssd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 671s 671s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 672s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 672s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 672s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 672s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 673s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 673s sssd-autofs.service is a disabled or a static unit, not starting it. 673s sssd-nss.service is a disabled or a static unit, not starting it. 673s sssd-pam.service is a disabled or a static unit, not starting it. 673s sssd-ssh.service is a disabled or a static unit, not starting it. 673s sssd-sudo.service is a disabled or a static unit, not starting it. 673s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 673s Setting up sssd-proxy (2.10.1-2ubuntu3) ... 673s Setting up sssd-ad-common (2.10.1-2ubuntu3) ... 673s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 674s sssd-pac.service is a disabled or a static unit, not starting it. 674s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 674s Setting up sssd-krb5-common (2.10.1-2ubuntu3) ... 674s Setting up sssd-krb5 (2.10.1-2ubuntu3) ... 674s Setting up sssd-ldap (2.10.1-2ubuntu3) ... 674s Setting up sssd-ad (2.10.1-2ubuntu3) ... 674s Setting up sssd-ipa (2.10.1-2ubuntu3) ... 674s Setting up sssd (2.10.1-2ubuntu3) ... 674s Processing triggers for man-db (2.13.0-1) ... 675s Processing triggers for libc-bin (2.41-1ubuntu2) ... 695s autopkgtest [18:02:26]: test sssd-softhism2-certificates-tests.sh: [----------------------- 697s + '[' -z ubuntu ']' 697s + required_tools=(p11tool openssl softhsm2-util) 697s + for cmd in "${required_tools[@]}" 697s + command -v p11tool 697s + for cmd in "${required_tools[@]}" 697s + command -v openssl 697s + for cmd in "${required_tools[@]}" 697s + command -v softhsm2-util 697s + PIN=053350 697s +++ find /usr/lib/softhsm/libsofthsm2.so 697s +++ head -n 1 697s ++ realpath /usr/lib/softhsm/libsofthsm2.so 697s + SOFTHSM2_MODULE=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 697s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 697s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 697s + '[' '!' -v NO_SSSD_TESTS ']' 697s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 697s + ca_db_arg=ca_db 697s ++ /usr/libexec/sssd/p11_child --help 697s + p11_child_help='Usage: p11_child [OPTION...] 697s -d, --debug-level=INT Debug level 697s --debug-timestamps=INT Add debug timestamps 697s --debug-microseconds=INT Show timestamps with microseconds 697s --dumpable=INT Allow core dumps 697s --backtrace=INT Enable debug backtrace 697s --debug-fd=INT An open file descriptor for the debug 697s logs 697s --logger=stderr|files|journald Set logger 697s --auth Run in auth mode 697s --pre Run in pre-auth mode 697s --wait_for_card Wait until card is available 697s --verification Run in verification mode 697s --pin Expect PIN on stdin 697s --keypad Expect PIN on keypad 697s --verify=STRING Tune validation 697s --ca_db=STRING CA DB to use 697s --module_name=STRING Module name for authentication 697s --token_name=STRING Token name for authentication 697s --key_id=STRING Key ID for authentication 697s --label=STRING Label for authentication 697s --certificate=STRING certificate to verify, base64 encoded 697s --uri=STRING PKCS#11 URI to restrict selection 697s --chain-id=LONG Tevent chain ID used for logging 697s purposes 697s 697s Help options: 697s -?, --help Show this help message 697s --usage Display brief usage message' 697s + echo 'Usage: p11_child [OPTION...] 697s -d, --debug-level=INT Debug level 697s --debug-timestamps=INT Add debug timestamps 697s --debug-microseconds=INT Show timestamps with microseconds 697s --dumpable=INT Allow core dumps 697s --backtrace=INT Enable debug backtrace 697s --debug-fd=INT An open file descriptor for the debug 697s logs 697s --logger=stderr|files|journald Set logger 697s --auth Run in auth mode 697s --pre Run in pre-auth mode 697s --wait_for_card Wait until card is available 697s --verification Run in verification mode 697s --pin Expect PIN on stdin 697s --keypad Expect PIN on keypad 697s --verify=STRING Tune validation 697s --ca_db=STRING CA DB to use 697s --module_name=STRING Module name for authentication 697s --token_name=STRING Token name for authentication 697s --key_id=STRING Key ID for authentication 697s --label=STRING Label for authentication 697s --certificate=STRING certificate to verify, base64 encoded 697s --uri=STRING PKCS#11 URI to restrict selection 697s --chain-id=LONG Tevent chain ID used for logging 697s purposes 697s 697s Help options: 697s -?, --help Show this help message 697s --usage Display brief usage message' 697s + grep nssdb -qs 697s + echo 'Usage: p11_child [OPTION...] 697s -d, --debug-level=INT Debug level 697s --debug-timestamps=INT Add debug timestamps 697s --debug-microseconds=INT Show timestamps with microseconds 697s --dumpable=INT Allow core dumps 697s --backtrace=INT Enable debug backtrace 697s --debug-fd=INT An open file descriptor for the debug 697s logs 697s --logger=stderr|files|journald Set logger 697s --auth Run in auth mode 697s --pre Run in pre-auth mode 697s --wait_for_card Wait until card is available 697s --verification Run in verification mode 697s --pin Expect PIN on stdin 697s --keypad Expect PIN on keypad 697s --verify=STRING Tune validation 697s --ca_db=STRING CA DB to use 697s --module_name=STRING Module name for authentication 697s --token_name=STRING Token name for authentication 697s --key_id=STRING Key ID for authentication 697s --label=STRING Label for authentication 697s --certificate=STRING certificate to verify, base64 encoded 697s --uri=STRING PKCS#11 URI to restrict selection 697s --chain-id=LONG Tevent chain ID used for logging 697s purposes 697s 697s Help options: 697s -?, --help Show this help message 697s --usage Display brief usage message' 697s + grep -qs -- --ca_db 697s + '[' '!' -e /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so ']' 697s ++ mktemp -d -t sssd-softhsm2-XXXXXX 697s + tmpdir=/tmp/sssd-softhsm2-91sRMn 697s + keys_size=1024 697s + [[ ! -v KEEP_TEMPORARY_FILES ]] 697s + trap 'rm -rf "$tmpdir"' EXIT 697s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 697s + echo -n 01 697s + touch /tmp/sssd-softhsm2-91sRMn/index.txt 697s + mkdir -p /tmp/sssd-softhsm2-91sRMn/new_certs 697s + cat 697s + root_ca_key_pass=pass:random-root-CA-password-8166 697s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-91sRMn/test-root-CA-key.pem -passout pass:random-root-CA-password-8166 1024 697s + openssl req -passin pass:random-root-CA-password-8166 -batch -config /tmp/sssd-softhsm2-91sRMn/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-91sRMn/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 697s + openssl x509 -noout -in /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 697s + cat 697s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-4913 697s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-4913 1024 697s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-4913 -config /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.config -key /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-8166 -sha256 -out /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-certificate-request.pem 697s + openssl req -text -noout -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-certificate-request.pem 697s Certificate Request: 697s Data: 697s Version: 1 (0x0) 697s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 697s Subject Public Key Info: 697s Public Key Algorithm: rsaEncryption 697s Public-Key: (1024 bit) 697s Modulus: 697s 00:b8:a4:ff:94:c8:35:c5:02:18:31:7e:93:33:eb: 697s b1:65:4c:69:9b:48:34:0a:ac:94:0e:ce:61:4a:b1: 697s 31:70:1d:9b:6c:6f:47:fc:29:f8:34:15:c3:ce:37: 697s 08:e7:71:fc:64:d9:ab:22:07:2a:7b:95:88:4b:ed: 697s 3f:3b:ee:4b:8f:25:76:db:d1:fa:0b:93:04:de:10: 697s 28:58:ca:91:9e:3f:cf:27:13:64:33:7f:69:4c:be: 697s 80:46:31:02:cf:66:7e:17:9b:59:69:07:e4:8b:64: 697s b6:32:d9:f7:9e:4e:f9:68:c8:70:88:7d:7b:f2:0c: 697s 42:f2:ac:a0:95:f8:7c:a6:a5 697s Exponent: 65537 (0x10001) 697s Attributes: 697s (none) 697s Requested Extensions: 697s Signature Algorithm: sha256WithRSAEncryption 697s Signature Value: 697s 91:16:96:3b:d1:23:60:31:0b:09:24:b1:06:32:88:0b:0b:0f: 697s 61:e6:84:9d:f8:d9:66:9e:65:1b:c4:d0:e0:9e:cd:e5:70:73: 697s 6c:58:65:4a:35:3a:84:70:44:22:a1:df:fa:8f:e1:c3:cc:55: 697s 3b:cb:f5:da:35:d3:bb:87:2f:6d:14:8a:38:60:f2:3e:76:c8: 697s 58:fc:f5:a4:dc:b3:68:76:dd:c9:b0:c1:b0:43:04:30:d0:c2: 697s b6:24:3a:b0:d2:fe:7f:3f:8c:fb:ae:e3:28:2a:03:b0:4a:41: 697s 26:40:11:00:23:1f:42:b4:2f:b2:89:5e:dd:46:97:de:76:6b: 697s 66:d7 697s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-91sRMn/test-root-CA.config -passin pass:random-root-CA-password-8166 -keyfile /tmp/sssd-softhsm2-91sRMn/test-root-CA-key.pem -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 697s Using configuration from /tmp/sssd-softhsm2-91sRMn/test-root-CA.config 697s Check that the request matches the signature 697s Signature ok 697s Certificate Details: 697s Serial Number: 1 (0x1) 697s Validity 697s Not Before: Mar 15 18:02:28 2025 GMT 697s Not After : Mar 15 18:02:28 2026 GMT 697s Subject: 697s organizationName = Test Organization 697s organizationalUnitName = Test Organization Unit 697s commonName = Test Organization Intermediate CA 697s X509v3 extensions: 697s X509v3 Subject Key Identifier: 697s 8E:E9:5D:49:C6:DA:1F:92:7E:D3:EB:D4:2C:FC:07:AF:1F:D6:6D:0A 697s X509v3 Authority Key Identifier: 697s keyid:06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 697s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 697s serial:00 697s X509v3 Basic Constraints: 697s CA:TRUE 697s X509v3 Key Usage: critical 697s Digital Signature, Certificate Sign, CRL Sign 697s Certificate is to be certified until Mar 15 18:02:28 2026 GMT (365 days) 697s 697s Write out database with 1 new entries 697s Database updated 697s + openssl x509 -noout -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 697s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 697s /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem: OK 697s + cat 697s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-13949 697s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-13949 1024 697s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-13949 -config /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-4913 -sha256 -out /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-certificate-request.pem 697s + openssl req -text -noout -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-certificate-request.pem 697s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-4913 -keyfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 697s Certificate Request: 697s Data: 697s Version: 1 (0x0) 697s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 697s Subject Public Key Info: 697s Public Key Algorithm: rsaEncryption 697s Public-Key: (1024 bit) 697s Modulus: 697s 00:ed:e4:47:e9:e2:02:a9:7d:2c:48:f5:87:1f:7e: 697s be:4f:1d:f2:bf:5b:50:9e:67:2c:48:69:aa:ff:48: 697s aa:62:3f:52:70:04:6a:40:51:07:14:d6:91:ce:cb: 697s 42:55:ef:0a:43:b5:a7:eb:63:dc:70:27:a6:bc:51: 697s a1:98:14:83:d5:8b:c8:10:90:3f:63:6c:52:2a:2d: 697s 4d:69:12:7a:2a:c0:10:24:ac:e5:12:9e:14:d6:60: 697s e1:74:6e:5c:99:77:5d:76:c0:7f:12:22:10:75:02: 697s 61:60:5f:87:fc:67:9f:43:36:20:e4:d4:c9:c9:0c: 697s 57:cb:b5:b3:2c:db:72:61:15 697s Exponent: 65537 (0x10001) 697s Attributes: 697s (none) 697s Requested Extensions: 697s Signature Algorithm: sha256WithRSAEncryption 697s Signature Value: 697s 24:62:39:b4:17:ac:a3:36:fa:ef:36:97:49:15:7e:7f:0b:9b: 697s a7:44:75:86:55:95:89:fe:56:0a:7b:69:5b:a2:8b:1e:2a:af: 697s b2:bb:23:57:63:4b:08:17:52:24:fe:65:da:6a:2f:4a:e7:e9: 697s 76:0b:90:c7:ed:a7:6b:e0:3b:16:35:bb:4b:45:2b:61:bb:1c: 697s e1:89:8b:ff:ed:0c:6e:03:e8:fa:c5:93:6a:6b:9a:31:96:e8: 697s 90:42:4a:72:99:55:6a:28:7b:4d:a6:8d:68:f0:10:6c:6f:5b: 697s 0a:59:a8:bd:47:ab:4a:8b:74:b7:cf:87:b1:ce:51:ae:c9:a2: 697s 70:6a 697s Using configuration from /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.config 697s Check that the request matches the signature 697s Signature ok 697s Certificate Details: 697s Serial Number: 2 (0x2) 697s Validity 697s Not Before: Mar 15 18:02:28 2025 GMT 697s Not After : Mar 15 18:02:28 2026 GMT 697s Subject: 697s organizationName = Test Organization 697s organizationalUnitName = Test Organization Unit 697s commonName = Test Organization Sub Intermediate CA 697s X509v3 extensions: 697s X509v3 Subject Key Identifier: 697s 2F:56:9C:E4:31:9C:A5:BE:9D:56:E3:A3:94:30:54:18:7C:7E:5D:A0 697s X509v3 Authority Key Identifier: 697s keyid:8E:E9:5D:49:C6:DA:1F:92:7E:D3:EB:D4:2C:FC:07:AF:1F:D6:6D:0A 697s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 697s serial:01 697s X509v3 Basic Constraints: 697s CA:TRUE 697s X509v3 Key Usage: critical 697s Digital Signature, Certificate Sign, CRL Sign 697s Certificate is to be certified until Mar 15 18:02:28 2026 GMT (365 days) 697s 697s Write out database with 1 new entries 697s Database updated 697s + openssl x509 -noout -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 697s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 697s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 697s + local cmd=openssl 697s + shift 697s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 697s /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem: OK 697s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 697s error 20 at 0 depth lookup: unable to get local issuer certificate 697s error /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem: verification failed 697s + cat 697s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-24251 697s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-24251 1024 697s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-24251 -key /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001-request.pem 697s + openssl req -text -noout -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001-request.pem 697s Certificate Request: 697s Data: 697s Version: 1 (0x0) 697s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 697s Subject Public Key Info: 697s Public Key Algorithm: rsaEncryption 697s Public-Key: (1024 bit) 697s Modulus: 697s 00:b8:1c:db:f7:29:73:2e:11:bd:15:76:87:6f:a5: 697s ca:5d:ab:49:22:19:b1:0e:4d:8e:48:91:00:d6:01: 697s 2d:64:a8:4e:36:71:aa:9d:f0:e9:1b:29:eb:dc:f7: 697s 15:fc:e0:b5:09:d2:cb:26:9c:91:dd:3f:96:4a:ce: 697s 5f:12:61:3a:f9:0d:ea:01:fb:2c:7a:7f:c6:f0:98: 697s 2e:d7:2f:39:16:13:0a:4a:c4:23:c4:73:fb:85:82: 697s db:99:b8:7a:cc:71:bc:36:36:cb:90:71:83:36:1e: 697s 16:86:26:04:ce:57:c1:e0:49:5c:62:f7:a4:2f:43: 697s 50:2c:bf:c5:e6:b4:73:4d:f5 697s Exponent: 65537 (0x10001) 697s Attributes: 697s Requested Extensions: 697s X509v3 Basic Constraints: 697s CA:FALSE 697s Netscape Cert Type: 697s SSL Client, S/MIME 697s Netscape Comment: 697s Test Organization Root CA trusted Certificate 697s X509v3 Subject Key Identifier: 697s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 697s X509v3 Key Usage: critical 697s Digital Signature, Non Repudiation, Key Encipherment 697s X509v3 Extended Key Usage: 697s TLS Web Client Authentication, E-mail Protection 697s X509v3 Subject Alternative Name: 697s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 697s Signature Algorithm: sha256WithRSAEncryption 697s Signature Value: 697s a7:fe:66:12:d7:69:d6:ce:b5:e1:5e:db:8d:12:81:c5:34:c1: 697s 6c:af:fb:3c:6b:0c:f3:07:f4:e6:cc:16:e3:74:e6:79:95:3e: 697s 96:b1:33:b6:4b:16:e1:ae:a0:eb:bf:77:6c:84:06:26:41:9a: 697s 2d:1e:5d:4d:20:44:0e:58:9b:8d:48:7e:1e:23:6b:0d:e0:d8: 697s ed:10:77:73:1c:a7:27:e2:bc:33:77:af:c7:29:bd:b8:22:f2: 697s 82:98:a6:3c:7f:9b:4c:c1:52:df:4c:79:8d:16:1e:2e:7d:41: 697s 9b:88:21:6c:c9:f4:45:2b:9e:1a:92:08:e4:f7:dd:8e:2f:18: 697s 33:1d 698s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-91sRMn/test-root-CA.config -passin pass:random-root-CA-password-8166 -keyfile /tmp/sssd-softhsm2-91sRMn/test-root-CA-key.pem -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s Using configuration from /tmp/sssd-softhsm2-91sRMn/test-root-CA.config 698s Check that the request matches the signature 698s Signature ok 698s Certificate Details: 698s Serial Number: 3 (0x3) 698s Validity 698s Not Before: Mar 15 18:02:28 2025 GMT 698s Not After : Mar 15 18:02:28 2026 GMT 698s Subject: 698s organizationName = Test Organization 698s organizationalUnitName = Test Organization Unit 698s commonName = Test Organization Root Trusted Certificate 0001 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s 06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Root CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Certificate is to be certified until Mar 15 18:02:28 2026 GMT (365 days) 698s 698s Write out database with 1 new entries 698s Database updated 698s + openssl x509 -noout -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + local cmd=openssl 698s + shift 698s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem: OK 698s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 698s error 20 at 0 depth lookup: unable to get local issuer certificate 698s error /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem: verification failed 698s + cat 698s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 698s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-15881 1024 698s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-15881 -key /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001-request.pem 698s + openssl req -text -noout -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001-request.pem 698s + openssl ca -passin pass:random-intermediate-CA-password-4913 -config /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 698s Certificate Request: 698s Data: 698s Version: 1 (0x0) 698s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:be:21:53:47:90:55:cb:ab:1c:8b:40:a9:ac:61: 698s 9f:b3:df:d5:43:c0:2f:6c:65:a6:3e:9e:69:d0:53: 698s 1c:56:0d:5a:62:34:74:04:c4:65:52:44:4d:9f:ec: 698s b0:92:20:b4:01:d6:23:cf:4f:d0:ee:4f:c2:ed:1a: 698s c6:a0:f0:79:a2:3f:9c:21:8a:53:c5:70:26:17:d6: 698s 35:7b:2b:3b:ca:25:35:9a:7f:22:9d:96:a4:81:b1: 698s a3:ae:50:a3:ee:a1:d3:8c:9c:ec:67:52:5a:40:da: 698s bc:5a:ad:d9:12:b6:c7:44:8c:f3:22:9c:18:aa:a1: 698s 3d:21:26:2c:ab:c6:11:d2:0f 698s Exponent: 65537 (0x10001) 698s Attributes: 698s Requested Extensions: 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Intermediate CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s 46:D5:9A:73:2A:B4:5D:A6:51:86:7A:7F:19:40:56:11:C4:D4:0B:EE 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 10:9f:d6:71:6d:2f:61:af:d5:9d:bf:67:d7:45:46:ef:07:f4: 698s 9f:74:ac:0d:32:42:57:28:fc:eb:76:0a:f3:44:0b:70:c3:b9: 698s 06:93:db:53:b6:99:9c:a9:61:a1:f1:3e:2b:c5:f8:d4:56:08: 698s 60:b3:bc:63:2b:1a:dd:55:f2:7c:82:ff:ce:38:cd:8f:5e:33: 698s 9c:08:0a:ac:7a:89:e2:1c:6b:4b:37:3e:0a:62:ac:28:12:45: 698s 52:d2:02:21:f1:3b:17:c3:42:72:b6:2c:e9:f6:51:ae:0f:46: 698s b6:fa:4b:25:a4:43:9d:c3:78:fa:cc:76:8c:3b:46:f3:14:e2: 698s 1b:d3 698s Using configuration from /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.config 698s Check that the request matches the signature 698s Signature ok 698s Certificate Details: 698s Serial Number: 4 (0x4) 698s Validity 698s Not Before: Mar 15 18:02:29 2025 GMT 698s Not After : Mar 15 18:02:29 2026 GMT 698s Subject: 698s organizationName = Test Organization 698s organizationalUnitName = Test Organization Unit 698s commonName = Test Organization Intermediate Trusted Certificate 0001 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s 8E:E9:5D:49:C6:DA:1F:92:7E:D3:EB:D4:2C:FC:07:AF:1F:D6:6D:0A 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Intermediate CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s 46:D5:9A:73:2A:B4:5D:A6:51:86:7A:7F:19:40:56:11:C4:D4:0B:EE 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Certificate is to be certified until Mar 15 18:02:29 2026 GMT (365 days) 698s 698s Write out database with 1 new entries 698s Database updated 698s + openssl x509 -noout -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 698s + echo 'This certificate should not be trusted fully' 698s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 698s + local cmd=openssl 698s + shift 698s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 698s This certificate should not be trusted fully 698s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 698s error 2 at 1 depth lookup: unable to get issuer certificate 698s error /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 698s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 698s /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem: OK 698s + cat 698s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 698s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-23305 1024 698s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-23305 -key /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 698s + openssl req -text -noout -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 698s + openssl ca -passin pass:random-sub-intermediate-CA-password-13949 -config /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 698s Certificate Request: 698s Data: 698s Version: 1 (0x0) 698s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:d5:fb:7e:c5:ea:f7:2e:da:bc:a4:01:e2:89:99: 698s f4:64:45:91:4e:58:0b:68:8b:db:19:33:9a:79:58: 698s 47:54:80:c3:2e:fe:50:a1:73:85:b9:24:66:5f:87: 698s a6:ad:bb:4b:27:72:fb:53:56:57:1f:52:1d:fc:f9: 698s da:5d:b0:99:0f:0e:62:77:b2:42:6e:36:ca:4d:21: 698s 63:fe:af:4b:1b:1e:bd:cd:b1:70:4a:b3:2e:f5:9e: 698s 5c:fa:2d:5a:0f:e1:01:9c:17:b8:cb:5c:bc:c8:1f: 698s 3c:bd:cf:1e:85:e7:14:60:e5:e1:65:4b:1e:11:92: 698s 9d:98:15:06:31:10:58:8f:db 698s Exponent: 65537 (0x10001) 698s Attributes: 698s Requested Extensions: 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Sub Intermediate CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s E6:11:0E:9F:D6:36:3B:3E:82:57:7C:DB:0F:D9:B0:AA:25:F9:64:A2 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 88:86:11:24:8b:41:36:51:70:7c:5d:c9:8a:1b:3d:5c:0f:9e: 698s e0:c6:87:bb:84:0e:0d:a2:be:e2:26:3e:5c:0c:91:13:5b:9d: 698s e9:36:26:72:ec:55:86:7e:56:92:1a:cf:17:93:06:9d:41:9b: 698s c8:0e:fc:ab:63:a3:df:36:ec:47:91:ee:e2:09:3e:c4:19:b4: 698s 4e:0a:70:be:73:4b:0c:43:4d:a4:dc:a7:e2:c4:0f:84:25:7a: 698s 94:c7:d9:98:4b:13:f4:16:17:e1:ce:a4:2e:ed:39:e7:02:a5: 698s e4:b0:aa:07:1e:d6:7f:49:4b:b5:d1:5d:4b:4b:4a:21:a2:69: 698s 6b:49 698s Using configuration from /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.config 698s Check that the request matches the signature 698s Signature ok 698s Certificate Details: 698s Serial Number: 5 (0x5) 698s Validity 698s Not Before: Mar 15 18:02:29 2025 GMT 698s Not After : Mar 15 18:02:29 2026 GMT 698s Subject: 698s organizationName = Test Organization 698s organizationalUnitName = Test Organization Unit 698s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s 2F:56:9C:E4:31:9C:A5:BE:9D:56:E3:A3:94:30:54:18:7C:7E:5D:A0 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Sub Intermediate CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s E6:11:0E:9F:D6:36:3B:3E:82:57:7C:DB:0F:D9:B0:AA:25:F9:64:A2 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Certificate is to be certified until Mar 15 18:02:29 2026 GMT (365 days) 698s 698s Write out database with 1 new entries 698s Database updated 698s + openssl x509 -noout -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 698s This certificate should not be trusted fully 698s + echo 'This certificate should not be trusted fully' 698s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 698s + local cmd=openssl 698s + shift 698s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 698s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 698s error 2 at 1 depth lookup: unable to get issuer certificate 698s error /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 698s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 698s + local cmd=openssl 698s + shift 698s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 698s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 698s error 20 at 0 depth lookup: unable to get local issuer certificate 698s error /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 698s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 698s /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 698s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 698s + local cmd=openssl 698s + shift 698s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 698s Building a the full-chain CA file... 698s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 698s error 20 at 0 depth lookup: unable to get local issuer certificate 698s error /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 698s + echo 'Building a the full-chain CA file...' 698s + cat /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 698s + cat /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 698s + cat /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 698s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 698s + openssl pkcs7 -print_certs -noout 698s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 698s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 698s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 698s 698s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 698s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 698s 698s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 698s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 698s 698s /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem: OK 698s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem: OK 698s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 698s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem /tmp/sssd-softhsm2-91sRMn/test-root-intermediate-chain-CA.pem 698s /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem: OK 698s /tmp/sssd-softhsm2-91sRMn/test-root-intermediate-chain-CA.pem: OK 698s + openssl verify -CAfile /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 698s /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 698s + echo 'Certificates generation completed!' 698s Certificates generation completed! 698s + [[ -v NO_SSSD_TESTS ]] 698s + invalid_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /dev/null 698s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /dev/null 698s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 698s + local key_ring=/dev/null 698s + local verify_option= 698s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 698s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 698s + local key_cn 698s + local key_name 698s + local tokens_dir 698s + local output_cert_file 698s + token_name= 698s ++ basename /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem .pem 698s + key_name=test-root-CA-trusted-certificate-0001 698s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s ++ sed -n 's/ *commonName *= //p' 698s + key_cn='Test Organization Root Trusted Certificate 0001' 698s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 698s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 698s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 698s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 698s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 698s + token_name='Test Organization Root Tr Token' 698s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 698s + local key_file 698s + local decrypted_key 698s + mkdir -p /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 698s + key_file=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001-key.pem 698s + decrypted_key=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001-key-decrypted.pem 698s + cat 698s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 698s Slot 0 has a free/uninitialized token. 