0s autopkgtest [09:53:08]: starting date and time: 2025-01-17 09:53:08+0000 0s autopkgtest [09:53:08]: git checkout: 325255d2 Merge branch 'pin-any-arch' into 'ubuntu/production' 0s autopkgtest [09:53:08]: host juju-7f2275-prod-proposed-migration-environment-15; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.i4ivoxnl/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:krb5 --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=krb5/1.21.3-4 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest-ppc64el --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-15@bos03-ppc64el-12.secgroup --name adt-plucky-ppc64el-sssd-20250117-095308-juju-7f2275-prod-proposed-migration-environment-15-6a69be5a-90d4-4553-abf5-e080b7b64efb --image adt/ubuntu-plucky-ppc64el-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-15 --net-id=net_prod-proposed-migration-ppc64el -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com,radosgw.ps5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 127s autopkgtest [09:55:15]: testbed dpkg architecture: ppc64el 127s autopkgtest [09:55:15]: testbed apt version: 2.9.18 128s autopkgtest [09:55:16]: @@@@@@@@@@@@@@@@@@@@ test bed setup 128s autopkgtest [09:55:16]: testbed release detected to be: None 128s autopkgtest [09:55:16]: updating testbed package index (apt update) 129s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 129s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 129s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 129s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 129s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [171 kB] 129s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [16.0 kB] 129s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [886 kB] 129s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 129s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el Packages [295 kB] 130s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted ppc64el Packages [756 B] 130s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe ppc64el Packages [1034 kB] 130s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse ppc64el Packages [17.1 kB] 130s Fetched 2503 kB in 1s (2278 kB/s) 131s Reading package lists... 131s Reading package lists... 131s Building dependency tree... 131s Reading state information... 132s Calculating upgrade... 132s The following packages will be upgraded: 132s libgudev-1.0-0 usb.ids 132s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 132s Need to get 239 kB of archives. 132s After this operation, 1024 B of additional disk space will be used. 132s Get:1 http://ftpmaster.internal/ubuntu plucky/main ppc64el usb.ids all 2025.01.14-1 [223 kB] 132s Get:2 http://ftpmaster.internal/ubuntu plucky/main ppc64el libgudev-1.0-0 ppc64el 1:238-6 [15.7 kB] 133s Fetched 239 kB in 0s (494 kB/s) 133s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74045 files and directories currently installed.) 133s Preparing to unpack .../usb.ids_2025.01.14-1_all.deb ... 133s Unpacking usb.ids (2025.01.14-1) over (2024.12.04-1) ... 133s Preparing to unpack .../libgudev-1.0-0_1%3a238-6_ppc64el.deb ... 133s Unpacking libgudev-1.0-0:ppc64el (1:238-6) over (1:238-5ubuntu1) ... 133s Setting up usb.ids (2025.01.14-1) ... 133s Setting up libgudev-1.0-0:ppc64el (1:238-6) ... 133s Processing triggers for libc-bin (2.40-4ubuntu1) ... 133s Reading package lists... 133s Building dependency tree... 133s Reading state information... 134s 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. 134s autopkgtest [09:55:22]: upgrading testbed (apt dist-upgrade and autopurge) 134s Reading package lists... 134s Building dependency tree... 134s Reading state information... 134s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 134s Starting 2 pkgProblemResolver with broken count: 0 134s Done 135s Entering ResolveByKeep 135s 135s The following packages will be upgraded: 135s krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 135s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 135s Need to get 781 kB of archives. 135s After this operation, 8192 B of additional disk space will be used. 135s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el krb5-locales all 1.21.3-4 [14.5 kB] 135s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libgssapi-krb5-2 ppc64el 1.21.3-4 [186 kB] 135s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libkrb5-3 ppc64el 1.21.3-4 [435 kB] 136s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libkrb5support0 ppc64el 1.21.3-4 [38.9 kB] 136s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libk5crypto3 ppc64el 1.21.3-4 [107 kB] 136s Fetched 781 kB in 1s (1251 kB/s) 136s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74045 files and directories currently installed.) 136s Preparing to unpack .../krb5-locales_1.21.3-4_all.deb ... 136s Unpacking krb5-locales (1.21.3-4) over (1.21.3-3) ... 136s Preparing to unpack .../libgssapi-krb5-2_1.21.3-4_ppc64el.deb ... 136s Unpacking libgssapi-krb5-2:ppc64el (1.21.3-4) over (1.21.3-3) ... 136s Preparing to unpack .../libkrb5-3_1.21.3-4_ppc64el.deb ... 136s Unpacking libkrb5-3:ppc64el (1.21.3-4) over (1.21.3-3) ... 136s Preparing to unpack .../libkrb5support0_1.21.3-4_ppc64el.deb ... 136s Unpacking libkrb5support0:ppc64el (1.21.3-4) over (1.21.3-3) ... 136s Preparing to unpack .../libk5crypto3_1.21.3-4_ppc64el.deb ... 136s Unpacking libk5crypto3:ppc64el (1.21.3-4) over (1.21.3-3) ... 136s Setting up krb5-locales (1.21.3-4) ... 136s Setting up libkrb5support0:ppc64el (1.21.3-4) ... 136s Setting up libk5crypto3:ppc64el (1.21.3-4) ... 136s Setting up libkrb5-3:ppc64el (1.21.3-4) ... 136s Setting up libgssapi-krb5-2:ppc64el (1.21.3-4) ... 136s Processing triggers for libc-bin (2.40-4ubuntu1) ... 136s Reading package lists... 137s Building dependency tree... 137s Reading state information... 137s Starting pkgProblemResolver with broken count: 0 137s Starting 2 pkgProblemResolver with broken count: 0 137s Done 137s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 140s autopkgtest [09:55:28]: testbed running kernel: Linux 6.11.0-8-generic #8-Ubuntu SMP Mon Sep 16 13:49:23 UTC 2024 140s autopkgtest [09:55:28]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 156s Get:1 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (dsc) [5048 B] 156s Get:2 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (tar) [8002 kB] 156s Get:3 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (diff) [49.2 kB] 156s gpgv: Signature made Wed Jul 3 23:54:05 2024 UTC 156s gpgv: using RSA key 8AFD08D3D1B817B2DF8982F501AC4B4083590A98 156s gpgv: Can't check signature: No public key 156s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.5-3ubuntu2.dsc: no acceptable signature found 157s autopkgtest [09:55:45]: testing package sssd version 2.9.5-3ubuntu2 163s autopkgtest [09:55:51]: build not needed 178s autopkgtest [09:56:06]: test ldap-user-group-ldap-auth: preparing testbed 178s Reading package lists... 178s Building dependency tree... 178s Reading state information... 179s Starting pkgProblemResolver with broken count: 0 179s Starting 2 pkgProblemResolver with broken count: 0 179s Done 179s The following NEW packages will be installed: 179s expect ldap-utils libargon2-1 libavahi-client3 libavahi-common-data 179s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 179s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 179s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 179s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 179s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 179s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 179s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 179s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 179s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 179s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 179s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 179s tcl-expect tcl8.6 179s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 179s Need to get 14.6 MB of archives. 179s After this operation, 70.6 MB of additional disk space will be used. 179s Get:1 http://ftpmaster.internal/ubuntu plucky/main ppc64el libargon2-1 ppc64el 0~20190702+dfsg-4build1 [27.5 kB] 179s Get:2 http://ftpmaster.internal/ubuntu plucky/main ppc64el libltdl7 ppc64el 2.4.7-8 [47.9 kB] 179s Get:3 http://ftpmaster.internal/ubuntu plucky/main ppc64el libodbc2 ppc64el 2.3.12-1ubuntu1 [187 kB] 179s Get:4 http://ftpmaster.internal/ubuntu plucky/main ppc64el slapd ppc64el 2.6.8+dfsg-1~exp4ubuntu3 [1777 kB] 180s Get:5 http://ftpmaster.internal/ubuntu plucky/main ppc64el libtcl8.6 ppc64el 8.6.15+dfsg-2 [1201 kB] 180s Get:6 http://ftpmaster.internal/ubuntu plucky/main ppc64el tcl8.6 ppc64el 8.6.15+dfsg-2 [14.8 kB] 180s Get:7 http://ftpmaster.internal/ubuntu plucky/universe ppc64el tcl-expect ppc64el 5.45.4-3 [122 kB] 180s Get:8 http://ftpmaster.internal/ubuntu plucky/universe ppc64el expect ppc64el 5.45.4-3 [137 kB] 180s Get:9 http://ftpmaster.internal/ubuntu plucky/main ppc64el ldap-utils ppc64el 2.6.8+dfsg-1~exp4ubuntu3 [153 kB] 180s Get:10 http://ftpmaster.internal/ubuntu plucky/main ppc64el libavahi-common-data ppc64el 0.8-14ubuntu1 [30.5 kB] 180s Get:11 http://ftpmaster.internal/ubuntu plucky/main ppc64el libavahi-common3 ppc64el 0.8-14ubuntu1 [26.0 kB] 180s Get:12 http://ftpmaster.internal/ubuntu plucky/main ppc64el libavahi-client3 ppc64el 0.8-14ubuntu1 [31.0 kB] 180s Get:13 http://ftpmaster.internal/ubuntu plucky/main ppc64el libbasicobjects0t64 ppc64el 0.6.2-3 [6070 B] 180s Get:14 http://ftpmaster.internal/ubuntu plucky/main ppc64el libcares2 ppc64el 1.34.4-2.1 [126 kB] 180s Get:15 http://ftpmaster.internal/ubuntu plucky/main ppc64el libcollection4t64 ppc64el 0.6.2-3 [35.1 kB] 180s Get:16 http://ftpmaster.internal/ubuntu plucky/main ppc64el libcrack2 ppc64el 2.9.6-5.2 [31.2 kB] 180s Get:17 http://ftpmaster.internal/ubuntu plucky/main ppc64el libdhash1t64 ppc64el 0.6.2-3 [10.1 kB] 180s Get:18 http://ftpmaster.internal/ubuntu plucky/main ppc64el libevent-2.1-7t64 ppc64el 2.1.12-stable-10 [172 kB] 180s Get:19 http://ftpmaster.internal/ubuntu plucky/main ppc64el libpath-utils1t64 ppc64el 0.6.2-3 [10.5 kB] 180s Get:20 http://ftpmaster.internal/ubuntu plucky/main ppc64el libref-array1t64 ppc64el 0.6.2-3 [8006 B] 180s Get:21 http://ftpmaster.internal/ubuntu plucky/main ppc64el libini-config5t64 ppc64el 0.6.2-3 [54.8 kB] 180s Get:22 http://ftpmaster.internal/ubuntu plucky/main ppc64el libipa-hbac0t64 ppc64el 2.9.5-3ubuntu2 [18.4 kB] 180s Get:23 http://ftpmaster.internal/ubuntu plucky/universe ppc64el libjose0 ppc64el 14-1 [52.4 kB] 180s Get:24 http://ftpmaster.internal/ubuntu plucky/main ppc64el libverto-libevent1t64 ppc64el 0.3.1-1.2ubuntu3 [6490 B] 180s Get:25 http://ftpmaster.internal/ubuntu plucky/main ppc64el libverto1t64 ppc64el 0.3.1-1.2ubuntu3 [12.1 kB] 180s Get:26 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libkrad0 ppc64el 1.21.3-4 [24.4 kB] 180s Get:27 http://ftpmaster.internal/ubuntu plucky/main ppc64el libtalloc2 ppc64el 2.4.2-1build2 [36.7 kB] 180s Get:28 http://ftpmaster.internal/ubuntu plucky/main ppc64el libtdb1 ppc64el 1.4.12-1 [63.0 kB] 180s Get:29 http://ftpmaster.internal/ubuntu plucky/main ppc64el libtevent0t64 ppc64el 0.16.1-3 [50.4 kB] 180s Get:30 http://ftpmaster.internal/ubuntu plucky/main ppc64el libldb2 ppc64el 2:2.9.1+samba4.20.4+dfsg-1ubuntu3 [223 kB] 180s Get:31 http://ftpmaster.internal/ubuntu plucky/main ppc64el libnfsidmap1 ppc64el 1:2.6.4-4ubuntu1 [54.3 kB] 180s Get:32 http://ftpmaster.internal/ubuntu plucky/universe ppc64el libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 180s Get:33 http://ftpmaster.internal/ubuntu plucky/main ppc64el libpwquality-common all 1.4.5-3build1 [7748 B] 180s Get:34 http://ftpmaster.internal/ubuntu plucky/main ppc64el libpwquality1 ppc64el 1.4.5-3build1 [17.0 kB] 180s Get:35 http://ftpmaster.internal/ubuntu plucky/main ppc64el libpam-pwquality ppc64el 1.4.5-3build1 [12.5 kB] 180s Get:36 http://ftpmaster.internal/ubuntu plucky/main ppc64el libwbclient0 ppc64el 2:4.20.4+dfsg-1ubuntu3 [81.5 kB] 180s Get:37 http://ftpmaster.internal/ubuntu plucky/main ppc64el samba-libs ppc64el 2:4.20.4+dfsg-1ubuntu3 [6867 kB] 181s Get:38 http://ftpmaster.internal/ubuntu plucky/main ppc64el libsmbclient0 ppc64el 2:4.20.4+dfsg-1ubuntu3 [70.7 kB] 181s Get:39 http://ftpmaster.internal/ubuntu plucky/main ppc64el libnss-sss ppc64el 2.9.5-3ubuntu2 [37.0 kB] 181s Get:40 http://ftpmaster.internal/ubuntu plucky/main ppc64el libpam-sss ppc64el 2.9.5-3ubuntu2 [57.0 kB] 181s Get:41 http://ftpmaster.internal/ubuntu plucky/main ppc64el python3-sss ppc64el 2.9.5-3ubuntu2 [48.8 kB] 181s Get:42 http://ftpmaster.internal/ubuntu plucky/main ppc64el libsss-certmap0 ppc64el 2.9.5-3ubuntu2 [54.2 kB] 181s Get:43 http://ftpmaster.internal/ubuntu plucky/main ppc64el libsss-idmap0 ppc64el 2.9.5-3ubuntu2 [25.2 kB] 181s Get:44 http://ftpmaster.internal/ubuntu plucky/main ppc64el libsss-nss-idmap0 ppc64el 2.9.5-3ubuntu2 [38.0 kB] 181s Get:45 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-common ppc64el 2.9.5-3ubuntu2 [1276 kB] 181s Get:46 http://ftpmaster.internal/ubuntu plucky/universe ppc64el sssd-idp ppc64el 2.9.5-3ubuntu2 [30.7 kB] 181s Get:47 http://ftpmaster.internal/ubuntu plucky/universe ppc64el sssd-passkey ppc64el 2.9.5-3ubuntu2 [35.3 kB] 181s Get:48 http://ftpmaster.internal/ubuntu plucky/main ppc64el libipa-hbac-dev ppc64el 2.9.5-3ubuntu2 [6668 B] 181s Get:49 http://ftpmaster.internal/ubuntu plucky/main ppc64el libsss-certmap-dev ppc64el 2.9.5-3ubuntu2 [5736 B] 181s Get:50 http://ftpmaster.internal/ubuntu plucky/main ppc64el libsss-idmap-dev ppc64el 2.9.5-3ubuntu2 [8388 B] 181s Get:51 http://ftpmaster.internal/ubuntu plucky/main ppc64el libsss-nss-idmap-dev ppc64el 2.9.5-3ubuntu2 [6720 B] 181s Get:52 http://ftpmaster.internal/ubuntu plucky/universe ppc64el libsss-sudo ppc64el 2.9.5-3ubuntu2 [23.2 kB] 181s Get:53 http://ftpmaster.internal/ubuntu plucky/universe ppc64el python3-libipa-hbac ppc64el 2.9.5-3ubuntu2 [19.1 kB] 181s Get:54 http://ftpmaster.internal/ubuntu plucky/universe ppc64el python3-libsss-nss-idmap ppc64el 2.9.5-3ubuntu2 [9554 B] 181s Get:55 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-ad-common ppc64el 2.9.5-3ubuntu2 [87.6 kB] 181s Get:56 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-krb5-common ppc64el 2.9.5-3ubuntu2 [103 kB] 181s Get:57 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-ad ppc64el 2.9.5-3ubuntu2 [148 kB] 181s Get:58 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-ipa ppc64el 2.9.5-3ubuntu2 [238 kB] 181s Get:59 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-krb5 ppc64el 2.9.5-3ubuntu2 [14.5 kB] 181s Get:60 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-ldap ppc64el 2.9.5-3ubuntu2 [31.7 kB] 181s Get:61 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-proxy ppc64el 2.9.5-3ubuntu2 [47.9 kB] 181s Get:62 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd ppc64el 2.9.5-3ubuntu2 [4122 B] 181s Get:63 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-dbus ppc64el 2.9.5-3ubuntu2 [121 kB] 181s Get:64 http://ftpmaster.internal/ubuntu plucky/universe ppc64el sssd-kcm ppc64el 2.9.5-3ubuntu2 [159 kB] 181s Get:65 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-tools ppc64el 2.9.5-3ubuntu2 [107 kB] 181s Preconfiguring packages ... 181s Fetched 14.6 MB in 2s (7109 kB/s) 181s Selecting previously unselected package libargon2-1:ppc64el. 181s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74045 files and directories currently installed.) 181s Preparing to unpack .../00-libargon2-1_0~20190702+dfsg-4build1_ppc64el.deb ... 181s Unpacking libargon2-1:ppc64el (0~20190702+dfsg-4build1) ... 181s Selecting previously unselected package libltdl7:ppc64el. 181s Preparing to unpack .../01-libltdl7_2.4.7-8_ppc64el.deb ... 181s Unpacking libltdl7:ppc64el (2.4.7-8) ... 181s Selecting previously unselected package libodbc2:ppc64el. 181s Preparing to unpack .../02-libodbc2_2.3.12-1ubuntu1_ppc64el.deb ... 181s Unpacking libodbc2:ppc64el (2.3.12-1ubuntu1) ... 181s Selecting previously unselected package slapd. 181s Preparing to unpack .../03-slapd_2.6.8+dfsg-1~exp4ubuntu3_ppc64el.deb ... 181s Unpacking slapd (2.6.8+dfsg-1~exp4ubuntu3) ... 182s Selecting previously unselected package libtcl8.6:ppc64el. 182s Preparing to unpack .../04-libtcl8.6_8.6.15+dfsg-2_ppc64el.deb ... 182s Unpacking libtcl8.6:ppc64el (8.6.15+dfsg-2) ... 182s Selecting previously unselected package tcl8.6. 182s Preparing to unpack .../05-tcl8.6_8.6.15+dfsg-2_ppc64el.deb ... 182s Unpacking tcl8.6 (8.6.15+dfsg-2) ... 182s Selecting previously unselected package tcl-expect:ppc64el. 182s Preparing to unpack .../06-tcl-expect_5.45.4-3_ppc64el.deb ... 182s Unpacking tcl-expect:ppc64el (5.45.4-3) ... 182s Selecting previously unselected package expect. 182s Preparing to unpack .../07-expect_5.45.4-3_ppc64el.deb ... 182s Unpacking expect (5.45.4-3) ... 182s Selecting previously unselected package ldap-utils. 182s Preparing to unpack .../08-ldap-utils_2.6.8+dfsg-1~exp4ubuntu3_ppc64el.deb ... 182s Unpacking ldap-utils (2.6.8+dfsg-1~exp4ubuntu3) ... 182s Selecting previously unselected package libavahi-common-data:ppc64el. 182s Preparing to unpack .../09-libavahi-common-data_0.8-14ubuntu1_ppc64el.deb ... 182s Unpacking libavahi-common-data:ppc64el (0.8-14ubuntu1) ... 182s Selecting previously unselected package libavahi-common3:ppc64el. 182s Preparing to unpack .../10-libavahi-common3_0.8-14ubuntu1_ppc64el.deb ... 182s Unpacking libavahi-common3:ppc64el (0.8-14ubuntu1) ... 182s Selecting previously unselected package libavahi-client3:ppc64el. 182s Preparing to unpack .../11-libavahi-client3_0.8-14ubuntu1_ppc64el.deb ... 182s Unpacking libavahi-client3:ppc64el (0.8-14ubuntu1) ... 182s Selecting previously unselected package libbasicobjects0t64:ppc64el. 182s Preparing to unpack .../12-libbasicobjects0t64_0.6.2-3_ppc64el.deb ... 182s Unpacking libbasicobjects0t64:ppc64el (0.6.2-3) ... 182s Selecting previously unselected package libcares2:ppc64el. 182s Preparing to unpack .../13-libcares2_1.34.4-2.1_ppc64el.deb ... 182s Unpacking libcares2:ppc64el (1.34.4-2.1) ... 182s Selecting previously unselected package libcollection4t64:ppc64el. 182s Preparing to unpack .../14-libcollection4t64_0.6.2-3_ppc64el.deb ... 182s Unpacking libcollection4t64:ppc64el (0.6.2-3) ... 182s Selecting previously unselected package libcrack2:ppc64el. 182s Preparing to unpack .../15-libcrack2_2.9.6-5.2_ppc64el.deb ... 182s Unpacking libcrack2:ppc64el (2.9.6-5.2) ... 182s Selecting previously unselected package libdhash1t64:ppc64el. 182s Preparing to unpack .../16-libdhash1t64_0.6.2-3_ppc64el.deb ... 182s Unpacking libdhash1t64:ppc64el (0.6.2-3) ... 182s Selecting previously unselected package libevent-2.1-7t64:ppc64el. 182s Preparing to unpack .../17-libevent-2.1-7t64_2.1.12-stable-10_ppc64el.deb ... 182s Unpacking libevent-2.1-7t64:ppc64el (2.1.12-stable-10) ... 182s Selecting previously unselected package libpath-utils1t64:ppc64el. 182s Preparing to unpack .../18-libpath-utils1t64_0.6.2-3_ppc64el.deb ... 182s Unpacking libpath-utils1t64:ppc64el (0.6.2-3) ... 182s Selecting previously unselected package libref-array1t64:ppc64el. 182s Preparing to unpack .../19-libref-array1t64_0.6.2-3_ppc64el.deb ... 182s Unpacking libref-array1t64:ppc64el (0.6.2-3) ... 182s Selecting previously unselected package libini-config5t64:ppc64el. 182s Preparing to unpack .../20-libini-config5t64_0.6.2-3_ppc64el.deb ... 182s Unpacking libini-config5t64:ppc64el (0.6.2-3) ... 182s Selecting previously unselected package libipa-hbac0t64. 182s Preparing to unpack .../21-libipa-hbac0t64_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking libipa-hbac0t64 (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package libjose0:ppc64el. 182s Preparing to unpack .../22-libjose0_14-1_ppc64el.deb ... 182s Unpacking libjose0:ppc64el (14-1) ... 182s Selecting previously unselected package libverto-libevent1t64:ppc64el. 182s Preparing to unpack .../23-libverto-libevent1t64_0.3.1-1.2ubuntu3_ppc64el.deb ... 182s Unpacking libverto-libevent1t64:ppc64el (0.3.1-1.2ubuntu3) ... 182s Selecting previously unselected package libverto1t64:ppc64el. 182s Preparing to unpack .../24-libverto1t64_0.3.1-1.2ubuntu3_ppc64el.deb ... 