698s The token has been initialized and is reassigned to slot 20821335 698s + softhsm2-util --show-slots 698s Available slots: 698s Slot 20821335 698s Slot info: 698s Description: SoftHSM slot ID 0x13db557 698s Manufacturer ID: SoftHSM project 698s Hardware version: 2.6 698s Firmware version: 2.6 698s Token present: yes 698s Token info: 698s Manufacturer ID: SoftHSM project 698s Model: SoftHSM v2 698s Hardware version: 2.6 698s Firmware version: 2.6 698s Serial number: 975d27bd813db557 698s Initialized: yes 698s User PIN init.: yes 698s Label: Test Organization Root Tr Token 698s Slot 1 698s Slot info: 698s Description: SoftHSM slot ID 0x1 698s Manufacturer ID: SoftHSM project 698s Hardware version: 2.6 698s Firmware version: 2.6 698s Token present: yes 698s Token info: 698s Manufacturer ID: SoftHSM project 698s Model: SoftHSM v2 698s Hardware version: 2.6 698s Firmware version: 2.6 698s Serial number: 698s Initialized: no 698s User PIN init.: no 698s Label: 698s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 698s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-24251 -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001-key-decrypted.pem 698s writing RSA key 698s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 698s + rm /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001-key-decrypted.pem 698s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 698s Object 0: 698s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=975d27bd813db557;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 698s Type: X.509 Certificate (RSA-1024) 698s Expires: Sun Mar 15 18:02:28 2026 698s Label: Test Organization Root Trusted Certificate 0001 698s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 698s 698s Test Organization Root Tr Token 698s + echo 'Test Organization Root Tr Token' 698s + '[' -n '' ']' 698s + local output_base_name=SSSD-child-5631 698s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-5631.output 698s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-5631.pem 698s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/dev/null 698s [p11_child[1647]] [main] (0x0400): p11_child started. 698s [p11_child[1647]] [main] (0x2000): Running in [pre-auth] mode. 698s [p11_child[1647]] [main] (0x2000): Running with effective IDs: [0][0]. 698s [p11_child[1647]] [main] (0x2000): Running with real IDs [0][0]. 698s [p11_child[1647]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 698s [p11_child[1647]] [do_work] (0x0040): init_verification failed. 698s [p11_child[1647]] [main] (0x0020): p11_child failed (5) 698s + return 2 698s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /dev/null no_verification 698s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /dev/null no_verification 698s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 698s + local key_ring=/dev/null 698s + local verify_option=no_verification 698s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 698s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 698s + local key_cn 698s + local key_name 698s + local tokens_dir 698s + local output_cert_file 698s + token_name= 698s ++ basename /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem .pem 698s + key_name=test-root-CA-trusted-certificate-0001 698s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s ++ sed -n 's/ *commonName *= //p' 698s + key_cn='Test Organization Root Trusted Certificate 0001' 698s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 698s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 698s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 698s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 698s Test Organization Root Tr Token 698s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 698s + token_name='Test Organization Root Tr Token' 698s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 698s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 698s + echo 'Test Organization Root Tr Token' 698s + '[' -n no_verification ']' 698s + local verify_arg=--verify=no_verification 698s + local output_base_name=SSSD-child-13746 698s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-13746.output 698s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-13746.pem 698s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 698s [p11_child[1653]] [main] (0x0400): p11_child started. 698s [p11_child[1653]] [main] (0x2000): Running in [pre-auth] mode. 698s [p11_child[1653]] [main] (0x2000): Running with effective IDs: [0][0]. 698s [p11_child[1653]] [main] (0x2000): Running with real IDs [0][0]. 698s [p11_child[1653]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 698s [p11_child[1653]] [do_card] (0x4000): Module List: 698s [p11_child[1653]] [do_card] (0x4000): common name: [softhsm2]. 698s [p11_child[1653]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1653]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 698s [p11_child[1653]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 698s [p11_child[1653]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1653]] [do_card] (0x4000): Login NOT required. 698s [p11_child[1653]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 698s [p11_child[1653]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 698s [p11_child[1653]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13db557;slot-manufacturer=SoftHSM%20project;slot-id=20821335;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=975d27bd813db557;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 698s [p11_child[1653]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 698s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-13746.output 698s + echo '-----BEGIN CERTIFICATE-----' 698s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-13746.output 698s + echo '-----END CERTIFICATE-----' 698s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-13746.pem 698s + local found_md5 expected_md5 698s Certificate: 698s Data: 698s Version: 3 (0x2) 698s Serial Number: 3 (0x3) 698s Signature Algorithm: sha256WithRSAEncryption 698s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 698s Validity 698s Not Before: Mar 15 18:02:28 2025 GMT 698s Not After : Mar 15 18:02:28 2026 GMT 698s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:b8:1c:db:f7:29:73:2e:11:bd:15:76:87:6f:a5: 698s ca:5d:ab:49:22:19:b1:0e:4d:8e:48:91:00:d6:01: 698s 2d:64:a8:4e:36:71:aa:9d:f0:e9:1b:29:eb:dc:f7: 698s 15:fc:e0:b5:09:d2:cb:26:9c:91:dd:3f:96:4a:ce: 698s 5f:12:61:3a:f9:0d:ea:01:fb:2c:7a:7f:c6:f0:98: 698s 2e:d7:2f:39:16:13:0a:4a:c4:23:c4:73:fb:85:82: 698s db:99:b8:7a:cc:71:bc:36:36:cb:90:71:83:36:1e: 698s 16:86:26:04:ce:57:c1:e0:49:5c:62:f7:a4:2f:43: 698s 50:2c:bf:c5:e6:b4:73:4d:f5 698s Exponent: 65537 (0x10001) 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s 06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Root CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 89:7b:2d:b8:b5:81:4f:93:17:ea:75:64:3d:6b:d1:45:e3:70: 698s 1f:1e:29:b7:b0:b4:56:db:b1:da:38:cc:94:57:6a:7e:b0:1e: 698s 31:dc:23:75:c8:34:02:e9:ea:fb:ce:2f:25:07:94:04:0c:77: 698s ea:c6:a6:df:13:65:66:cd:69:b6:2d:c5:fb:ab:a3:82:54:98: 698s cb:38:1f:fe:95:00:a2:4c:9f:d6:87:7c:16:a8:72:15:8c:96: 698s 4b:6b:51:ca:c1:5a:ee:09:e9:be:9d:70:2e:8a:9e:72:93:a1: 698s 7e:99:83:f7:10:da:ee:b1:aa:0b:c1:b5:9a:40:ba:c5:31:ce: 698s 2e:19 698s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + expected_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 698s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-13746.pem 698s + found_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 698s + '[' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 '!=' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 ']' 698s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-13746-auth.output 698s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-13746-auth.output .output 698s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-13746-auth.pem 698s + echo -n 053350 698s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 698s [p11_child[1661]] [main] (0x0400): p11_child started. 698s [p11_child[1661]] [main] (0x2000): Running in [auth] mode. 698s [p11_child[1661]] [main] (0x2000): Running with effective IDs: [0][0]. 698s [p11_child[1661]] [main] (0x2000): Running with real IDs [0][0]. 698s [p11_child[1661]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 698s [p11_child[1661]] [do_card] (0x4000): Module List: 698s [p11_child[1661]] [do_card] (0x4000): common name: [softhsm2]. 698s [p11_child[1661]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1661]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 698s [p11_child[1661]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 698s [p11_child[1661]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1661]] [do_card] (0x4000): Login required. 698s [p11_child[1661]] [do_card] (0x4000): Token flags [1069]. 698s [p11_child[1661]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 698s [p11_child[1661]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 698s [p11_child[1661]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13db557;slot-manufacturer=SoftHSM%20project;slot-id=20821335;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=975d27bd813db557;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 698s [p11_child[1661]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 698s [p11_child[1661]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 698s [p11_child[1661]] [do_card] (0x4000): Certificate verified and validated. 698s [p11_child[1661]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 698s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-13746-auth.output 698s + echo '-----BEGIN CERTIFICATE-----' 698s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-13746-auth.output 698s + echo '-----END CERTIFICATE-----' 698s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-13746-auth.pem 698s Certificate: 698s Data: 698s Version: 3 (0x2) 698s Serial Number: 3 (0x3) 698s Signature Algorithm: sha256WithRSAEncryption 698s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 698s Validity 698s Not Before: Mar 15 18:02:28 2025 GMT 698s Not After : Mar 15 18:02:28 2026 GMT 698s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:b8:1c:db:f7:29:73:2e:11:bd:15:76:87:6f:a5: 698s ca:5d:ab:49:22:19:b1:0e:4d:8e:48:91:00:d6:01: 698s 2d:64:a8:4e:36:71:aa:9d:f0:e9:1b:29:eb:dc:f7: 698s 15:fc:e0:b5:09:d2:cb:26:9c:91:dd:3f:96:4a:ce: 698s 5f:12:61:3a:f9:0d:ea:01:fb:2c:7a:7f:c6:f0:98: 698s 2e:d7:2f:39:16:13:0a:4a:c4:23:c4:73:fb:85:82: 698s db:99:b8:7a:cc:71:bc:36:36:cb:90:71:83:36:1e: 698s 16:86:26:04:ce:57:c1:e0:49:5c:62:f7:a4:2f:43: 698s 50:2c:bf:c5:e6:b4:73:4d:f5 698s Exponent: 65537 (0x10001) 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s 06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Root CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 89:7b:2d:b8:b5:81:4f:93:17:ea:75:64:3d:6b:d1:45:e3:70: 698s 1f:1e:29:b7:b0:b4:56:db:b1:da:38:cc:94:57:6a:7e:b0:1e: 698s 31:dc:23:75:c8:34:02:e9:ea:fb:ce:2f:25:07:94:04:0c:77: 698s ea:c6:a6:df:13:65:66:cd:69:b6:2d:c5:fb:ab:a3:82:54:98: 698s cb:38:1f:fe:95:00:a2:4c:9f:d6:87:7c:16:a8:72:15:8c:96: 698s 4b:6b:51:ca:c1:5a:ee:09:e9:be:9d:70:2e:8a:9e:72:93:a1: 698s 7e:99:83:f7:10:da:ee:b1:aa:0b:c1:b5:9a:40:ba:c5:31:ce: 698s 2e:19 698s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-13746-auth.pem 698s + found_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 698s + '[' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 '!=' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 ']' 698s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 698s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 698s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 698s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 698s + local verify_option= 698s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 698s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 698s + local key_cn 698s + local key_name 698s + local tokens_dir 698s + local output_cert_file 698s + token_name= 698s ++ basename /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem .pem 698s + key_name=test-root-CA-trusted-certificate-0001 698s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s ++ sed -n 's/ *commonName *= //p' 698s + key_cn='Test Organization Root Trusted Certificate 0001' 698s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 698s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 698s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 698s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 698s Test Organization Root Tr Token 698s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 698s + token_name='Test Organization Root Tr Token' 698s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 698s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 698s + echo 'Test Organization Root Tr Token' 698s + '[' -n '' ']' 698s + local output_base_name=SSSD-child-17333 698s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-17333.output 698s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-17333.pem 698s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 698s [p11_child[1671]] [main] (0x0400): p11_child started. 698s [p11_child[1671]] [main] (0x2000): Running in [pre-auth] mode. 698s [p11_child[1671]] [main] (0x2000): Running with effective IDs: [0][0]. 698s [p11_child[1671]] [main] (0x2000): Running with real IDs [0][0]. 698s [p11_child[1671]] [do_card] (0x4000): Module List: 698s [p11_child[1671]] [do_card] (0x4000): common name: [softhsm2]. 698s [p11_child[1671]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1671]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 698s [p11_child[1671]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 698s [p11_child[1671]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1671]] [do_card] (0x4000): Login NOT required. 698s [p11_child[1671]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 698s [p11_child[1671]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 698s [p11_child[1671]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 698s [p11_child[1671]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13db557;slot-manufacturer=SoftHSM%20project;slot-id=20821335;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=975d27bd813db557;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 698s [p11_child[1671]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 698s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-17333.output 698s + echo '-----BEGIN CERTIFICATE-----' 698s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-17333.output 698s + echo '-----END CERTIFICATE-----' 698s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-17333.pem 698s + local found_md5 expected_md5 698s Certificate: 698s Data: 698s Version: 3 (0x2) 698s Serial Number: 3 (0x3) 698s Signature Algorithm: sha256WithRSAEncryption 698s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 698s Validity 698s Not Before: Mar 15 18:02:28 2025 GMT 698s Not After : Mar 15 18:02:28 2026 GMT 698s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:b8:1c:db:f7:29:73:2e:11:bd:15:76:87:6f:a5: 698s ca:5d:ab:49:22:19:b1:0e:4d:8e:48:91:00:d6:01: 698s 2d:64:a8:4e:36:71:aa:9d:f0:e9:1b:29:eb:dc:f7: 698s 15:fc:e0:b5:09:d2:cb:26:9c:91:dd:3f:96:4a:ce: 698s 5f:12:61:3a:f9:0d:ea:01:fb:2c:7a:7f:c6:f0:98: 698s 2e:d7:2f:39:16:13:0a:4a:c4:23:c4:73:fb:85:82: 698s db:99:b8:7a:cc:71:bc:36:36:cb:90:71:83:36:1e: 698s 16:86:26:04:ce:57:c1:e0:49:5c:62:f7:a4:2f:43: 698s 50:2c:bf:c5:e6:b4:73:4d:f5 698s Exponent: 65537 (0x10001) 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s 06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Root CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 89:7b:2d:b8:b5:81:4f:93:17:ea:75:64:3d:6b:d1:45:e3:70: 698s 1f:1e:29:b7:b0:b4:56:db:b1:da:38:cc:94:57:6a:7e:b0:1e: 698s 31:dc:23:75:c8:34:02:e9:ea:fb:ce:2f:25:07:94:04:0c:77: 698s ea:c6:a6:df:13:65:66:cd:69:b6:2d:c5:fb:ab:a3:82:54:98: 698s cb:38:1f:fe:95:00:a2:4c:9f:d6:87:7c:16:a8:72:15:8c:96: 698s 4b:6b:51:ca:c1:5a:ee:09:e9:be:9d:70:2e:8a:9e:72:93:a1: 698s 7e:99:83:f7:10:da:ee:b1:aa:0b:c1:b5:9a:40:ba:c5:31:ce: 698s 2e:19 698s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + expected_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 698s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-17333.pem 698s + found_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 698s + '[' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 '!=' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 ']' 698s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-17333-auth.output 698s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-17333-auth.output .output 698s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-17333-auth.pem 698s + echo -n 053350 698s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 698s [p11_child[1679]] [main] (0x0400): p11_child started. 698s [p11_child[1679]] [main] (0x2000): Running in [auth] mode. 698s [p11_child[1679]] [main] (0x2000): Running with effective IDs: [0][0]. 698s [p11_child[1679]] [main] (0x2000): Running with real IDs [0][0]. 698s [p11_child[1679]] [do_card] (0x4000): Module List: 698s [p11_child[1679]] [do_card] (0x4000): common name: [softhsm2]. 698s [p11_child[1679]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1679]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 698s [p11_child[1679]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 698s [p11_child[1679]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1679]] [do_card] (0x4000): Login required. 698s [p11_child[1679]] [do_card] (0x4000): Token flags [1069]. 698s [p11_child[1679]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 698s [p11_child[1679]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 698s [p11_child[1679]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 698s [p11_child[1679]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13db557;slot-manufacturer=SoftHSM%20project;slot-id=20821335;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=975d27bd813db557;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 698s [p11_child[1679]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 698s [p11_child[1679]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 698s [p11_child[1679]] [do_card] (0x4000): Certificate verified and validated. 698s [p11_child[1679]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 698s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-17333-auth.output 698s + echo '-----BEGIN CERTIFICATE-----' 698s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-17333-auth.output 698s + echo '-----END CERTIFICATE-----' 698s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-17333-auth.pem 698s Certificate: 698s Data: 698s Version: 3 (0x2) 698s Serial Number: 3 (0x3) 698s Signature Algorithm: sha256WithRSAEncryption 698s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 698s Validity 698s Not Before: Mar 15 18:02:28 2025 GMT 698s Not After : Mar 15 18:02:28 2026 GMT 698s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:b8:1c:db:f7:29:73:2e:11:bd:15:76:87:6f:a5: 698s ca:5d:ab:49:22:19:b1:0e:4d:8e:48:91:00:d6:01: 698s 2d:64:a8:4e:36:71:aa:9d:f0:e9:1b:29:eb:dc:f7: 698s 15:fc:e0:b5:09:d2:cb:26:9c:91:dd:3f:96:4a:ce: 698s 5f:12:61:3a:f9:0d:ea:01:fb:2c:7a:7f:c6:f0:98: 698s 2e:d7:2f:39:16:13:0a:4a:c4:23:c4:73:fb:85:82: 698s db:99:b8:7a:cc:71:bc:36:36:cb:90:71:83:36:1e: 698s 16:86:26:04:ce:57:c1:e0:49:5c:62:f7:a4:2f:43: 698s 50:2c:bf:c5:e6:b4:73:4d:f5 698s Exponent: 65537 (0x10001) 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s 06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Root CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 89:7b:2d:b8:b5:81:4f:93:17:ea:75:64:3d:6b:d1:45:e3:70: 698s 1f:1e:29:b7:b0:b4:56:db:b1:da:38:cc:94:57:6a:7e:b0:1e: 698s 31:dc:23:75:c8:34:02:e9:ea:fb:ce:2f:25:07:94:04:0c:77: 698s ea:c6:a6:df:13:65:66:cd:69:b6:2d:c5:fb:ab:a3:82:54:98: 698s cb:38:1f:fe:95:00:a2:4c:9f:d6:87:7c:16:a8:72:15:8c:96: 698s 4b:6b:51:ca:c1:5a:ee:09:e9:be:9d:70:2e:8a:9e:72:93:a1: 698s 7e:99:83:f7:10:da:ee:b1:aa:0b:c1:b5:9a:40:ba:c5:31:ce: 698s 2e:19 698s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-17333-auth.pem 698s + found_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 698s + '[' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 '!=' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 ']' 698s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem partial_chain 698s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem partial_chain 698s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 698s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 698s + local verify_option=partial_chain 698s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 698s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 698s + local key_cn 698s + local key_name 698s + local tokens_dir 698s + local output_cert_file 698s + token_name= 698s ++ basename /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem .pem 698s + key_name=test-root-CA-trusted-certificate-0001 698s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s ++ sed -n 's/ *commonName *= //p' 698s + key_cn='Test Organization Root Trusted Certificate 0001' 698s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 698s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 698s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 698s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 698s Test Organization Root Tr Token 698s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 698s + token_name='Test Organization Root Tr Token' 698s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 698s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 698s + echo 'Test Organization Root Tr Token' 698s + '[' -n partial_chain ']' 698s + local verify_arg=--verify=partial_chain 698s + local output_base_name=SSSD-child-29595 698s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-29595.output 698s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-29595.pem 698s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 698s [p11_child[1689]] [main] (0x0400): p11_child started. 698s [p11_child[1689]] [main] (0x2000): Running in [pre-auth] mode. 698s [p11_child[1689]] [main] (0x2000): Running with effective IDs: [0][0]. 698s [p11_child[1689]] [main] (0x2000): Running with real IDs [0][0]. 698s [p11_child[1689]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 698s [p11_child[1689]] [do_card] (0x4000): Module List: 698s [p11_child[1689]] [do_card] (0x4000): common name: [softhsm2]. 698s [p11_child[1689]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1689]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 698s [p11_child[1689]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 698s [p11_child[1689]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1689]] [do_card] (0x4000): Login NOT required. 698s [p11_child[1689]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 698s [p11_child[1689]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 698s [p11_child[1689]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 698s [p11_child[1689]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13db557;slot-manufacturer=SoftHSM%20project;slot-id=20821335;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=975d27bd813db557;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 698s [p11_child[1689]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 698s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-29595.output 698s + echo '-----BEGIN CERTIFICATE-----' 698s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-29595.output 698s + echo '-----END CERTIFICATE-----' 698s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-29595.pem 698s Certificate: 698s Data: 698s Version: 3 (0x2) 698s Serial Number: 3 (0x3) 698s Signature Algorithm: sha256WithRSAEncryption 698s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 698s Validity 698s Not Before: Mar 15 18:02:28 2025 GMT 698s Not After : Mar 15 18:02:28 2026 GMT 698s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:b8:1c:db:f7:29:73:2e:11:bd:15:76:87:6f:a5: 698s ca:5d:ab:49:22:19:b1:0e:4d:8e:48:91:00:d6:01: 698s 2d:64:a8:4e:36:71:aa:9d:f0:e9:1b:29:eb:dc:f7: 698s 15:fc:e0:b5:09:d2:cb:26:9c:91:dd:3f:96:4a:ce: 698s 5f:12:61:3a:f9:0d:ea:01:fb:2c:7a:7f:c6:f0:98: 698s 2e:d7:2f:39:16:13:0a:4a:c4:23:c4:73:fb:85:82: 698s db:99:b8:7a:cc:71:bc:36:36:cb:90:71:83:36:1e: 698s 16:86:26:04:ce:57:c1:e0:49:5c:62:f7:a4:2f:43: 698s 50:2c:bf:c5:e6:b4:73:4d:f5 698s Exponent: 65537 (0x10001) 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s 06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Root CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 89:7b:2d:b8:b5:81:4f:93:17:ea:75:64:3d:6b:d1:45:e3:70: 698s 1f:1e:29:b7:b0:b4:56:db:b1:da:38:cc:94:57:6a:7e:b0:1e: 698s 31:dc:23:75:c8:34:02:e9:ea:fb:ce:2f:25:07:94:04:0c:77: 698s ea:c6:a6:df:13:65:66:cd:69:b6:2d:c5:fb:ab:a3:82:54:98: 698s cb:38:1f:fe:95:00:a2:4c:9f:d6:87:7c:16:a8:72:15:8c:96: 698s 4b:6b:51:ca:c1:5a:ee:09:e9:be:9d:70:2e:8a:9e:72:93:a1: 698s 7e:99:83:f7:10:da:ee:b1:aa:0b:c1:b5:9a:40:ba:c5:31:ce: 698s 2e:19 698s + local found_md5 expected_md5 698s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + expected_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 698s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-29595.pem 698s + found_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 698s + '[' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 '!=' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 ']' 698s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-29595-auth.output 698s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-29595-auth.output .output 698s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-29595-auth.pem 698s + echo -n 053350 698s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 698s [p11_child[1697]] [main] (0x0400): p11_child started. 698s [p11_child[1697]] [main] (0x2000): Running in [auth] mode. 698s [p11_child[1697]] [main] (0x2000): Running with effective IDs: [0][0]. 698s [p11_child[1697]] [main] (0x2000): Running with real IDs [0][0]. 698s [p11_child[1697]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 698s [p11_child[1697]] [do_card] (0x4000): Module List: 698s [p11_child[1697]] [do_card] (0x4000): common name: [softhsm2]. 698s [p11_child[1697]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1697]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 698s [p11_child[1697]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 698s [p11_child[1697]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1697]] [do_card] (0x4000): Login required. 698s [p11_child[1697]] [do_card] (0x4000): Token flags [1069]. 698s [p11_child[1697]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 698s [p11_child[1697]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 698s [p11_child[1697]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 698s [p11_child[1697]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13db557;slot-manufacturer=SoftHSM%20project;slot-id=20821335;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=975d27bd813db557;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 698s [p11_child[1697]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 698s [p11_child[1697]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 698s [p11_child[1697]] [do_card] (0x4000): Certificate verified and validated. 698s [p11_child[1697]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 698s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-29595-auth.output 698s + echo '-----BEGIN CERTIFICATE-----' 698s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-29595-auth.output 698s + echo '-----END CERTIFICATE-----' 698s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-29595-auth.pem 698s Certificate: 698s Data: 698s Version: 3 (0x2) 698s Serial Number: 3 (0x3) 698s Signature Algorithm: sha256WithRSAEncryption 698s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 698s Validity 698s Not Before: Mar 15 18:02:28 2025 GMT 698s Not After : Mar 15 18:02:28 2026 GMT 698s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:b8:1c:db:f7:29:73:2e:11:bd:15:76:87:6f:a5: 698s ca:5d:ab:49:22:19:b1:0e:4d:8e:48:91:00:d6:01: 698s 2d:64:a8:4e:36:71:aa:9d:f0:e9:1b:29:eb:dc:f7: 698s 15:fc:e0:b5:09:d2:cb:26:9c:91:dd:3f:96:4a:ce: 698s 5f:12:61:3a:f9:0d:ea:01:fb:2c:7a:7f:c6:f0:98: 698s 2e:d7:2f:39:16:13:0a:4a:c4:23:c4:73:fb:85:82: 698s db:99:b8:7a:cc:71:bc:36:36:cb:90:71:83:36:1e: 698s 16:86:26:04:ce:57:c1:e0:49:5c:62:f7:a4:2f:43: 698s 50:2c:bf:c5:e6:b4:73:4d:f5 698s Exponent: 65537 (0x10001) 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s 06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Root CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 89:7b:2d:b8:b5:81:4f:93:17:ea:75:64:3d:6b:d1:45:e3:70: 698s 1f:1e:29:b7:b0:b4:56:db:b1:da:38:cc:94:57:6a:7e:b0:1e: 698s 31:dc:23:75:c8:34:02:e9:ea:fb:ce:2f:25:07:94:04:0c:77: 698s ea:c6:a6:df:13:65:66:cd:69:b6:2d:c5:fb:ab:a3:82:54:98: 698s cb:38:1f:fe:95:00:a2:4c:9f:d6:87:7c:16:a8:72:15:8c:96: 698s 4b:6b:51:ca:c1:5a:ee:09:e9:be:9d:70:2e:8a:9e:72:93:a1: 698s 7e:99:83:f7:10:da:ee:b1:aa:0b:c1:b5:9a:40:ba:c5:31:ce: 698s 2e:19 698s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-29595-auth.pem 698s + found_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 698s + '[' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 '!=' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 ']' 698s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 698s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 698s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 698s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 698s + local verify_option= 698s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 698s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 698s + local key_cn 698s + local key_name 698s + local tokens_dir 698s + local output_cert_file 698s + token_name= 698s ++ basename /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem .pem 698s + key_name=test-root-CA-trusted-certificate-0001 698s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 698s ++ sed -n 's/ *commonName *= //p' 698s + key_cn='Test Organization Root Trusted Certificate 0001' 698s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 698s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 698s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 698s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 698s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 698s + token_name='Test Organization Root Tr Token' 698s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 698s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 698s + echo 'Test Organization Root Tr Token' 698s + '[' -n '' ']' 698s + local output_base_name=SSSD-child-11099 698s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-11099.output 698s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-11099.pem 698s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 698s Test Organization Root Tr Token 698s [p11_child[1707]] [main] (0x0400): p11_child started. 698s [p11_child[1707]] [main] (0x2000): Running in [pre-auth] mode. 698s [p11_child[1707]] [main] (0x2000): Running with effective IDs: [0][0]. 698s [p11_child[1707]] [main] (0x2000): Running with real IDs [0][0]. 698s [p11_child[1707]] [do_card] (0x4000): Module List: 698s [p11_child[1707]] [do_card] (0x4000): common name: [softhsm2]. 698s [p11_child[1707]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1707]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 698s [p11_child[1707]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 698s [p11_child[1707]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 698s [p11_child[1707]] [do_card] (0x4000): Login NOT required. 698s [p11_child[1707]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 698s [p11_child[1707]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 698s [p11_child[1707]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 698s [p11_child[1707]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13db557;slot-manufacturer=SoftHSM%20project;slot-id=20821335;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=975d27bd813db557;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 698s [p11_child[1707]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 698s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-11099.output 698s + echo '-----BEGIN CERTIFICATE-----' 698s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-11099.output 698s + echo '-----END CERTIFICATE-----' 698s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-11099.pem 698s Certificate: 698s Data: 698s Version: 3 (0x2) 698s Serial Number: 3 (0x3) 698s Signature Algorithm: sha256WithRSAEncryption 698s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 698s Validity 698s Not Before: Mar 15 18:02:28 2025 GMT 698s Not After : Mar 15 18:02:28 2026 GMT 698s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:b8:1c:db:f7:29:73:2e:11:bd:15:76:87:6f:a5: 698s ca:5d:ab:49:22:19:b1:0e:4d:8e:48:91:00:d6:01: 698s 2d:64:a8:4e:36:71:aa:9d:f0:e9:1b:29:eb:dc:f7: 698s 15:fc:e0:b5:09:d2:cb:26:9c:91:dd:3f:96:4a:ce: 698s 5f:12:61:3a:f9:0d:ea:01:fb:2c:7a:7f:c6:f0:98: 698s 2e:d7:2f:39:16:13:0a:4a:c4:23:c4:73:fb:85:82: 698s db:99:b8:7a:cc:71:bc:36:36:cb:90:71:83:36:1e: 698s 16:86:26:04:ce:57:c1:e0:49:5c:62:f7:a4:2f:43: 698s 50:2c:bf:c5:e6:b4:73:4d:f5 698s Exponent: 65537 (0x10001) 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s 06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Root CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 89:7b:2d:b8:b5:81:4f:93:17:ea:75:64:3d:6b:d1:45:e3:70: 698s 1f:1e:29:b7:b0:b4:56:db:b1:da:38:cc:94:57:6a:7e:b0:1e: 698s 31:dc:23:75:c8:34:02:e9:ea:fb:ce:2f:25:07:94:04:0c:77: 698s ea:c6:a6:df:13:65:66:cd:69:b6:2d:c5:fb:ab:a3:82:54:98: 698s cb:38:1f:fe:95:00:a2:4c:9f:d6:87:7c:16:a8:72:15:8c:96: 698s 4b:6b:51:ca:c1:5a:ee:09:e9:be:9d:70:2e:8a:9e:72:93:a1: 698s 7e:99:83:f7:10:da:ee:b1:aa:0b:c1:b5:9a:40:ba:c5:31:ce: 698s 2e:19 698s + local found_md5 expected_md5 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 699s + expected_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-11099.pem 699s + found_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 699s + '[' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 '!=' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 ']' 699s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-11099-auth.output 699s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-11099-auth.output .output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-11099-auth.pem 699s + echo -n 053350 699s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 699s [p11_child[1715]] [main] (0x0400): p11_child started. 699s [p11_child[1715]] [main] (0x2000): Running in [auth] mode. 699s [p11_child[1715]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1715]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1715]] [do_card] (0x4000): Module List: 699s [p11_child[1715]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1715]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1715]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1715]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 699s [p11_child[1715]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1715]] [do_card] (0x4000): Login required. 699s [p11_child[1715]] [do_card] (0x4000): Token flags [1069]. 699s [p11_child[1715]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 699s [p11_child[1715]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 699s [p11_child[1715]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[1715]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13db557;slot-manufacturer=SoftHSM%20project;slot-id=20821335;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=975d27bd813db557;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 699s [p11_child[1715]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 699s [p11_child[1715]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 699s [p11_child[1715]] [do_card] (0x4000): Certificate verified and validated. 699s [p11_child[1715]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-11099-auth.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-11099-auth.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-11099-auth.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 3 (0x3) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 699s Validity 699s Not Before: Mar 15 18:02:28 2025 GMT 699s Not After : Mar 15 18:02:28 2026 GMT 699s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:b8:1c:db:f7:29:73:2e:11:bd:15:76:87:6f:a5: 699s ca:5d:ab:49:22:19:b1:0e:4d:8e:48:91:00:d6:01: 699s 2d:64:a8:4e:36:71:aa:9d:f0:e9:1b:29:eb:dc:f7: 699s 15:fc:e0:b5:09:d2:cb:26:9c:91:dd:3f:96:4a:ce: 699s 5f:12:61:3a:f9:0d:ea:01:fb:2c:7a:7f:c6:f0:98: 699s 2e:d7:2f:39:16:13:0a:4a:c4:23:c4:73:fb:85:82: 699s db:99:b8:7a:cc:71:bc:36:36:cb:90:71:83:36:1e: 699s 16:86:26:04:ce:57:c1:e0:49:5c:62:f7:a4:2f:43: 699s 50:2c:bf:c5:e6:b4:73:4d:f5 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s 06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Root CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 89:7b:2d:b8:b5:81:4f:93:17:ea:75:64:3d:6b:d1:45:e3:70: 699s 1f:1e:29:b7:b0:b4:56:db:b1:da:38:cc:94:57:6a:7e:b0:1e: 699s 31:dc:23:75:c8:34:02:e9:ea:fb:ce:2f:25:07:94:04:0c:77: 699s ea:c6:a6:df:13:65:66:cd:69:b6:2d:c5:fb:ab:a3:82:54:98: 699s cb:38:1f:fe:95:00:a2:4c:9f:d6:87:7c:16:a8:72:15:8c:96: 699s 4b:6b:51:ca:c1:5a:ee:09:e9:be:9d:70:2e:8a:9e:72:93:a1: 699s 7e:99:83:f7:10:da:ee:b1:aa:0b:c1:b5:9a:40:ba:c5:31:ce: 699s 2e:19 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-11099-auth.pem 699s + found_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 699s + '[' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 '!=' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 ']' 699s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem partial_chain 699s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem partial_chain 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 699s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 699s + local verify_option=partial_chain 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-root-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Root Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 699s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 699s + token_name='Test Organization Root Tr Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 699s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 699s + echo 'Test Organization Root Tr Token' 699s + '[' -n partial_chain ']' 699s + local verify_arg=--verify=partial_chain 699s + local output_base_name=SSSD-child-12589 699s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-12589.output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-12589.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 699s Test Organization Root Tr Token 699s [p11_child[1725]] [main] (0x0400): p11_child started. 699s [p11_child[1725]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[1725]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1725]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1725]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 699s [p11_child[1725]] [do_card] (0x4000): Module List: 699s [p11_child[1725]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1725]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1725]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1725]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 699s [p11_child[1725]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1725]] [do_card] (0x4000): Login NOT required. 699s [p11_child[1725]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 699s [p11_child[1725]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 699s [p11_child[1725]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[1725]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13db557;slot-manufacturer=SoftHSM%20project;slot-id=20821335;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=975d27bd813db557;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[1725]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-12589.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-12589.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-12589.pem 699s + local found_md5 expected_md5 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 3 (0x3) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 699s Validity 699s Not Before: Mar 15 18:02:28 2025 GMT 699s Not After : Mar 15 18:02:28 2026 GMT 699s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:b8:1c:db:f7:29:73:2e:11:bd:15:76:87:6f:a5: 699s ca:5d:ab:49:22:19:b1:0e:4d:8e:48:91:00:d6:01: 699s 2d:64:a8:4e:36:71:aa:9d:f0:e9:1b:29:eb:dc:f7: 699s 15:fc:e0:b5:09:d2:cb:26:9c:91:dd:3f:96:4a:ce: 699s 5f:12:61:3a:f9:0d:ea:01:fb:2c:7a:7f:c6:f0:98: 699s 2e:d7:2f:39:16:13:0a:4a:c4:23:c4:73:fb:85:82: 699s db:99:b8:7a:cc:71:bc:36:36:cb:90:71:83:36:1e: 699s 16:86:26:04:ce:57:c1:e0:49:5c:62:f7:a4:2f:43: 699s 50:2c:bf:c5:e6:b4:73:4d:f5 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s 06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Root CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 89:7b:2d:b8:b5:81:4f:93:17:ea:75:64:3d:6b:d1:45:e3:70: 699s 1f:1e:29:b7:b0:b4:56:db:b1:da:38:cc:94:57:6a:7e:b0:1e: 699s 31:dc:23:75:c8:34:02:e9:ea:fb:ce:2f:25:07:94:04:0c:77: 699s ea:c6:a6:df:13:65:66:cd:69:b6:2d:c5:fb:ab:a3:82:54:98: 699s cb:38:1f:fe:95:00:a2:4c:9f:d6:87:7c:16:a8:72:15:8c:96: 699s 4b:6b:51:ca:c1:5a:ee:09:e9:be:9d:70:2e:8a:9e:72:93:a1: 699s 7e:99:83:f7:10:da:ee:b1:aa:0b:c1:b5:9a:40:ba:c5:31:ce: 699s 2e:19 699s + expected_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-12589.pem 699s + found_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 699s + '[' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 '!=' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 ']' 699s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-12589-auth.output 699s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-12589-auth.output .output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-12589-auth.pem 699s + echo -n 053350 699s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 699s [p11_child[1733]] [main] (0x0400): p11_child started. 699s [p11_child[1733]] [main] (0x2000): Running in [auth] mode. 699s [p11_child[1733]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1733]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1733]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 699s [p11_child[1733]] [do_card] (0x4000): Module List: 699s [p11_child[1733]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1733]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1733]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1733]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 699s [p11_child[1733]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1733]] [do_card] (0x4000): Login required. 699s [p11_child[1733]] [do_card] (0x4000): Token flags [1069]. 699s [p11_child[1733]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 699s [p11_child[1733]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 699s [p11_child[1733]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[1733]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x13db557;slot-manufacturer=SoftHSM%20project;slot-id=20821335;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=975d27bd813db557;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 699s [p11_child[1733]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 699s [p11_child[1733]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 699s [p11_child[1733]] [do_card] (0x4000): Certificate verified and validated. 699s [p11_child[1733]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-12589-auth.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-12589-auth.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-12589-auth.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 3 (0x3) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 699s Validity 699s Not Before: Mar 15 18:02:28 2025 GMT 699s Not After : Mar 15 18:02:28 2026 GMT 699s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:b8:1c:db:f7:29:73:2e:11:bd:15:76:87:6f:a5: 699s ca:5d:ab:49:22:19:b1:0e:4d:8e:48:91:00:d6:01: 699s 2d:64:a8:4e:36:71:aa:9d:f0:e9:1b:29:eb:dc:f7: 699s 15:fc:e0:b5:09:d2:cb:26:9c:91:dd:3f:96:4a:ce: 699s 5f:12:61:3a:f9:0d:ea:01:fb:2c:7a:7f:c6:f0:98: 699s 2e:d7:2f:39:16:13:0a:4a:c4:23:c4:73:fb:85:82: 699s db:99:b8:7a:cc:71:bc:36:36:cb:90:71:83:36:1e: 699s 16:86:26:04:ce:57:c1:e0:49:5c:62:f7:a4:2f:43: 699s 50:2c:bf:c5:e6:b4:73:4d:f5 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s 06:5E:4B:9A:43:F6:4E:A2:26:8C:47:94:90:EF:A8:FA:10:25:80:33 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Root CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s E3:33:BD:E6:AB:50:8D:52:82:FA:51:52:06:A6:9F:CA:A5:DF:71:B2 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 89:7b:2d:b8:b5:81:4f:93:17:ea:75:64:3d:6b:d1:45:e3:70: 699s 1f:1e:29:b7:b0:b4:56:db:b1:da:38:cc:94:57:6a:7e:b0:1e: 699s 31:dc:23:75:c8:34:02:e9:ea:fb:ce:2f:25:07:94:04:0c:77: 699s ea:c6:a6:df:13:65:66:cd:69:b6:2d:c5:fb:ab:a3:82:54:98: 699s cb:38:1f:fe:95:00:a2:4c:9f:d6:87:7c:16:a8:72:15:8c:96: 699s 4b:6b:51:ca:c1:5a:ee:09:e9:be:9d:70:2e:8a:9e:72:93:a1: 699s 7e:99:83:f7:10:da:ee:b1:aa:0b:c1:b5:9a:40:ba:c5:31:ce: 699s 2e:19 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-12589-auth.pem 699s + found_md5=Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 699s + '[' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 '!=' Modulus=B81CDBF729732E11BD1576876FA5CA5DAB492219B10E4D8E489100D6012D64A84E3671AA9DF0E91B29EBDCF715FCE0B509D2CB269C91DD3F964ACE5F12613AF90DEA01FB2C7A7FC6F0982ED72F3916130A4AC423C473FB8582DB99B87ACC71BC3636CB907183361E16862604CE57C1E0495C62F7A42F43502CBFC5E6B4734DF5 ']' 699s + invalid_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 699s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 699s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 699s + local verify_option= 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-root-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Root Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 699s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 699s + token_name='Test Organization Root Tr Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 699s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 699s + echo 'Test Organization Root Tr Token' 699s + '[' -n '' ']' 699s + local output_base_name=SSSD-child-11045 699s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-11045.output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-11045.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 699s [p11_child[1743]] [main] (0x0400): p11_child started. 699s [p11_child[1743]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[1743]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1743]] [main] (0x2000): Running with real IDs [0][0]. 699s Test Organization Root Tr Token 699s [p11_child[1743]] [do_card] (0x4000): Module List: 699s [p11_child[1743]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1743]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1743]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1743]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 699s [p11_child[1743]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1743]] [do_card] (0x4000): Login NOT required. 699s [p11_child[1743]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 699s [p11_child[1743]] [do_verification] (0x0040): X509_verify_cert failed [0]. 699s [p11_child[1743]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 699s [p11_child[1743]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 699s [p11_child[1743]] [do_card] (0x4000): No certificate found. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-11045.output 699s + return 2 699s + invalid_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem partial_chain 699s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem partial_chain 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 699s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 699s + local verify_option=partial_chain 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-24251 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-24251 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-root-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-root-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Root Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s Test Organization Root Tr Token 699s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 699s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 699s + token_name='Test Organization Root Tr Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 699s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 699s + echo 'Test Organization Root Tr Token' 699s + '[' -n partial_chain ']' 699s + local verify_arg=--verify=partial_chain 699s + local output_base_name=SSSD-child-12704 699s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-12704.output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-12704.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 699s [p11_child[1750]] [main] (0x0400): p11_child started. 699s [p11_child[1750]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[1750]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1750]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1750]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 699s [p11_child[1750]] [do_card] (0x4000): Module List: 699s [p11_child[1750]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1750]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1750]] [do_card] (0x4000): Description [SoftHSM slot ID 0x13db557] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1750]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 699s [p11_child[1750]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x13db557][20821335] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1750]] [do_card] (0x4000): Login NOT required. 699s [p11_child[1750]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 699s [p11_child[1750]] [do_verification] (0x0040): X509_verify_cert failed [0]. 699s [p11_child[1750]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 699s [p11_child[1750]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 699s [p11_child[1750]] [do_card] (0x4000): No certificate found. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-12704.output 699s + return 2 699s + invalid_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /dev/null 699s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /dev/null 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_ring=/dev/null 699s + local verify_option= 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-intermediate-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 699s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 699s + token_name='Test Organization Interme Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 699s + local key_file 699s + local decrypted_key 699s + mkdir -p /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 699s + key_file=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001-key.pem 699s + decrypted_key=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 699s + cat 699s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 699s + softhsm2-util --show-slots 699s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 699s Slot 0 has a free/uninitialized token. 699s The token has been initialized and is reassigned to slot 2063263789 699s Available slots: 699s Slot 2063263789 699s Slot info: 699s Description: SoftHSM slot ID 0x7afae82d 699s Manufacturer ID: SoftHSM project 699s Hardware version: 2.6 699s Firmware version: 2.6 699s Token present: yes 699s Token info: 699s Manufacturer ID: SoftHSM project 699s Model: SoftHSM v2 699s Hardware version: 2.6 699s Firmware version: 2.6 699s Serial number: 7fb7194ffafae82d 699s Initialized: yes 699s User PIN init.: yes 699s Label: Test Organization Interme Token 699s Slot 1 699s Slot info: 699s Description: SoftHSM slot ID 0x1 699s Manufacturer ID: SoftHSM project 699s Hardware version: 2.6 699s Firmware version: 2.6 699s Token present: yes 699s Token info: 699s Manufacturer ID: SoftHSM project 699s Model: SoftHSM v2 699s Hardware version: 2.6 699s Firmware version: 2.6 699s Serial number: 699s Initialized: no 699s User PIN init.: no 699s Label: 699s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-15881 -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 699s writing RSA key 699s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 699s + rm /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 699s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 699s Object 0: 699s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7fb7194ffafae82d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 699s Type: X.509 Certificate (RSA-1024) 699s Expires: Sun Mar 15 18:02:29 2026 699s Label: Test Organization Intermediate Trusted Certificate 0001 699s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 699s 699s Test Organization Interme Token 699s + echo 'Test Organization Interme Token' 699s + '[' -n '' ']' 699s + local output_base_name=SSSD-child-9455 699s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-9455.output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-9455.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/dev/null 699s [p11_child[1766]] [main] (0x0400): p11_child started. 699s [p11_child[1766]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[1766]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1766]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1766]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 699s [p11_child[1766]] [do_work] (0x0040): init_verification failed. 699s [p11_child[1766]] [main] (0x0020): p11_child failed (5) 699s + return 2 699s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /dev/null no_verification 699s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /dev/null no_verification 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_ring=/dev/null 699s + local verify_option=no_verification 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-intermediate-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s Test Organization Interme Token 699s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 699s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 699s + token_name='Test Organization Interme Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 699s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 699s + echo 'Test Organization Interme Token' 699s + '[' -n no_verification ']' 699s + local verify_arg=--verify=no_verification 699s + local output_base_name=SSSD-child-19146 699s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-19146.output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-19146.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 699s [p11_child[1772]] [main] (0x0400): p11_child started. 699s [p11_child[1772]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[1772]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1772]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1772]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 699s [p11_child[1772]] [do_card] (0x4000): Module List: 699s [p11_child[1772]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1772]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1772]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7afae82d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1772]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 699s [p11_child[1772]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x7afae82d][2063263789] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1772]] [do_card] (0x4000): Login NOT required. 699s [p11_child[1772]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 699s [p11_child[1772]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[1772]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7afae82d;slot-manufacturer=SoftHSM%20project;slot-id=2063263789;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7fb7194ffafae82d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[1772]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-19146.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-19146.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-19146.