182s Unpacking libverto1t64:ppc64el (0.3.1-1.2ubuntu3) ... 182s Selecting previously unselected package libkrad0:ppc64el. 182s Preparing to unpack .../25-libkrad0_1.21.3-4_ppc64el.deb ... 182s Unpacking libkrad0:ppc64el (1.21.3-4) ... 182s Selecting previously unselected package libtalloc2:ppc64el. 182s Preparing to unpack .../26-libtalloc2_2.4.2-1build2_ppc64el.deb ... 182s Unpacking libtalloc2:ppc64el (2.4.2-1build2) ... 182s Selecting previously unselected package libtdb1:ppc64el. 182s Preparing to unpack .../27-libtdb1_1.4.12-1_ppc64el.deb ... 182s Unpacking libtdb1:ppc64el (1.4.12-1) ... 182s Selecting previously unselected package libtevent0t64:ppc64el. 182s Preparing to unpack .../28-libtevent0t64_0.16.1-3_ppc64el.deb ... 182s Unpacking libtevent0t64:ppc64el (0.16.1-3) ... 182s Selecting previously unselected package libldb2:ppc64el. 182s Preparing to unpack .../29-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu3_ppc64el.deb ... 182s Unpacking libldb2:ppc64el (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 182s Selecting previously unselected package libnfsidmap1:ppc64el. 182s Preparing to unpack .../30-libnfsidmap1_1%3a2.6.4-4ubuntu1_ppc64el.deb ... 182s Unpacking libnfsidmap1:ppc64el (1:2.6.4-4ubuntu1) ... 182s Selecting previously unselected package libnss-sudo. 182s Preparing to unpack .../31-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 182s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 182s Selecting previously unselected package libpwquality-common. 182s Preparing to unpack .../32-libpwquality-common_1.4.5-3build1_all.deb ... 182s Unpacking libpwquality-common (1.4.5-3build1) ... 182s Selecting previously unselected package libpwquality1:ppc64el. 182s Preparing to unpack .../33-libpwquality1_1.4.5-3build1_ppc64el.deb ... 182s Unpacking libpwquality1:ppc64el (1.4.5-3build1) ... 182s Selecting previously unselected package libpam-pwquality:ppc64el. 182s Preparing to unpack .../34-libpam-pwquality_1.4.5-3build1_ppc64el.deb ... 182s Unpacking libpam-pwquality:ppc64el (1.4.5-3build1) ... 182s Selecting previously unselected package libwbclient0:ppc64el. 182s Preparing to unpack .../35-libwbclient0_2%3a4.20.4+dfsg-1ubuntu3_ppc64el.deb ... 182s Unpacking libwbclient0:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 182s Selecting previously unselected package samba-libs:ppc64el. 182s Preparing to unpack .../36-samba-libs_2%3a4.20.4+dfsg-1ubuntu3_ppc64el.deb ... 182s Unpacking samba-libs:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 182s Selecting previously unselected package libsmbclient0:ppc64el. 182s Preparing to unpack .../37-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu3_ppc64el.deb ... 182s Unpacking libsmbclient0:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 182s Selecting previously unselected package libnss-sss:ppc64el. 182s Preparing to unpack .../38-libnss-sss_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking libnss-sss:ppc64el (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package libpam-sss:ppc64el. 182s Preparing to unpack .../39-libpam-sss_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking libpam-sss:ppc64el (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package python3-sss. 182s Preparing to unpack .../40-python3-sss_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking python3-sss (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package libsss-certmap0. 182s Preparing to unpack .../41-libsss-certmap0_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking libsss-certmap0 (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package libsss-idmap0. 182s Preparing to unpack .../42-libsss-idmap0_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking libsss-idmap0 (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package libsss-nss-idmap0. 182s Preparing to unpack .../43-libsss-nss-idmap0_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package sssd-common. 182s Preparing to unpack .../44-sssd-common_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking sssd-common (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package sssd-idp. 182s Preparing to unpack .../45-sssd-idp_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking sssd-idp (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package sssd-passkey. 182s Preparing to unpack .../46-sssd-passkey_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking sssd-passkey (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package libipa-hbac-dev. 182s Preparing to unpack .../47-libipa-hbac-dev_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking libipa-hbac-dev (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package libsss-certmap-dev. 182s Preparing to unpack .../48-libsss-certmap-dev_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking libsss-certmap-dev (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package libsss-idmap-dev. 182s Preparing to unpack .../49-libsss-idmap-dev_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking libsss-idmap-dev (2.9.5-3ubuntu2) ... 182s Selecting previously unselected package libsss-nss-idmap-dev. 182s Preparing to unpack .../50-libsss-nss-idmap-dev_2.9.5-3ubuntu2_ppc64el.deb ... 182s Unpacking libsss-nss-idmap-dev (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package libsss-sudo. 183s Preparing to unpack .../51-libsss-sudo_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking libsss-sudo (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package python3-libipa-hbac. 183s Preparing to unpack .../52-python3-libipa-hbac_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking python3-libipa-hbac (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package python3-libsss-nss-idmap. 183s Preparing to unpack .../53-python3-libsss-nss-idmap_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking python3-libsss-nss-idmap (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package sssd-ad-common. 183s Preparing to unpack .../54-sssd-ad-common_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking sssd-ad-common (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package sssd-krb5-common. 183s Preparing to unpack .../55-sssd-krb5-common_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking sssd-krb5-common (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package sssd-ad. 183s Preparing to unpack .../56-sssd-ad_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking sssd-ad (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package sssd-ipa. 183s Preparing to unpack .../57-sssd-ipa_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking sssd-ipa (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package sssd-krb5. 183s Preparing to unpack .../58-sssd-krb5_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking sssd-krb5 (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package sssd-ldap. 183s Preparing to unpack .../59-sssd-ldap_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking sssd-ldap (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package sssd-proxy. 183s Preparing to unpack .../60-sssd-proxy_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking sssd-proxy (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package sssd. 183s Preparing to unpack .../61-sssd_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking sssd (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package sssd-dbus. 183s Preparing to unpack .../62-sssd-dbus_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking sssd-dbus (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package sssd-kcm. 183s Preparing to unpack .../63-sssd-kcm_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking sssd-kcm (2.9.5-3ubuntu2) ... 183s Selecting previously unselected package sssd-tools. 183s Preparing to unpack .../64-sssd-tools_2.9.5-3ubuntu2_ppc64el.deb ... 183s Unpacking sssd-tools (2.9.5-3ubuntu2) ... 183s Setting up libpwquality-common (1.4.5-3build1) ... 183s Setting up libnfsidmap1:ppc64el (1:2.6.4-4ubuntu1) ... 183s Setting up libsss-idmap0 (2.9.5-3ubuntu2) ... 183s Setting up libbasicobjects0t64:ppc64el (0.6.2-3) ... 183s Setting up libipa-hbac0t64 (2.9.5-3ubuntu2) ... 183s Setting up libsss-idmap-dev (2.9.5-3ubuntu2) ... 183s Setting up libref-array1t64:ppc64el (0.6.2-3) ... 183s Setting up libipa-hbac-dev (2.9.5-3ubuntu2) ... 183s Setting up libtdb1:ppc64el (1.4.12-1) ... 183s Setting up libargon2-1:ppc64el (0~20190702+dfsg-4build1) ... 183s Setting up libcollection4t64:ppc64el (0.6.2-3) ... 183s Setting up libevent-2.1-7t64:ppc64el (2.1.12-stable-10) ... 183s Setting up ldap-utils (2.6.8+dfsg-1~exp4ubuntu3) ... 183s Setting up libjose0:ppc64el (14-1) ... 183s Setting up libwbclient0:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 183s Setting up libtalloc2:ppc64el (2.4.2-1build2) ... 183s Setting up libpath-utils1t64:ppc64el (0.6.2-3) ... 183s Setting up libavahi-common-data:ppc64el (0.8-14ubuntu1) ... 183s Setting up libcares2:ppc64el (1.34.4-2.1) ... 183s Setting up libdhash1t64:ppc64el (0.6.2-3) ... 183s Setting up libtcl8.6:ppc64el (8.6.15+dfsg-2) ... 183s Setting up libltdl7:ppc64el (2.4.7-8) ... 183s Setting up libcrack2:ppc64el (2.9.6-5.2) ... 183s Setting up libodbc2:ppc64el (2.3.12-1ubuntu1) ... 183s Setting up python3-libipa-hbac (2.9.5-3ubuntu2) ... 183s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 183s Setting up libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 183s Setting up libini-config5t64:ppc64el (0.6.2-3) ... 183s Setting up libtevent0t64:ppc64el (0.16.1-3) ... 183s Setting up libnss-sss:ppc64el (2.9.5-3ubuntu2) ... 183s Setting up slapd (2.6.8+dfsg-1~exp4ubuntu3) ... 183s Creating new user openldap... done. 183s Creating initial configuration... done. 183s Creating LDAP directory... done. 184s Setting up tcl8.6 (8.6.15+dfsg-2) ... 184s Setting up libsss-sudo (2.9.5-3ubuntu2) ... 184s Setting up libsss-nss-idmap-dev (2.9.5-3ubuntu2) ... 184s Setting up libavahi-common3:ppc64el (0.8-14ubuntu1) ... 184s Setting up tcl-expect:ppc64el (5.45.4-3) ... 184s Setting up libsss-certmap0 (2.9.5-3ubuntu2) ... 184s Setting up libpwquality1:ppc64el (1.4.5-3build1) ... 184s Setting up python3-libsss-nss-idmap (2.9.5-3ubuntu2) ... 184s Setting up libldb2:ppc64el (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 184s Setting up libavahi-client3:ppc64el (0.8-14ubuntu1) ... 184s Setting up expect (5.45.4-3) ... 184s Setting up libpam-pwquality:ppc64el (1.4.5-3build1) ... 184s Setting up samba-libs:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 184s Setting up libsss-certmap-dev (2.9.5-3ubuntu2) ... 184s Setting up python3-sss (2.9.5-3ubuntu2) ... 184s Setting up libsmbclient0:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 184s Setting up libpam-sss:ppc64el (2.9.5-3ubuntu2) ... 184s Setting up sssd-common (2.9.5-3ubuntu2) ... 184s Creating SSSD system user & group... 184s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 184s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 184s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 184s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 185s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 185s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 185s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 185s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 186s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 186s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 186s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 186s sssd-autofs.service is a disabled or a static unit, not starting it. 186s sssd-nss.service is a disabled or a static unit, not starting it. 186s sssd-pam.service is a disabled or a static unit, not starting it. 186s sssd-ssh.service is a disabled or a static unit, not starting it. 187s sssd-sudo.service is a disabled or a static unit, not starting it. 187s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 187s Setting up sssd-proxy (2.9.5-3ubuntu2) ... 187s Setting up sssd-kcm (2.9.5-3ubuntu2) ... 187s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 187s sssd-kcm.service is a disabled or a static unit, not starting it. 187s Setting up sssd-dbus (2.9.5-3ubuntu2) ... 187s sssd-ifp.service is a disabled or a static unit, not starting it. 187s Setting up sssd-ad-common (2.9.5-3ubuntu2) ... 188s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 188s sssd-pac.service is a disabled or a static unit, not starting it. 188s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 188s Setting up sssd-krb5-common (2.9.5-3ubuntu2) ... 188s Setting up sssd-krb5 (2.9.5-3ubuntu2) ... 188s Setting up sssd-ldap (2.9.5-3ubuntu2) ... 188s Setting up sssd-ad (2.9.5-3ubuntu2) ... 188s Setting up sssd-tools (2.9.5-3ubuntu2) ... 188s Setting up sssd-ipa (2.9.5-3ubuntu2) ... 188s Setting up sssd (2.9.5-3ubuntu2) ... 188s Setting up libverto1t64:ppc64el (0.3.1-1.2ubuntu3) ... 188s Setting up libkrad0:ppc64el (1.21.3-4) ... 188s Setting up libverto-libevent1t64:ppc64el (0.3.1-1.2ubuntu3) ... 188s Setting up sssd-passkey (2.9.5-3ubuntu2) ... 188s Setting up sssd-idp (2.9.5-3ubuntu2) ... 188s Processing triggers for libc-bin (2.40-4ubuntu1) ... 188s Processing triggers for ufw (0.36.2-8) ... 188s Processing triggers for man-db (2.13.0-1) ... 189s Processing triggers for dbus (1.14.10-4ubuntu5) ... 196s autopkgtest [09:56:24]: test ldap-user-group-ldap-auth: [----------------------- 196s + . debian/tests/util 196s + . debian/tests/common-tests 196s + mydomain=example.com 196s + myhostname=ldap.example.com 196s + mysuffix=dc=example,dc=com 196s + admin_dn=cn=admin,dc=example,dc=com 196s + admin_pw=secret 196s + ldap_user=testuser1 196s + ldap_user_pw=testuser1secret 196s + ldap_group=ldapusers 196s + adjust_hostname ldap.example.com 196s + local myhostname=ldap.example.com 196s + echo ldap.example.com 196s + hostname ldap.example.com 196s + grep -qE ldap.example.com /etc/hosts 196s + echo 127.0.1.10 ldap.example.com 196s + reconfigure_slapd 196s + debconf-set-selections 196s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 196s + dpkg-reconfigure -fnoninteractive -pcritical slapd 196s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3... done. 196s Moving old database directory to /var/backups: 197s - directory unknown... done. 197s Creating initial configuration... done. 197s Creating LDAP directory... done. 197s + generate_certs ldap.example.com 197s + local cn=ldap.example.com 197s + local cert=/etc/ldap/server.pem 197s + local key=/etc/ldap/server.key 197s + local cnf=/etc/ldap/openssl.cnf 197s + cat 197s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 197s .......modifying entry "cn=config" 197s 197s .................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 197s .............................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 197s ----- 197s + chmod 0640 /etc/ldap/server.key 197s + chgrp openldap /etc/ldap/server.key 197s + [ ! -f /etc/ldap/server.pem ] 197s + [ ! -f /etc/ldap/server.key ] 197s + enable_ldap_ssl 197s + cat 197s + cat 197s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 197s + populate_ldap_rfc2307 197s + cat 197s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 197s + configure_sssd_ldap_rfc2307 197s + cat 197s + chmod 0600 /etc/sssd/sssd.conf 197s + systemctl restart sssd 197s adding new entry "ou=People,dc=example,dc=com" 197s 197s adding new entry "ou=Group,dc=example,dc=com" 197s 197s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 197s 197s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 197s 197s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 197s 197s Assert local user databases do not have our LDAP test data 197s + enable_pam_mkhomedir 197s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 197s + echo session optional pam_mkhomedir.so 197s + run_common_tests 197s + echo Assert local user databases do not have our LDAP test data 197s + check_local_user testuser1 197s + local local_user=testuser1 197s + grep -q ^testuser1 /etc/passwd 197s + check_local_group testuser1 197s + local local_group=testuser1 197s + grep -q ^testuser1 /etc/group 197s The LDAP user is known to the system via getent 197s + check_local_group ldapusers 197s + local local_group=ldapusers 197s + grep -q ^ldapusers /etc/group 197s + echo The LDAP user is known to the system via getent 197s + check_getent_user testuser1 197s + local getent_user=testuser1 197s + local output 197s + getent passwd testuser1 197s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 197s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 197s + echo The LDAP user's private group is known to the system via getent 197s + check_getent_group testuser1 197s + local getent_group=testuser1 197s + local output 197s The LDAP user's private group is known to the system via getent 197s + getent group testuser1 197s The LDAP group ldapusers is known to the system via getent 197s + output=testuser1:*:10001:testuser1 197s + [ -z testuser1:*:10001:testuser1 ] 197s + echo The LDAP group ldapusers is known to the system via getent 197s + check_getent_group ldapusers 197s + local getent_group=ldapusers 197s + local output 197s + getent group ldapusers 197s The id(1) command can resolve the group membership of the LDAP user 197s + output=ldapusers:*:10100:testuser1 197s + [ -z ldapusers:*:10100:testuser1 ] 197s + echo The id(1) command can resolve the group membership of the LDAP user 197s + id -Gn testuser1 197s The LDAP user can login on a terminal 197s + output=testuser1 ldapusers 197s + [ testuser1 ldapusers != testuser1 ldapusers ] 197s + echo The LDAP user can login on a terminal 197s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 197s spawn login 197s ldap.example.com login: testuser1 197s Password: 197s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.11.0-8-generic ppc64le) 197s 197s * Documentation: https://help.ubuntu.com 197s * Management: https://landscape.canonical.com 197s * Support: https://ubuntu.com/pro 197s 197s 197s The programs included with the Ubuntu system are free software; 197s the exact distribution terms for each program are described in the 197s individual files in /usr/share/doc/*/copyright. 197s 197s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 197s applicable law. 197s 197s 197s The programs included with the Ubuntu system are free software; 197s the exact distribution terms for each program are described in the 197s individual files in /usr/share/doc/*/copyright. 197s 197s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 197s applicable law. 197s 197s Creating directory '/home/testuser1'. 197s [?2004htestuser1@ldap:~$ id -un 197s [?2004l testuser1 198s [?2004htestuser1@ldap:~$ autopkgtest [09:56:26]: test ldap-user-group-ldap-auth: -----------------------] 198s autopkgtest [09:56:26]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 198s ldap-user-group-ldap-auth PASS 199s autopkgtest [09:56:27]: test ldap-user-group-krb5-auth: preparing testbed 199s Reading package lists... 199s Building dependency tree... 199s Reading state information... 199s Starting pkgProblemResolver with broken count: 0 199s Starting 2 pkgProblemResolver with broken count: 0 199s Done 200s The following NEW packages will be installed: 200s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 200s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 200s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 200s Need to get 684 kB of archives. 200s After this operation, 3188 kB of additional disk space will be used. 200s Get:1 http://ftpmaster.internal/ubuntu plucky/main ppc64el krb5-config all 2.7 [22.0 kB] 200s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libgssrpc4t64 ppc64el 1.21.3-4 [64.9 kB] 200s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libkadm5clnt-mit12 ppc64el 1.21.3-4 [44.0 kB] 200s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libkdb5-10t64 ppc64el 1.21.3-4 [47.1 kB] 200s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libkadm5srv-mit12 ppc64el 1.21.3-4 [61.5 kB] 200s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/universe ppc64el krb5-user ppc64el 1.21.3-4 [116 kB] 200s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/universe ppc64el krb5-kdc ppc64el 1.21.3-4 [221 kB] 200s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/universe ppc64el krb5-admin-server ppc64el 1.21.3-4 [107 kB] 200s Preconfiguring packages ... 