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 4 (0x4) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 699s Validity 699s Not Before: Mar 15 18:02:29 2025 GMT 699s Not After : Mar 15 18:02:29 2026 GMT 699s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:be:21:53:47:90:55:cb:ab:1c:8b:40:a9:ac:61: 699s 9f:b3:df:d5:43:c0:2f:6c:65:a6:3e:9e:69:d0:53: 699s 1c:56:0d:5a:62:34:74:04:c4:65:52:44:4d:9f:ec: 699s b0:92:20:b4:01:d6:23:cf:4f:d0:ee:4f:c2:ed:1a: 699s c6:a0:f0:79:a2:3f:9c:21:8a:53:c5:70:26:17:d6: 699s 35:7b:2b:3b:ca:25:35:9a:7f:22:9d:96:a4:81:b1: 699s a3:ae:50:a3:ee:a1:d3:8c:9c:ec:67:52:5a:40:da: 699s bc:5a:ad:d9:12:b6:c7:44:8c:f3:22:9c:18:aa:a1: 699s 3d:21:26:2c:ab:c6:11:d2:0f 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s 8E:E9:5D:49:C6:DA:1F:92:7E:D3:EB:D4:2C:FC:07:AF:1F:D6:6D:0A 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Intermediate CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s 46:D5:9A:73:2A:B4:5D:A6:51:86:7A:7F:19:40:56:11:C4:D4:0B:EE 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 38:2c:26:56:fc:9d:72:43:73:7b:44:ea:ae:0b:54:ba:54:e8: 699s 9b:bd:ba:ee:7f:51:20:a2:54:46:a1:ec:5c:4b:33:44:d5:b5: 699s 62:aa:99:27:79:dd:ea:22:d4:ba:d2:8e:ed:02:cf:13:43:1d: 699s fb:85:79:56:9b:d2:94:f9:6c:8c:9a:04:0a:70:3d:39:b2:14: 699s a6:2d:ff:07:6f:6b:88:24:00:5e:66:90:f1:bd:43:36:70:bf: 699s ba:1d:4e:17:e5:89:d1:2b:37:b9:b8:1d:9f:5d:3b:1c:61:81: 699s 16:3e:cf:6a:4f:6c:f3:8d:fe:bb:45:10:ee:d4:80:06:ff:ae: 699s 71:4f 699s + local found_md5 expected_md5 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + expected_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-19146.pem 699s + found_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 699s + '[' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F '!=' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F ']' 699s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-19146-auth.output 699s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-19146-auth.output .output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-19146-auth.pem 699s + echo -n 053350 699s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 699s [p11_child[1780]] [main] (0x0400): p11_child started. 699s [p11_child[1780]] [main] (0x2000): Running in [auth] mode. 699s [p11_child[1780]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1780]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1780]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 699s [p11_child[1780]] [do_card] (0x4000): Module List: 699s [p11_child[1780]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1780]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1780]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7afae82d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1780]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 699s [p11_child[1780]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x7afae82d][2063263789] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1780]] [do_card] (0x4000): Login required. 699s [p11_child[1780]] [do_card] (0x4000): Token flags [1069]. 699s [p11_child[1780]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 699s [p11_child[1780]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[1780]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7afae82d;slot-manufacturer=SoftHSM%20project;slot-id=2063263789;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7fb7194ffafae82d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 699s [p11_child[1780]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 699s [p11_child[1780]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 699s [p11_child[1780]] [do_card] (0x4000): Certificate verified and validated. 699s [p11_child[1780]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-19146-auth.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-19146-auth.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-19146-auth.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 4 (0x4) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 699s Validity 699s Not Before: Mar 15 18:02:29 2025 GMT 699s Not After : Mar 15 18:02:29 2026 GMT 699s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:be:21:53:47:90:55:cb:ab:1c:8b:40:a9:ac:61: 699s 9f:b3:df:d5:43:c0:2f:6c:65:a6:3e:9e:69:d0:53: 699s 1c:56:0d:5a:62:34:74:04:c4:65:52:44:4d:9f:ec: 699s b0:92:20:b4:01:d6:23:cf:4f:d0:ee:4f:c2:ed:1a: 699s c6:a0:f0:79:a2:3f:9c:21:8a:53:c5:70:26:17:d6: 699s 35:7b:2b:3b:ca:25:35:9a:7f:22:9d:96:a4:81:b1: 699s a3:ae:50:a3:ee:a1:d3:8c:9c:ec:67:52:5a:40:da: 699s bc:5a:ad:d9:12:b6:c7:44:8c:f3:22:9c:18:aa:a1: 699s 3d:21:26:2c:ab:c6:11:d2:0f 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s 8E:E9:5D:49:C6:DA:1F:92:7E:D3:EB:D4:2C:FC:07:AF:1F:D6:6D:0A 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Intermediate CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s 46:D5:9A:73:2A:B4:5D:A6:51:86:7A:7F:19:40:56:11:C4:D4:0B:EE 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 38:2c:26:56:fc:9d:72:43:73:7b:44:ea:ae:0b:54:ba:54:e8: 699s 9b:bd:ba:ee:7f:51:20:a2:54:46:a1:ec:5c:4b:33:44:d5:b5: 699s 62:aa:99:27:79:dd:ea:22:d4:ba:d2:8e:ed:02:cf:13:43:1d: 699s fb:85:79:56:9b:d2:94:f9:6c:8c:9a:04:0a:70:3d:39:b2:14: 699s a6:2d:ff:07:6f:6b:88:24:00:5e:66:90:f1:bd:43:36:70:bf: 699s ba:1d:4e:17:e5:89:d1:2b:37:b9:b8:1d:9f:5d:3b:1c:61:81: 699s 16:3e:cf:6a:4f:6c:f3:8d:fe:bb:45:10:ee:d4:80:06:ff:ae: 699s 71:4f 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-19146-auth.pem 699s + found_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 699s + '[' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F '!=' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F ']' 699s + invalid_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 699s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 699s + local verify_option= 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-intermediate-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 699s Test Organization Interme Token 699s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 699s + token_name='Test Organization Interme Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 699s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 699s + echo 'Test Organization Interme Token' 699s + '[' -n '' ']' 699s + local output_base_name=SSSD-child-7823 699s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-7823.output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-7823.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 699s [p11_child[1790]] [main] (0x0400): p11_child started. 699s [p11_child[1790]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[1790]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1790]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1790]] [do_card] (0x4000): Module List: 699s [p11_child[1790]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1790]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1790]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7afae82d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1790]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 699s [p11_child[1790]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x7afae82d][2063263789] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1790]] [do_card] (0x4000): Login NOT required. 699s [p11_child[1790]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 699s [p11_child[1790]] [do_verification] (0x0040): X509_verify_cert failed [0]. 699s [p11_child[1790]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 699s [p11_child[1790]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 699s [p11_child[1790]] [do_card] (0x4000): No certificate found. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-7823.output 699s + return 2 699s + invalid_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem partial_chain 699s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem partial_chain 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 699s + local verify_option=partial_chain 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-intermediate-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 699s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 699s + token_name='Test Organization Interme Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 699s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 699s + echo 'Test Organization Interme Token' 699s + '[' -n partial_chain ']' 699s + local verify_arg=--verify=partial_chain 699s + local output_base_name=SSSD-child-27805 699s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-27805.output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-27805.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 699s Test Organization Interme Token 699s [p11_child[1797]] [main] (0x0400): p11_child started. 699s [p11_child[1797]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[1797]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1797]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1797]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 699s [p11_child[1797]] [do_card] (0x4000): Module List: 699s [p11_child[1797]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1797]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1797]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7afae82d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1797]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 699s [p11_child[1797]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x7afae82d][2063263789] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1797]] [do_card] (0x4000): Login NOT required. 699s [p11_child[1797]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 699s [p11_child[1797]] [do_verification] (0x0040): X509_verify_cert failed [0]. 699s [p11_child[1797]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 699s [p11_child[1797]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 699s [p11_child[1797]] [do_card] (0x4000): No certificate found. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-27805.output 699s + return 2 699s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 699s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 699s + local verify_option= 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-intermediate-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 699s Test Organization Interme Token 699s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 699s + token_name='Test Organization Interme Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 699s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 699s + echo 'Test Organization Interme Token' 699s + '[' -n '' ']' 699s + local output_base_name=SSSD-child-24360 699s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-24360.output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-24360.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 699s [p11_child[1804]] [main] (0x0400): p11_child started. 699s [p11_child[1804]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[1804]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1804]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1804]] [do_card] (0x4000): Module List: 699s [p11_child[1804]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1804]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1804]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7afae82d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1804]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 699s [p11_child[1804]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x7afae82d][2063263789] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1804]] [do_card] (0x4000): Login NOT required. 699s [p11_child[1804]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 699s [p11_child[1804]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 699s [p11_child[1804]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[1804]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7afae82d;slot-manufacturer=SoftHSM%20project;slot-id=2063263789;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7fb7194ffafae82d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[1804]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-24360.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-24360.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-24360.pem 699s + local found_md5 expected_md5 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 4 (0x4) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 699s Validity 699s Not Before: Mar 15 18:02:29 2025 GMT 699s Not After : Mar 15 18:02:29 2026 GMT 699s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:be:21:53:47:90:55:cb:ab:1c:8b:40:a9:ac:61: 699s 9f:b3:df:d5:43:c0:2f:6c:65:a6:3e:9e:69:d0:53: 699s 1c:56:0d:5a:62:34:74:04:c4:65:52:44:4d:9f:ec: 699s b0:92:20:b4:01:d6:23:cf:4f:d0:ee:4f:c2:ed:1a: 699s c6:a0:f0:79:a2:3f:9c:21:8a:53:c5:70:26:17:d6: 699s 35:7b:2b:3b:ca:25:35:9a:7f:22:9d:96:a4:81:b1: 699s a3:ae:50:a3:ee:a1:d3:8c:9c:ec:67:52:5a:40:da: 699s bc:5a:ad:d9:12:b6:c7:44:8c:f3:22:9c:18:aa:a1: 699s 3d:21:26:2c:ab:c6:11:d2:0f 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s 8E:E9:5D:49:C6:DA:1F:92:7E:D3:EB:D4:2C:FC:07:AF:1F:D6:6D:0A 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Intermediate CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s 46:D5:9A:73:2A:B4:5D:A6:51:86:7A:7F:19:40:56:11:C4:D4:0B:EE 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 38:2c:26:56:fc:9d:72:43:73:7b:44:ea:ae:0b:54:ba:54:e8: 699s 9b:bd:ba:ee:7f:51:20:a2:54:46:a1:ec:5c:4b:33:44:d5:b5: 699s 62:aa:99:27:79:dd:ea:22:d4:ba:d2:8e:ed:02:cf:13:43:1d: 699s fb:85:79:56:9b:d2:94:f9:6c:8c:9a:04:0a:70:3d:39:b2:14: 699s a6:2d:ff:07:6f:6b:88:24:00:5e:66:90:f1:bd:43:36:70:bf: 699s ba:1d:4e:17:e5:89:d1:2b:37:b9:b8:1d:9f:5d:3b:1c:61:81: 699s 16:3e:cf:6a:4f:6c:f3:8d:fe:bb:45:10:ee:d4:80:06:ff:ae: 699s 71:4f 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + expected_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-24360.pem 699s + found_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 699s + '[' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F '!=' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F ']' 699s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-24360-auth.output 699s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-24360-auth.output .output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-24360-auth.pem 699s + echo -n 053350 699s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 699s [p11_child[1812]] [main] (0x0400): p11_child started. 699s [p11_child[1812]] [main] (0x2000): Running in [auth] mode. 699s [p11_child[1812]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1812]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1812]] [do_card] (0x4000): Module List: 699s [p11_child[1812]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1812]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1812]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7afae82d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1812]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 699s [p11_child[1812]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x7afae82d][2063263789] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1812]] [do_card] (0x4000): Login required. 699s [p11_child[1812]] [do_card] (0x4000): Token flags [1069]. 699s [p11_child[1812]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 699s [p11_child[1812]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 699s [p11_child[1812]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[1812]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7afae82d;slot-manufacturer=SoftHSM%20project;slot-id=2063263789;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7fb7194ffafae82d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 699s [p11_child[1812]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 699s [p11_child[1812]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 699s [p11_child[1812]] [do_card] (0x4000): Certificate verified and validated. 699s [p11_child[1812]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-24360-auth.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-24360-auth.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-24360-auth.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 4 (0x4) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 699s Validity 699s Not Before: Mar 15 18:02:29 2025 GMT 699s Not After : Mar 15 18:02:29 2026 GMT 699s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:be:21:53:47:90:55:cb:ab:1c:8b:40:a9:ac:61: 699s 9f:b3:df:d5:43:c0:2f:6c:65:a6:3e:9e:69:d0:53: 699s 1c:56:0d:5a:62:34:74:04:c4:65:52:44:4d:9f:ec: 699s b0:92:20:b4:01:d6:23:cf:4f:d0:ee:4f:c2:ed:1a: 699s c6:a0:f0:79:a2:3f:9c:21:8a:53:c5:70:26:17:d6: 699s 35:7b:2b:3b:ca:25:35:9a:7f:22:9d:96:a4:81:b1: 699s a3:ae:50:a3:ee:a1:d3:8c:9c:ec:67:52:5a:40:da: 699s bc:5a:ad:d9:12:b6:c7:44:8c:f3:22:9c:18:aa:a1: 699s 3d:21:26:2c:ab:c6:11:d2:0f 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s 8E:E9:5D:49:C6:DA:1F:92:7E:D3:EB:D4:2C:FC:07:AF:1F:D6:6D:0A 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Intermediate CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s 46:D5:9A:73:2A:B4:5D:A6:51:86:7A:7F:19:40:56:11:C4:D4:0B:EE 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 38:2c:26:56:fc:9d:72:43:73:7b:44:ea:ae:0b:54:ba:54:e8: 699s 9b:bd:ba:ee:7f:51:20:a2:54:46:a1:ec:5c:4b:33:44:d5:b5: 699s 62:aa:99:27:79:dd:ea:22:d4:ba:d2:8e:ed:02:cf:13:43:1d: 699s fb:85:79:56:9b:d2:94:f9:6c:8c:9a:04:0a:70:3d:39:b2:14: 699s a6:2d:ff:07:6f:6b:88:24:00:5e:66:90:f1:bd:43:36:70:bf: 699s ba:1d:4e:17:e5:89:d1:2b:37:b9:b8:1d:9f:5d:3b:1c:61:81: 699s 16:3e:cf:6a:4f:6c:f3:8d:fe:bb:45:10:ee:d4:80:06:ff:ae: 699s 71:4f 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-24360-auth.pem 699s + found_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 699s + '[' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F '!=' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F ']' 699s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem partial_chain 699s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem partial_chain 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 699s + local verify_option=partial_chain 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-intermediate-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 699s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 699s + token_name='Test Organization Interme Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 699s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 699s + echo 'Test Organization Interme Token' 699s + '[' -n partial_chain ']' 699s + local verify_arg=--verify=partial_chain 699s + local output_base_name=SSSD-child-15864 699s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-15864.output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-15864.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 699s Test Organization Interme Token 699s [p11_child[1822]] [main] (0x0400): p11_child started. 699s [p11_child[1822]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[1822]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1822]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1822]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 699s [p11_child[1822]] [do_card] (0x4000): Module List: 699s [p11_child[1822]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1822]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1822]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7afae82d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1822]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 699s [p11_child[1822]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x7afae82d][2063263789] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1822]] [do_card] (0x4000): Login NOT required. 699s [p11_child[1822]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 699s [p11_child[1822]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 699s [p11_child[1822]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[1822]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7afae82d;slot-manufacturer=SoftHSM%20project;slot-id=2063263789;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7fb7194ffafae82d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[1822]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-15864.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-15864.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-15864.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 4 (0x4) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 699s Validity 699s Not Before: Mar 15 18:02:29 2025 GMT 699s Not After : Mar 15 18:02:29 2026 GMT 699s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:be:21:53:47:90:55:cb:ab:1c:8b:40:a9:ac:61: 699s 9f:b3:df:d5:43:c0:2f:6c:65:a6:3e:9e:69:d0:53: 699s 1c:56:0d:5a:62:34:74:04:c4:65:52:44:4d:9f:ec: 699s b0:92:20:b4:01:d6:23:cf:4f:d0:ee:4f:c2:ed:1a: 699s c6:a0:f0:79:a2:3f:9c:21:8a:53:c5:70:26:17:d6: 699s 35:7b:2b:3b:ca:25:35:9a:7f:22:9d:96:a4:81:b1: 699s a3:ae:50:a3:ee:a1:d3:8c:9c:ec:67:52:5a:40:da: 699s bc:5a:ad:d9:12:b6:c7:44:8c:f3:22:9c:18:aa:a1: 699s 3d:21:26:2c:ab:c6:11:d2:0f 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s 8E:E9:5D:49:C6:DA:1F:92:7E:D3:EB:D4:2C:FC:07:AF:1F:D6:6D:0A 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Intermediate CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s 46:D5:9A:73:2A:B4:5D:A6:51:86:7A:7F:19:40:56:11:C4:D4:0B:EE 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 38:2c:26:56:fc:9d:72:43:73:7b:44:ea:ae:0b:54:ba:54:e8: 699s 9b:bd:ba:ee:7f:51:20:a2:54:46:a1:ec:5c:4b:33:44:d5:b5: 699s 62:aa:99:27:79:dd:ea:22:d4:ba:d2:8e:ed:02:cf:13:43:1d: 699s fb:85:79:56:9b:d2:94:f9:6c:8c:9a:04:0a:70:3d:39:b2:14: 699s a6:2d:ff:07:6f:6b:88:24:00:5e:66:90:f1:bd:43:36:70:bf: 699s ba:1d:4e:17:e5:89:d1:2b:37:b9:b8:1d:9f:5d:3b:1c:61:81: 699s 16:3e:cf:6a:4f:6c:f3:8d:fe:bb:45:10:ee:d4:80:06:ff:ae: 699s 71:4f 699s + local found_md5 expected_md5 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + expected_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-15864.pem 699s + found_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 699s + '[' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F '!=' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F ']' 699s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-15864-auth.output 699s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-15864-auth.output .output 699s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-15864-auth.pem 699s + echo -n 053350 699s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 699s [p11_child[1830]] [main] (0x0400): p11_child started. 699s [p11_child[1830]] [main] (0x2000): Running in [auth] mode. 699s [p11_child[1830]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[1830]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[1830]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 699s [p11_child[1830]] [do_card] (0x4000): Module List: 699s [p11_child[1830]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[1830]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1830]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7afae82d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[1830]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 699s [p11_child[1830]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x7afae82d][2063263789] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 699s [p11_child[1830]] [do_card] (0x4000): Login required. 699s [p11_child[1830]] [do_card] (0x4000): Token flags [1069]. 699s [p11_child[1830]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 699s [p11_child[1830]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 699s [p11_child[1830]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[1830]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7afae82d;slot-manufacturer=SoftHSM%20project;slot-id=2063263789;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7fb7194ffafae82d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 699s [p11_child[1830]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 699s [p11_child[1830]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 699s [p11_child[1830]] [do_card] (0x4000): Certificate verified and validated. 699s [p11_child[1830]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-15864-auth.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-15864-auth.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-15864-auth.pem 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-15864-auth.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 4 (0x4) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 699s Validity 699s Not Before: Mar 15 18:02:29 2025 GMT 699s Not After : Mar 15 18:02:29 2026 GMT 699s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:be:21:53:47:90:55:cb:ab:1c:8b:40:a9:ac:61: 699s 9f:b3:df:d5:43:c0:2f:6c:65:a6:3e:9e:69:d0:53: 699s 1c:56:0d:5a:62:34:74:04:c4:65:52:44:4d:9f:ec: 699s b0:92:20:b4:01:d6:23:cf:4f:d0:ee:4f:c2:ed:1a: 699s c6:a0:f0:79:a2:3f:9c:21:8a:53:c5:70:26:17:d6: 699s 35:7b:2b:3b:ca:25:35:9a:7f:22:9d:96:a4:81:b1: 699s a3:ae:50:a3:ee:a1:d3:8c:9c:ec:67:52:5a:40:da: 699s bc:5a:ad:d9:12:b6:c7:44:8c:f3:22:9c:18:aa:a1: 699s 3d:21:26:2c:ab:c6:11:d2:0f 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s 8E:E9:5D:49:C6:DA:1F:92:7E:D3:EB:D4:2C:FC:07:AF:1F:D6:6D:0A 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Intermediate CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s 46:D5:9A:73:2A:B4:5D:A6:51:86:7A:7F:19:40:56:11:C4:D4:0B:EE 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 38:2c:26:56:fc:9d:72:43:73:7b:44:ea:ae:0b:54:ba:54:e8: 699s 9b:bd:ba:ee:7f:51:20:a2:54:46:a1:ec:5c:4b:33:44:d5:b5: 699s 62:aa:99:27:79:dd:ea:22:d4:ba:d2:8e:ed:02:cf:13:43:1d: 699s fb:85:79:56:9b:d2:94:f9:6c:8c:9a:04:0a:70:3d:39:b2:14: 699s a6:2d:ff:07:6f:6b:88:24:00:5e:66:90:f1:bd:43:36:70:bf: 699s ba:1d:4e:17:e5:89:d1:2b:37:b9:b8:1d:9f:5d:3b:1c:61:81: 699s 16:3e:cf:6a:4f:6c:f3:8d:fe:bb:45:10:ee:d4:80:06:ff:ae: 699s 71:4f 699s + found_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 699s + '[' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F '!=' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F ']' 699s + invalid_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 699s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 699s + local verify_option= 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-intermediate-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 700s Test Organization Interme Token 700s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 700s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 700s + token_name='Test Organization Interme Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 700s + echo 'Test Organization Interme Token' 700s + '[' -n '' ']' 700s + local output_base_name=SSSD-child-17730 700s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-17730.output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-17730.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 700s [p11_child[1840]] [main] (0x0400): p11_child started. 700s [p11_child[1840]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[1840]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1840]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1840]] [do_card] (0x4000): Module List: 700s [p11_child[1840]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1840]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1840]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7afae82d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1840]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 700s [p11_child[1840]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x7afae82d][2063263789] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1840]] [do_card] (0x4000): Login NOT required. 700s [p11_child[1840]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 700s [p11_child[1840]] [do_verification] (0x0040): X509_verify_cert failed [0]. 700s [p11_child[1840]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 700s [p11_child[1840]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 700s [p11_child[1840]] [do_card] (0x4000): No certificate found. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-17730.output 700s + return 2 700s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem partial_chain 700s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem partial_chain 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 700s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 700s + local verify_option=partial_chain 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-15881 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-15881 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-intermediate-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 700s Test Organization Interme Token 700s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 700s + token_name='Test Organization Interme Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 700s + echo 'Test Organization Interme Token' 700s + '[' -n partial_chain ']' 700s + local verify_arg=--verify=partial_chain 700s + local output_base_name=SSSD-child-17811 700s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-17811.output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-17811.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem 700s [p11_child[1847]] [main] (0x0400): p11_child started. 700s [p11_child[1847]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[1847]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1847]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1847]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[1847]] [do_card] (0x4000): Module List: 700s [p11_child[1847]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1847]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1847]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7afae82d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1847]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 700s [p11_child[1847]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x7afae82d][2063263789] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1847]] [do_card] (0x4000): Login NOT required. 700s [p11_child[1847]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 700s [p11_child[1847]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[1847]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[1847]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7afae82d;slot-manufacturer=SoftHSM%20project;slot-id=2063263789;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7fb7194ffafae82d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[1847]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-17811.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-17811.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-17811.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 4 (0x4) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 700s Validity 700s Not Before: Mar 15 18:02:29 2025 GMT 700s Not After : Mar 15 18:02:29 2026 GMT 700s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:be:21:53:47:90:55:cb:ab:1c:8b:40:a9:ac:61: 700s 9f:b3:df:d5:43:c0:2f:6c:65:a6:3e:9e:69:d0:53: 700s 1c:56:0d:5a:62:34:74:04:c4:65:52:44:4d:9f:ec: 700s b0:92:20:b4:01:d6:23:cf:4f:d0:ee:4f:c2:ed:1a: 700s c6:a0:f0:79:a2:3f:9c:21:8a:53:c5:70:26:17:d6: 700s 35:7b:2b:3b:ca:25:35:9a:7f:22:9d:96:a4:81:b1: 700s a3:ae:50:a3:ee:a1:d3:8c:9c:ec:67:52:5a:40:da: 700s bc:5a:ad:d9:12:b6:c7:44:8c:f3:22:9c:18:aa:a1: 700s 3d:21:26:2c:ab:c6:11:d2:0f 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s 8E:E9:5D:49:C6:DA:1F:92:7E:D3:EB:D4:2C:FC:07:AF:1F:D6:6D:0A 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Intermediate CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s 46:D5:9A:73:2A:B4:5D:A6:51:86:7A:7F:19:40:56:11:C4:D4:0B:EE 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 38:2c:26:56:fc:9d:72:43:73:7b:44:ea:ae:0b:54:ba:54:e8: 700s 9b:bd:ba:ee:7f:51:20:a2:54:46:a1:ec:5c:4b:33:44:d5:b5: 700s 62:aa:99:27:79:dd:ea:22:d4:ba:d2:8e:ed:02:cf:13:43:1d: 700s fb:85:79:56:9b:d2:94:f9:6c:8c:9a:04:0a:70:3d:39:b2:14: 700s a6:2d:ff:07:6f:6b:88:24:00:5e:66:90:f1:bd:43:36:70:bf: 700s ba:1d:4e:17:e5:89:d1:2b:37:b9:b8:1d:9f:5d:3b:1c:61:81: 700s 16:3e:cf:6a:4f:6c:f3:8d:fe:bb:45:10:ee:d4:80:06:ff:ae: 700s 71:4f 700s + local found_md5 expected_md5 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-intermediate-CA-trusted-certificate-0001.pem 700s + expected_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-17811.pem 700s + found_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 700s + '[' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F '!=' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F ']' 700s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-17811-auth.output 700s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-17811-auth.output .output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-17811-auth.pem 700s + echo -n 053350 700s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-91sRMn/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 700s [p11_child[1855]] [main] (0x0400): p11_child started. 700s [p11_child[1855]] [main] (0x2000): Running in [auth] mode. 700s [p11_child[1855]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1855]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1855]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[1855]] [do_card] (0x4000): Module List: 700s [p11_child[1855]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1855]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1855]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7afae82d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1855]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 700s [p11_child[1855]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x7afae82d][2063263789] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1855]] [do_card] (0x4000): Login required. 700s [p11_child[1855]] [do_card] (0x4000): Token flags [1069]. 700s [p11_child[1855]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 700s [p11_child[1855]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[1855]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[1855]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7afae82d;slot-manufacturer=SoftHSM%20project;slot-id=2063263789;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7fb7194ffafae82d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 700s [p11_child[1855]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 700s [p11_child[1855]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 700s [p11_child[1855]] [do_card] (0x4000): Certificate verified and validated. 700s [p11_child[1855]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-17811-auth.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-17811-auth.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-17811-auth.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 4 (0x4) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 700s Validity 700s Not Before: Mar 15 18:02:29 2025 GMT 700s Not After : Mar 15 18:02:29 2026 GMT 700s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:be:21:53:47:90:55:cb:ab:1c:8b:40:a9:ac:61: 700s 9f:b3:df:d5:43:c0:2f:6c:65:a6:3e:9e:69:d0:53: 700s 1c:56:0d:5a:62:34:74:04:c4:65:52:44:4d:9f:ec: 700s b0:92:20:b4:01:d6:23:cf:4f:d0:ee:4f:c2:ed:1a: 700s c6:a0:f0:79:a2:3f:9c:21:8a:53:c5:70:26:17:d6: 700s 35:7b:2b:3b:ca:25:35:9a:7f:22:9d:96:a4:81:b1: 700s a3:ae:50:a3:ee:a1:d3:8c:9c:ec:67:52:5a:40:da: 700s bc:5a:ad:d9:12:b6:c7:44:8c:f3:22:9c:18:aa:a1: 700s 3d:21:26:2c:ab:c6:11:d2:0f 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s 8E:E9:5D:49:C6:DA:1F:92:7E:D3:EB:D4:2C:FC:07:AF:1F:D6:6D:0A 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Intermediate CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s 46:D5:9A:73:2A:B4:5D:A6:51:86:7A:7F:19:40:56:11:C4:D4:0B:EE 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 38:2c:26:56:fc:9d:72:43:73:7b:44:ea:ae:0b:54:ba:54:e8: 700s 9b:bd:ba:ee:7f:51:20:a2:54:46:a1:ec:5c:4b:33:44:d5:b5: 700s 62:aa:99:27:79:dd:ea:22:d4:ba:d2:8e:ed:02:cf:13:43:1d: 700s fb:85:79:56:9b:d2:94:f9:6c:8c:9a:04:0a:70:3d:39:b2:14: 700s a6:2d:ff:07:6f:6b:88:24:00:5e:66:90:f1:bd:43:36:70:bf: 700s ba:1d:4e:17:e5:89:d1:2b:37:b9:b8:1d:9f:5d:3b:1c:61:81: 700s 16:3e:cf:6a:4f:6c:f3:8d:fe:bb:45:10:ee:d4:80:06:ff:ae: 700s 71:4f 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-17811-auth.pem 700s + found_md5=Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F 700s + '[' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F '!=' Modulus=BE2153479055CBAB1C8B40A9AC619FB3DFD543C02F6C65A63E9E69D0531C560D5A62347404C46552444D9FECB09220B401D623CF4FD0EE4FC2ED1AC6A0F079A23F9C218A53C5702617D6357B2B3BCA25359A7F229D96A481B1A3AE50A3EEA1D38C9CEC67525A40DABC5AADD912B6C7448CF3229C18AAA13D21262CABC611D20F ']' 700s + invalid_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 700s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 700s + local verify_option= 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 700s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 700s + token_name='Test Organization Sub Int Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 700s + local key_file 700s + local decrypted_key 700s + mkdir -p /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 700s + key_file=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 700s + decrypted_key=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 700s + cat 700s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 700s Slot 0 has a free/uninitialized token. 700s The token has been initialized and is reassigned to slot 866390604 700s + softhsm2-util --show-slots 700s Available slots: 700s Slot 866390604 700s Slot info: 700s Description: SoftHSM slot ID 0x33a4124c 700s Manufacturer ID: SoftHSM project 700s Hardware version: 2.6 700s Firmware version: 2.6 700s Token present: yes 700s Token info: 700s Manufacturer ID: SoftHSM project 700s Model: SoftHSM v2 700s Hardware version: 2.6 700s Firmware version: 2.6 700s Serial number: 71d119ab33a4124c 700s Initialized: yes 700s User PIN init.: yes 700s Label: Test Organization Sub Int Token 700s Slot 1 700s Slot info: 700s Description: SoftHSM slot ID 0x1 700s Manufacturer ID: SoftHSM project 700s Hardware version: 2.6 700s Firmware version: 2.6 700s Token present: yes 700s Token info: 700s Manufacturer ID: SoftHSM project 700s Model: SoftHSM v2 700s Hardware version: 2.6 700s Firmware version: 2.6 700s Serial number: 700s Initialized: no 700s User PIN init.: no 700s Label: 700s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 700s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-23305 -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 700s writing RSA key 700s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 700s + rm /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 700s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 700s Object 0: 700s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71d119ab33a4124c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 700s Type: X.509 Certificate (RSA-1024) 700s Expires: Sun Mar 15 18:02:29 2026 700s Label: Test Organization Sub Intermediate Trusted Certificate 0001 700s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 700s 700s + echo 'Test Organization Sub Int Token' 700s + '[' -n '' ']' 700s + local output_base_name=SSSD-child-13137 700s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-13137.output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-13137.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 700s Test Organization Sub Int Token 700s [p11_child[1874]] [main] (0x0400): p11_child started. 700s [p11_child[1874]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[1874]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1874]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1874]] [do_card] (0x4000): Module List: 700s [p11_child[1874]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1874]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1874]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1874]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 700s [p11_child[1874]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1874]] [do_card] (0x4000): Login NOT required. 700s [p11_child[1874]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 700s [p11_child[1874]] [do_verification] (0x0040): X509_verify_cert failed [0]. 700s [p11_child[1874]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 700s [p11_child[1874]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 700s [p11_child[1874]] [do_card] (0x4000): No certificate found. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-13137.output 700s + return 2 700s + invalid_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem partial_chain 700s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-root-CA.pem partial_chain 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 700s + local verify_option=partial_chain 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 700s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 700s + token_name='Test Organization Sub Int Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 700s + echo 'Test Organization Sub Int Token' 700s + '[' -n partial_chain ']' 700s + local verify_arg=--verify=partial_chain 700s + local output_base_name=SSSD-child-9528 700s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-9528.output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-9528.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-91sRMn/test-root-CA.pem 700s Test Organization Sub Int Token 700s [p11_child[1881]] [main] (0x0400): p11_child started. 700s [p11_child[1881]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[1881]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1881]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1881]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[1881]] [do_card] (0x4000): Module List: 700s [p11_child[1881]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1881]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1881]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1881]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 700s [p11_child[1881]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1881]] [do_card] (0x4000): Login NOT required. 700s [p11_child[1881]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 700s [p11_child[1881]] [do_verification] (0x0040): X509_verify_cert failed [0]. 700s [p11_child[1881]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 700s [p11_child[1881]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 700s [p11_child[1881]] [do_card] (0x4000): No certificate found. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-9528.output 700s + return 2 700s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 700s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 700s + local verify_option= 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 700s Test Organization Sub Int Token 700s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 700s + token_name='Test Organization Sub Int Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 700s + echo 'Test Organization Sub Int Token' 700s + '[' -n '' ']' 700s + local output_base_name=SSSD-child-6034 700s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-6034.output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-6034.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 700s [p11_child[1888]] [main] (0x0400): p11_child started. 700s [p11_child[1888]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[1888]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1888]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1888]] [do_card] (0x4000): Module List: 700s [p11_child[1888]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1888]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1888]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1888]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 700s [p11_child[1888]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1888]] [do_card] (0x4000): Login NOT required. 700s [p11_child[1888]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 700s [p11_child[1888]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[1888]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[1888]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33a4124c;slot-manufacturer=SoftHSM%20project;slot-id=866390604;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71d119ab33a4124c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[1888]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-6034.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-6034.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-6034.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 5 (0x5) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 700s Validity 700s Not Before: Mar 15 18:02:29 2025 GMT 700s Not After : Mar 15 18:02:29 2026 GMT 700s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:d5:fb:7e:c5:ea:f7:2e:da:bc:a4:01:e2:89:99: 700s f4:64:45:91:4e:58:0b:68:8b:db:19:33:9a:79:58: 700s 47:54:80:c3:2e:fe:50:a1:73:85:b9:24:66:5f:87: 700s a6:ad:bb:4b:27:72:fb:53:56:57:1f:52:1d:fc:f9: 700s da:5d:b0:99:0f:0e:62:77:b2:42:6e:36:ca:4d:21: 700s 63:fe:af:4b:1b:1e:bd:cd:b1:70:4a:b3:2e:f5:9e: 700s 5c:fa:2d:5a:0f:e1:01:9c:17:b8:cb:5c:bc:c8:1f: 700s 3c:bd:cf:1e:85:e7:14:60:e5:e1:65:4b:1e:11:92: 700s 9d:98:15:06:31:10:58:8f:db 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s 2F:56:9C:E4:31:9C:A5:BE:9D:56:E3:A3:94:30:54:18:7C:7E:5D:A0 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Sub Intermediate CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s E6:11:0E:9F:D6:36:3B:3E:82:57:7C:DB:0F:D9:B0:AA:25:F9:64:A2 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 74:5a:71:2a:a8:6d:6d:17:1c:0c:27:e8:d2:ab:7f:c2:bd:b1: 700s 7a:ed:90:7f:b4:5b:41:4e:4d:d7:ad:bc:51:c6:83:09:e8:d4: 700s 7b:ef:12:16:d0:f4:eb:56:5a:4e:a1:93:70:75:90:77:aa:0b: 700s 3f:ca:bd:b7:b0:aa:7e:49:74:de:f0:e3:c7:4b:c5:45:7b:03: 700s 13:2f:c5:6c:76:d9:92:1e:3a:96:9c:15:a8:69:14:2c:35:58: 700s 37:f1:48:a7:5c:ba:cf:30:b4:b5:d5:67:94:ae:ff:e7:f2:d4: 700s 3a:5a:1a:0e:35:f3:a3:44:3f:f0:28:be:0a:ea:4b:5e:3b:67: 700s 88:35 700s + local found_md5 expected_md5 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + expected_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-6034.pem 700s + found_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 700s + '[' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB '!=' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB ']' 700s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-6034-auth.output 700s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-6034-auth.output .output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-6034-auth.pem 700s + echo -n 053350 700s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 700s [p11_child[1896]] [main] (0x0400): p11_child started. 700s [p11_child[1896]] [main] (0x2000): Running in [auth] mode. 700s [p11_child[1896]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1896]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1896]] [do_card] (0x4000): Module List: 700s [p11_child[1896]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1896]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1896]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1896]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 700s [p11_child[1896]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1896]] [do_card] (0x4000): Login required. 700s [p11_child[1896]] [do_card] (0x4000): Token flags [1069]. 700s [p11_child[1896]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 700s [p11_child[1896]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[1896]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[1896]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33a4124c;slot-manufacturer=SoftHSM%20project;slot-id=866390604;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71d119ab33a4124c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 700s [p11_child[1896]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 700s [p11_child[1896]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 700s [p11_child[1896]] [do_card] (0x4000): Certificate verified and validated. 700s [p11_child[1896]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-6034-auth.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-6034-auth.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-6034-auth.pem 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-6034-auth.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 5 (0x5) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 700s Validity 700s Not Before: Mar 15 18:02:29 2025 GMT 700s Not After : Mar 15 18:02:29 2026 GMT 700s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:d5:fb:7e:c5:ea:f7:2e:da:bc:a4:01:e2:89:99: 700s f4:64:45:91:4e:58:0b:68:8b:db:19:33:9a:79:58: 700s 47:54:80:c3:2e:fe:50:a1:73:85:b9:24:66:5f:87: 700s a6:ad:bb:4b:27:72:fb:53:56:57:1f:52:1d:fc:f9: 700s da:5d:b0:99:0f:0e:62:77:b2:42:6e:36:ca:4d:21: 700s 63:fe:af:4b:1b:1e:bd:cd:b1:70:4a:b3:2e:f5:9e: 700s 5c:fa:2d:5a:0f:e1:01:9c:17:b8:cb:5c:bc:c8:1f: 700s 3c:bd:cf:1e:85:e7:14:60:e5:e1:65:4b:1e:11:92: 700s 9d:98:15:06:31:10:58:8f:db 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s 2F:56:9C:E4:31:9C:A5:BE:9D:56:E3:A3:94:30:54:18:7C:7E:5D:A0 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Sub Intermediate CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s E6:11:0E:9F:D6:36:3B:3E:82:57:7C:DB:0F:D9:B0:AA:25:F9:64:A2 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 74:5a:71:2a:a8:6d:6d:17:1c:0c:27:e8:d2:ab:7f:c2:bd:b1: 700s 7a:ed:90:7f:b4:5b:41:4e:4d:d7:ad:bc:51:c6:83:09:e8:d4: 700s 7b:ef:12:16:d0:f4:eb:56:5a:4e:a1:93:70:75:90:77:aa:0b: 700s 3f:ca:bd:b7:b0:aa:7e:49:74:de:f0:e3:c7:4b:c5:45:7b:03: 700s 13:2f:c5:6c:76:d9:92:1e:3a:96:9c:15:a8:69:14:2c:35:58: 700s 37:f1:48:a7:5c:ba:cf:30:b4:b5:d5:67:94:ae:ff:e7:f2:d4: 700s 3a:5a:1a:0e:35:f3:a3:44:3f:f0:28:be:0a:ea:4b:5e:3b:67: 700s 88:35 700s + found_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 700s + '[' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB '!=' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB ']' 700s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem partial_chain 700s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem partial_chain 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 700s + local verify_option=partial_chain 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 700s Test Organization Sub Int Token 700s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 700s + token_name='Test Organization Sub Int Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 700s + echo 'Test Organization Sub Int Token' 700s + '[' -n partial_chain ']' 700s + local verify_arg=--verify=partial_chain 700s + local output_base_name=SSSD-child-32410 700s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-32410.output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-32410.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem 700s [p11_child[1906]] [main] (0x0400): p11_child started. 700s [p11_child[1906]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[1906]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1906]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1906]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[1906]] [do_card] (0x4000): Module List: 700s [p11_child[1906]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1906]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1906]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1906]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 700s [p11_child[1906]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1906]] [do_card] (0x4000): Login NOT required. 700s [p11_child[1906]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 700s [p11_child[1906]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[1906]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[1906]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33a4124c;slot-manufacturer=SoftHSM%20project;slot-id=866390604;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71d119ab33a4124c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[1906]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-32410.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-32410.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-32410.pem 700s + local found_md5 expected_md5 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 5 (0x5) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 700s Validity 700s Not Before: Mar 15 18:02:29 2025 GMT 700s Not After : Mar 15 18:02:29 2026 GMT 700s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:d5:fb:7e:c5:ea:f7:2e:da:bc:a4:01:e2:89:99: 700s f4:64:45:91:4e:58:0b:68:8b:db:19:33:9a:79:58: 700s 47:54:80:c3:2e:fe:50:a1:73:85:b9:24:66:5f:87: 700s a6:ad:bb:4b:27:72:fb:53:56:57:1f:52:1d:fc:f9: 700s da:5d:b0:99:0f:0e:62:77:b2:42:6e:36:ca:4d:21: 700s 63:fe:af:4b:1b:1e:bd:cd:b1:70:4a:b3:2e:f5:9e: 700s 5c:fa:2d:5a:0f:e1:01:9c:17:b8:cb:5c:bc:c8:1f: 700s 3c:bd:cf:1e:85:e7:14:60:e5:e1:65:4b:1e:11:92: 700s 9d:98:15:06:31:10:58:8f:db 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s 2F:56:9C:E4:31:9C:A5:BE:9D:56:E3:A3:94:30:54:18:7C:7E:5D:A0 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Sub Intermediate CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s E6:11:0E:9F:D6:36:3B:3E:82:57:7C:DB:0F:D9:B0:AA:25:F9:64:A2 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 74:5a:71:2a:a8:6d:6d:17:1c:0c:27:e8:d2:ab:7f:c2:bd:b1: 700s 7a:ed:90:7f:b4:5b:41:4e:4d:d7:ad:bc:51:c6:83:09:e8:d4: 700s 7b:ef:12:16:d0:f4:eb:56:5a:4e:a1:93:70:75:90:77:aa:0b: 700s 3f:ca:bd:b7:b0:aa:7e:49:74:de:f0:e3:c7:4b:c5:45:7b:03: 700s 13:2f:c5:6c:76:d9:92:1e:3a:96:9c:15:a8:69:14:2c:35:58: 700s 37:f1:48:a7:5c:ba:cf:30:b4:b5:d5:67:94:ae:ff:e7:f2:d4: 700s 3a:5a:1a:0e:35:f3:a3:44:3f:f0:28:be:0a:ea:4b:5e:3b:67: 700s 88:35 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + expected_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-32410.pem 700s + found_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 700s + '[' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB '!=' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB ']' 700s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-32410-auth.output 700s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-32410-auth.output .output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-32410-auth.pem 700s + echo -n 053350 700s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-91sRMn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 700s [p11_child[1914]] [main] (0x0400): p11_child started. 700s [p11_child[1914]] [main] (0x2000): Running in [auth] mode. 700s [p11_child[1914]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1914]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1914]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[1914]] [do_card] (0x4000): Module List: 700s [p11_child[1914]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1914]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1914]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1914]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 700s [p11_child[1914]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1914]] [do_card] (0x4000): Login required. 700s [p11_child[1914]] [do_card] (0x4000): Token flags [1069]. 700s [p11_child[1914]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 700s [p11_child[1914]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[1914]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[1914]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33a4124c;slot-manufacturer=SoftHSM%20project;slot-id=866390604;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71d119ab33a4124c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 700s [p11_child[1914]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 700s [p11_child[1914]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 700s [p11_child[1914]] [do_card] (0x4000): Certificate verified and validated. 700s [p11_child[1914]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-32410-auth.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-32410-auth.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-32410-auth.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 5 (0x5) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 700s Validity 700s Not Before: Mar 15 18:02:29 2025 GMT 700s Not After : Mar 15 18:02:29 2026 GMT 700s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:d5:fb:7e:c5:ea:f7:2e:da:bc:a4:01:e2:89:99: 700s f4:64:45:91:4e:58:0b:68:8b:db:19:33:9a:79:58: 700s 47:54:80:c3:2e:fe:50:a1:73:85:b9:24:66:5f:87: 700s a6:ad:bb:4b:27:72:fb:53:56:57:1f:52:1d:fc:f9: 700s da:5d:b0:99:0f:0e:62:77:b2:42:6e:36:ca:4d:21: 700s 63:fe:af:4b:1b:1e:bd:cd:b1:70:4a:b3:2e:f5:9e: 700s 5c:fa:2d:5a:0f:e1:01:9c:17:b8:cb:5c:bc:c8:1f: 700s 3c:bd:cf:1e:85:e7:14:60:e5:e1:65:4b:1e:11:92: 700s 9d:98:15:06:31:10:58:8f:db 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s 2F:56:9C:E4:31:9C:A5:BE:9D:56:E3:A3:94:30:54:18:7C:7E:5D:A0 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Sub Intermediate CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s E6:11:0E:9F:D6:36:3B:3E:82:57:7C:DB:0F:D9:B0:AA:25:F9:64:A2 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 74:5a:71:2a:a8:6d:6d:17:1c:0c:27:e8:d2:ab:7f:c2:bd:b1: 700s 7a:ed:90:7f:b4:5b:41:4e:4d:d7:ad:bc:51:c6:83:09:e8:d4: 700s 7b:ef:12:16:d0:f4:eb:56:5a:4e:a1:93:70:75:90:77:aa:0b: 700s 3f:ca:bd:b7:b0:aa:7e:49:74:de:f0:e3:c7:4b:c5:45:7b:03: 700s 13:2f:c5:6c:76:d9:92:1e:3a:96:9c:15:a8:69:14:2c:35:58: 700s 37:f1:48:a7:5c:ba:cf:30:b4:b5:d5:67:94:ae:ff:e7:f2:d4: 700s 3a:5a:1a:0e:35:f3:a3:44:3f:f0:28:be:0a:ea:4b:5e:3b:67: 700s 88:35 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-32410-auth.pem 700s + found_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 700s + '[' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB '!=' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB ']' 700s + invalid_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 700s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 700s + local verify_option= 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 700s Test Organization Sub Int Token 700s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 700s + token_name='Test Organization Sub Int Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 700s + echo 'Test Organization Sub Int Token' 700s + '[' -n '' ']' 700s + local output_base_name=SSSD-child-90 700s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-90.output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-90.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 700s [p11_child[1924]] [main] (0x0400): p11_child started. 700s [p11_child[1924]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[1924]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1924]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1924]] [do_card] (0x4000): Module List: 700s [p11_child[1924]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1924]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1924]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1924]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 700s [p11_child[1924]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1924]] [do_card] (0x4000): Login NOT required. 700s [p11_child[1924]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 700s [p11_child[1924]] [do_verification] (0x0040): X509_verify_cert failed [0]. 700s [p11_child[1924]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 700s [p11_child[1924]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 700s [p11_child[1924]] [do_card] (0x4000): No certificate found. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-90.output 700s + return 2 700s + invalid_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-root-intermediate-chain-CA.pem partial_chain 700s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-root-intermediate-chain-CA.pem partial_chain 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-root-intermediate-chain-CA.pem 700s + local verify_option=partial_chain 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 700s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 700s + token_name='Test Organization Sub Int Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 700s + echo 'Test Organization Sub Int Token' 700s + '[' -n partial_chain ']' 700s + local verify_arg=--verify=partial_chain 700s + local output_base_name=SSSD-child-20497 700s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-20497.output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-20497.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-91sRMn/test-root-intermediate-chain-CA.pem 700s Test Organization Sub Int Token 700s [p11_child[1931]] [main] (0x0400): p11_child started. 700s [p11_child[1931]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[1931]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1931]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1931]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[1931]] [do_card] (0x4000): Module List: 700s [p11_child[1931]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1931]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1931]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1931]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 700s [p11_child[1931]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1931]] [do_card] (0x4000): Login NOT required. 700s [p11_child[1931]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 700s [p11_child[1931]] [do_verification] (0x0040): X509_verify_cert failed [0]. 700s [p11_child[1931]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 700s [p11_child[1931]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 700s [p11_child[1931]] [do_card] (0x4000): No certificate found. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-20497.output 700s + return 2 700s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem partial_chain 700s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem partial_chain 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 700s + local verify_option=partial_chain 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s Test Organization Sub Int Token 700s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 700s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 700s + token_name='Test Organization Sub Int Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 700s + echo 'Test Organization Sub Int Token' 700s + '[' -n partial_chain ']' 700s + local verify_arg=--verify=partial_chain 700s + local output_base_name=SSSD-child-24537 700s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-24537.output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-24537.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem 700s [p11_child[1938]] [main] (0x0400): p11_child started. 700s [p11_child[1938]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[1938]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1938]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1938]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[1938]] [do_card] (0x4000): Module List: 700s [p11_child[1938]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1938]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1938]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1938]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 700s [p11_child[1938]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1938]] [do_card] (0x4000): Login NOT required. 700s [p11_child[1938]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 700s [p11_child[1938]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[1938]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[1938]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33a4124c;slot-manufacturer=SoftHSM%20project;slot-id=866390604;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71d119ab33a4124c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[1938]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-24537.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-24537.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-24537.pem 700s + local found_md5 expected_md5 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 5 (0x5) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 700s Validity 700s Not Before: Mar 15 18:02:29 2025 GMT 700s Not After : Mar 15 18:02:29 2026 GMT 700s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:d5:fb:7e:c5:ea:f7:2e:da:bc:a4:01:e2:89:99: 700s f4:64:45:91:4e:58:0b:68:8b:db:19:33:9a:79:58: 700s 47:54:80:c3:2e:fe:50:a1:73:85:b9:24:66:5f:87: 700s a6:ad:bb:4b:27:72:fb:53:56:57:1f:52:1d:fc:f9: 700s da:5d:b0:99:0f:0e:62:77:b2:42:6e:36:ca:4d:21: 700s 63:fe:af:4b:1b:1e:bd:cd:b1:70:4a:b3:2e:f5:9e: 700s 5c:fa:2d:5a:0f:e1:01:9c:17:b8:cb:5c:bc:c8:1f: 700s 3c:bd:cf:1e:85:e7:14:60:e5:e1:65:4b:1e:11:92: 700s 9d:98:15:06:31:10:58:8f:db 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s 2F:56:9C:E4:31:9C:A5:BE:9D:56:E3:A3:94:30:54:18:7C:7E:5D:A0 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Sub Intermediate CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s E6:11:0E:9F:D6:36:3B:3E:82:57:7C:DB:0F:D9:B0:AA:25:F9:64:A2 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 74:5a:71:2a:a8:6d:6d:17:1c:0c:27:e8:d2:ab:7f:c2:bd:b1: 700s 7a:ed:90:7f:b4:5b:41:4e:4d:d7:ad:bc:51:c6:83:09:e8:d4: 700s 7b:ef:12:16:d0:f4:eb:56:5a:4e:a1:93:70:75:90:77:aa:0b: 700s 3f:ca:bd:b7:b0:aa:7e:49:74:de:f0:e3:c7:4b:c5:45:7b:03: 700s 13:2f:c5:6c:76:d9:92:1e:3a:96:9c:15:a8:69:14:2c:35:58: 700s 37:f1:48:a7:5c:ba:cf:30:b4:b5:d5:67:94:ae:ff:e7:f2:d4: 700s 3a:5a:1a:0e:35:f3:a3:44:3f:f0:28:be:0a:ea:4b:5e:3b:67: 700s 88:35 700s + expected_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-24537.pem 700s + found_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 700s + '[' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB '!=' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB ']' 700s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-24537-auth.output 700s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-24537-auth.output .output 700s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-24537-auth.pem 700s + echo -n 053350 700s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 700s [p11_child[1946]] [main] (0x0400): p11_child started. 700s [p11_child[1946]] [main] (0x2000): Running in [auth] mode. 700s [p11_child[1946]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[1946]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[1946]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[1946]] [do_card] (0x4000): Module List: 700s [p11_child[1946]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[1946]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1946]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[1946]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 700s [p11_child[1946]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 700s [p11_child[1946]] [do_card] (0x4000): Login required. 700s [p11_child[1946]] [do_card] (0x4000): Token flags [1069]. 700s [p11_child[1946]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 700s [p11_child[1946]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[1946]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[1946]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33a4124c;slot-manufacturer=SoftHSM%20project;slot-id=866390604;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71d119ab33a4124c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 700s [p11_child[1946]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 700s [p11_child[1946]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 700s [p11_child[1946]] [do_card] (0x4000): Certificate verified and validated. 700s [p11_child[1946]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-24537-auth.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-24537-auth.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-24537-auth.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 5 (0x5) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 700s Validity 700s Not Before: Mar 15 18:02:29 2025 GMT 700s Not After : Mar 15 18:02:29 2026 GMT 700s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:d5:fb:7e:c5:ea:f7:2e:da:bc:a4:01:e2:89:99: 700s f4:64:45:91:4e:58:0b:68:8b:db:19:33:9a:79:58: 700s 47:54:80:c3:2e:fe:50:a1:73:85:b9:24:66:5f:87: 700s a6:ad:bb:4b:27:72:fb:53:56:57:1f:52:1d:fc:f9: 700s da:5d:b0:99:0f:0e:62:77:b2:42:6e:36:ca:4d:21: 700s 63:fe:af:4b:1b:1e:bd:cd:b1:70:4a:b3:2e:f5:9e: 700s 5c:fa:2d:5a:0f:e1:01:9c:17:b8:cb:5c:bc:c8:1f: 700s 3c:bd:cf:1e:85:e7:14:60:e5:e1:65:4b:1e:11:92: 700s 9d:98:15:06:31:10:58:8f:db 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s 2F:56:9C:E4:31:9C:A5:BE:9D:56:E3:A3:94:30:54:18:7C:7E:5D:A0 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Sub Intermediate CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s E6:11:0E:9F:D6:36:3B:3E:82:57:7C:DB:0F:D9:B0:AA:25:F9:64:A2 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 74:5a:71:2a:a8:6d:6d:17:1c:0c:27:e8:d2:ab:7f:c2:bd:b1: 700s 7a:ed:90:7f:b4:5b:41:4e:4d:d7:ad:bc:51:c6:83:09:e8:d4: 700s 7b:ef:12:16:d0:f4:eb:56:5a:4e:a1:93:70:75:90:77:aa:0b: 700s 3f:ca:bd:b7:b0:aa:7e:49:74:de:f0:e3:c7:4b:c5:45:7b:03: 700s 13:2f:c5:6c:76:d9:92:1e:3a:96:9c:15:a8:69:14:2c:35:58: 700s 37:f1:48:a7:5c:ba:cf:30:b4:b5:d5:67:94:ae:ff:e7:f2:d4: 700s 3a:5a:1a:0e:35:f3:a3:44:3f:f0:28:be:0a:ea:4b:5e:3b:67: 700s 88:35 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-24537-auth.pem 700s + found_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 700s + '[' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB '!=' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB ']' 700s + valid_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-intermediate-sub-chain-CA.pem partial_chain 700s + check_certificate /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 /tmp/sssd-softhsm2-91sRMn/test-intermediate-sub-chain-CA.pem partial_chain 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_ring=/tmp/sssd-softhsm2-91sRMn/test-intermediate-sub-chain-CA.pem 700s + local verify_option=partial_chain 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local certificate=/tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23305 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 701s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 701s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 701s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 701s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 701s ++ basename /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 701s + tokens_dir=/tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 701s + token_name='Test Organization Sub Int Token' 701s + '[' '!' -e /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 701s + '[' '!' -d /tmp/sssd-softhsm2-91sRMn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 701s + echo 'Test Organization Sub Int Token' 701s + '[' -n partial_chain ']' 701s + local verify_arg=--verify=partial_chain 701s + local output_base_name=SSSD-child-30673 701s + local output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-30673.output 701s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-30673.pem 701s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-91sRMn/test-intermediate-sub-chain-CA.pem 701s [p11_child[1956]] [main] (0x0400): p11_child started. 701s [p11_child[1956]] [main] (0x2000): Running in [pre-auth] mode. 701s [p11_child[1956]] [main] (0x2000): Running with effective IDs: [0][0]. 701s [p11_child[1956]] [main] (0x2000): Running with real IDs [0][0]. 701s [p11_child[1956]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 701s Test Organization Sub Int Token 701s [p11_child[1956]] [do_card] (0x4000): Module List: 701s [p11_child[1956]] [do_card] (0x4000): common name: [softhsm2]. 701s [p11_child[1956]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 701s [p11_child[1956]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 701s [p11_child[1956]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 701s [p11_child[1956]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 701s [p11_child[1956]] [do_card] (0x4000): Login NOT required. 701s [p11_child[1956]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 701s [p11_child[1956]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 701s [p11_child[1956]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 701s [p11_child[1956]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33a4124c;slot-manufacturer=SoftHSM%20project;slot-id=866390604;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71d119ab33a4124c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 701s [p11_child[1956]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 701s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-30673.output 701s + echo '-----BEGIN CERTIFICATE-----' 701s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-30673.output 701s + echo '-----END CERTIFICATE-----' 701s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-30673.pem 701s Certificate: 701s Data: 701s Version: 3 (0x2) 701s Serial Number: 5 (0x5) 701s Signature Algorithm: sha256WithRSAEncryption 701s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 701s Validity 701s Not Before: Mar 15 18:02:29 2025 GMT 701s Not After : Mar 15 18:02:29 2026 GMT 701s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 701s Subject Public Key Info: 701s Public Key Algorithm: rsaEncryption 701s Public-Key: (1024 bit) 701s Modulus: 701s 00:d5:fb:7e:c5:ea:f7:2e:da:bc:a4:01:e2:89:99: 701s f4:64:45:91:4e:58:0b:68:8b:db:19:33:9a:79:58: 701s 47:54:80:c3:2e:fe:50:a1:73:85:b9:24:66:5f:87: 701s a6:ad:bb:4b:27:72:fb:53:56:57:1f:52:1d:fc:f9: 701s da:5d:b0:99:0f:0e:62:77:b2:42:6e:36:ca:4d:21: 701s 63:fe:af:4b:1b:1e:bd:cd:b1:70:4a:b3:2e:f5:9e: 701s 5c:fa:2d:5a:0f:e1:01:9c:17:b8:cb:5c:bc:c8:1f: 701s 3c:bd:cf:1e:85:e7:14:60:e5:e1:65:4b:1e:11:92: 701s 9d:98:15:06:31:10:58:8f:db 701s Exponent: 65537 (0x10001) 701s X509v3 extensions: 701s X509v3 Authority Key Identifier: 701s 2F:56:9C:E4:31:9C:A5:BE:9D:56:E3:A3:94:30:54:18:7C:7E:5D:A0 701s X509v3 Basic Constraints: 701s CA:FALSE 701s Netscape Cert Type: 701s SSL Client, S/MIME 701s Netscape Comment: 701s Test Organization Sub Intermediate CA trusted Certificate 701s X509v3 Subject Key Identifier: 701s E6:11:0E:9F:D6:36:3B:3E:82:57:7C:DB:0F:D9:B0:AA:25:F9:64:A2 701s X509v3 Key Usage: critical 701s Digital Signature, Non Repudiation, Key Encipherment 701s X509v3 Extended Key Usage: 701s TLS Web Client Authentication, E-mail Protection 701s X509v3 Subject Alternative Name: 701s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 701s Signature Algorithm: sha256WithRSAEncryption 701s Signature Value: 701s 74:5a:71:2a:a8:6d:6d:17:1c:0c:27:e8:d2:ab:7f:c2:bd:b1: 701s 7a:ed:90:7f:b4:5b:41:4e:4d:d7:ad:bc:51:c6:83:09:e8:d4: 701s 7b:ef:12:16:d0:f4:eb:56:5a:4e:a1:93:70:75:90:77:aa:0b: 701s 3f:ca:bd:b7:b0:aa:7e:49:74:de:f0:e3:c7:4b:c5:45:7b:03: 701s 13:2f:c5:6c:76:d9:92:1e:3a:96:9c:15:a8:69:14:2c:35:58: 701s 37:f1:48:a7:5c:ba:cf:30:b4:b5:d5:67:94:ae:ff:e7:f2:d4: 701s 3a:5a:1a:0e:35:f3:a3:44:3f:f0:28:be:0a:ea:4b:5e:3b:67: 701s 88:35 701s + local found_md5 expected_md5 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/test-sub-intermediate-CA-trusted-certificate-0001.pem 701s + expected_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-30673.pem 701s + found_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 701s + '[' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB '!=' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB ']' 701s + output_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-30673-auth.output 701s ++ basename /tmp/sssd-softhsm2-91sRMn/SSSD-child-30673-auth.output .output 701s + output_cert_file=/tmp/sssd-softhsm2-91sRMn/SSSD-child-30673-auth.pem 701s + echo -n 053350 701s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-91sRMn/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 701s [p11_child[1964]] [main] (0x0400): p11_child started. 701s [p11_child[1964]] [main] (0x2000): Running in [auth] mode. 701s [p11_child[1964]] [main] (0x2000): Running with effective IDs: [0][0]. 701s [p11_child[1964]] [main] (0x2000): Running with real IDs [0][0]. 701s [p11_child[1964]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 701s [p11_child[1964]] [do_card] (0x4000): Module List: 701s [p11_child[1964]] [do_card] (0x4000): common name: [softhsm2]. 701s [p11_child[1964]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 701s [p11_child[1964]] [do_card] (0x4000): Description [SoftHSM slot ID 0x33a4124c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 701s [p11_child[1964]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 701s [p11_child[1964]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x33a4124c][866390604] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 701s [p11_child[1964]] [do_card] (0x4000): Login required. 701s [p11_child[1964]] [do_card] (0x4000): Token flags [1069]. 701s [p11_child[1964]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 701s [p11_child[1964]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 701s [p11_child[1964]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 701s [p11_child[1964]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x33a4124c;slot-manufacturer=SoftHSM%20project;slot-id=866390604;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=71d119ab33a4124c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 701s [p11_child[1964]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 701s [p11_child[1964]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 701s [p11_child[1964]] [do_card] (0x4000): Certificate verified and validated. 701s [p11_child[1964]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 701s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-91sRMn/SSSD-child-30673-auth.output 701s + echo '-----BEGIN CERTIFICATE-----' 701s + tail -n1 /tmp/sssd-softhsm2-91sRMn/SSSD-child-30673-auth.output 701s + echo '-----END CERTIFICATE-----' 701s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-30673-auth.pem 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-91sRMn/SSSD-child-30673-auth.pem 701s Certificate: 701s Data: 701s Version: 3 (0x2) 701s Serial Number: 5 (0x5) 701s Signature Algorithm: sha256WithRSAEncryption 701s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 701s Validity 701s Not Before: Mar 15 18:02:29 2025 GMT 701s Not After : Mar 15 18:02:29 2026 GMT 701s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 701s Subject Public Key Info: 701s Public Key Algorithm: rsaEncryption 701s Public-Key: (1024 bit) 701s Modulus: 701s 00:d5:fb:7e:c5:ea:f7:2e:da:bc:a4:01:e2:89:99: 701s f4:64:45:91:4e:58:0b:68:8b:db:19:33:9a:79:58: 701s 47:54:80:c3:2e:fe:50:a1:73:85:b9:24:66:5f:87: 701s a6:ad:bb:4b:27:72:fb:53:56:57:1f:52:1d:fc:f9: 701s da:5d:b0:99:0f:0e:62:77:b2:42:6e:36:ca:4d:21: 701s 63:fe:af:4b:1b:1e:bd:cd:b1:70:4a:b3:2e:f5:9e: 701s 5c:fa:2d:5a:0f:e1:01:9c:17:b8:cb:5c:bc:c8:1f: 701s 3c:bd:cf:1e:85:e7:14:60:e5:e1:65:4b:1e:11:92: 701s 9d:98:15:06:31:10:58:8f:db 701s Exponent: 65537 (0x10001) 701s X509v3 extensions: 701s X509v3 Authority Key Identifier: 701s 2F:56:9C:E4:31:9C:A5:BE:9D:56:E3:A3:94:30:54:18:7C:7E:5D:A0 701s X509v3 Basic Constraints: 701s CA:FALSE 701s Netscape Cert Type: 701s SSL Client, S/MIME 701s Netscape Comment: 701s Test Organization Sub Intermediate CA trusted Certificate 701s X509v3 Subject Key Identifier: 701s E6:11:0E:9F:D6:36:3B:3E:82:57:7C:DB:0F:D9:B0:AA:25:F9:64:A2 701s X509v3 Key Usage: critical 701s Digital Signature, Non Repudiation, Key Encipherment 701s X509v3 Extended Key Usage: 701s TLS Web Client Authentication, E-mail Protection 701s X509v3 Subject Alternative Name: 701s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 701s Signature Algorithm: sha256WithRSAEncryption 701s Signature Value: 701s 74:5a:71:2a:a8:6d:6d:17:1c:0c:27:e8:d2:ab:7f:c2:bd:b1: 701s 7a:ed:90:7f:b4:5b:41:4e:4d:d7:ad:bc:51:c6:83:09:e8:d4: 701s 7b:ef:12:16:d0:f4:eb:56:5a:4e:a1:93:70:75:90:77:aa:0b: 701s 3f:ca:bd:b7:b0:aa:7e:49:74:de:f0:e3:c7:4b:c5:45:7b:03: 701s 13:2f:c5:6c:76:d9:92:1e:3a:96:9c:15:a8:69:14:2c:35:58: 701s 37:f1:48:a7:5c:ba:cf:30:b4:b5:d5:67:94:ae:ff:e7:f2:d4: 701s 3a:5a:1a:0e:35:f3:a3:44:3f:f0:28:be:0a:ea:4b:5e:3b:67: 701s 88:35 701s 701s Test completed, Root CA and intermediate issued certificates verified! 701s + found_md5=Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB 701s + '[' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB '!=' Modulus=D5FB7EC5EAF72EDABCA401E28999F46445914E580B688BDB19339A7958475480C32EFE50A17385B924665F87A6ADBB4B2772FB5356571F521DFCF9DA5DB0990F0E6277B2426E36CA4D2163FEAF4B1B1EBDCDB1704AB32EF59E5CFA2D5A0FE1019C17B8CB5CBCC81F3CBDCF1E85E71460E5E1654B1E11929D9815063110588FDB ']' 701s + set +x 701s autopkgtest [18:02:32]: test sssd-softhism2-certificates-tests.sh: -----------------------] 705s autopkgtest [18:02:36]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 705s sssd-softhism2-certificates-tests.sh PASS 709s autopkgtest [18:02:40]: test sssd-smart-card-pam-auth-configs: preparing testbed 711s Reading package lists... 711s Building dependency tree... 711s Reading state information... 712s Starting pkgProblemResolver with broken count: 0 712s Starting 2 pkgProblemResolver with broken count: 0 712s Done 713s The following NEW packages will be installed: 713s pamtester 713s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 713s Need to get 11.4 kB of archives. 713s After this operation, 31.7 kB of additional disk space will be used. 713s Get:1 http://ftpmaster.internal/ubuntu plucky/universe armhf pamtester armhf 0.1.2-4 [11.4 kB] 713s Fetched 11.4 kB in 0s (52.1 kB/s) 713s Selecting previously unselected package pamtester. 713s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 65238 files and directories currently installed.) 713s Preparing to unpack .../pamtester_0.1.2-4_armhf.deb ... 713s Unpacking pamtester (0.1.2-4) ... 713s Setting up pamtester (0.1.2-4) ... 713s Processing triggers for man-db (2.13.0-1) ... 