202s Fetched 684 kB in 1s (1212 kB/s) 202s Selecting previously unselected package krb5-config. 202s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 75338 files and directories currently installed.) 202s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 202s Unpacking krb5-config (2.7) ... 202s Selecting previously unselected package libgssrpc4t64:ppc64el. 202s Preparing to unpack .../1-libgssrpc4t64_1.21.3-4_ppc64el.deb ... 202s Unpacking libgssrpc4t64:ppc64el (1.21.3-4) ... 202s Selecting previously unselected package libkadm5clnt-mit12:ppc64el. 202s Preparing to unpack .../2-libkadm5clnt-mit12_1.21.3-4_ppc64el.deb ... 202s Unpacking libkadm5clnt-mit12:ppc64el (1.21.3-4) ... 202s Selecting previously unselected package libkdb5-10t64:ppc64el. 202s Preparing to unpack .../3-libkdb5-10t64_1.21.3-4_ppc64el.deb ... 202s Unpacking libkdb5-10t64:ppc64el (1.21.3-4) ... 202s Selecting previously unselected package libkadm5srv-mit12:ppc64el. 202s Preparing to unpack .../4-libkadm5srv-mit12_1.21.3-4_ppc64el.deb ... 202s Unpacking libkadm5srv-mit12:ppc64el (1.21.3-4) ... 202s Selecting previously unselected package krb5-user. 202s Preparing to unpack .../5-krb5-user_1.21.3-4_ppc64el.deb ... 202s Unpacking krb5-user (1.21.3-4) ... 202s Selecting previously unselected package krb5-kdc. 202s Preparing to unpack .../6-krb5-kdc_1.21.3-4_ppc64el.deb ... 202s Unpacking krb5-kdc (1.21.3-4) ... 202s Selecting previously unselected package krb5-admin-server. 202s Preparing to unpack .../7-krb5-admin-server_1.21.3-4_ppc64el.deb ... 202s Unpacking krb5-admin-server (1.21.3-4) ... 202s Setting up libgssrpc4t64:ppc64el (1.21.3-4) ... 202s Setting up krb5-config (2.7) ... 202s Setting up libkadm5clnt-mit12:ppc64el (1.21.3-4) ... 202s Setting up libkdb5-10t64:ppc64el (1.21.3-4) ... 202s Setting up libkadm5srv-mit12:ppc64el (1.21.3-4) ... 202s Setting up krb5-user (1.21.3-4) ... 202s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 202s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 202s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 202s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 202s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 202s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 202s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 202s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 202s Setting up krb5-kdc (1.21.3-4) ... 202s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 203s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 203s Setting up krb5-admin-server (1.21.3-4) ... 203s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 204s Processing triggers for man-db (2.13.0-1) ... 204s Processing triggers for libc-bin (2.40-4ubuntu1) ... 210s autopkgtest [09:56:38]: test ldap-user-group-krb5-auth: [----------------------- 211s + . debian/tests/util 211s + . debian/tests/common-tests 211s + mydomain=example.com 211s + myhostname=ldap.example.com 211s + mysuffix=dc=example,dc=com 211s + myrealm=EXAMPLE.COM 211s + admin_dn=cn=admin,dc=example,dc=com 211s + admin_pw=secret 211s + ldap_user=testuser1 211s + ldap_user_pw=testuser1secret 211s + kerberos_principal_pw=testuser1kerberos 211s + ldap_group=ldapusers 211s + adjust_hostname ldap.example.com 211s + local myhostname=ldap.example.com 211s + echo ldap.example.com 211s + hostname ldap.example.com 211s + grep -qE ldap.example.com /etc/hosts 211s + reconfigure_slapd 211s + debconf-set-selections 211s + rm -rf /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3 /var/backups/unknown-2.6.8+dfsg-1~exp4ubuntu3-20250117-095624.ldapdb 211s + dpkg-reconfigure -fnoninteractive -pcritical slapd 211s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3... done. 211s Moving old database directory to /var/backups: 211s - directory unknown... done. 211s Creating initial configuration... done. 211s Creating LDAP directory... done. 212s + generate_certs ldap.example.com 212s + local cn=ldap.example.com 212s + local cert=/etc/ldap/server.pem 212s + local key=/etc/ldap/server.key 212s + local cnf=/etc/ldap/openssl.cnf 212s + cat 212s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 212s .........................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 212s ..........................+++++++++++++++++++modifying entry "cn=config" 212s 212s adding new entry "ou=People,dc=example,dc=com" 212s 212s adding new entry "ou=Group,dc=example,dc=com" 212s 212s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 212s 212s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 212s 212s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 212s 212s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 212s master key name 'K/M@EXAMPLE.COM' 212s +++++++++++++++++++++++++++++++++++++++++++++ 212s ----- 212s + chmod 0640 /etc/ldap/server.key 212s + chgrp openldap /etc/ldap/server.key 212s + [ ! -f /etc/ldap/server.pem ] 212s + [ ! -f /etc/ldap/server.key ] 212s + enable_ldap_ssl 212s + cat 212s + cat 212s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 212s + populate_ldap_rfc2307 212s + cat 212s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 212s + create_realm EXAMPLE.COM ldap.example.com 212s + local realm_name=EXAMPLE.COM 212s + local kerberos_server=ldap.example.com 212s + rm -rf /var/lib/krb5kdc/* 212s + rm -rf /etc/krb5kdc/kdc.conf 212s + rm -f /etc/krb5.keytab 212s + cat 212s + cat 212s + echo # */admin * 212s + kdb5_util create -s -P secretpassword 212s + systemctl restart krb5-kdc.service krb5-admin-server.service 212s + create_krb_principal testuser1 testuser1kerberos 212s + local principal=testuser1 212s + local password=testuser1kerberos 212s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 212s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 212s Authenticating as principal root/admin@EXAMPLE.COM with password. 212s Principal "testuser1@EXAMPLE.COM" created. 212s + configure_sssd_ldap_rfc2307_krb5_auth 212s + cat 212s + chmod 0600 /etc/sssd/sssd.conf 212s + systemctl restart sssd 212s Assert local user databases do not have our LDAP test data 212s + enable_pam_mkhomedir 212s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 212s + run_common_tests 212s + echo Assert local user databases do not have our LDAP test data 212s + check_local_user testuser1 212s + local local_user=testuser1 212s + grep -q ^testuser1 /etc/passwd 212s + check_local_group testuser1 212s + local local_group=testuser1 212s + grep -q ^testuser1 /etc/group 212s + check_local_group ldapusers 212s + local local_group=ldapusers 212s + grep -q ^ldapusers /etc/group 212s + echo The LDAP user is known to the system via getent 212s + check_getent_user testuser1 212s + local getent_user=testuser1 212s + local output 212s + getent passwd testuser1 212s The LDAP user is known to the system via getent 212s The LDAP user's private group is known to the system via getent 212s The LDAP group ldapusers is known to the system via getent 212s The id(1) command can resolve the group membership of the LDAP user 212s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 212s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 212s + echo The LDAP user's private group is known to the system via getent 212s + check_getent_group testuser1 212s + local getent_group=testuser1 212s + local output 212s + getent group testuser1 212s + output=testuser1:*:10001:testuser1 212s + [ -z testuser1:*:10001:testuser1 ] 212s + echo The LDAP group ldapusers is known to the system via getent 212s + check_getent_group ldapusers 212s + local getent_group=ldapusers 212s + local output 212s + getent group ldapusers 212s + output=ldapusers:*:10100:testuser1 212s + [ -z ldapusers:*:10100:testuser1 ] 212s + echo The id(1) command can resolve the group membership of the LDAP user 212s + id -Gn testuser1 212s The Kerberos principal can login on a terminal 212s + output=testuser1 ldapusers 212s + [ testuser1 ldapusers != testuser1 ldapusers ] 212s + echo The Kerberos principal can login on a terminal 212s + kdestroy 212s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 212s spawn login 212s ldap.example.com login: testuser1 212s Password: 212s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.11.0-8-generic ppc64le) 212s 212s * Documentation: https://help.ubuntu.com 212s * Management: https://landscape.canonical.com 212s * Support: https://ubuntu.com/pro 212s 212s 212s The programs included with the Ubuntu system are free software; 212s the exact distribution terms for each program are described in the 212s individual files in /usr/share/doc/*/copyright. 212s 212s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 212s applicable law. 212s 212s [?2004htestuser1@ldap:~$ id -un 212s [?2004l testuser1 212s [?2004htestuser1@ldap:~$ klist 212s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_4vLdPF 212s Default principal: testuser1@EXAMPLE.COM 212s 212s Valid starting Expires Service principal 212s autopkgtest [09:56:40]: test ldap-user-group-krb5-auth: -----------------------] 213s ldap-user-group-krb5-auth PASS 213s autopkgtest [09:56:41]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 213s autopkgtest [09:56:41]: test sssd-softhism2-certificates-tests.sh: preparing testbed 281s autopkgtest [09:57:49]: testbed dpkg architecture: ppc64el 281s autopkgtest [09:57:49]: testbed apt version: 2.9.18 282s autopkgtest [09:57:50]: @@@@@@@@@@@@@@@@@@@@ test bed setup 282s autopkgtest [09:57:50]: testbed release detected to be: plucky 283s autopkgtest [09:57:51]: updating testbed package index (apt update) 283s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 283s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 283s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 283s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 284s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 284s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [886 kB] 284s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [16.0 kB] 284s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [171 kB] 284s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el Packages [295 kB] 284s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted ppc64el Packages [756 B] 284s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe ppc64el Packages [1034 kB] 285s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse ppc64el Packages [17.1 kB] 285s Fetched 2503 kB in 2s (1425 kB/s) 286s Reading package lists... 286s Reading package lists... 286s Building dependency tree... 286s Reading state information... 287s Calculating upgrade... 287s The following packages will be upgraded: 287s libgudev-1.0-0 usb.ids 287s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 287s Need to get 239 kB of archives. 287s After this operation, 1024 B of additional disk space will be used. 287s Get:1 http://ftpmaster.internal/ubuntu plucky/main ppc64el usb.ids all 2025.01.14-1 [223 kB] 287s Get:2 http://ftpmaster.internal/ubuntu plucky/main ppc64el libgudev-1.0-0 ppc64el 1:238-6 [15.7 kB] 288s Fetched 239 kB in 0s (507 kB/s) 288s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74045 files and directories currently installed.) 288s Preparing to unpack .../usb.ids_2025.01.14-1_all.deb ... 288s Unpacking usb.ids (2025.01.14-1) over (2024.12.04-1) ... 288s Preparing to unpack .../libgudev-1.0-0_1%3a238-6_ppc64el.deb ... 288s Unpacking libgudev-1.0-0:ppc64el (1:238-6) over (1:238-5ubuntu1) ... 288s Setting up usb.ids (2025.01.14-1) ... 288s Setting up libgudev-1.0-0:ppc64el (1:238-6) ... 288s Processing triggers for libc-bin (2.40-4ubuntu1) ... 288s Reading package lists... 288s Building dependency tree... 288s Reading state information... 288s 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. 288s autopkgtest [09:57:56]: upgrading testbed (apt dist-upgrade and autopurge) 289s Reading package lists... 289s Building dependency tree... 289s Reading state information... 289s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 289s Starting 2 pkgProblemResolver with broken count: 0 289s Done 289s Entering ResolveByKeep 289s 290s The following packages will be upgraded: 290s krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 290s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 290s Need to get 781 kB of archives. 290s After this operation, 8192 B of additional disk space will be used. 290s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el krb5-locales all 1.21.3-4 [14.5 kB] 290s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libgssapi-krb5-2 ppc64el 1.21.3-4 [186 kB] 290s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libkrb5-3 ppc64el 1.21.3-4 [435 kB] 290s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libkrb5support0 ppc64el 1.21.3-4 [38.9 kB] 290s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main ppc64el libk5crypto3 ppc64el 1.21.3-4 [107 kB] 291s Fetched 781 kB in 1s (1049 kB/s) 291s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74045 files and directories currently installed.) 291s Preparing to unpack .../krb5-locales_1.21.3-4_all.deb ... 291s Unpacking krb5-locales (1.21.3-4) over (1.21.3-3) ... 291s Preparing to unpack .../libgssapi-krb5-2_1.21.3-4_ppc64el.deb ... 291s Unpacking libgssapi-krb5-2:ppc64el (1.21.3-4) over (1.21.3-3) ... 291s Preparing to unpack .../libkrb5-3_1.21.3-4_ppc64el.deb ... 291s Unpacking libkrb5-3:ppc64el (1.21.3-4) over (1.21.3-3) ... 291s Preparing to unpack .../libkrb5support0_1.21.3-4_ppc64el.deb ... 291s Unpacking libkrb5support0:ppc64el (1.21.3-4) over (1.21.3-3) ... 291s Preparing to unpack .../libk5crypto3_1.21.3-4_ppc64el.deb ... 291s Unpacking libk5crypto3:ppc64el (1.21.3-4) over (1.21.3-3) ... 291s Setting up krb5-locales (1.21.3-4) ... 291s Setting up libkrb5support0:ppc64el (1.21.3-4) ... 291s Setting up libk5crypto3:ppc64el (1.21.3-4) ... 291s Setting up libkrb5-3:ppc64el (1.21.3-4) ... 291s Setting up libgssapi-krb5-2:ppc64el (1.21.3-4) ... 291s Processing triggers for libc-bin (2.40-4ubuntu1) ... 291s Reading package lists... 291s Building dependency tree... 291s Reading state information... 291s Starting pkgProblemResolver with broken count: 0 291s Starting 2 pkgProblemResolver with broken count: 0 291s Done 292s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 295s Reading package lists... 295s Building dependency tree... 295s Reading state information... 295s Starting pkgProblemResolver with broken count: 0 295s Starting 2 pkgProblemResolver with broken count: 0 295s Done 295s The following NEW packages will be installed: 295s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 295s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 295s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 295s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 295s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 295s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 295s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 295s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 295s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 295s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 295s Need to get 11.6 MB of archives. 295s After this operation, 57.8 MB of additional disk space will be used. 295s Get:1 http://ftpmaster.internal/ubuntu plucky/main ppc64el libevent-2.1-7t64 ppc64el 2.1.12-stable-10 [172 kB] 296s Get:2 http://ftpmaster.internal/ubuntu plucky/main ppc64el libunbound8 ppc64el 1.20.0-1ubuntu2.1 [546 kB] 296s Get:3 http://ftpmaster.internal/ubuntu plucky/main ppc64el libgnutls-dane0t64 ppc64el 3.8.8-2ubuntu1 [25.1 kB] 296s Get:4 http://ftpmaster.internal/ubuntu plucky/universe ppc64el gnutls-bin ppc64el 3.8.8-2ubuntu1 [296 kB] 296s Get:5 http://ftpmaster.internal/ubuntu plucky/main ppc64el libavahi-common-data ppc64el 0.8-14ubuntu1 [30.5 kB] 296s Get:6 http://ftpmaster.internal/ubuntu plucky/main ppc64el libavahi-common3 ppc64el 0.8-14ubuntu1 [26.0 kB] 296s Get:7 http://ftpmaster.internal/ubuntu plucky/main ppc64el libavahi-client3 ppc64el 0.8-14ubuntu1 [31.0 kB] 296s Get:8 http://ftpmaster.internal/ubuntu plucky/main ppc64el libbasicobjects0t64 ppc64el 0.6.2-3 [6070 B] 296s Get:9 http://ftpmaster.internal/ubuntu plucky/main ppc64el libcares2 ppc64el 1.34.4-2.1 [126 kB] 296s Get:10 http://ftpmaster.internal/ubuntu plucky/main ppc64el libcollection4t64 ppc64el 0.6.2-3 [35.1 kB] 296s Get:11 http://ftpmaster.internal/ubuntu plucky/main ppc64el libcrack2 ppc64el 2.9.6-5.2 [31.2 kB] 296s Get:12 http://ftpmaster.internal/ubuntu plucky/main ppc64el libdhash1t64 ppc64el 0.6.2-3 [10.1 kB] 296s Get:13 http://ftpmaster.internal/ubuntu plucky/main ppc64el libpath-utils1t64 ppc64el 0.6.2-3 [10.5 kB] 296s Get:14 http://ftpmaster.internal/ubuntu plucky/main ppc64el libref-array1t64 ppc64el 0.6.2-3 [8006 B] 296s Get:15 http://ftpmaster.internal/ubuntu plucky/main ppc64el libini-config5t64 ppc64el 0.6.2-3 [54.8 kB] 296s Get:16 http://ftpmaster.internal/ubuntu plucky/main ppc64el libipa-hbac0t64 ppc64el 2.9.5-3ubuntu2 [18.4 kB] 296s Get:17 http://ftpmaster.internal/ubuntu plucky/main ppc64el libtalloc2 ppc64el 2.4.2-1build2 [36.7 kB] 296s Get:18 http://ftpmaster.internal/ubuntu plucky/main ppc64el libtdb1 ppc64el 1.4.12-1 [63.0 kB] 296s Get:19 http://ftpmaster.internal/ubuntu plucky/main ppc64el libtevent0t64 ppc64el 0.16.1-3 [50.4 kB] 296s Get:20 http://ftpmaster.internal/ubuntu plucky/main ppc64el libldb2 ppc64el 2:2.9.1+samba4.20.4+dfsg-1ubuntu3 [223 kB] 296s Get:21 http://ftpmaster.internal/ubuntu plucky/main ppc64el libnfsidmap1 ppc64el 1:2.6.4-4ubuntu1 [54.3 kB] 296s Get:22 http://ftpmaster.internal/ubuntu plucky/main ppc64el libpwquality-common all 1.4.5-3build1 [7748 B] 296s Get:23 http://ftpmaster.internal/ubuntu plucky/main ppc64el libpwquality1 ppc64el 1.4.5-3build1 [17.0 kB] 296s Get:24 http://ftpmaster.internal/ubuntu plucky/main ppc64el libpam-pwquality ppc64el 1.4.5-3build1 [12.5 kB] 296s Get:25 http://ftpmaster.internal/ubuntu plucky/main ppc64el libwbclient0 ppc64el 2:4.20.4+dfsg-1ubuntu3 [81.5 kB] 296s Get:26 http://ftpmaster.internal/ubuntu plucky/main ppc64el samba-libs ppc64el 2:4.20.4+dfsg-1ubuntu3 [6867 kB] 298s Get:27 http://ftpmaster.internal/ubuntu plucky/main ppc64el libsmbclient0 ppc64el 2:4.20.4+dfsg-1ubuntu3 [70.7 kB] 298s Get:28 http://ftpmaster.internal/ubuntu plucky/main ppc64el libnss-sss ppc64el 2.9.5-3ubuntu2 [37.0 kB] 298s Get:29 http://ftpmaster.internal/ubuntu plucky/main ppc64el libpam-sss ppc64el 2.9.5-3ubuntu2 [57.0 kB] 298s Get:30 http://ftpmaster.internal/ubuntu plucky/universe ppc64el softhsm2-common ppc64el 2.6.1-2.2ubuntu3 [6198 B] 298s Get:31 http://ftpmaster.internal/ubuntu plucky/universe ppc64el libsofthsm2 ppc64el 2.6.1-2.2ubuntu3 [296 kB] 298s Get:32 http://ftpmaster.internal/ubuntu plucky/main ppc64el libsss-certmap0 ppc64el 2.9.5-3ubuntu2 [54.2 kB] 298s Get:33 http://ftpmaster.internal/ubuntu plucky/main ppc64el libsss-idmap0 ppc64el 2.9.5-3ubuntu2 [25.2 kB] 298s Get:34 http://ftpmaster.internal/ubuntu plucky/main ppc64el libsss-nss-idmap0 ppc64el 2.9.5-3ubuntu2 [38.0 kB] 298s Get:35 http://ftpmaster.internal/ubuntu plucky/main ppc64el python3-sss ppc64el 2.9.5-3ubuntu2 [48.8 kB] 298s Get:36 http://ftpmaster.internal/ubuntu plucky/universe ppc64el softhsm2 ppc64el 2.6.1-2.2ubuntu3 [200 kB] 298s Get:37 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-common ppc64el 2.9.5-3ubuntu2 [1276 kB] 298s Get:38 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-ad-common ppc64el 2.9.5-3ubuntu2 [87.6 kB] 298s Get:39 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-krb5-common ppc64el 2.9.5-3ubuntu2 [103 kB] 298s Get:40 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-ad ppc64el 2.9.5-3ubuntu2 [148 kB] 298s Get:41 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-ipa ppc64el 2.9.5-3ubuntu2 [238 kB] 298s Get:42 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-krb5 ppc64el 2.9.5-3ubuntu2 [14.5 kB] 298s Get:43 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-ldap ppc64el 2.9.5-3ubuntu2 [31.7 kB] 298s Get:44 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd-proxy ppc64el 2.9.5-3ubuntu2 [47.9 kB] 298s Get:45 http://ftpmaster.internal/ubuntu plucky/main ppc64el sssd ppc64el 2.9.5-3ubuntu2 [4122 B] 299s Fetched 11.6 MB in 3s (3866 kB/s) 299s Selecting previously unselected package libevent-2.1-7t64:ppc64el. 299s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74045 files and directories currently installed.) 