724s autopkgtest [18:02:55]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 724s autopkgtest [18:02:55]: test sssd-smart-card-pam-auth-configs: [----------------------- 726s + '[' -z ubuntu ']' 726s + export DEBIAN_FRONTEND=noninteractive 726s + DEBIAN_FRONTEND=noninteractive 726s + required_tools=(pamtester softhsm2-util sssd) 726s + [[ ! -v OFFLINE_MODE ]] 726s + for cmd in "${required_tools[@]}" 726s + command -v pamtester 726s + for cmd in "${required_tools[@]}" 726s + command -v softhsm2-util 726s + for cmd in "${required_tools[@]}" 726s + command -v sssd 726s + PIN=123456 726s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 726s + tmpdir=/tmp/sssd-softhsm2-certs-ttdz2E 726s + backupsdir= 726s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 726s + declare -a restore_paths 726s + declare -a delete_paths 726s + trap handle_exit EXIT 726s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 726s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 726s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 726s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 726s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-ttdz2E GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 726s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-ttdz2E 726s + GENERATE_SMART_CARDS=1 726s + KEEP_TEMPORARY_FILES=1 726s + NO_SSSD_TESTS=1 726s + bash debian/tests/sssd-softhism2-certificates-tests.sh 726s + '[' -z ubuntu ']' 726s + required_tools=(p11tool openssl softhsm2-util) 726s + for cmd in "${required_tools[@]}" 726s + command -v p11tool 726s + for cmd in "${required_tools[@]}" 726s + command -v openssl 726s + for cmd in "${required_tools[@]}" 726s + command -v softhsm2-util 726s + PIN=123456 726s +++ find /usr/lib/softhsm/libsofthsm2.so 726s +++ head -n 1 726s ++ realpath /usr/lib/softhsm/libsofthsm2.so 726s + SOFTHSM2_MODULE=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 726s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 726s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 726s + '[' '!' -v NO_SSSD_TESTS ']' 726s + '[' '!' -e /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so ']' 726s + tmpdir=/tmp/sssd-softhsm2-certs-ttdz2E 726s + keys_size=1024 726s + [[ ! -v KEEP_TEMPORARY_FILES ]] 726s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 726s + echo -n 01 726s + touch /tmp/sssd-softhsm2-certs-ttdz2E/index.txt 726s + mkdir -p /tmp/sssd-softhsm2-certs-ttdz2E/new_certs 726s + cat 726s + root_ca_key_pass=pass:random-root-CA-password-8088 726s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-key.pem -passout pass:random-root-CA-password-8088 1024 726s + openssl req -passin pass:random-root-CA-password-8088 -batch -config /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.pem 726s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.pem 726s + cat 726s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-14205 726s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-14205 1024 726s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-14205 -config /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-8088 -sha256 -out /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-certificate-request.pem 726s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-certificate-request.pem 726s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.config -passin pass:random-root-CA-password-8088 -keyfile /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem 726s Certificate Request: 726s Data: 726s Version: 1 (0x0) 726s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 726s Subject Public Key Info: 726s Public Key Algorithm: rsaEncryption 726s Public-Key: (1024 bit) 726s Modulus: 726s 00:be:c8:ac:3a:32:f4:a9:2a:33:b7:47:67:39:70: 726s f0:f6:fc:28:15:c0:20:a6:ee:1f:ec:0a:6a:29:66: 726s 8f:69:d8:78:a8:48:55:65:34:31:2d:d3:1a:ba:70: 726s 2c:ae:ec:7e:2c:a0:07:f9:a8:20:50:44:47:db:7e: 726s 26:f2:e0:4a:96:67:3e:52:c8:78:06:7b:b9:b5:d4: 726s 10:51:9b:de:0c:51:ed:47:2c:13:af:e7:76:cf:e4: 726s c2:73:75:bd:4a:50:cd:05:19:d7:3a:0e:08:c8:d2: 726s 50:4a:02:26:b2:c2:54:38:81:4e:1a:86:28:9e:be: 726s 53:0d:e9:5a:b3:02:50:cb:c5 726s Exponent: 65537 (0x10001) 726s Attributes: 726s (none) 726s Requested Extensions: 726s Signature Algorithm: sha256WithRSAEncryption 726s Signature Value: 726s 48:32:30:43:eb:12:93:aa:05:01:c5:70:91:39:f3:7a:ce:21: 726s 48:ee:e6:6f:ec:47:0b:1d:5c:6d:da:3e:f5:06:2b:c8:14:2e: 726s 21:90:49:a1:1d:49:66:5f:42:c6:5b:b6:25:a4:78:a9:2e:e1: 726s 17:4c:33:93:c2:6e:34:f5:29:30:df:32:cc:9f:3c:08:c2:d2: 726s c9:5d:37:23:16:d4:e3:7e:02:f6:79:77:d0:c4:e9:ec:fd:3c: 726s a1:ff:df:8e:91:79:96:8b:07:92:70:15:ba:9d:c7:3a:37:d8: 726s 1a:f6:ed:4b:84:79:a2:e4:41:85:aa:70:db:c9:a5:29:71:2b: 726s e3:33 726s Using configuration from /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.config 726s Check that the request matches the signature 726s Signature ok 726s Certificate Details: 726s Serial Number: 1 (0x1) 726s Validity 726s Not Before: Mar 15 18:02:57 2025 GMT 726s Not After : Mar 15 18:02:57 2026 GMT 726s Subject: 726s organizationName = Test Organization 726s organizationalUnitName = Test Organization Unit 726s commonName = Test Organization Intermediate CA 726s X509v3 extensions: 726s X509v3 Subject Key Identifier: 726s 82:63:88:D4:71:AD:6D:19:5C:87:2B:03:A8:EF:AA:EB:CE:EC:7B:03 726s X509v3 Authority Key Identifier: 726s keyid:C4:E6:E2:BA:7D:83:94:E1:AA:9D:B0:D3:F9:BD:68:91:1B:E8:E1:8B 726s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 726s serial:00 726s X509v3 Basic Constraints: 726s CA:TRUE 726s X509v3 Key Usage: critical 726s Digital Signature, Certificate Sign, CRL Sign 726s Certificate is to be certified until Mar 15 18:02:57 2026 GMT (365 days) 726s 726s Write out database with 1 new entries 726s Database updated 726s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem 726s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem 726s /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem: OK 726s + cat 726s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-7110 726s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-7110 1024 726s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-7110 -config /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-14205 -sha256 -out /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-certificate-request.pem 726s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-certificate-request.pem 726s Certificate Request: 726s Data: 726s Version: 1 (0x0) 726s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 726s Subject Public Key Info: 726s Public Key Algorithm: rsaEncryption 726s Public-Key: (1024 bit) 726s Modulus: 726s 00:b8:e8:e2:4d:a3:32:75:42:26:68:e3:62:fd:52: 726s 45:aa:e9:d5:09:07:cc:99:0a:c7:b7:af:80:a0:dc: 726s 3c:76:b1:f7:83:46:4c:62:68:b3:df:9c:35:23:af: 726s 36:04:49:df:32:05:b0:dc:47:e7:21:aa:03:ec:9f: 726s bc:1c:21:bb:f5:07:75:6c:64:24:5e:bd:3d:30:dd: 726s d1:23:9a:ef:67:25:00:d2:93:b4:b9:9c:c7:bb:26: 726s 4f:85:16:b4:ad:ba:f9:c8:f0:29:91:32:a8:26:9e: 726s 4f:e1:80:7a:35:2b:f6:1e:c2:2a:47:19:10:14:41: 726s f6:11:0b:be:a9:14:33:8a:99 726s Exponent: 65537 (0x10001) 726s Attributes: 726s (none) 726s Requested Extensions: 726s Signature Algorithm: sha256WithRSAEncryption 726s Signature Value: 726s 09:ec:76:0a:47:bf:17:b1:e6:72:65:df:2c:29:5b:f9:b0:e5: 726s 21:db:59:0e:e7:ae:22:60:4c:15:d2:b8:12:e5:6c:9a:c5:73: 726s dc:d1:6d:9d:19:35:90:fd:92:b8:30:29:b8:97:bf:87:e9:01: 726s c3:b9:fb:7f:5d:41:dc:49:c6:ff:d0:1f:62:92:f0:7f:20:8b: 726s 5f:6c:d4:11:19:cf:40:f2:f3:5d:c7:c0:14:88:93:b7:f7:3f: 726s 64:7c:ed:b7:7a:d0:64:15:5b:63:bb:63:8f:a4:1f:04:56:39: 726s 71:47:74:fa:f3:4f:f8:8d:29:3b:0f:21:26:ca:31:7e:39:d7: 726s 46:57 726s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-14205 -keyfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem 726s Using configuration from /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.config 726s Check that the request matches the signature 726s Signature ok 726s Certificate Details: 726s Serial Number: 2 (0x2) 726s Validity 726s Not Before: Mar 15 18:02:57 2025 GMT 726s Not After : Mar 15 18:02:57 2026 GMT 726s Subject: 726s organizationName = Test Organization 726s organizationalUnitName = Test Organization Unit 726s commonName = Test Organization Sub Intermediate CA 726s X509v3 extensions: 726s X509v3 Subject Key Identifier: 726s 1F:E0:1A:6D:B3:CC:36:4B:3F:7F:F7:E0:63:8B:B2:A6:E4:8F:C2:10 726s X509v3 Authority Key Identifier: 726s keyid:82:63:88:D4:71:AD:6D:19:5C:87:2B:03:A8:EF:AA:EB:CE:EC:7B:03 726s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 726s serial:01 726s X509v3 Basic Constraints: 726s CA:TRUE 726s X509v3 Key Usage: critical 726s Digital Signature, Certificate Sign, CRL Sign 726s Certificate is to be certified until Mar 15 18:02:57 2026 GMT (365 days) 726s 726s Write out database with 1 new entries 726s Database updated 726s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem 726s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem 726s /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem: OK 726s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem 726s + local cmd=openssl 726s + shift 726s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem 726s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 726s error 20 at 0 depth lookup: unable to get local issuer certificate 726s error /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem: verification failed 726s + cat 726s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-2695 726s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-2695 1024 727s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-2695 -key /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001-request.pem 727s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001-request.pem 727s Certificate Request: 727s Data: 727s Version: 1 (0x0) 727s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 727s Subject Public Key Info: 727s Public Key Algorithm: rsaEncryption 727s Public-Key: (1024 bit) 727s Modulus: 727s 00:a4:f7:b0:db:ad:3d:a4:e8:b2:0c:b2:48:98:24: 727s 20:60:2e:53:e8:87:c3:26:63:59:31:fe:3f:72:ba: 727s ff:e3:6f:98:32:50:96:01:10:20:4e:d9:a0:e3:10: 727s e0:d3:23:4b:3c:76:60:58:29:ec:96:04:78:74:f8: 727s 5e:14:e8:27:bc:6c:ec:70:1f:20:1c:17:ef:2d:88: 727s c1:e8:9b:99:a2:6d:70:2f:3d:d2:5e:2b:9c:6d:0e: 727s dd:d2:07:21:bb:41:d6:62:66:ec:23:69:8d:26:aa: 727s ba:76:2f:9a:12:4f:6d:b8:e4:c8:1c:33:10:f3:06: 727s 3d:7c:49:49:22:60:50:65:85 727s Exponent: 65537 (0x10001) 727s Attributes: 727s Requested Extensions: 727s X509v3 Basic Constraints: 727s CA:FALSE 727s Netscape Cert Type: 727s SSL Client, S/MIME 727s Netscape Comment: 727s Test Organization Root CA trusted Certificate 727s X509v3 Subject Key Identifier: 727s 11:EE:02:86:32:D0:A9:55:1D:88:8F:8B:78:63:B2:06:AB:23:0E:EF 727s X509v3 Key Usage: critical 727s Digital Signature, Non Repudiation, Key Encipherment 727s X509v3 Extended Key Usage: 727s TLS Web Client Authentication, E-mail Protection 727s X509v3 Subject Alternative Name: 727s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 727s Signature Algorithm: sha256WithRSAEncryption 727s Signature Value: 727s 3c:b8:71:9f:8b:00:4c:e9:b0:9f:31:40:61:11:74:1b:b0:e2: 727s e5:d6:22:e8:14:ac:e3:22:73:99:27:d8:53:f1:32:73:1a:f8: 727s 92:d3:f4:58:4c:e1:e5:bb:29:c6:1c:d4:7b:fa:d8:6c:66:af: 727s 63:31:30:af:dd:42:75:e3:c1:19:1b:3c:fe:1a:4c:85:af:5e: 727s 6b:d7:a4:8b:ed:27:4d:28:cb:dc:09:5d:32:f8:6a:b0:c3:37: 727s f8:69:9f:f9:00:5c:c5:9c:d4:7f:3d:b8:7a:49:f7:1f:68:e6: 727s 37:50:3c:28:7a:7b:e1:c1:6a:61:c4:93:c3:35:4d:6d:74:c4: 727s 03:11 727s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.config -passin pass:random-root-CA-password-8088 -keyfile /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem 727s Using configuration from /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.config 727s Check that the request matches the signature 727s Signature ok 727s Certificate Details: 727s Serial Number: 3 (0x3) 727s Validity 727s Not Before: Mar 15 18:02:58 2025 GMT 727s Not After : Mar 15 18:02:58 2026 GMT 727s Subject: 727s organizationName = Test Organization 727s organizationalUnitName = Test Organization Unit 727s commonName = Test Organization Root Trusted Certificate 0001 727s X509v3 extensions: 727s X509v3 Authority Key Identifier: 727s C4:E6:E2:BA:7D:83:94:E1:AA:9D:B0:D3:F9:BD:68:91:1B:E8:E1:8B 727s X509v3 Basic Constraints: 727s CA:FALSE 727s Netscape Cert Type: 727s SSL Client, S/MIME 727s Netscape Comment: 727s Test Organization Root CA trusted Certificate 727s X509v3 Subject Key Identifier: 727s 11:EE:02:86:32:D0:A9:55:1D:88:8F:8B:78:63:B2:06:AB:23:0E:EF 727s X509v3 Key Usage: critical 727s Digital Signature, Non Repudiation, Key Encipherment 727s X509v3 Extended Key Usage: 727s TLS Web Client Authentication, E-mail Protection 727s X509v3 Subject Alternative Name: 727s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 727s Certificate is to be certified until Mar 15 18:02:58 2026 GMT (365 days) 727s 727s Write out database with 1 new entries 727s Database updated 727s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem 727s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem 727s /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem: OK 727s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem 727s + local cmd=openssl 727s + shift 727s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem 727s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 727s error 20 at 0 depth lookup: unable to get local issuer certificate 727s error /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem: verification failed 727s + cat 727s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-9135 727s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-9135 1024 727s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-9135 -key /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001-request.pem 727s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001-request.pem 727s Certificate Request: 727s Data: 727s Version: 1 (0x0) 727s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 727s Subject Public Key Info: 727s Public Key Algorithm: rsaEncryption 727s Public-Key: (1024 bit) 727s Modulus: 727s 00:b9:c6:44:7b:db:40:db:7a:d1:23:ae:fd:a5:61: 727s 2e:ca:26:e4:94:64:04:c5:4b:90:c5:22:87:04:22: 727s 10:1a:bd:c1:4a:2a:55:5b:51:99:c2:48:80:5b:f2: 727s a0:2b:dc:42:4b:f0:53:df:75:50:9a:30:bb:9e:b0: 727s 2b:d0:fe:a5:2d:17:0a:94:7e:58:2c:48:6c:b4:2a: 727s 9a:55:4b:84:9d:da:d3:a9:8e:6a:4e:33:09:ef:ba: 727s 7c:2c:a9:81:15:c7:88:0a:17:89:e5:97:71:1c:ac: 727s 87:aa:64:ee:6d:c8:db:2e:07:38:fc:cd:0f:84:91: 727s a7:b9:82:81:b4:d5:1e:29:39 727s Exponent: 65537 (0x10001) 727s Attributes: 727s Requested Extensions: 727s X509v3 Basic Constraints: 727s CA:FALSE 727s Netscape Cert Type: 727s SSL Client, S/MIME 727s Netscape Comment: 727s Test Organization Intermediate CA trusted Certificate 727s X509v3 Subject Key Identifier: 727s 17:54:CA:31:67:57:9C:83:AB:5D:A5:86:AF:98:B2:75:36:87:49:3A 727s X509v3 Key Usage: critical 727s Digital Signature, Non Repudiation, Key Encipherment 727s X509v3 Extended Key Usage: 727s TLS Web Client Authentication, E-mail Protection 727s X509v3 Subject Alternative Name: 727s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 727s Signature Algorithm: sha256WithRSAEncryption 727s Signature Value: 727s b0:e2:21:1f:bd:1b:c9:44:2f:a7:b7:27:89:92:dd:7b:45:1e: 727s c4:81:dc:f2:3d:f9:97:a4:e5:9b:28:74:8f:8f:2e:36:d3:47: 727s 62:5a:17:c2:7f:a9:fd:67:12:6e:44:41:2c:4d:88:53:40:c2: 727s ce:66:69:03:ee:0b:84:aa:f9:af:82:35:67:71:7e:bc:a1:dc: 727s f8:34:a6:10:84:f9:35:91:08:56:d6:6e:9a:18:83:55:2a:17: 727s 64:45:a8:fa:98:b8:68:f7:cb:2f:7e:d0:8a:83:4f:39:e7:f7: 727s 4c:35:a2:7f:b0:7b:bd:c8:25:bc:3f:20:58:d0:eb:c8:c2:7d: 727s 48:94 727s + openssl ca -passin pass:random-intermediate-CA-password-14205 -config /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem 727s Using configuration from /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.config 727s Check that the request matches the signature 727s Signature ok 727s Certificate Details: 727s Serial Number: 4 (0x4) 727s Validity 727s Not Before: Mar 15 18:02:58 2025 GMT 727s Not After : Mar 15 18:02:58 2026 GMT 727s Subject: 727s organizationName = Test Organization 727s organizationalUnitName = Test Organization Unit 727s commonName = Test Organization Intermediate Trusted Certificate 0001 727s X509v3 extensions: 727s X509v3 Authority Key Identifier: 727s 82:63:88:D4:71:AD:6D:19:5C:87:2B:03:A8:EF:AA:EB:CE:EC:7B:03 727s X509v3 Basic Constraints: 727s CA:FALSE 727s Netscape Cert Type: 727s SSL Client, S/MIME 727s Netscape Comment: 727s Test Organization Intermediate CA trusted Certificate 727s X509v3 Subject Key Identifier: 727s 17:54:CA:31:67:57:9C:83:AB:5D:A5:86:AF:98:B2:75:36:87:49:3A 727s X509v3 Key Usage: critical 727s Digital Signature, Non Repudiation, Key Encipherment 727s X509v3 Extended Key Usage: 727s TLS Web Client Authentication, E-mail Protection 727s X509v3 Subject Alternative Name: 727s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 727s Certificate is to be certified until Mar 15 18:02:58 2026 GMT (365 days) 727s 727s Write out database with 1 new entries 727s Database updated 727s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem 727s + echo 'This certificate should not be trusted fully' 727s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem 727s + local cmd=openssl 727s + shift 727s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem 727s This certificate should not be trusted fully 727s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 727s error 2 at 1 depth lookup: unable to get issuer certificate 727s error /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 727s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem 727s /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem: OK 727s + cat 727s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9952 727s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-9952 1024 727s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-9952 -key /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 727s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 727s Certificate Request: 727s Data: 727s Version: 1 (0x0) 727s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 727s Subject Public Key Info: 727s Public Key Algorithm: rsaEncryption 727s Public-Key: (1024 bit) 727s Modulus: 727s 00:d4:02:74:48:24:42:de:90:3b:cd:e0:9a:fa:8a: 727s be:a9:f3:31:fb:28:0d:db:74:cc:df:fb:77:71:d8: 727s 61:ba:6e:b6:06:f1:34:20:41:ea:93:b9:c3:52:fd: 727s b1:7e:c8:a8:9d:da:30:fc:74:e9:a1:81:95:72:ca: 727s 0a:5b:fb:9e:02:cd:75:44:cd:53:30:0f:a1:6e:61: 727s 05:d4:f3:65:30:e8:4a:97:4d:5d:97:2c:02:fa:cb: 727s ee:87:2f:ed:e0:83:f2:86:8e:df:5b:2c:b4:8c:6d: 727s 57:d7:62:09:bb:5f:51:6d:b6:f0:b7:f0:8d:e7:f2: 727s ee:b0:1d:bd:72:b5:94:c0:c7 727s Exponent: 65537 (0x10001) 727s Attributes: 727s Requested Extensions: 727s X509v3 Basic Constraints: 727s CA:FALSE 727s Netscape Cert Type: 727s SSL Client, S/MIME 727s Netscape Comment: 727s Test Organization Sub Intermediate CA trusted Certificate 727s X509v3 Subject Key Identifier: 727s EB:1C:81:EB:A2:B7:17:E2:7F:FF:37:6B:A2:92:C5:DE:C2:1E:75:65 727s X509v3 Key Usage: critical 727s Digital Signature, Non Repudiation, Key Encipherment 727s X509v3 Extended Key Usage: 727s TLS Web Client Authentication, E-mail Protection 727s X509v3 Subject Alternative Name: 727s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 727s Signature Algorithm: sha256WithRSAEncryption 727s Signature Value: 727s c4:ab:56:49:d4:d1:b7:df:98:b9:99:64:0b:bc:6d:26:1f:9b: 727s 6a:ff:36:e0:68:0a:3c:cf:23:f3:83:1c:3f:53:2a:e1:00:28: 727s 27:72:c8:c0:ce:24:dd:42:f3:85:d4:40:44:49:0a:6d:be:14: 727s 8e:90:54:be:a0:78:4c:c2:eb:43:aa:40:7c:02:7e:07:54:a6: 727s c6:41:4a:0e:f4:6a:52:d2:ee:1e:97:cf:41:be:9d:94:e3:98: 727s 57:15:18:df:a0:76:5e:d5:16:56:5d:ff:85:b2:c9:27:19:45: 727s 24:07:a9:02:5e:cc:8e:15:05:2c:ee:c5:64:57:31:f2:c4:0f: 727s 9b:0d 727s + openssl ca -passin pass:random-sub-intermediate-CA-password-7110 -config /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s Using configuration from /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.config 727s Check that the request matches the signature 727s Signature ok 727s Certificate Details: 727s Serial Number: 5 (0x5) 727s Validity 727s Not Before: Mar 15 18:02:58 2025 GMT 727s Not After : Mar 15 18:02:58 2026 GMT 727s Subject: 727s organizationName = Test Organization 727s organizationalUnitName = Test Organization Unit 727s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 727s X509v3 extensions: 727s X509v3 Authority Key Identifier: 727s 1F:E0:1A:6D:B3:CC:36:4B:3F:7F:F7:E0:63:8B:B2:A6:E4:8F:C2:10 727s X509v3 Basic Constraints: 727s CA:FALSE 727s Netscape Cert Type: 727s SSL Client, S/MIME 727s Netscape Comment: 727s Test Organization Sub Intermediate CA trusted Certificate 727s X509v3 Subject Key Identifier: 727s EB:1C:81:EB:A2:B7:17:E2:7F:FF:37:6B:A2:92:C5:DE:C2:1E:75:65 727s X509v3 Key Usage: critical 727s Digital Signature, Non Repudiation, Key Encipherment 727s X509v3 Extended Key Usage: 727s TLS Web Client Authentication, E-mail Protection 727s X509v3 Subject Alternative Name: 727s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 727s Certificate is to be certified until Mar 15 18:02:58 2026 GMT (365 days) 727s 727s Write out database with 1 new entries 727s Database updated 727s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s + echo 'This certificate should not be trusted fully' 727s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s + local cmd=openssl 727s + shift 727s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s This certificate should not be trusted fully 727s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 727s error 2 at 1 depth lookup: unable to get issuer certificate 727s error /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 727s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s + local cmd=openssl 727s + shift 727s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 727s error 20 at 0 depth lookup: unable to get local issuer certificate 727s error /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 727s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 727s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s + local cmd=openssl 727s + shift 727s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 727s error 20 at 0 depth lookup: unable to get local issuer certificate 727s error /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 727s Building a the full-chain CA file... 727s + echo 'Building a the full-chain CA file...' 727s + cat /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem 727s + cat /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem 727s + cat /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem 727s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem 727s + openssl pkcs7 -print_certs -noout 727s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 727s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 727s 727s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 727s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 727s 727s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 727s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 727s 727s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem 727s /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA.pem: OK 727s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem 727s /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem: OK 727s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem 727s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-root-intermediate-chain-CA.pem 727s /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem: OK 727s /tmp/sssd-softhsm2-certs-ttdz2E/test-root-intermediate-chain-CA.pem: OK 727s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s + echo 'Certificates generation completed!' 727s /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 727s Certificates generation completed! 727s + [[ -v NO_SSSD_TESTS ]] 727s + [[ -v GENERATE_SMART_CARDS ]] 727s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-2695 727s + local certificate=/tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem 727s + local key_pass=pass:random-root-ca-trusted-cert-0001-2695 727s + local key_cn 727s + local key_name 727s + local tokens_dir 727s + local output_cert_file 727s + token_name= 727s ++ basename /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem .pem 727s + key_name=test-root-CA-trusted-certificate-0001 727s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem 727s ++ sed -n 's/ *commonName *= //p' 727s + key_cn='Test Organization Root Trusted Certificate 0001' 727s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 727s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-root-CA-trusted-certificate-0001.conf 727s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-root-CA-trusted-certificate-0001.conf 727s ++ basename /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 727s + tokens_dir=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-root-CA-trusted-certificate-0001 727s + token_name='Test Organization Root Tr Token' 727s + '[' '!' -e /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 727s + local key_file 727s + local decrypted_key 727s + mkdir -p /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-root-CA-trusted-certificate-0001 727s + key_file=/tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001-key.pem 727s + decrypted_key=/tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001-key-decrypted.pem 727s + cat 727s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 727s + softhsm2-util --show-slots 727s Slot 0 has a free/uninitialized token. 727s The token has been initialized and is reassigned to slot 844204539 727s Available slots: 727s Slot 844204539 727s Slot info: 727s Description: SoftHSM slot ID 0x325189fb 727s Manufacturer ID: SoftHSM project 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Token present: yes 727s Token info: 727s Manufacturer ID: SoftHSM project 727s Model: SoftHSM v2 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Serial number: 2e93d7dfb25189fb 727s Initialized: yes 727s User PIN init.: yes 727s Label: Test Organization Root Tr Token 727s Slot 1 727s Slot info: 727s Description: SoftHSM slot ID 0x1 727s Manufacturer ID: SoftHSM project 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Token present: yes 727s Token info: 727s Manufacturer ID: SoftHSM project 727s Model: SoftHSM v2 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Serial number: 727s Initialized: no 727s User PIN init.: no 727s Label: 727s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 727s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-2695 -in /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001-key-decrypted.pem 727s writing RSA key 727s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 727s + rm /tmp/sssd-softhsm2-certs-ttdz2E/test-root-CA-trusted-certificate-0001-key-decrypted.pem 727s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 727s Object 0: 727s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2e93d7dfb25189fb;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 727s Type: X.509 Certificate (RSA-1024) 727s Expires: Sun Mar 15 18:02:58 2026 727s Label: Test Organization Root Trusted Certificate 0001 727s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 727s 727s Test Organization Root Tr Token 727s + echo 'Test Organization Root Tr Token' 727s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-9135 727s + local certificate=/tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem 727s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-9135 727s + local key_cn 727s + local key_name 727s + local tokens_dir 727s + local output_cert_file 727s + token_name= 727s ++ basename /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem .pem 727s + key_name=test-intermediate-CA-trusted-certificate-0001 727s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem 727s ++ sed -n 's/ *commonName *= //p' 727s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 727s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 727s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 727s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 727s ++ basename /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 727s + tokens_dir=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-intermediate-CA-trusted-certificate-0001 727s + token_name='Test Organization Interme Token' 727s + '[' '!' -e /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 727s + local key_file 727s + local decrypted_key 727s + mkdir -p /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-intermediate-CA-trusted-certificate-0001 727s + key_file=/tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001-key.pem 727s + decrypted_key=/tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 727s + cat 727s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 727s + softhsm2-util --show-slots 727s Slot 0 has a free/uninitialized token. 727s The token has been initialized and is reassigned to slot 215842273 727s Available slots: 727s Slot 215842273 727s Slot info: 727s Description: SoftHSM slot ID 0xcdd7de1 727s Manufacturer ID: SoftHSM project 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Token present: yes 727s Token info: 727s Manufacturer ID: SoftHSM project 727s Model: SoftHSM v2 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Serial number: b15331b50cdd7de1 727s Initialized: yes 727s User PIN init.: yes 727s Label: Test Organization Interme Token 727s Slot 1 727s Slot info: 727s Description: SoftHSM slot ID 0x1 727s Manufacturer ID: SoftHSM project 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Token present: yes 727s Token info: 727s Manufacturer ID: SoftHSM project 727s Model: SoftHSM v2 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Serial number: 727s Initialized: no 727s User PIN init.: no 727s Label: 727s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 727s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-9135 -in /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 727s writing RSA key 727s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 727s + rm /tmp/sssd-softhsm2-certs-ttdz2E/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 727s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 727s Object 0: 727s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b15331b50cdd7de1;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 727s Type: X.509 Certificate (RSA-1024) 727s Expires: Sun Mar 15 18:02:58 2026 727s Label: Test Organization Intermediate Trusted Certificate 0001 727s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 727s 727s Test Organization Interme Token 727s + echo 'Test Organization Interme Token' 727s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9952 727s + local certificate=/tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9952 727s + local key_cn 727s + local key_name 727s + local tokens_dir 727s + local output_cert_file 727s + token_name= 727s ++ basename /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 727s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 727s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem 727s ++ sed -n 's/ *commonName *= //p' 727s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 727s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 727s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 727s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 727s ++ basename /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 727s + tokens_dir=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 727s + token_name='Test Organization Sub Int Token' 727s + '[' '!' -e /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 727s + local key_file 727s + local decrypted_key 727s + mkdir -p /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 727s + key_file=/tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 727s + decrypted_key=/tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 727s + cat 727s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 727s Slot 0 has a free/uninitialized token. 