299s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10_ppc64el.deb ... 299s Unpacking libevent-2.1-7t64:ppc64el (2.1.12-stable-10) ... 299s Selecting previously unselected package libunbound8:ppc64el. 299s Preparing to unpack .../01-libunbound8_1.20.0-1ubuntu2.1_ppc64el.deb ... 299s Unpacking libunbound8:ppc64el (1.20.0-1ubuntu2.1) ... 299s Selecting previously unselected package libgnutls-dane0t64:ppc64el. 299s Preparing to unpack .../02-libgnutls-dane0t64_3.8.8-2ubuntu1_ppc64el.deb ... 299s Unpacking libgnutls-dane0t64:ppc64el (3.8.8-2ubuntu1) ... 299s Selecting previously unselected package gnutls-bin. 299s Preparing to unpack .../03-gnutls-bin_3.8.8-2ubuntu1_ppc64el.deb ... 299s Unpacking gnutls-bin (3.8.8-2ubuntu1) ... 299s Selecting previously unselected package libavahi-common-data:ppc64el. 299s Preparing to unpack .../04-libavahi-common-data_0.8-14ubuntu1_ppc64el.deb ... 299s Unpacking libavahi-common-data:ppc64el (0.8-14ubuntu1) ... 299s Selecting previously unselected package libavahi-common3:ppc64el. 299s Preparing to unpack .../05-libavahi-common3_0.8-14ubuntu1_ppc64el.deb ... 299s Unpacking libavahi-common3:ppc64el (0.8-14ubuntu1) ... 299s Selecting previously unselected package libavahi-client3:ppc64el. 299s Preparing to unpack .../06-libavahi-client3_0.8-14ubuntu1_ppc64el.deb ... 299s Unpacking libavahi-client3:ppc64el (0.8-14ubuntu1) ... 299s Selecting previously unselected package libbasicobjects0t64:ppc64el. 299s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-3_ppc64el.deb ... 299s Unpacking libbasicobjects0t64:ppc64el (0.6.2-3) ... 299s Selecting previously unselected package libcares2:ppc64el. 299s Preparing to unpack .../08-libcares2_1.34.4-2.1_ppc64el.deb ... 299s Unpacking libcares2:ppc64el (1.34.4-2.1) ... 299s Selecting previously unselected package libcollection4t64:ppc64el. 299s Preparing to unpack .../09-libcollection4t64_0.6.2-3_ppc64el.deb ... 299s Unpacking libcollection4t64:ppc64el (0.6.2-3) ... 299s Selecting previously unselected package libcrack2:ppc64el. 299s Preparing to unpack .../10-libcrack2_2.9.6-5.2_ppc64el.deb ... 299s Unpacking libcrack2:ppc64el (2.9.6-5.2) ... 299s Selecting previously unselected package libdhash1t64:ppc64el. 299s Preparing to unpack .../11-libdhash1t64_0.6.2-3_ppc64el.deb ... 299s Unpacking libdhash1t64:ppc64el (0.6.2-3) ... 299s Selecting previously unselected package libpath-utils1t64:ppc64el. 299s Preparing to unpack .../12-libpath-utils1t64_0.6.2-3_ppc64el.deb ... 299s Unpacking libpath-utils1t64:ppc64el (0.6.2-3) ... 299s Selecting previously unselected package libref-array1t64:ppc64el. 299s Preparing to unpack .../13-libref-array1t64_0.6.2-3_ppc64el.deb ... 299s Unpacking libref-array1t64:ppc64el (0.6.2-3) ... 299s Selecting previously unselected package libini-config5t64:ppc64el. 299s Preparing to unpack .../14-libini-config5t64_0.6.2-3_ppc64el.deb ... 299s Unpacking libini-config5t64:ppc64el (0.6.2-3) ... 299s Selecting previously unselected package libipa-hbac0t64. 299s Preparing to unpack .../15-libipa-hbac0t64_2.9.5-3ubuntu2_ppc64el.deb ... 299s Unpacking libipa-hbac0t64 (2.9.5-3ubuntu2) ... 299s Selecting previously unselected package libtalloc2:ppc64el. 299s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_ppc64el.deb ... 299s Unpacking libtalloc2:ppc64el (2.4.2-1build2) ... 299s Selecting previously unselected package libtdb1:ppc64el. 299s Preparing to unpack .../17-libtdb1_1.4.12-1_ppc64el.deb ... 299s Unpacking libtdb1:ppc64el (1.4.12-1) ... 299s Selecting previously unselected package libtevent0t64:ppc64el. 299s Preparing to unpack .../18-libtevent0t64_0.16.1-3_ppc64el.deb ... 299s Unpacking libtevent0t64:ppc64el (0.16.1-3) ... 299s Selecting previously unselected package libldb2:ppc64el. 299s Preparing to unpack .../19-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu3_ppc64el.deb ... 299s Unpacking libldb2:ppc64el (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 299s Selecting previously unselected package libnfsidmap1:ppc64el. 299s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-4ubuntu1_ppc64el.deb ... 299s Unpacking libnfsidmap1:ppc64el (1:2.6.4-4ubuntu1) ... 299s Selecting previously unselected package libpwquality-common. 299s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 299s Unpacking libpwquality-common (1.4.5-3build1) ... 299s Selecting previously unselected package libpwquality1:ppc64el. 299s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_ppc64el.deb ... 299s Unpacking libpwquality1:ppc64el (1.4.5-3build1) ... 299s Selecting previously unselected package libpam-pwquality:ppc64el. 299s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_ppc64el.deb ... 299s Unpacking libpam-pwquality:ppc64el (1.4.5-3build1) ... 299s Selecting previously unselected package libwbclient0:ppc64el. 299s Preparing to unpack .../24-libwbclient0_2%3a4.20.4+dfsg-1ubuntu3_ppc64el.deb ... 299s Unpacking libwbclient0:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 299s Selecting previously unselected package samba-libs:ppc64el. 299s Preparing to unpack .../25-samba-libs_2%3a4.20.4+dfsg-1ubuntu3_ppc64el.deb ... 299s Unpacking samba-libs:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 299s Selecting previously unselected package libsmbclient0:ppc64el. 299s Preparing to unpack .../26-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu3_ppc64el.deb ... 299s Unpacking libsmbclient0:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 299s Selecting previously unselected package libnss-sss:ppc64el. 299s Preparing to unpack .../27-libnss-sss_2.9.5-3ubuntu2_ppc64el.deb ... 299s Unpacking libnss-sss:ppc64el (2.9.5-3ubuntu2) ... 299s Selecting previously unselected package libpam-sss:ppc64el. 299s Preparing to unpack .../28-libpam-sss_2.9.5-3ubuntu2_ppc64el.deb ... 299s Unpacking libpam-sss:ppc64el (2.9.5-3ubuntu2) ... 299s Selecting previously unselected package softhsm2-common. 299s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_ppc64el.deb ... 299s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 299s Selecting previously unselected package libsofthsm2. 299s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_ppc64el.deb ... 299s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 299s Selecting previously unselected package libsss-certmap0. 299s Preparing to unpack .../31-libsss-certmap0_2.9.5-3ubuntu2_ppc64el.deb ... 299s Unpacking libsss-certmap0 (2.9.5-3ubuntu2) ... 299s Selecting previously unselected package libsss-idmap0. 299s Preparing to unpack .../32-libsss-idmap0_2.9.5-3ubuntu2_ppc64el.deb ... 299s Unpacking libsss-idmap0 (2.9.5-3ubuntu2) ... 299s Selecting previously unselected package libsss-nss-idmap0. 299s Preparing to unpack .../33-libsss-nss-idmap0_2.9.5-3ubuntu2_ppc64el.deb ... 299s Unpacking libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 299s Selecting previously unselected package python3-sss. 299s Preparing to unpack .../34-python3-sss_2.9.5-3ubuntu2_ppc64el.deb ... 299s Unpacking python3-sss (2.9.5-3ubuntu2) ... 299s Selecting previously unselected package softhsm2. 299s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_ppc64el.deb ... 299s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 299s Selecting previously unselected package sssd-common. 299s Preparing to unpack .../36-sssd-common_2.9.5-3ubuntu2_ppc64el.deb ... 299s Unpacking sssd-common (2.9.5-3ubuntu2) ... 299s Selecting previously unselected package sssd-ad-common. 300s Preparing to unpack .../37-sssd-ad-common_2.9.5-3ubuntu2_ppc64el.deb ... 300s Unpacking sssd-ad-common (2.9.5-3ubuntu2) ... 300s Selecting previously unselected package sssd-krb5-common. 300s Preparing to unpack .../38-sssd-krb5-common_2.9.5-3ubuntu2_ppc64el.deb ... 300s Unpacking sssd-krb5-common (2.9.5-3ubuntu2) ... 300s Selecting previously unselected package sssd-ad. 300s Preparing to unpack .../39-sssd-ad_2.9.5-3ubuntu2_ppc64el.deb ... 300s Unpacking sssd-ad (2.9.5-3ubuntu2) ... 300s Selecting previously unselected package sssd-ipa. 300s Preparing to unpack .../40-sssd-ipa_2.9.5-3ubuntu2_ppc64el.deb ... 300s Unpacking sssd-ipa (2.9.5-3ubuntu2) ... 300s Selecting previously unselected package sssd-krb5. 300s Preparing to unpack .../41-sssd-krb5_2.9.5-3ubuntu2_ppc64el.deb ... 300s Unpacking sssd-krb5 (2.9.5-3ubuntu2) ... 300s Selecting previously unselected package sssd-ldap. 300s Preparing to unpack .../42-sssd-ldap_2.9.5-3ubuntu2_ppc64el.deb ... 300s Unpacking sssd-ldap (2.9.5-3ubuntu2) ... 300s Selecting previously unselected package sssd-proxy. 300s Preparing to unpack .../43-sssd-proxy_2.9.5-3ubuntu2_ppc64el.deb ... 300s Unpacking sssd-proxy (2.9.5-3ubuntu2) ... 300s Selecting previously unselected package sssd. 300s Preparing to unpack .../44-sssd_2.9.5-3ubuntu2_ppc64el.deb ... 300s Unpacking sssd (2.9.5-3ubuntu2) ... 300s Setting up libpwquality-common (1.4.5-3build1) ... 300s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 300s Creating config file /etc/softhsm/softhsm2.conf with new version 300s Setting up libnfsidmap1:ppc64el (1:2.6.4-4ubuntu1) ... 300s Setting up libsss-idmap0 (2.9.5-3ubuntu2) ... 300s Setting up libbasicobjects0t64:ppc64el (0.6.2-3) ... 300s Setting up libipa-hbac0t64 (2.9.5-3ubuntu2) ... 300s Setting up libref-array1t64:ppc64el (0.6.2-3) ... 300s Setting up libtdb1:ppc64el (1.4.12-1) ... 300s Setting up libcollection4t64:ppc64el (0.6.2-3) ... 300s Setting up libevent-2.1-7t64:ppc64el (2.1.12-stable-10) ... 300s Setting up libwbclient0:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 300s Setting up libtalloc2:ppc64el (2.4.2-1build2) ... 300s Setting up libpath-utils1t64:ppc64el (0.6.2-3) ... 300s Setting up libunbound8:ppc64el (1.20.0-1ubuntu2.1) ... 300s Setting up libgnutls-dane0t64:ppc64el (3.8.8-2ubuntu1) ... 300s Setting up libavahi-common-data:ppc64el (0.8-14ubuntu1) ... 300s Setting up libcares2:ppc64el (1.34.4-2.1) ... 300s Setting up libdhash1t64:ppc64el (0.6.2-3) ... 300s Setting up libcrack2:ppc64el (2.9.6-5.2) ... 300s Setting up libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 300s Setting up libini-config5t64:ppc64el (0.6.2-3) ... 300s Setting up libtevent0t64:ppc64el (0.16.1-3) ... 300s Setting up libnss-sss:ppc64el (2.9.5-3ubuntu2) ... 300s Setting up gnutls-bin (3.8.8-2ubuntu1) ... 300s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 300s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 300s Setting up libavahi-common3:ppc64el (0.8-14ubuntu1) ... 300s Setting up libsss-certmap0 (2.9.5-3ubuntu2) ... 300s Setting up libpwquality1:ppc64el (1.4.5-3build1) ... 300s Setting up libldb2:ppc64el (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 300s Setting up libavahi-client3:ppc64el (0.8-14ubuntu1) ... 300s Setting up libpam-pwquality:ppc64el (1.4.5-3build1) ... 300s Setting up samba-libs:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 300s Setting up python3-sss (2.9.5-3ubuntu2) ... 300s Setting up libsmbclient0:ppc64el (2:4.20.4+dfsg-1ubuntu3) ... 300s Setting up libpam-sss:ppc64el (2.9.5-3ubuntu2) ... 300s Setting up sssd-common (2.9.5-3ubuntu2) ... 300s Creating SSSD system user & group... 301s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 301s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 301s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 301s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 301s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 301s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 302s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 302s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 302s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 302s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 303s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 303s sssd-autofs.service is a disabled or a static unit, not starting it. 303s sssd-nss.service is a disabled or a static unit, not starting it. 303s sssd-pam.service is a disabled or a static unit, not starting it. 303s sssd-ssh.service is a disabled or a static unit, not starting it. 303s sssd-sudo.service is a disabled or a static unit, not starting it. 303s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 303s Setting up sssd-proxy (2.9.5-3ubuntu2) ... 303s Setting up sssd-ad-common (2.9.5-3ubuntu2) ... 303s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 304s sssd-pac.service is a disabled or a static unit, not starting it. 304s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 304s Setting up sssd-krb5-common (2.9.5-3ubuntu2) ... 304s Setting up sssd-krb5 (2.9.5-3ubuntu2) ... 304s Setting up sssd-ldap (2.9.5-3ubuntu2) ... 304s Setting up sssd-ad (2.9.5-3ubuntu2) ... 304s Setting up sssd-ipa (2.9.5-3ubuntu2) ... 304s Setting up sssd (2.9.5-3ubuntu2) ... 304s Processing triggers for man-db (2.13.0-1) ... 305s Processing triggers for libc-bin (2.40-4ubuntu1) ... 322s autopkgtest [09:58:30]: test sssd-softhism2-certificates-tests.sh: [----------------------- 322s + '[' -z ubuntu ']' 322s + required_tools=(p11tool openssl softhsm2-util) 322s + for cmd in "${required_tools[@]}" 322s + command -v p11tool 322s + for cmd in "${required_tools[@]}" 322s + command -v openssl 322s + for cmd in "${required_tools[@]}" 322s + command -v softhsm2-util 322s + PIN=053350 322s +++ find /usr/lib/softhsm/libsofthsm2.so 322s +++ head -n 1 322s ++ realpath /usr/lib/softhsm/libsofthsm2.so 322s + SOFTHSM2_MODULE=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 322s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 322s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 322s + '[' '!' -v NO_SSSD_TESTS ']' 322s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 322s + ca_db_arg=ca_db 322s ++ /usr/libexec/sssd/p11_child --help 322s + p11_child_help='Usage: p11_child [OPTION...] 322s -d, --debug-level=INT Debug level 322s --debug-timestamps=INT Add debug timestamps 322s --debug-microseconds=INT Show timestamps with microseconds 322s --dumpable=INT Allow core dumps 322s --debug-fd=INT An open file descriptor for the debug 322s logs 322s --logger=stderr|files|journald Set logger 322s --auth Run in auth mode 322s --pre Run in pre-auth mode 322s --wait_for_card Wait until card is available 322s --verification Run in verification mode 322s --pin Expect PIN on stdin 322s --keypad Expect PIN on keypad 322s --verify=STRING Tune validation 322s --ca_db=STRING CA DB to use 322s --module_name=STRING Module name for authentication 322s --token_name=STRING Token name for authentication 322s --key_id=STRING Key ID for authentication 322s --label=STRING Label for authentication 322s --certificate=STRING certificate to verify, base64 encoded 322s --uri=STRING PKCS#11 URI to restrict selection 322s --chain-id=LONG Tevent chain ID used for logging 322s purposes 322s 322s Help options: 322s -?, --help Show this help message 322s --usage Display brief usage message' 322s + echo 'Usage: p11_child [OPTION...] 322s -d, --debug-level=INT Debug level 322s --debug-timestamps=INT Add debug timestamps 322s --debug-microseconds=INT Show timestamps with microseconds 322s --dumpable=INT Allow core dumps 322s --debug-fd=INT An open file descriptor for the debug 322s logs 322s --logger=stderr|files|journald Set logger 322s --auth Run in auth mode 322s --pre Run in pre-auth mode 322s --wait_for_card Wait until card is available 322s --verification Run in verification mode 322s --pin Expect PIN on stdin 322s --keypad Expect PIN on keypad 322s --verify=STRING Tune validation 322s --ca_db=STRING CA DB to use 322s --module_name=STRING Module name for authentication 322s --token_name=STRING Token name for authentication 322s --key_id=STRING Key ID for authentication 322s --label=STRING Label for authentication 322s --certificate=STRING certificate to verify, base64 encoded 322s --uri=STRING PKCS#11 URI to restrict selection 322s --chain-id=LONG Tevent chain ID used for logging 322s purposes 322s 322s Help options: 322s -?, --help Show this help message 322s --usage Display brief usage message' 322s + grep nssdb -qs 322s + echo 'Usage: p11_child [OPTION...] 322s -d, --debug-level=INT Debug level 322s --debug-timestamps=INT Add debug timestamps 322s --debug-microseconds=INT Show timestamps with microseconds 322s --dumpable=INT Allow core dumps 322s --debug-fd=INT An open file descriptor for the debug 322s logs 322s --logger=stderr|files|journald Set logger 322s --auth Run in auth mode 322s --pre Run in pre-auth mode 322s --wait_for_card Wait until card is available 322s --verification Run in verification mode 322s --pin Expect PIN on stdin 322s --keypad Expect PIN on keypad 322s --verify=STRING Tune validation 322s --ca_db=STRING CA DB to use 322s --module_name=STRING Module name for authentication 322s --token_name=STRING Token name for authentication 322s --key_id=STRING Key ID for authentication 322s --label=STRING Label for authentication 322s --certificate=STRING certificate to verify, base64 encoded 322s --uri=STRING PKCS#11 URI to restrict selection 322s --chain-id=LONG Tevent chain ID used for logging 322s purposes 322s 322s Help options: 322s -?, --help Show this help message 322s --usage Display brief usage message' 322s + grep -qs -- --ca_db 322s + '[' '!' -e /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so ']' 322s ++ mktemp -d -t sssd-softhsm2-XXXXXX 322s + tmpdir=/tmp/sssd-softhsm2-LfYLeN 322s + keys_size=1024 322s + [[ ! -v KEEP_TEMPORARY_FILES ]] 322s + trap 'rm -rf "$tmpdir"' EXIT 322s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 322s + echo -n 01 322s + touch /tmp/sssd-softhsm2-LfYLeN/index.txt 322s + mkdir -p /tmp/sssd-softhsm2-LfYLeN/new_certs 322s + cat 322s + root_ca_key_pass=pass:random-root-CA-password-26696 322s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-LfYLeN/test-root-CA-key.pem -passout pass:random-root-CA-password-26696 1024 322s + openssl req -passin pass:random-root-CA-password-26696 -batch -config /tmp/sssd-softhsm2-LfYLeN/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-LfYLeN/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 322s + openssl x509 -noout -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 322s + cat 322s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-3241 322s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-3241 1024 322s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-3241 -config /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.config -key /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-26696 -sha256 -out /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-certificate-request.pem 322s + openssl req -text -noout -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-certificate-request.pem 322s Certificate Request: 322s Data: 322s Version: 1 (0x0) 322s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 322s Subject Public Key Info: 322s Public Key Algorithm: rsaEncryption 322s Public-Key: (1024 bit) 322s Modulus: 322s 00:ba:d9:57:87:c0:07:f2:e0:85:9d:6a:3f:95:49: 322s 64:68:44:6f:60:b0:8a:4d:31:ea:67:60:3f:60:a8: 322s bc:3d:c8:41:6a:82:9f:97:88:c1:58:da:1a:f6:3d: 322s 91:13:06:6b:00:df:ef:9e:4e:61:04:b2:36:a0:dd: 322s 86:1f:0f:a9:b9:33:4e:f4:ea:dc:fa:03:14:3d:2c: 322s 6d:08:d2:2a:89:02:3f:70:09:0b:fe:ce:f4:2c:d5: 322s ba:64:79:dd:6e:e8:94:3a:ac:1d:f3:22:71:74:57: 322s d6:8b:da:8b:62:b0:ce:8b:58:fd:f6:bd:f2:fa:25: 322s 2f:a7:c8:87:e0:5c:b8:bf:df 322s Exponent: 65537 (0x10001) 322s Attributes: 322s (none) 322s Requested Extensions: 322s Signature Algorithm: sha256WithRSAEncryption 322s Signature Value: 322s 40:66:19:08:92:26:25:28:bd:a6:e2:2c:2b:d9:70:99:17:b5: 322s 28:ee:75:d8:ce:6c:fd:79:50:29:f6:35:34:28:cb:7e:b5:37: 322s f9:ae:a0:79:87:ba:13:43:85:0d:53:4a:b8:3c:93:72:a9:ca: 322s dd:e4:d4:83:ac:ec:1b:ff:25:a1:8b:8c:47:e7:c5:9e:08:65: 322s db:c6:1d:d7:9c:f4:43:4b:a8:96:e4:ca:b9:7f:1d:af:03:f4: 322s b3:ad:a8:17:28:da:79:87:29:ab:6d:dd:41:a6:56:81:c8:9d: 322s c4:03:97:4a:66:60:a8:b6:d1:b0:be:0b:1e:08:ad:dc:37:df: 322s 88:7c 322s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-LfYLeN/test-root-CA.config -passin pass:random-root-CA-password-26696 -keyfile /tmp/sssd-softhsm2-LfYLeN/test-root-CA-key.pem -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 322s Using configuration from /tmp/sssd-softhsm2-LfYLeN/test-root-CA.config 322s Check that the request matches the signature 322s Signature ok 322s Certificate Details: 322s Serial Number: 1 (0x1) 322s Validity 322s Not Before: Jan 17 09:58:30 2025 GMT 322s Not After : Jan 17 09:58:30 2026 GMT 322s Subject: 322s organizationName = Test Organization 322s organizationalUnitName = Test Organization Unit 322s commonName = Test Organization Intermediate CA 322s X509v3 extensions: 322s X509v3 Subject Key Identifier: 322s A0:21:0D:3B:15:80:87:12:61:12:DA:F8:6A:BE:73:CA:89:42:4B:EA 322s X509v3 Authority Key Identifier: 322s keyid:D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 322s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 322s serial:00 322s X509v3 Basic Constraints: 322s CA:TRUE 322s X509v3 Key Usage: critical 322s Digital Signature, Certificate Sign, CRL Sign 322s Certificate is to be certified until Jan 17 09:58:30 2026 GMT (365 days) 322s 322s Write out database with 1 new entries 322s Database updated 322s + openssl x509 -noout -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 322s /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem: OK 322s + cat 322s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-2046 322s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-2046 1024 322s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-2046 -config /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-3241 -sha256 -out /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-certificate-request.pem 322s + openssl req -text -noout -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-certificate-request.pem 322s Certificate Request: 322s Data: 322s Version: 1 (0x0) 322s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 322s Subject Public Key Info: 322s Public Key Algorithm: rsaEncryption 322s Public-Key: (1024 bit) 322s Modulus: 322s 00:cd:0e:b4:b8:88:e9:46:e4:6a:10:4b:d1:3c:fa: 322s 40:89:6c:02:64:58:cb:d0:a4:d0:a3:0d:ba:16:e2: 322s 64:33:67:3e:13:be:18:00:57:51:8b:1a:35:20:ee: 322s de:d4:d0:ed:6a:ca:cc:5c:60:88:a4:53:37:d2:23: 322s d9:61:8c:48:f3:67:ad:52:9a:41:7a:26:e7:55:a5: 322s 26:80:23:8c:ad:dd:b3:62:bf:8f:81:85:75:75:c8: 322s 90:5a:7e:35:c9:6e:5b:d4:d1:88:d7:c3:ac:62:62: 322s 6f:8d:b3:e0:79:a9:a5:a7:fa:34:9a:d4:c9:d9:8f: 322s 06:a7:c6:61:14:0d:a7:b7:cd 322s Exponent: 65537 (0x10001) 322s Attributes: 322s (none) 322s Requested Extensions: 322s Signature Algorithm: sha256WithRSAEncryption 322s Signature Value: 322s 7a:39:42:94:27:2e:91:ba:b7:06:3f:63:30:91:13:49:96:a3: 322s f9:da:61:85:c8:5e:d6:6e:a0:3d:26:dd:67:1a:95:1d:dd:83: 322s 15:e6:a4:84:dc:48:37:86:b2:a8:75:9c:72:ff:da:bc:5a:b2: 322s e4:0c:1e:b9:01:e4:58:2a:de:63:88:8e:bd:87:0e:b7:75:f8: 322s 97:9b:55:9d:9b:08:f1:25:8b:78:ac:99:6f:19:ef:e5:65:76: 322s 2a:2a:03:d6:31:a8:37:ea:28:61:15:9f:3c:5d:c2:f3:88:31: 322s 29:31:33:cc:fb:86:63:2e:ba:a0:c0:26:30:d3:49:e4:9a:d8: 322s 40:f6 322s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-3241 -keyfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 322s Using configuration from /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.config 322s Check that the request matches the signature 322s Signature ok 322s Certificate Details: 322s Serial Number: 2 (0x2) 322s Validity 322s Not Before: Jan 17 09:58:30 2025 GMT 322s Not After : Jan 17 09:58:30 2026 GMT 322s Subject: 322s organizationName = Test Organization 322s organizationalUnitName = Test Organization Unit 322s commonName = Test Organization Sub Intermediate CA 322s X509v3 extensions: 322s X509v3 Subject Key Identifier: 322s 4E:99:CD:FA:16:8C:35:F9:FB:30:C9:F4:39:3B:7C:F2:DC:B3:47:BD 322s X509v3 Authority Key Identifier: 322s keyid:A0:21:0D:3B:15:80:87:12:61:12:DA:F8:6A:BE:73:CA:89:42:4B:EA 322s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 322s serial:01 322s X509v3 Basic Constraints: 322s CA:TRUE 322s X509v3 Key Usage: critical 322s Digital Signature, Certificate Sign, CRL Sign 322s Certificate is to be certified until Jan 17 09:58:30 2026 GMT (365 days) 322s 322s Write out database with 1 new entries 322s Database updated 322s + openssl x509 -noout -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 322s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 322s /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem: OK 322s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 322s + local cmd=openssl 322s + shift 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 322s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 322s error 20 at 0 depth lookup: unable to get local issuer certificate 322s error /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem: verification failed 322s + cat 322s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-22355 322s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-22355 1024 322s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-22355 -key /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001-request.pem 322s + openssl req -text -noout -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001-request.pem 322s Certificate Request: 322s Data: 322s Version: 1 (0x0) 322s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 322s Subject Public Key Info: 322s Public Key Algorithm: rsaEncryption 322s Public-Key: (1024 bit) 322s Modulus: 322s 00:ae:f6:b3:6c:30:9a:38:8a:a0:7f:d9:f5:a8:d9: 322s 6b:49:3c:24:c3:31:65:6f:1b:d5:21:b5:94:ff:a2: 322s c2:8d:e2:6c:b5:78:79:f8:09:c7:6a:a8:6f:3e:e7: 322s 85:af:58:f0:81:5a:9c:1f:0b:10:58:ac:66:17:65: 322s 9a:29:51:6d:5b:ee:cb:3f:f8:08:67:75:e3:21:3e: 322s 6d:ad:4d:73:b3:6d:3c:7a:2d:0a:74:ff:83:78:c3: 322s c9:ff:3d:ef:da:6f:0d:0c:94:ee:39:78:0c:72:47: 322s de:28:3a:57:56:34:f4:67:3c:d4:9e:ff:d1:ec:ec: 322s 38:89:a2:21:7d:42:06:c5:91 322s Exponent: 65537 (0x10001) 322s Attributes: 322s Requested Extensions: 322s X509v3 Basic Constraints: 322s CA:FALSE 322s Netscape Cert Type: 322s SSL Client, S/MIME 322s Netscape Comment: 322s Test Organization Root CA trusted Certificate 322s X509v3 Subject Key Identifier: 322s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 322s X509v3 Key Usage: critical 322s Digital Signature, Non Repudiation, Key Encipherment 322s X509v3 Extended Key Usage: 322s TLS Web Client Authentication, E-mail Protection 322s X509v3 Subject Alternative Name: 322s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 322s Signature Algorithm: sha256WithRSAEncryption 322s Signature Value: 322s ae:7a:35:c6:50:74:c0:0c:b8:96:2f:2b:bb:21:ae:1b:7d:91: 322s d6:14:61:8f:e9:89:3c:0e:74:cd:4a:71:15:58:17:f8:87:20: 322s 61:b7:94:da:c6:00:41:39:05:ff:53:7e:1e:24:dc:0f:67:e8: 322s c4:f1:dc:b1:30:c9:39:08:fb:68:e4:0e:50:80:aa:52:08:aa: 322s 17:80:2a:65:fc:9e:d3:b2:6f:7f:ce:b7:b3:65:f7:aa:68:c0: 322s 46:25:cd:8a:46:47:46:0f:39:a0:aa:67:da:e6:9d:e2:71:62: 322s b3:6b:82:c1:68:50:19:6d:a5:ae:aa:83:03:8b:5c:44:18:57: 322s 6e:93 322s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-LfYLeN/test-root-CA.config -passin pass:random-root-CA-password-26696 -keyfile /tmp/sssd-softhsm2-LfYLeN/test-root-CA-key.pem -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 322s Using configuration from /tmp/sssd-softhsm2-LfYLeN/test-root-CA.config 322s Check that the request matches the signature 322s Signature ok 322s Certificate Details: 322s Serial Number: 3 (0x3) 322s Validity 322s Not Before: Jan 17 09:58:30 2025 GMT 322s Not After : Jan 17 09:58:30 2026 GMT 322s Subject: 322s organizationName = Test Organization 322s organizationalUnitName = Test Organization Unit 322s commonName = Test Organization Root Trusted Certificate 0001 322s X509v3 extensions: 322s X509v3 Authority Key Identifier: 322s D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 322s X509v3 Basic Constraints: 322s CA:FALSE 322s Netscape Cert Type: 322s SSL Client, S/MIME 322s Netscape Comment: 322s Test Organization Root CA trusted Certificate 322s X509v3 Subject Key Identifier: 322s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 322s X509v3 Key Usage: critical 322s Digital Signature, Non Repudiation, Key Encipherment 322s X509v3 Extended Key Usage: 322s TLS Web Client Authentication, E-mail Protection 322s X509v3 Subject Alternative Name: 322s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 322s Certificate is to be certified until Jan 17 09:58:30 2026 GMT (365 days) 322s 322s Write out database with 1 new entries 322s Database updated 322s + openssl x509 -noout -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 322s /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem: OK 322s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 322s + local cmd=openssl 322s + shift 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 322s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 322s error 20 at 0 depth lookup: unable to get local issuer certificate 322s error /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem: verification failed 322s + cat 322s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 322s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-20706 1024 322s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-20706 -key /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001-request.pem 322s + openssl req -text -noout -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001-request.pem 322s Certificate Request: 322s Data: 322s Version: 1 (0x0) 322s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 322s Subject Public Key Info: 322s Public Key Algorithm: rsaEncryption 322s Public-Key: (1024 bit) 322s Modulus: 322s 00:a0:39:2f:bd:3b:c7:e2:6d:f8:49:cd:9a:18:e2: 322s c3:4f:b6:0a:52:cd:03:f1:62:fe:0d:d0:92:19:3c: 322s 2e:8b:7b:76:47:df:61:2f:40:2f:36:e9:ba:3f:c4: 322s 30:b1:43:35:58:41:a3:5f:a0:d8:4a:83:da:b6:65: 322s d2:63:cd:3e:4f:77:30:b4:91:70:58:1f:65:7b:55: 322s 05:06:38:aa:9e:44:f7:8d:14:c5:a6:27:44:28:ad: 322s e2:ac:92:f6:19:49:8b:70:af:86:4c:86:e7:fa:87: 322s bd:4e:9d:ae:c6:51:6e:9d:cb:35:96:e9:a9:d4:78: 322s a5:c0:d4:29:0f:e0:10:e0:61 322s Exponent: 65537 (0x10001) 322s Attributes: 322s Requested Extensions: 322s X509v3 Basic Constraints: 322s CA:FALSE 322s Netscape Cert Type: 322s SSL Client, S/MIME 322s Netscape Comment: 322s Test Organization Intermediate CA trusted Certificate 322s X509v3 Subject Key Identifier: 322s 5E:BC:D9:60:AF:68:66:F4:38:D1:49:31:80:96:BA:D9:E4:34:C9:B7 322s X509v3 Key Usage: critical 322s Digital Signature, Non Repudiation, Key Encipherment 322s X509v3 Extended Key Usage: 322s TLS Web Client Authentication, E-mail Protection 322s X509v3 Subject Alternative Name: 322s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 322s Signature Algorithm: sha256WithRSAEncryption 322s Signature Value: 322s 95:25:da:79:9d:58:1e:0e:b4:c5:cf:3b:6b:63:5a:63:ea:9a: 322s 4b:e7:29:14:e7:db:58:4b:58:18:03:65:6e:21:7a:6c:6c:9e: 322s 58:ba:0b:b1:b7:7c:07:4f:ab:0a:58:0e:bd:3d:6e:12:0c:bd: 322s b8:f0:de:33:9c:21:45:7a:d8:2d:72:51:28:bf:1f:e9:d7:de: 322s b4:c1:2b:4f:82:41:9e:6b:ba:44:0b:7d:7f:88:14:c7:82:e7: 322s 5a:b5:17:64:75:e4:14:54:ee:c6:26:35:ae:72:7b:b9:57:0b: 322s 76:58:a5:75:45:f7:7b:c4:8d:ad:2f:ba:19:a8:ea:1e:ec:d3: 322s 2b:62 322s + openssl ca -passin pass:random-intermediate-CA-password-3241 -config /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 322s Using configuration from /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.config 322s Check that the request matches the signature 322s Signature ok 322s Certificate Details: 322s Serial Number: 4 (0x4) 322s Validity 322s Not Before: Jan 17 09:58:30 2025 GMT 322s Not After : Jan 17 09:58:30 2026 GMT 322s Subject: 322s organizationName = Test Organization 322s organizationalUnitName = Test Organization Unit 322s commonName = Test Organization Intermediate Trusted Certificate 0001 322s X509v3 extensions: 322s X509v3 Authority Key Identifier: 322s A0:21:0D:3B:15:80:87:12:61:12:DA:F8:6A:BE:73:CA:89:42:4B:EA 322s X509v3 Basic Constraints: 322s CA:FALSE 322s Netscape Cert Type: 322s SSL Client, S/MIME 322s Netscape Comment: 322s Test Organization Intermediate CA trusted Certificate 322s X509v3 Subject Key Identifier: 322s 5E:BC:D9:60:AF:68:66:F4:38:D1:49:31:80:96:BA:D9:E4:34:C9:B7 322s X509v3 Key Usage: critical 322s Digital Signature, Non Repudiation, Key Encipherment 322s X509v3 Extended Key Usage: 322s TLS Web Client Authentication, E-mail Protection 322s X509v3 Subject Alternative Name: 322s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 322s Certificate is to be certified until Jan 17 09:58:30 2026 GMT (365 days) 322s 322s Write out database with 1 new entries 322s Database updated 322s + openssl x509 -noout -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 322s This certificate should not be trusted fully 322s + echo 'This certificate should not be trusted fully' 322s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 322s + local cmd=openssl 322s + shift 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 322s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 322s error 2 at 1 depth lookup: unable to get issuer certificate 322s error /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 322s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 322s /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem: OK 322s + cat 322s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 322s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-10735 1024 322s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-10735 -key /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 322s + openssl req -text -noout -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 322s Certificate Request: 322s Data: 322s Version: 1 (0x0) 322s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 322s Subject Public Key Info: 322s Public Key Algorithm: rsaEncryption 322s Public-Key: (1024 bit) 322s Modulus: 322s 00:da:f9:79:28:38:e1:15:03:3f:76:86:84:fb:68: 322s 83:ec:c5:a0:a5:b3:f6:65:6b:bb:f2:e5:57:ed:23: 322s f8:01:c0:20:b9:29:56:0b:90:05:2b:60:03:61:72: 322s 91:20:68:c0:f3:bb:9f:6e:b9:79:63:52:81:72:35: 322s 46:29:a4:83:fa:01:ab:13:ff:14:d0:68:4d:e8:83: 322s e7:79:2f:04:a4:79:40:e3:43:05:b1:22:b4:dd:43: 322s 83:59:f5:e3:7d:84:5f:fc:7c:bc:93:74:47:14:ea: 322s d1:b8:71:9b:c0:c0:46:35:9c:8a:ff:4a:a6:85:91: 322s 9e:fe:9c:0a:1f:f0:2c:3b:3b 322s Exponent: 65537 (0x10001) 322s Attributes: 322s Requested Extensions: 322s X509v3 Basic Constraints: 322s CA:FALSE 322s Netscape Cert Type: 322s SSL Client, S/MIME 322s Netscape Comment: 322s Test Organization Sub Intermediate CA trusted Certificate 322s X509v3 Subject Key Identifier: 322s 54:44:0D:2E:B6:59:F1:37:D9:A0:EB:2F:B2:1A:E4:41:34:2E:49:6C 322s X509v3 Key Usage: critical 322s Digital Signature, Non Repudiation, Key Encipherment 322s X509v3 Extended Key Usage: 322s TLS Web Client Authentication, E-mail Protection 322s X509v3 Subject Alternative Name: 322s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 322s Signature Algorithm: sha256WithRSAEncryption 322s Signature Value: 322s bc:5e:da:05:9d:4a:ee:e3:43:1a:7d:a6:95:97:c8:04:4f:61: 322s b0:d4:3c:3b:60:ca:53:1e:90:34:4b:ce:bb:fb:6d:75:3f:33: 322s da:b1:3a:f2:25:66:97:29:24:c4:7c:ec:c4:ce:92:3c:0f:a4: 322s 91:a4:2b:21:5f:86:91:07:51:99:5a:15:73:28:f7:8c:ee:94: 322s 09:a0:30:54:d1:df:d2:28:1e:04:a6:ea:32:af:c0:94:b3:d1: 322s 16:77:c7:23:48:1a:9f:ab:5d:6c:c0:98:56:d5:11:a1:69:20: 322s b6:d3:82:85:f5:a9:96:b3:be:ff:73:cf:29:80:1b:11:f0:fa: 322s 6f:e9 322s + openssl ca -passin pass:random-sub-intermediate-CA-password-2046 -config /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 322s Using configuration from /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.config 322s Check that the request matches the signature 322s Signature ok 322s Certificate Details: 322s Serial Number: 5 (0x5) 322s Validity 322s Not Before: Jan 17 09:58:30 2025 GMT 322s Not After : Jan 17 09:58:30 2026 GMT 322s Subject: 322s organizationName = Test Organization 322s organizationalUnitName = Test Organization Unit 322s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 322s X509v3 extensions: 322s X509v3 Authority Key Identifier: 322s 4E:99:CD:FA:16:8C:35:F9:FB:30:C9:F4:39:3B:7C:F2:DC:B3:47:BD 322s X509v3 Basic Constraints: 322s CA:FALSE 322s Netscape Cert Type: 322s SSL Client, S/MIME 322s Netscape Comment: 322s Test Organization Sub Intermediate CA trusted Certificate 322s X509v3 Subject Key Identifier: 322s 54:44:0D:2E:B6:59:F1:37:D9:A0:EB:2F:B2:1A:E4:41:34:2E:49:6C 322s X509v3 Key Usage: critical 322s Digital Signature, Non Repudiation, Key Encipherment 322s X509v3 Extended Key Usage: 322s TLS Web Client Authentication, E-mail Protection 322s X509v3 Subject Alternative Name: 322s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 322s Certificate is to be certified until Jan 17 09:58:30 2026 GMT (365 days) 322s 322s Write out database with 1 new entries 322s Database updated 322s + openssl x509 -noout -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 322s This certificate should not be trusted fully 322s + echo 'This certificate should not be trusted fully' 322s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 322s + local cmd=openssl 322s + shift 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 322s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 322s error 2 at 1 depth lookup: unable to get issuer certificate 322s error /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 322s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 322s + local cmd=openssl 322s + shift 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 322s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 322s error 20 at 0 depth lookup: unable to get local issuer certificate 322s error /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 322s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 322s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 322s + local cmd=openssl 322s + shift 322s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 322s /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 322s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 322s error 20 at 0 depth lookup: unable to get local issuer certificate 322s error /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 322s + echo 'Building a the full-chain CA file...' 322s + cat /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 322s + cat /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 322s Building a the full-chain CA file... 322s + cat /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 322s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 322s + openssl pkcs7 -print_certs -noout 322s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 322s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 322s 322s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 322s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 322s 322s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 322s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 322s 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 322s /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem: OK 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 322s /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem: OK 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 322s /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem: OK 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-root-intermediate-chain-CA.pem 322s /tmp/sssd-softhsm2-LfYLeN/test-root-intermediate-chain-CA.pem: OK 322s + openssl verify -CAfile /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 322s /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 322s Certificates generation completed! 322s + echo 'Certificates generation completed!' 