727s The token has been initialized and is reassigned to slot 1996240025 727s + softhsm2-util --show-slots 727s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 727s Available slots: 727s Slot 1996240025 727s Slot info: 727s Description: SoftHSM slot ID 0x76fc3499 727s Manufacturer ID: SoftHSM project 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Token present: yes 727s Token info: 727s Manufacturer ID: SoftHSM project 727s Model: SoftHSM v2 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Serial number: 56e61246f6fc3499 727s Initialized: yes 727s User PIN init.: yes 727s Label: Test Organization Sub Int Token 727s Slot 1 727s Slot info: 727s Description: SoftHSM slot ID 0x1 727s Manufacturer ID: SoftHSM project 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Token present: yes 727s Token info: 727s Manufacturer ID: SoftHSM project 727s Model: SoftHSM v2 727s Hardware version: 2.6 727s Firmware version: 2.6 727s Serial number: 727s Initialized: no 727s User PIN init.: no 727s Label: 727s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-9952 -in /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 727s writing RSA key 727s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 727s + rm /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 727s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 727s Object 0: 727s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=56e61246f6fc3499;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 727s Type: X.509 Certificate (RSA-1024) 727s Expires: Sun Mar 15 18:02:58 2026 727s Label: Test Organization Sub Intermediate Trusted Certificate 0001 727s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 727s 727s Test Organization Sub Int Token 727s Certificates generation completed! 727s + echo 'Test Organization Sub Int Token' 727s + echo 'Certificates generation completed!' 727s + exit 0 727s + find /tmp/sssd-softhsm2-certs-ttdz2E -type d -exec chmod 777 '{}' ';' 727s + find /tmp/sssd-softhsm2-certs-ttdz2E -type f -exec chmod 666 '{}' ';' 727s + backup_file /etc/sssd/sssd.conf 727s + '[' -z '' ']' 727s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 727s + backupsdir=/tmp/sssd-softhsm2-backups-V8SgEZ 727s + '[' -e /etc/sssd/sssd.conf ']' 727s + delete_paths+=("$1") 727s + rm -f /etc/sssd/sssd.conf 727s ++ runuser -u ubuntu -- sh -c 'echo ~' 727s + user_home=/home/ubuntu 727s + mkdir -p /home/ubuntu 727s + chown ubuntu:ubuntu /home/ubuntu 727s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 727s + user_config=/home/ubuntu/.config 727s + system_config=/etc 727s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 727s + for path_pair in "${softhsm2_conf_paths[@]}" 727s + IFS=: 727s + read -r -a path 727s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 727s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 727s + '[' -z /tmp/sssd-softhsm2-backups-V8SgEZ ']' 727s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 727s + delete_paths+=("$1") 727s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 727s + for path_pair in "${softhsm2_conf_paths[@]}" 727s + IFS=: 727s + read -r -a path 727s + path=/etc/softhsm/softhsm2.conf 727s + backup_file /etc/softhsm/softhsm2.conf 727s + '[' -z /tmp/sssd-softhsm2-backups-V8SgEZ ']' 727s + '[' -e /etc/softhsm/softhsm2.conf ']' 727s ++ dirname /etc/softhsm/softhsm2.conf 727s + local back_dir=/tmp/sssd-softhsm2-backups-V8SgEZ//etc/softhsm 727s ++ basename /etc/softhsm/softhsm2.conf 727s + local back_path=/tmp/sssd-softhsm2-backups-V8SgEZ//etc/softhsm/softhsm2.conf 727s + '[' '!' -e /tmp/sssd-softhsm2-backups-V8SgEZ//etc/softhsm/softhsm2.conf ']' 727s + mkdir -p /tmp/sssd-softhsm2-backups-V8SgEZ//etc/softhsm 727s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-V8SgEZ//etc/softhsm/softhsm2.conf 727s + restore_paths+=("$back_path") 727s + rm -f /etc/softhsm/softhsm2.conf 727s + test_authentication login /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem 727s + pam_service=login 727s + certificate_config=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-root-CA-trusted-certificate-0001.conf 727s + ca_db=/tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem 727s + verification_options= 727s + mkdir -p -m 700 /etc/sssd 727s Using CA DB '/tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem' with verification options: '' 727s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 727s + cat 727s + chmod 600 /etc/sssd/sssd.conf 727s + for path_pair in "${softhsm2_conf_paths[@]}" 727s + IFS=: 727s + read -r -a path 727s + user=ubuntu 727s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 727s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 727s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 727s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 727s + runuser -u ubuntu -- softhsm2-util --show-slots 727s + grep 'Test Organization' 727s Label: Test Organization Root Tr Token 727s + for path_pair in "${softhsm2_conf_paths[@]}" 727s + IFS=: 727s + read -r -a path 727s + user=root 727s + path=/etc/softhsm/softhsm2.conf 727s ++ dirname /etc/softhsm/softhsm2.conf 727s + runuser -u root -- mkdir -p /etc/softhsm 727s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 727s + runuser -u root -- softhsm2-util --show-slots 727s + grep 'Test Organization' 727s + systemctl restart sssd 727s Label: Test Organization Root Tr Token 728s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 728s + for alternative in "${alternative_pam_configs[@]}" 728s + pam-auth-update --enable sss-smart-card-optional 728s + cat /etc/pam.d/common-auth 728s # 728s # /etc/pam.d/common-auth - authentication settings common to all services 728s # 728s # This file is included from other service-specific PAM config files, 728s # and should contain a list of the authentication modules that define 728s # the central authentication scheme for use on the system 728s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 728s # traditional Unix authentication mechanisms. 728s # 728s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 728s # To take advantage of this, it is recommended that you configure any 728s # local modules either before or after the default block, and use 728s # pam-auth-update to manage selection of other modules. See 728s # pam-auth-update(8) for details. 728s 728s # here are the per-package modules (the "Primary" block) 728s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 728s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 728s auth [success=1 default=ignore] pam_sss.so use_first_pass 728s # here's the fallback if no module succeeds 728s auth requisite pam_deny.so 728s # prime the stack with a positive return value if there isn't one already; 728s # this avoids us returning an error just because nothing sets a success code 728s # since the modules above will each just jump around 728s auth required pam_permit.so 728s # and here are more per-package modules (the "Additional" block) 728s auth optional pam_cap.so 728s # end of pam-auth-update config 728s + echo -n -e 123456 728s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 728s pamtester: invoking pam_start(login, ubuntu, ...) 728s pamtester: performing operation - authenticate 728s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 728s + echo -n -e 123456 728s + runuser -u ubuntu -- pamtester -v login '' authenticate 728s pamtester: invoking pam_start(login, , ...) 728s pamtester: performing operation - authenticate 728s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 728s + echo -n -e wrong123456 728s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 728s pamtester: invoking pam_start(login, ubuntu, ...) 728s pamtester: performing operation - authenticate 731s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 731s + echo -n -e wrong123456 731s + runuser -u ubuntu -- pamtester -v login '' authenticate 731s pamtester: invoking pam_start(login, , ...) 731s pamtester: performing operation - authenticate 735s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 735s + echo -n -e 123456 735s + pamtester -v login root authenticate 735s pamtester: invoking pam_start(login, root, ...) 735s pamtester: performing operation - authenticate 738s Password: pamtester: Authentication failure 738s + for alternative in "${alternative_pam_configs[@]}" 738s + pam-auth-update --enable sss-smart-card-required 738s PAM configuration 738s ----------------- 738s 738s Incompatible PAM profiles selected. 738s 738s The following PAM profiles cannot be used together: 738s 738s SSS required smart card authentication, SSS optional smart card 738s authentication 738s 738s Please select a different set of modules to enable. 738s 738s + cat /etc/pam.d/common-auth 738s # 738s # /etc/pam.d/common-auth - authentication settings common to all services 738s # 738s # This file is included from other service-specific PAM config files, 738s # and should contain a list of the authentication modules that define 738s # the central authentication scheme for use on the system 738s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 738s # traditional Unix authentication mechanisms. 738s # 738s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 738s # To take advantage of this, it is recommended that you configure any 738s # local modules either before or after the default block, and use 738s # pam-auth-update to manage selection of other modules. See 738s # pam-auth-update(8) for details. 738s 738s # here are the per-package modules (the "Primary" block) 738s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 738s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 738s auth [success=1 default=ignore] pam_sss.so use_first_pass 738s # here's the fallback if no module succeeds 738s auth requisite pam_deny.so 738s # prime the stack with a positive return value if there isn't one already; 738s # this avoids us returning an error just because nothing sets a success code 738s # since the modules above will each just jump around 738s auth required pam_permit.so 738s # and here are more per-package modules (the "Additional" block) 738s auth optional pam_cap.so 738s # end of pam-auth-update config 738s + echo -n -e 123456 738s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 738s pamtester: invoking pam_start(login, ubuntu, ...) 738s pamtester: performing operation - authenticate 738s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 738s + echo -n -e 123456 738s + runuser -u ubuntu -- pamtester -v login '' authenticate 738s pamtester: invoking pam_start(login, , ...) 738s pamtester: performing operation - authenticate 738s PIN for Test Organization Root Tr Token: + echo -n -e wrong123456 738s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 738s pamtester: successfully authenticated 738s pamtester: invoking pam_start(login, ubuntu, ...) 738s pamtester: performing operation - authenticate 741s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 741s + echo -n -e wrong123456 741s + runuser -u ubuntu -- pamtester -v login '' authenticate 741s pamtester: invoking pam_start(login, , ...) 742s pamtester: performing operation - authenticate 744s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 744s + echo -n -e 123456 744s + pamtester -v login root authenticate 744s pamtester: invoking pam_start(login, root, ...) 744s pamtester: performing operation - authenticate 747s pamtester: Authentication service cannot retrieve authentication info 747s + test_authentication login /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem 747s + pam_service=login 747s + certificate_config=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 747s + ca_db=/tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem 747s + verification_options= 747s + mkdir -p -m 700 /etc/sssd 747s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 747s + cat 747s Using CA DB '/tmp/sssd-softhsm2-certs-ttdz2E/test-full-chain-CA.pem' with verification options: '' 747s + chmod 600 /etc/sssd/sssd.conf 747s + for path_pair in "${softhsm2_conf_paths[@]}" 747s + IFS=: 747s + read -r -a path 747s + user=ubuntu 747s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 747s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 747s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 747s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 747s + runuser -u ubuntu -- softhsm2-util --show-slots 747s + grep 'Test Organization' 747s Label: Test Organization Sub Int Token 747s + for path_pair in "${softhsm2_conf_paths[@]}" 747s + IFS=: 747s + read -r -a path 747s + user=root 747s + path=/etc/softhsm/softhsm2.conf 747s ++ dirname /etc/softhsm/softhsm2.conf 747s + runuser -u root -- mkdir -p /etc/softhsm 747s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 747s + runuser -u root -- softhsm2-util --show-slots 747s + grep 'Test Organization' 747s + systemctl restart sssd 747s Label: Test Organization Sub Int Token 748s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 748s + for alternative in "${alternative_pam_configs[@]}" 748s + pam-auth-update --enable sss-smart-card-optional 748s + cat /etc/pam.d/common-auth 748s + echo -n -e 123456 748s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 748s # 748s # /etc/pam.d/common-auth - authentication settings common to all services 748s # 748s # This file is included from other service-specific PAM config files, 748s # and should contain a list of the authentication modules that define 748s # the central authentication scheme for use on the system 748s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 748s # traditional Unix authentication mechanisms. 748s # 748s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 748s # To take advantage of this, it is recommended that you configure any 748s # local modules either before or after the default block, and use 748s # pam-auth-update to manage selection of other modules. See 748s # pam-auth-update(8) for details. 748s 748s # here are the per-package modules (the "Primary" block) 748s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 748s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 748s auth [success=1 default=ignore] pam_sss.so use_first_pass 748s # here's the fallback if no module succeeds 748s auth requisite pam_deny.so 748s # prime the stack with a positive return value if there isn't one already; 748s # this avoids us returning an error just because nothing sets a success code 748s # since the modules above will each just jump around 748s auth required pam_permit.so 748s # and here are more per-package modules (the "Additional" block) 748s auth optional pam_cap.so 748s # end of pam-auth-update config 748s pamtester: invoking pam_start(login, ubuntu, ...) 748s pamtester: performing operation - authenticate 748s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 748s + echo -n -e 123456 748s + runuser -u ubuntu -- pamtester -v login '' authenticate 748s pamtester: invoking pam_start(login, , ...) 748s pamtester: performing operation - authenticate 748s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 748s + echo -n -e wrong123456 748s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 748s pamtester: invoking pam_start(login, ubuntu, ...) 748s pamtester: performing operation - authenticate 751s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 751s + echo -n -e wrong123456 751s + runuser -u ubuntu -- pamtester -v login '' authenticate 751s pamtester: invoking pam_start(login, , ...) 751s pamtester: performing operation - authenticate 754s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 754s + echo -n -e 123456 754s + pamtester -v login root authenticate 754s pamtester: invoking pam_start(login, root, ...) 754s pamtester: performing operation - authenticate 758s Password: pamtester: Authentication failure 758s + for alternative in "${alternative_pam_configs[@]}" 758s + pam-auth-update --enable sss-smart-card-required 758s PAM configuration 758s ----------------- 758s 758s Incompatible PAM profiles selected. 758s 758s The following PAM profiles cannot be used together: 758s 758s SSS required smart card authentication, SSS optional smart card 758s authentication 758s 758s Please select a different set of modules to enable. 758s 758s + cat /etc/pam.d/common-auth 758s # 758s # /etc/pam.d/common-auth - authentication settings common to all services 758s # 758s # This file is included from other service-specific PAM config files, 758s # and should contain a list of the authentication modules that define 758s # the central authentication scheme for use on the system 758s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 758s # traditional Unix authentication mechanisms. 758s # 758s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 758s # To take advantage of this, it is recommended that you configure any 758s # local modules either before or after the default block, and use 758s # pam-auth-update to manage selection of other modules. See 758s # pam-auth-update(8) for details. 758s 758s # here are the per-package modules (the "Primary" block) 758s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 758s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 758s auth [success=1 default=ignore] pam_sss.so use_first_pass 758s # here's the fallback if no module succeeds 758s auth requisite pam_deny.so 758s # prime the stack with a positive return value if there isn't one already; 758s # this avoids us returning an error just because nothing sets a success code 758s # since the modules above will each just jump around 758s auth required pam_permit.so 758s # and here are more per-package modules (the "Additional" block) 758s auth optional pam_cap.so 758s # end of pam-auth-update config 758s + echo -n -e 123456 758s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 758s pamtester: invoking pam_start(login, ubuntu, ...) 758s pamtester: performing operation - authenticate 758s PIN for Test Organization Sub Int Token: + echo -n -e 123456 758s + runuser -u ubuntu -- pamtester -v login '' authenticate 758s pamtester: successfully authenticated 758s pamtester: invoking pam_start(login, , ...) 758s pamtester: performing operation - authenticate 758s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 758s + echo -n -e wrong123456 758s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 758s pamtester: invoking pam_start(login, ubuntu, ...) 758s pamtester: performing operation - authenticate 761s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 761s + echo -n -e wrong123456 761s + runuser -u ubuntu -- pamtester -v login '' authenticate 761s pamtester: invoking pam_start(login, , ...) 761s pamtester: performing operation - authenticate 764s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 764s + echo -n -e 123456 764s + pamtester -v login root authenticate 764s pamtester: invoking pam_start(login, root, ...) 764s pamtester: performing operation - authenticate 768s pamtester: Authentication service cannot retrieve authentication info 768s + test_authentication login /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem partial_chain 768s + pam_service=login 768s + certificate_config=/tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 768s + ca_db=/tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem 768s + verification_options=partial_chain 768s + mkdir -p -m 700 /etc/sssd 768s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 768s + cat 768s + chmod 600 /etc/sssd/sssd.conf 768s Using CA DB '/tmp/sssd-softhsm2-certs-ttdz2E/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 768s + for path_pair in "${softhsm2_conf_paths[@]}" 768s + IFS=: 768s + read -r -a path 768s + user=ubuntu 768s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 768s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 768s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 768s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 768s Label: Test Organization Sub Int Token 768s + runuser -u ubuntu -- softhsm2-util --show-slots 768s + grep 'Test Organization' 768s + for path_pair in "${softhsm2_conf_paths[@]}" 768s + IFS=: 768s + read -r -a path 768s + user=root 768s + path=/etc/softhsm/softhsm2.conf 768s ++ dirname /etc/softhsm/softhsm2.conf 768s + runuser -u root -- mkdir -p /etc/softhsm 768s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-ttdz2E/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 768s + runuser -u root -- softhsm2-util --show-slots 768s + grep 'Test Organization' 768s Label: Test Organization Sub Int Token 768s + systemctl restart sssd 769s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 769s + for alternative in "${alternative_pam_configs[@]}" 769s + pam-auth-update --enable sss-smart-card-optional 769s # 769s # /etc/pam.d/common-auth - authentication settings common to all services 769s # 769s # This file is included from other service-specific PAM config files, 769s # and should contain a list of the authentication modules that define 769s # the central authentication scheme for use on the system 769s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 769s # traditional Unix authentication mechanisms. 769s # 769s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 769s # To take advantage of this, it is recommended that you configure any 769s # local modules either before or after the default block, and use 769s # pam-auth-update to manage selection of other modules. See 769s # pam-auth-update(8) for details. 769s 769s # here are the per-package modules (the "Primary" block) 769s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 769s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 769s auth [success=1 default=ignore] pam_sss.so use_first_pass 769s # here's the fallback if no module succeeds 769s auth requisite pam_deny.so 769s # prime the stack with a positive return value if there isn't one already; 769s # this avoids us returning an error just because nothing sets a success code 769s # since the modules above will each just jump around 769s auth required pam_permit.so 769s # and here are more per-package modules (the "Additional" block) 769s auth optional pam_cap.so 769s # end of pam-auth-update config 769s + cat /etc/pam.d/common-auth 769s + echo -n -e 123456 769s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 769s pamtester: invoking pam_start(login, ubuntu, ...) 769s pamtester: performing operation - authenticate 769s PIN for Test Organization Sub Int Token: + echo -n -e 123456 769s + runuser -u ubuntu -- pamtester -v login '' authenticate 769s pamtester: successfully authenticated 769s pamtester: invoking pam_start(login, , ...) 769s pamtester: performing operation - authenticate 769s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 769s + echo -n -e wrong123456 769s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 769s pamtester: invoking pam_start(login, ubuntu, ...) 769s pamtester: performing operation - authenticate 773s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 773s + echo -n -e wrong123456 773s + runuser -u ubuntu -- pamtester -v login '' authenticate 773s pamtester: invoking pam_start(login, , ...) 773s pamtester: performing operation - authenticate 775s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 775s + echo -n -e 123456 775s + pamtester -v login root authenticate 775s pamtester: invoking pam_start(login, root, ...) 775s pamtester: performing operation - authenticate 779s Password: pamtester: Authentication failure 779s + for alternative in "${alternative_pam_configs[@]}" 779s + pam-auth-update --enable sss-smart-card-required 779s PAM configuration 779s ----------------- 779s 779s Incompatible PAM profiles selected. 779s 779s The following PAM profiles cannot be used together: 779s 779s SSS required smart card authentication, SSS optional smart card 779s authentication 779s 779s Please select a different set of modules to enable. 779s 779s + cat /etc/pam.d/common-auth 779s # 779s # /etc/pam.d/common-auth - authentication settings common to all services 779s # 779s # This file is included from other service-specific PAM config files, 779s # and should contain a list of the authentication modules that define 779s # the central authentication scheme for use on the system 779s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 779s # traditional Unix authentication mechanisms. 779s # 779s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 779s # To take advantage of this, it is recommended that you configure any 779s # local modules either before or after the default block, and use 779s # pam-auth-update to manage selection of other modules. See 779s # pam-auth-update(8) for details. 779s 779s # here are the per-package modules (the "Primary" block) 779s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 779s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 779s auth [success=1 default=ignore] pam_sss.so use_first_pass 779s # here's the fallback if no module succeeds 779s auth requisite pam_deny.so 779s # prime the stack with a positive return value if there isn't one already; 779s # this avoids us returning an error just because nothing sets a success code 779s # since the modules above will each just jump around 779s auth required pam_permit.so 779s # and here are more per-package modules (the "Additional" block) 779s auth optional pam_cap.so 779s # end of pam-auth-update config 779s + echo -n -e 123456 779s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 779s pamtester: invoking pam_start(login, ubuntu, ...) 779s pamtester: performing operation - authenticate 779s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 779s + echo -n -e 123456 779s + runuser -u ubuntu -- pamtester -v login '' authenticate 779s pamtester: invoking pam_start(login, , ...) 779s pamtester: performing operation - authenticate 779s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 779s + echo -n -e wrong123456 779s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 779s pamtester: invoking pam_start(login, ubuntu, ...) 779s pamtester: performing operation - authenticate 782s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 782s + echo -n -e wrong123456 782s + runuser -u ubuntu -- pamtester -v login '' authenticate 782s pamtester: invoking pam_start(login, , ...) 782s pamtester: performing operation - authenticate 785s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 785s + echo -n -e 123456 785s + pamtester -v login root authenticate 785s pamtester: invoking pam_start(login, root, ...) 785s pamtester: performing operation - authenticate 788s pamtester: Authentication service cannot retrieve authentication info 788s + handle_exit 788s + exit_code=0 788s + restore_changes 788s + for path in "${restore_paths[@]}" 788s + local original_path 788s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-V8SgEZ /tmp/sssd-softhsm2-backups-V8SgEZ//etc/softhsm/softhsm2.conf 788s + original_path=/etc/softhsm/softhsm2.conf 788s + rm /etc/softhsm/softhsm2.conf 788s + mv /tmp/sssd-softhsm2-backups-V8SgEZ//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 788s + for path in "${delete_paths[@]}" 788s + rm -f /etc/sssd/sssd.conf 788s + for path in "${delete_paths[@]}" 788s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 788s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 788s + '[' -e /etc/sssd/sssd.conf ']' 788s + systemctl stop sssd 788s + '[' -e /etc/softhsm/softhsm2.conf ']' 788s + chmod 600 /etc/softhsm/softhsm2.conf 788s + rm -rf /tmp/sssd-softhsm2-certs-ttdz2E 788s + '[' 0 = 0 ']' 788s + rm -rf /tmp/sssd-softhsm2-backups-V8SgEZ 788s + set +x 788s Script completed successfully! 788s autopkgtest [18:03:59]: test sssd-smart-card-pam-auth-configs: -----------------------] 792s sssd-smart-card-pam-auth-configs PASS 792s autopkgtest [18:04:03]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 796s autopkgtest [18:04:07]: @@@@@@@@@@@@@@@@@@@@ summary 796s ldap-user-group-ldap-auth PASS 796s ldap-user-group-krb5-auth PASS 796s sssd-softhism2-certificates-tests.sh PASS 796s sssd-smart-card-pam-auth-configs PASS