322s + [[ -v NO_SSSD_TESTS ]] 322s + invalid_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /dev/null 322s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /dev/null 322s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 322s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 322s + local key_ring=/dev/null 322s + local verify_option= 322s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 322s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 322s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 322s + local key_cn 322s + local key_name 322s + local tokens_dir 322s + local output_cert_file 322s + token_name= 322s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem .pem 322s + key_name=test-root-CA-trusted-certificate-0001 322s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 322s ++ sed -n 's/ *commonName *= //p' 322s + key_cn='Test Organization Root Trusted Certificate 0001' 322s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 322s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 322s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 322s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 322s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 322s + token_name='Test Organization Root Tr Token' 322s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 322s + local key_file 322s + local decrypted_key 322s + mkdir -p /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 322s + key_file=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001-key.pem 322s + decrypted_key=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001-key-decrypted.pem 322s + cat 322s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 322s Slot 0 has a free/uninitialized token. 322s The token has been initialized and is reassigned to slot 341994975 322s + softhsm2-util --show-slots 322s Available slots: 322s Slot 341994975 322s Slot info: 322s Description: SoftHSM slot ID 0x14626ddf 322s Manufacturer ID: SoftHSM project 322s Hardware version: 2.6 322s Firmware version: 2.6 322s Token present: yes 322s Token info: 322s Manufacturer ID: SoftHSM project 322s Model: SoftHSM v2 322s Hardware version: 2.6 322s Firmware version: 2.6 322s Serial number: 61bba4fa94626ddf 322s Initialized: yes 322s User PIN init.: yes 322s Label: Test Organization Root Tr Token 322s Slot 1 322s Slot info: 322s Description: SoftHSM slot ID 0x1 322s Manufacturer ID: SoftHSM project 322s Hardware version: 2.6 322s Firmware version: 2.6 322s Token present: yes 322s Token info: 322s Manufacturer ID: SoftHSM project 322s Model: SoftHSM v2 322s Hardware version: 2.6 322s Firmware version: 2.6 322s Serial number: 322s Initialized: no 322s User PIN init.: no 322s Label: 322s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 322s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-22355 -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001-key-decrypted.pem 322s writing RSA key 322s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 322s + rm /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001-key-decrypted.pem 322s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 323s Object 0: 323s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=61bba4fa94626ddf;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 323s Type: X.509 Certificate (RSA-1024) 323s Expires: Sat Jan 17 09:58:30 2026 323s Label: Test Organization Root Trusted Certificate 0001 323s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 323s 323s Test Organization Root Tr Token 323s + echo 'Test Organization Root Tr Token' 323s + '[' -n '' ']' 323s + local output_base_name=SSSD-child-9823 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-9823.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-9823.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 323s [p11_child[2748]] [main] (0x0400): p11_child started. 323s [p11_child[2748]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2748]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2748]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2748]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 323s [p11_child[2748]] [do_work] (0x0040): init_verification failed. 323s [p11_child[2748]] [main] (0x0020): p11_child failed (5) 323s + return 2 323s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /dev/null no_verification 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /dev/null no_verification 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_ring=/dev/null 323s + local verify_option=no_verification 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-root-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Root Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s Test Organization Root Tr Token 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 323s + token_name='Test Organization Root Tr Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 323s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 323s + echo 'Test Organization Root Tr Token' 323s + '[' -n no_verification ']' 323s + local verify_arg=--verify=no_verification 323s + local output_base_name=SSSD-child-26717 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 323s [p11_child[2754]] [main] (0x0400): p11_child started. 323s [p11_child[2754]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2754]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2754]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2754]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 323s [p11_child[2754]] [do_card] (0x4000): Module List: 323s [p11_child[2754]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2754]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2754]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2754]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2754]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2754]] [do_card] (0x4000): Login NOT required. 323s [p11_child[2754]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2754]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2754]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x14626ddf;slot-manufacturer=SoftHSM%20project;slot-id=341994975;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=61bba4fa94626ddf;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2754]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 3 (0x3) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:ae:f6:b3:6c:30:9a:38:8a:a0:7f:d9:f5:a8:d9: 323s 6b:49:3c:24:c3:31:65:6f:1b:d5:21:b5:94:ff:a2: 323s c2:8d:e2:6c:b5:78:79:f8:09:c7:6a:a8:6f:3e:e7: 323s 85:af:58:f0:81:5a:9c:1f:0b:10:58:ac:66:17:65: 323s 9a:29:51:6d:5b:ee:cb:3f:f8:08:67:75:e3:21:3e: 323s 6d:ad:4d:73:b3:6d:3c:7a:2d:0a:74:ff:83:78:c3: 323s c9:ff:3d:ef:da:6f:0d:0c:94:ee:39:78:0c:72:47: 323s de:28:3a:57:56:34:f4:67:3c:d4:9e:ff:d1:ec:ec: 323s 38:89:a2:21:7d:42:06:c5:91 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 12:1b:57:9d:eb:6f:21:f8:87:75:14:27:2f:65:3d:aa:24:59: 323s 8d:05:a6:14:7b:1f:35:61:c7:30:80:f2:da:40:50:b8:ac:c8: 323s 10:0a:92:5c:23:50:8a:97:af:c2:2b:e4:85:c3:db:a1:23:06: 323s a7:a2:c4:6f:b2:08:a4:da:13:e5:8a:37:ca:4a:60:59:f8:a5: 323s ca:26:65:6c:56:28:a8:17:9c:e5:54:95:86:62:d8:08:d5:3e: 323s d1:1a:8b:2d:ad:34:12:19:29:b0:53:43:ac:7e:4c:58:33:6d: 323s 81:ab:c5:23:4a:e0:e8:8e:11:e8:af:d3:72:a4:84:bd:cc:1c: 323s a9:3f 323s + local found_md5 expected_md5 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + expected_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717.pem 323s + found_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s + '[' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 '!=' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 ']' 323s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717-auth.output 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717-auth.output .output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717-auth.pem 323s + echo -n 053350 323s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 323s [p11_child[2762]] [main] (0x0400): p11_child started. 323s [p11_child[2762]] [main] (0x2000): Running in [auth] mode. 323s [p11_child[2762]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2762]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2762]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 323s [p11_child[2762]] [do_card] (0x4000): Module List: 323s [p11_child[2762]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2762]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2762]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2762]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2762]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2762]] [do_card] (0x4000): Login required. 323s [p11_child[2762]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2762]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2762]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x14626ddf;slot-manufacturer=SoftHSM%20project;slot-id=341994975;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=61bba4fa94626ddf;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 323s [p11_child[2762]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 323s [p11_child[2762]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 323s [p11_child[2762]] [do_card] (0x4000): Certificate verified and validated. 323s [p11_child[2762]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717-auth.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717-auth.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717-auth.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 3 (0x3) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:ae:f6:b3:6c:30:9a:38:8a:a0:7f:d9:f5:a8:d9: 323s 6b:49:3c:24:c3:31:65:6f:1b:d5:21:b5:94:ff:a2: 323s c2:8d:e2:6c:b5:78:79:f8:09:c7:6a:a8:6f:3e:e7: 323s 85:af:58:f0:81:5a:9c:1f:0b:10:58:ac:66:17:65: 323s 9a:29:51:6d:5b:ee:cb:3f:f8:08:67:75:e3:21:3e: 323s 6d:ad:4d:73:b3:6d:3c:7a:2d:0a:74:ff:83:78:c3: 323s c9:ff:3d:ef:da:6f:0d:0c:94:ee:39:78:0c:72:47: 323s de:28:3a:57:56:34:f4:67:3c:d4:9e:ff:d1:ec:ec: 323s 38:89:a2:21:7d:42:06:c5:91 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 12:1b:57:9d:eb:6f:21:f8:87:75:14:27:2f:65:3d:aa:24:59: 323s 8d:05:a6:14:7b:1f:35:61:c7:30:80:f2:da:40:50:b8:ac:c8: 323s 10:0a:92:5c:23:50:8a:97:af:c2:2b:e4:85:c3:db:a1:23:06: 323s a7:a2:c4:6f:b2:08:a4:da:13:e5:8a:37:ca:4a:60:59:f8:a5: 323s ca:26:65:6c:56:28:a8:17:9c:e5:54:95:86:62:d8:08:d5:3e: 323s d1:1a:8b:2d:ad:34:12:19:29:b0:53:43:ac:7e:4c:58:33:6d: 323s 81:ab:c5:23:4a:e0:e8:8e:11:e8:af:d3:72:a4:84:bd:cc:1c: 323s a9:3f 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-26717-auth.pem 323s + found_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s + '[' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 '!=' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 ']' 323s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s + local verify_option= 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-root-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Root Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 323s Test Organization Root Tr Token 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 323s + token_name='Test Organization Root Tr Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 323s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 323s + echo 'Test Organization Root Tr Token' 323s + '[' -n '' ']' 323s + local output_base_name=SSSD-child-14465 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s [p11_child[2772]] [main] (0x0400): p11_child started. 323s [p11_child[2772]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2772]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2772]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2772]] [do_card] (0x4000): Module List: 323s [p11_child[2772]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2772]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2772]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2772]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2772]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2772]] [do_card] (0x4000): Login NOT required. 323s [p11_child[2772]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2772]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 323s [p11_child[2772]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2772]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x14626ddf;slot-manufacturer=SoftHSM%20project;slot-id=341994975;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=61bba4fa94626ddf;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2772]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 3 (0x3) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:ae:f6:b3:6c:30:9a:38:8a:a0:7f:d9:f5:a8:d9: 323s 6b:49:3c:24:c3:31:65:6f:1b:d5:21:b5:94:ff:a2: 323s c2:8d:e2:6c:b5:78:79:f8:09:c7:6a:a8:6f:3e:e7: 323s 85:af:58:f0:81:5a:9c:1f:0b:10:58:ac:66:17:65: 323s 9a:29:51:6d:5b:ee:cb:3f:f8:08:67:75:e3:21:3e: 323s 6d:ad:4d:73:b3:6d:3c:7a:2d:0a:74:ff:83:78:c3: 323s c9:ff:3d:ef:da:6f:0d:0c:94:ee:39:78:0c:72:47: 323s de:28:3a:57:56:34:f4:67:3c:d4:9e:ff:d1:ec:ec: 323s 38:89:a2:21:7d:42:06:c5:91 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 12:1b:57:9d:eb:6f:21:f8:87:75:14:27:2f:65:3d:aa:24:59: 323s 8d:05:a6:14:7b:1f:35:61:c7:30:80:f2:da:40:50:b8:ac:c8: 323s 10:0a:92:5c:23:50:8a:97:af:c2:2b:e4:85:c3:db:a1:23:06: 323s a7:a2:c4:6f:b2:08:a4:da:13:e5:8a:37:ca:4a:60:59:f8:a5: 323s ca:26:65:6c:56:28:a8:17:9c:e5:54:95:86:62:d8:08:d5:3e: 323s d1:1a:8b:2d:ad:34:12:19:29:b0:53:43:ac:7e:4c:58:33:6d: 323s 81:ab:c5:23:4a:e0:e8:8e:11:e8:af:d3:72:a4:84:bd:cc:1c: 323s a9:3f 323s + local found_md5 expected_md5 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + expected_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465.pem 323s + found_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s + '[' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 '!=' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 ']' 323s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465-auth.output 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465-auth.output .output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465-auth.pem 323s + echo -n 053350 323s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 323s [p11_child[2780]] [main] (0x0400): p11_child started. 323s [p11_child[2780]] [main] (0x2000): Running in [auth] mode. 323s [p11_child[2780]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2780]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2780]] [do_card] (0x4000): Module List: 323s [p11_child[2780]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2780]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2780]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2780]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2780]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2780]] [do_card] (0x4000): Login required. 323s [p11_child[2780]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2780]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 323s [p11_child[2780]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2780]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x14626ddf;slot-manufacturer=SoftHSM%20project;slot-id=341994975;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=61bba4fa94626ddf;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 323s [p11_child[2780]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 323s [p11_child[2780]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 323s [p11_child[2780]] [do_card] (0x4000): Certificate verified and validated. 323s [p11_child[2780]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465-auth.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465-auth.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465-auth.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 3 (0x3) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:ae:f6:b3:6c:30:9a:38:8a:a0:7f:d9:f5:a8:d9: 323s 6b:49:3c:24:c3:31:65:6f:1b:d5:21:b5:94:ff:a2: 323s c2:8d:e2:6c:b5:78:79:f8:09:c7:6a:a8:6f:3e:e7: 323s 85:af:58:f0:81:5a:9c:1f:0b:10:58:ac:66:17:65: 323s 9a:29:51:6d:5b:ee:cb:3f:f8:08:67:75:e3:21:3e: 323s 6d:ad:4d:73:b3:6d:3c:7a:2d:0a:74:ff:83:78:c3: 323s c9:ff:3d:ef:da:6f:0d:0c:94:ee:39:78:0c:72:47: 323s de:28:3a:57:56:34:f4:67:3c:d4:9e:ff:d1:ec:ec: 323s 38:89:a2:21:7d:42:06:c5:91 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 12:1b:57:9d:eb:6f:21:f8:87:75:14:27:2f:65:3d:aa:24:59: 323s 8d:05:a6:14:7b:1f:35:61:c7:30:80:f2:da:40:50:b8:ac:c8: 323s 10:0a:92:5c:23:50:8a:97:af:c2:2b:e4:85:c3:db:a1:23:06: 323s a7:a2:c4:6f:b2:08:a4:da:13:e5:8a:37:ca:4a:60:59:f8:a5: 323s ca:26:65:6c:56:28:a8:17:9c:e5:54:95:86:62:d8:08:d5:3e: 323s d1:1a:8b:2d:ad:34:12:19:29:b0:53:43:ac:7e:4c:58:33:6d: 323s 81:ab:c5:23:4a:e0:e8:8e:11:e8:af:d3:72:a4:84:bd:cc:1c: 323s a9:3f 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-14465-auth.pem 323s + found_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s + '[' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 '!=' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 ']' 323s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem partial_chain 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem partial_chain 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s + local verify_option=partial_chain 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-root-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Root Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 323s Test Organization Root Tr Token 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 323s + token_name='Test Organization Root Tr Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 323s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 323s + echo 'Test Organization Root Tr Token' 323s + '[' -n partial_chain ']' 323s + local verify_arg=--verify=partial_chain 323s + local output_base_name=SSSD-child-5219 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s [p11_child[2790]] [main] (0x0400): p11_child started. 323s [p11_child[2790]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2790]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2790]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2790]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 323s [p11_child[2790]] [do_card] (0x4000): Module List: 323s [p11_child[2790]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2790]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2790]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2790]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2790]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2790]] [do_card] (0x4000): Login NOT required. 323s [p11_child[2790]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2790]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 323s [p11_child[2790]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2790]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x14626ddf;slot-manufacturer=SoftHSM%20project;slot-id=341994975;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=61bba4fa94626ddf;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2790]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 3 (0x3) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:ae:f6:b3:6c:30:9a:38:8a:a0:7f:d9:f5:a8:d9: 323s 6b:49:3c:24:c3:31:65:6f:1b:d5:21:b5:94:ff:a2: 323s c2:8d:e2:6c:b5:78:79:f8:09:c7:6a:a8:6f:3e:e7: 323s 85:af:58:f0:81:5a:9c:1f:0b:10:58:ac:66:17:65: 323s 9a:29:51:6d:5b:ee:cb:3f:f8:08:67:75:e3:21:3e: 323s 6d:ad:4d:73:b3:6d:3c:7a:2d:0a:74:ff:83:78:c3: 323s c9:ff:3d:ef:da:6f:0d:0c:94:ee:39:78:0c:72:47: 323s de:28:3a:57:56:34:f4:67:3c:d4:9e:ff:d1:ec:ec: 323s 38:89:a2:21:7d:42:06:c5:91 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 12:1b:57:9d:eb:6f:21:f8:87:75:14:27:2f:65:3d:aa:24:59: 323s 8d:05:a6:14:7b:1f:35:61:c7:30:80:f2:da:40:50:b8:ac:c8: 323s 10:0a:92:5c:23:50:8a:97:af:c2:2b:e4:85:c3:db:a1:23:06: 323s a7:a2:c4:6f:b2:08:a4:da:13:e5:8a:37:ca:4a:60:59:f8:a5: 323s ca:26:65:6c:56:28:a8:17:9c:e5:54:95:86:62:d8:08:d5:3e: 323s d1:1a:8b:2d:ad:34:12:19:29:b0:53:43:ac:7e:4c:58:33:6d: 323s 81:ab:c5:23:4a:e0:e8:8e:11:e8:af:d3:72:a4:84:bd:cc:1c: 323s a9:3f 323s + local found_md5 expected_md5 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + expected_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219.pem 323s + found_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s + '[' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 '!=' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 ']' 323s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219-auth.output 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219-auth.output .output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219-auth.pem 323s + echo -n 053350 323s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 323s [p11_child[2798]] [main] (0x0400): p11_child started. 323s [p11_child[2798]] [main] (0x2000): Running in [auth] mode. 323s [p11_child[2798]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2798]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2798]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 323s [p11_child[2798]] [do_card] (0x4000): Module List: 323s [p11_child[2798]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2798]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2798]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2798]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2798]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2798]] [do_card] (0x4000): Login required. 323s [p11_child[2798]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2798]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 323s [p11_child[2798]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2798]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x14626ddf;slot-manufacturer=SoftHSM%20project;slot-id=341994975;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=61bba4fa94626ddf;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 323s [p11_child[2798]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 323s [p11_child[2798]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 323s [p11_child[2798]] [do_card] (0x4000): Certificate verified and validated. 323s [p11_child[2798]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219-auth.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219-auth.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219-auth.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 3 (0x3) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:ae:f6:b3:6c:30:9a:38:8a:a0:7f:d9:f5:a8:d9: 323s 6b:49:3c:24:c3:31:65:6f:1b:d5:21:b5:94:ff:a2: 323s c2:8d:e2:6c:b5:78:79:f8:09:c7:6a:a8:6f:3e:e7: 323s 85:af:58:f0:81:5a:9c:1f:0b:10:58:ac:66:17:65: 323s 9a:29:51:6d:5b:ee:cb:3f:f8:08:67:75:e3:21:3e: 323s 6d:ad:4d:73:b3:6d:3c:7a:2d:0a:74:ff:83:78:c3: 323s c9:ff:3d:ef:da:6f:0d:0c:94:ee:39:78:0c:72:47: 323s de:28:3a:57:56:34:f4:67:3c:d4:9e:ff:d1:ec:ec: 323s 38:89:a2:21:7d:42:06:c5:91 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 12:1b:57:9d:eb:6f:21:f8:87:75:14:27:2f:65:3d:aa:24:59: 323s 8d:05:a6:14:7b:1f:35:61:c7:30:80:f2:da:40:50:b8:ac:c8: 323s 10:0a:92:5c:23:50:8a:97:af:c2:2b:e4:85:c3:db:a1:23:06: 323s a7:a2:c4:6f:b2:08:a4:da:13:e5:8a:37:ca:4a:60:59:f8:a5: 323s ca:26:65:6c:56:28:a8:17:9c:e5:54:95:86:62:d8:08:d5:3e: 323s d1:1a:8b:2d:ad:34:12:19:29:b0:53:43:ac:7e:4c:58:33:6d: 323s 81:ab:c5:23:4a:e0:e8:8e:11:e8:af:d3:72:a4:84:bd:cc:1c: 323s a9:3f 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-5219-auth.pem 323s + found_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s + '[' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 '!=' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 ']' 323s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 323s + local verify_option= 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-root-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Root Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 323s Test Organization Root Tr Token 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 323s + token_name='Test Organization Root Tr Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 323s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 323s + echo 'Test Organization Root Tr Token' 323s + '[' -n '' ']' 323s + local output_base_name=SSSD-child-30147 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 323s [p11_child[2808]] [main] (0x0400): p11_child started. 323s [p11_child[2808]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2808]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2808]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2808]] [do_card] (0x4000): Module List: 323s [p11_child[2808]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2808]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2808]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2808]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2808]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2808]] [do_card] (0x4000): Login NOT required. 323s [p11_child[2808]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2808]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 323s [p11_child[2808]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2808]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x14626ddf;slot-manufacturer=SoftHSM%20project;slot-id=341994975;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=61bba4fa94626ddf;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2808]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 3 (0x3) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:ae:f6:b3:6c:30:9a:38:8a:a0:7f:d9:f5:a8:d9: 323s 6b:49:3c:24:c3:31:65:6f:1b:d5:21:b5:94:ff:a2: 323s c2:8d:e2:6c:b5:78:79:f8:09:c7:6a:a8:6f:3e:e7: 323s 85:af:58:f0:81:5a:9c:1f:0b:10:58:ac:66:17:65: 323s 9a:29:51:6d:5b:ee:cb:3f:f8:08:67:75:e3:21:3e: 323s 6d:ad:4d:73:b3:6d:3c:7a:2d:0a:74:ff:83:78:c3: 323s c9:ff:3d:ef:da:6f:0d:0c:94:ee:39:78:0c:72:47: 323s de:28:3a:57:56:34:f4:67:3c:d4:9e:ff:d1:ec:ec: 323s 38:89:a2:21:7d:42:06:c5:91 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 12:1b:57:9d:eb:6f:21:f8:87:75:14:27:2f:65:3d:aa:24:59: 323s 8d:05:a6:14:7b:1f:35:61:c7:30:80:f2:da:40:50:b8:ac:c8: 323s 10:0a:92:5c:23:50:8a:97:af:c2:2b:e4:85:c3:db:a1:23:06: 323s a7:a2:c4:6f:b2:08:a4:da:13:e5:8a:37:ca:4a:60:59:f8:a5: 323s ca:26:65:6c:56:28:a8:17:9c:e5:54:95:86:62:d8:08:d5:3e: 323s d1:1a:8b:2d:ad:34:12:19:29:b0:53:43:ac:7e:4c:58:33:6d: 323s 81:ab:c5:23:4a:e0:e8:8e:11:e8:af:d3:72:a4:84:bd:cc:1c: 323s a9:3f 323s + local found_md5 expected_md5 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + expected_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147.pem 323s + found_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s + '[' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 '!=' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 ']' 323s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147-auth.output 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147-auth.output .output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147-auth.pem 323s + echo -n 053350 323s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 323s [p11_child[2816]] [main] (0x0400): p11_child started. 323s [p11_child[2816]] [main] (0x2000): Running in [auth] mode. 323s [p11_child[2816]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2816]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2816]] [do_card] (0x4000): Module List: 323s [p11_child[2816]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2816]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2816]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2816]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2816]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2816]] [do_card] (0x4000): Login required. 323s [p11_child[2816]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2816]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 323s [p11_child[2816]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2816]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x14626ddf;slot-manufacturer=SoftHSM%20project;slot-id=341994975;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=61bba4fa94626ddf;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 323s [p11_child[2816]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 323s [p11_child[2816]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 323s [p11_child[2816]] [do_card] (0x4000): Certificate verified and validated. 323s [p11_child[2816]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147-auth.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147-auth.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147-auth.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 3 (0x3) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:ae:f6:b3:6c:30:9a:38:8a:a0:7f:d9:f5:a8:d9: 323s 6b:49:3c:24:c3:31:65:6f:1b:d5:21:b5:94:ff:a2: 323s c2:8d:e2:6c:b5:78:79:f8:09:c7:6a:a8:6f:3e:e7: 323s 85:af:58:f0:81:5a:9c:1f:0b:10:58:ac:66:17:65: 323s 9a:29:51:6d:5b:ee:cb:3f:f8:08:67:75:e3:21:3e: 323s 6d:ad:4d:73:b3:6d:3c:7a:2d:0a:74:ff:83:78:c3: 323s c9:ff:3d:ef:da:6f:0d:0c:94:ee:39:78:0c:72:47: 323s de:28:3a:57:56:34:f4:67:3c:d4:9e:ff:d1:ec:ec: 323s 38:89:a2:21:7d:42:06:c5:91 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 12:1b:57:9d:eb:6f:21:f8:87:75:14:27:2f:65:3d:aa:24:59: 323s 8d:05:a6:14:7b:1f:35:61:c7:30:80:f2:da:40:50:b8:ac:c8: 323s 10:0a:92:5c:23:50:8a:97:af:c2:2b:e4:85:c3:db:a1:23:06: 323s a7:a2:c4:6f:b2:08:a4:da:13:e5:8a:37:ca:4a:60:59:f8:a5: 323s ca:26:65:6c:56:28:a8:17:9c:e5:54:95:86:62:d8:08:d5:3e: 323s d1:1a:8b:2d:ad:34:12:19:29:b0:53:43:ac:7e:4c:58:33:6d: 323s 81:ab:c5:23:4a:e0:e8:8e:11:e8:af:d3:72:a4:84:bd:cc:1c: 323s a9:3f 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-30147-auth.pem 323s + found_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s + '[' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 '!=' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 ']' 323s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem partial_chain 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem partial_chain 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 323s + local verify_option=partial_chain 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-root-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Root Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s Test Organization Root Tr Token 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 323s + token_name='Test Organization Root Tr Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 323s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 323s + echo 'Test Organization Root Tr Token' 323s + '[' -n partial_chain ']' 323s + local verify_arg=--verify=partial_chain 323s + local output_base_name=SSSD-child-6105 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 323s [p11_child[2826]] [main] (0x0400): p11_child started. 323s [p11_child[2826]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2826]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2826]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2826]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 323s [p11_child[2826]] [do_card] (0x4000): Module List: 323s [p11_child[2826]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2826]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2826]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2826]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2826]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2826]] [do_card] (0x4000): Login NOT required. 323s [p11_child[2826]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2826]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 323s [p11_child[2826]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2826]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x14626ddf;slot-manufacturer=SoftHSM%20project;slot-id=341994975;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=61bba4fa94626ddf;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2826]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 3 (0x3) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:ae:f6:b3:6c:30:9a:38:8a:a0:7f:d9:f5:a8:d9: 323s 6b:49:3c:24:c3:31:65:6f:1b:d5:21:b5:94:ff:a2: 323s c2:8d:e2:6c:b5:78:79:f8:09:c7:6a:a8:6f:3e:e7: 323s 85:af:58:f0:81:5a:9c:1f:0b:10:58:ac:66:17:65: 323s 9a:29:51:6d:5b:ee:cb:3f:f8:08:67:75:e3:21:3e: 323s 6d:ad:4d:73:b3:6d:3c:7a:2d:0a:74:ff:83:78:c3: 323s c9:ff:3d:ef:da:6f:0d:0c:94:ee:39:78:0c:72:47: 323s de:28:3a:57:56:34:f4:67:3c:d4:9e:ff:d1:ec:ec: 323s 38:89:a2:21:7d:42:06:c5:91 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 12:1b:57:9d:eb:6f:21:f8:87:75:14:27:2f:65:3d:aa:24:59: 323s 8d:05:a6:14:7b:1f:35:61:c7:30:80:f2:da:40:50:b8:ac:c8: 323s 10:0a:92:5c:23:50:8a:97:af:c2:2b:e4:85:c3:db:a1:23:06: 323s a7:a2:c4:6f:b2:08:a4:da:13:e5:8a:37:ca:4a:60:59:f8:a5: 323s ca:26:65:6c:56:28:a8:17:9c:e5:54:95:86:62:d8:08:d5:3e: 323s d1:1a:8b:2d:ad:34:12:19:29:b0:53:43:ac:7e:4c:58:33:6d: 323s 81:ab:c5:23:4a:e0:e8:8e:11:e8:af:d3:72:a4:84:bd:cc:1c: 323s a9:3f 323s + local found_md5 expected_md5 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + expected_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105.pem 323s + found_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s + '[' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 '!=' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 ']' 323s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105-auth.output 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105-auth.output .output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105-auth.pem 323s + echo -n 053350 323s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 323s [p11_child[2834]] [main] (0x0400): p11_child started. 323s [p11_child[2834]] [main] (0x2000): Running in [auth] mode. 323s [p11_child[2834]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2834]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2834]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 323s [p11_child[2834]] [do_card] (0x4000): Module List: 323s [p11_child[2834]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2834]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2834]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2834]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2834]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2834]] [do_card] (0x4000): Login required. 323s [p11_child[2834]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2834]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 323s [p11_child[2834]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2834]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x14626ddf;slot-manufacturer=SoftHSM%20project;slot-id=341994975;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=61bba4fa94626ddf;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 323s [p11_child[2834]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 323s [p11_child[2834]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 323s [p11_child[2834]] [do_card] (0x4000): Certificate verified and validated. 323s [p11_child[2834]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105-auth.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105-auth.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105-auth.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 3 (0x3) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:ae:f6:b3:6c:30:9a:38:8a:a0:7f:d9:f5:a8:d9: 323s 6b:49:3c:24:c3:31:65:6f:1b:d5:21:b5:94:ff:a2: 323s c2:8d:e2:6c:b5:78:79:f8:09:c7:6a:a8:6f:3e:e7: 323s 85:af:58:f0:81:5a:9c:1f:0b:10:58:ac:66:17:65: 323s 9a:29:51:6d:5b:ee:cb:3f:f8:08:67:75:e3:21:3e: 323s 6d:ad:4d:73:b3:6d:3c:7a:2d:0a:74:ff:83:78:c3: 323s c9:ff:3d:ef:da:6f:0d:0c:94:ee:39:78:0c:72:47: 323s de:28:3a:57:56:34:f4:67:3c:d4:9e:ff:d1:ec:ec: 323s 38:89:a2:21:7d:42:06:c5:91 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s D5:24:96:1B:12:29:79:67:F6:57:F9:D6:15:1B:42:CF:35:03:6F:ED 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Root CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s C4:93:82:72:BC:9E:77:85:1A:F6:C4:41:B8:DD:AC:FC:29:81:3E:60 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 12:1b:57:9d:eb:6f:21:f8:87:75:14:27:2f:65:3d:aa:24:59: 323s 8d:05:a6:14:7b:1f:35:61:c7:30:80:f2:da:40:50:b8:ac:c8: 323s 10:0a:92:5c:23:50:8a:97:af:c2:2b:e4:85:c3:db:a1:23:06: 323s a7:a2:c4:6f:b2:08:a4:da:13:e5:8a:37:ca:4a:60:59:f8:a5: 323s ca:26:65:6c:56:28:a8:17:9c:e5:54:95:86:62:d8:08:d5:3e: 323s d1:1a:8b:2d:ad:34:12:19:29:b0:53:43:ac:7e:4c:58:33:6d: 323s 81:ab:c5:23:4a:e0:e8:8e:11:e8:af:d3:72:a4:84:bd:cc:1c: 323s a9:3f 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-6105-auth.pem 323s + found_md5=Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 323s + '[' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 '!=' Modulus=AEF6B36C309A388AA07FD9F5A8D96B493C24C331656F1BD521B594FFA2C28DE26CB57879F809C76AA86F3EE785AF58F0815A9C1F0B1058AC6617659A29516D5BEECB3FF8086775E3213E6DAD4D73B36D3C7A2D0A74FF8378C3C9FF3DEFDA6F0D0C94EE39780C7247DE283A575634F4673CD49EFFD1ECEC3889A2217D4206C591 ']' 323s + invalid_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 323s + local verify_option= 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-root-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s Test Organization Root Tr Token 323s + key_cn='Test Organization Root Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 323s + token_name='Test Organization Root Tr Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 323s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 323s + echo 'Test Organization Root Tr Token' 323s + '[' -n '' ']' 323s + local output_base_name=SSSD-child-19472 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-19472.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-19472.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 323s [p11_child[2844]] [main] (0x0400): p11_child started. 323s [p11_child[2844]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2844]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2844]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2844]] [do_card] (0x4000): Module List: 323s [p11_child[2844]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2844]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2844]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2844]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2844]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2844]] [do_card] (0x4000): Login NOT required. 323s [p11_child[2844]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2844]] [do_verification] (0x0040): X509_verify_cert failed [0]. 323s [p11_child[2844]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 323s [p11_child[2844]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 323s [p11_child[2844]] [do_card] (0x4000): No certificate found. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-19472.output 323s + return 2 323s + invalid_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem partial_chain 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem partial_chain 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 323s + local verify_option=partial_chain 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-22355 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-root-ca-trusted-cert-0001-22355 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-root-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-root-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Root Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s Test Organization Root Tr Token 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 323s + token_name='Test Organization Root Tr Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 323s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 323s + echo 'Test Organization Root Tr Token' 323s + '[' -n partial_chain ']' 323s + local verify_arg=--verify=partial_chain 323s + local output_base_name=SSSD-child-9390 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-9390.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-9390.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 323s [p11_child[2851]] [main] (0x0400): p11_child started. 323s [p11_child[2851]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2851]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2851]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2851]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 323s [p11_child[2851]] [do_card] (0x4000): Module List: 323s [p11_child[2851]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2851]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2851]] [do_card] (0x4000): Description [SoftHSM slot ID 0x14626ddf] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2851]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 323s [p11_child[2851]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x14626ddf][341994975] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2851]] [do_card] (0x4000): Login NOT required. 323s [p11_child[2851]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 323s [p11_child[2851]] [do_verification] (0x0040): X509_verify_cert failed [0]. 323s [p11_child[2851]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 323s [p11_child[2851]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 323s [p11_child[2851]] [do_card] (0x4000): No certificate found. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-9390.output 323s + return 2 323s + invalid_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /dev/null 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /dev/null 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local key_ring=/dev/null 323s + local verify_option= 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-intermediate-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 323s + token_name='Test Organization Interme Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 323s + local key_file 323s + local decrypted_key 323s + mkdir -p /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 323s + key_file=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001-key.pem 323s + decrypted_key=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 323s + cat 323s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 323s Slot 0 has a free/uninitialized token. 323s The token has been initialized and is reassigned to slot 290323799 323s + softhsm2-util --show-slots 323s Available slots: 323s Slot 290323799 323s Slot info: 323s Description: SoftHSM slot ID 0x114dfd57 323s Manufacturer ID: SoftHSM project 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Token present: yes 323s Token info: 323s Manufacturer ID: SoftHSM project 323s Model: SoftHSM v2 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Serial number: 9d421e61114dfd57 323s Initialized: yes 323s User PIN init.: yes 323s Label: Test Organization Interme Token 323s Slot 1 323s Slot info: 323s Description: SoftHSM slot ID 0x1 323s Manufacturer ID: SoftHSM project 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Token present: yes 323s Token info: 323s Manufacturer ID: SoftHSM project 323s Model: SoftHSM v2 323s Hardware version: 2.6 323s Firmware version: 2.6 323s Serial number: 323s Initialized: no 323s User PIN init.: no 323s Label: 323s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 323s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-20706 -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 323s writing RSA key 323s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 323s + rm /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 323s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 323s Object 0: 323s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9d421e61114dfd57;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 323s Type: X.509 Certificate (RSA-1024) 323s Expires: Sat Jan 17 09:58:30 2026 323s Label: Test Organization Intermediate Trusted Certificate 0001 323s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 323s 323s Test Organization Interme Token 323s + echo 'Test Organization Interme Token' 323s + '[' -n '' ']' 323s + local output_base_name=SSSD-child-12511 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-12511.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-12511.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 323s [p11_child[2867]] [main] (0x0400): p11_child started. 323s [p11_child[2867]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2867]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2867]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2867]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 323s [p11_child[2867]] [do_work] (0x0040): init_verification failed. 323s [p11_child[2867]] [main] (0x0020): p11_child failed (5) 323s + return 2 323s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /dev/null no_verification 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /dev/null no_verification 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local key_ring=/dev/null 323s + local verify_option=no_verification 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-intermediate-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 323s Test Organization Interme Token 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 323s + token_name='Test Organization Interme Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 323s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 323s + echo 'Test Organization Interme Token' 323s + '[' -n no_verification ']' 323s + local verify_arg=--verify=no_verification 323s + local output_base_name=SSSD-child-4594 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 323s [p11_child[2873]] [main] (0x0400): p11_child started. 323s [p11_child[2873]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2873]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2873]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2873]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 323s [p11_child[2873]] [do_card] (0x4000): Module List: 323s [p11_child[2873]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2873]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2873]] [do_card] (0x4000): Description [SoftHSM slot ID 0x114dfd57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2873]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 323s [p11_child[2873]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x114dfd57][290323799] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2873]] [do_card] (0x4000): Login NOT required. 323s [p11_child[2873]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 323s [p11_child[2873]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2873]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x114dfd57;slot-manufacturer=SoftHSM%20project;slot-id=290323799;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9d421e61114dfd57;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2873]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 4 (0x4) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:a0:39:2f:bd:3b:c7:e2:6d:f8:49:cd:9a:18:e2: 323s c3:4f:b6:0a:52:cd:03:f1:62:fe:0d:d0:92:19:3c: 323s 2e:8b:7b:76:47:df:61:2f:40:2f:36:e9:ba:3f:c4: 323s 30:b1:43:35:58:41:a3:5f:a0:d8:4a:83:da:b6:65: 323s d2:63:cd:3e:4f:77:30:b4:91:70:58:1f:65:7b:55: 323s 05:06:38:aa:9e:44:f7:8d:14:c5:a6:27:44:28:ad: 323s e2:ac:92:f6:19:49:8b:70:af:86:4c:86:e7:fa:87: 323s bd:4e:9d:ae:c6:51:6e:9d:cb:35:96:e9:a9:d4:78: 323s a5:c0:d4:29:0f:e0:10:e0:61 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s A0:21:0D:3B:15:80:87:12:61:12:DA:F8:6A:BE:73:CA:89:42:4B:EA 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Intermediate CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s 5E:BC:D9:60:AF:68:66:F4:38:D1:49:31:80:96:BA:D9:E4:34:C9:B7 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 1c:2d:16:de:76:64:92:eb:d6:3a:80:b1:5e:39:09:c6:5d:ae: 323s 42:8f:9b:38:bf:69:43:8c:82:88:ff:bb:0d:4e:2b:0a:f6:97: 323s cd:41:5a:2e:cc:2b:70:14:e6:60:26:7a:a6:d6:85:8d:3a:b2: 323s 0b:b0:31:40:f9:fd:8d:3b:ee:05:ca:52:c5:1f:38:6d:f2:00: 323s c6:ea:1d:7b:93:b1:ac:ab:78:07:dd:a0:f5:fc:e1:ed:36:fa: 323s ad:b0:d9:31:0a:9b:22:18:d5:af:21:b3:e0:06:ee:86:8d:19: 323s 20:ce:dc:a2:c6:7a:55:cb:b3:02:f5:76:3e:06:7b:ba:a0:9d: 323s a8:c3 323s + local found_md5 expected_md5 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s + expected_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594.pem 323s + found_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 323s + '[' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 '!=' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 ']' 323s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594-auth.output 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594-auth.output .output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594-auth.pem 323s + echo -n 053350 323s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 323s [p11_child[2881]] [main] (0x0400): p11_child started. 323s [p11_child[2881]] [main] (0x2000): Running in [auth] mode. 323s [p11_child[2881]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2881]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2881]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 323s [p11_child[2881]] [do_card] (0x4000): Module List: 323s [p11_child[2881]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2881]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2881]] [do_card] (0x4000): Description [SoftHSM slot ID 0x114dfd57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2881]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 323s [p11_child[2881]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x114dfd57][290323799] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2881]] [do_card] (0x4000): Login required. 323s [p11_child[2881]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 323s [p11_child[2881]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2881]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x114dfd57;slot-manufacturer=SoftHSM%20project;slot-id=290323799;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9d421e61114dfd57;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 323s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 323s [p11_child[2881]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 323s [p11_child[2881]] [do_card] (0x4000): Certificate verified and validated. 323s [p11_child[2881]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594-auth.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594-auth.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594-auth.pem 323s Certificate: 323s Data: 323s Version: 3 (0x2) 323s Serial Number: 4 (0x4) 323s Signature Algorithm: sha256WithRSAEncryption 323s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 323s Validity 323s Not Before: Jan 17 09:58:30 2025 GMT 323s Not After : Jan 17 09:58:30 2026 GMT 323s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 323s Subject Public Key Info: 323s Public Key Algorithm: rsaEncryption 323s Public-Key: (1024 bit) 323s Modulus: 323s 00:a0:39:2f:bd:3b:c7:e2:6d:f8:49:cd:9a:18:e2: 323s c3:4f:b6:0a:52:cd:03:f1:62:fe:0d:d0:92:19:3c: 323s 2e:8b:7b:76:47:df:61:2f:40:2f:36:e9:ba:3f:c4: 323s 30:b1:43:35:58:41:a3:5f:a0:d8:4a:83:da:b6:65: 323s d2:63:cd:3e:4f:77:30:b4:91:70:58:1f:65:7b:55: 323s 05:06:38:aa:9e:44:f7:8d:14:c5:a6:27:44:28:ad: 323s e2:ac:92:f6:19:49:8b:70:af:86:4c:86:e7:fa:87: 323s bd:4e:9d:ae:c6:51:6e:9d:cb:35:96:e9:a9:d4:78: 323s a5:c0:d4:29:0f:e0:10:e0:61 323s Exponent: 65537 (0x10001) 323s X509v3 extensions: 323s X509v3 Authority Key Identifier: 323s A0:21:0D:3B:15:80:87:12:61:12:DA:F8:6A:BE:73:CA:89:42:4B:EA 323s X509v3 Basic Constraints: 323s CA:FALSE 323s Netscape Cert Type: 323s SSL Client, S/MIME 323s Netscape Comment: 323s Test Organization Intermediate CA trusted Certificate 323s X509v3 Subject Key Identifier: 323s 5E:BC:D9:60:AF:68:66:F4:38:D1:49:31:80:96:BA:D9:E4:34:C9:B7 323s X509v3 Key Usage: critical 323s Digital Signature, Non Repudiation, Key Encipherment 323s X509v3 Extended Key Usage: 323s TLS Web Client Authentication, E-mail Protection 323s X509v3 Subject Alternative Name: 323s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 323s Signature Algorithm: sha256WithRSAEncryption 323s Signature Value: 323s 1c:2d:16:de:76:64:92:eb:d6:3a:80:b1:5e:39:09:c6:5d:ae: 323s 42:8f:9b:38:bf:69:43:8c:82:88:ff:bb:0d:4e:2b:0a:f6:97: 323s cd:41:5a:2e:cc:2b:70:14:e6:60:26:7a:a6:d6:85:8d:3a:b2: 323s 0b:b0:31:40:f9:fd:8d:3b:ee:05:ca:52:c5:1f:38:6d:f2:00: 323s c6:ea:1d:7b:93:b1:ac:ab:78:07:dd:a0:f5:fc:e1:ed:36:fa: 323s ad:b0:d9:31:0a:9b:22:18:d5:af:21:b3:e0:06:ee:86:8d:19: 323s 20:ce:dc:a2:c6:7a:55:cb:b3:02:f5:76:3e:06:7b:ba:a0:9d: 323s a8:c3 323s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-4594-auth.pem 323s + found_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 323s + '[' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 '!=' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 ']' 323s + invalid_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s + local verify_option= 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-intermediate-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 323s Test Organization Interme Token 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 323s + token_name='Test Organization Interme Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 323s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 323s + echo 'Test Organization Interme Token' 323s + '[' -n '' ']' 323s + local output_base_name=SSSD-child-23124 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-23124.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-23124.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s [p11_child[2891]] [main] (0x0400): p11_child started. 323s [p11_child[2891]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2891]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2891]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2891]] [do_card] (0x4000): Module List: 323s [p11_child[2891]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2891]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2891]] [do_card] (0x4000): Description [SoftHSM slot ID 0x114dfd57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2891]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 323s [p11_child[2891]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x114dfd57][290323799] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2891]] [do_card] (0x4000): Login NOT required. 323s [p11_child[2891]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 323s [p11_child[2891]] [do_verification] (0x0040): X509_verify_cert failed [0]. 323s [p11_child[2891]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 323s [p11_child[2891]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 323s [p11_child[2891]] [do_card] (0x4000): No certificate found. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-23124.output 323s + return 2 323s + invalid_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem partial_chain 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem partial_chain 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s + local verify_option=partial_chain 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-intermediate-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 323s Test Organization Interme Token 323s + token_name='Test Organization Interme Token' 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 323s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 323s + echo 'Test Organization Interme Token' 323s + '[' -n partial_chain ']' 323s + local verify_arg=--verify=partial_chain 323s + local output_base_name=SSSD-child-20715 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-20715.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-20715.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 323s [p11_child[2898]] [main] (0x0400): p11_child started. 323s [p11_child[2898]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2898]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2898]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2898]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 323s [p11_child[2898]] [do_card] (0x4000): Module List: 323s [p11_child[2898]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2898]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2898]] [do_card] (0x4000): Description [SoftHSM slot ID 0x114dfd57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2898]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 323s [p11_child[2898]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x114dfd57][290323799] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2898]] [do_card] (0x4000): Login NOT required. 323s [p11_child[2898]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 323s [p11_child[2898]] [do_verification] (0x0040): X509_verify_cert failed [0]. 323s [p11_child[2898]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 323s [p11_child[2898]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 323s [p11_child[2898]] [do_card] (0x4000): No certificate found. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20715.output 323s + return 2 323s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 323s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 323s + local verify_option= 323s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 323s + local key_cn 323s + local key_name 323s + local tokens_dir 323s + local output_cert_file 323s + token_name= 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem .pem 323s + key_name=test-intermediate-CA-trusted-certificate-0001 323s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 323s ++ sed -n 's/ *commonName *= //p' 323s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 323s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 323s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 323s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 323s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 323s + token_name='Test Organization Interme Token' 323s Test Organization Interme Token 323s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 323s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 323s + echo 'Test Organization Interme Token' 323s + '[' -n '' ']' 323s + local output_base_name=SSSD-child-28895 323s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895.output 323s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895.pem 323s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 323s [p11_child[2905]] [main] (0x0400): p11_child started. 323s [p11_child[2905]] [main] (0x2000): Running in [pre-auth] mode. 323s [p11_child[2905]] [main] (0x2000): Running with effective IDs: [0][0]. 323s [p11_child[2905]] [main] (0x2000): Running with real IDs [0][0]. 323s [p11_child[2905]] [do_card] (0x4000): Module List: 323s [p11_child[2905]] [do_card] (0x4000): common name: [softhsm2]. 323s [p11_child[2905]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2905]] [do_card] (0x4000): Description [SoftHSM slot ID 0x114dfd57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 323s [p11_child[2905]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 323s [p11_child[2905]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x114dfd57][290323799] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 323s [p11_child[2905]] [do_card] (0x4000): Login NOT required. 323s [p11_child[2905]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 323s [p11_child[2905]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 323s [p11_child[2905]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 323s [p11_child[2905]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x114dfd57;slot-manufacturer=SoftHSM%20project;slot-id=290323799;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9d421e61114dfd57;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 323s [p11_child[2905]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 323s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895.output 323s + echo '-----BEGIN CERTIFICATE-----' 323s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895.output 323s + echo '-----END CERTIFICATE-----' 323s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 4 (0x4) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:a0:39:2f:bd:3b:c7:e2:6d:f8:49:cd:9a:18:e2: 324s c3:4f:b6:0a:52:cd:03:f1:62:fe:0d:d0:92:19:3c: 324s 2e:8b:7b:76:47:df:61:2f:40:2f:36:e9:ba:3f:c4: 324s 30:b1:43:35:58:41:a3:5f:a0:d8:4a:83:da:b6:65: 324s d2:63:cd:3e:4f:77:30:b4:91:70:58:1f:65:7b:55: 324s 05:06:38:aa:9e:44:f7:8d:14:c5:a6:27:44:28:ad: 324s e2:ac:92:f6:19:49:8b:70:af:86:4c:86:e7:fa:87: 324s bd:4e:9d:ae:c6:51:6e:9d:cb:35:96:e9:a9:d4:78: 324s a5:c0:d4:29:0f:e0:10:e0:61 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s A0:21:0D:3B:15:80:87:12:61:12:DA:F8:6A:BE:73:CA:89:42:4B:EA 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 5E:BC:D9:60:AF:68:66:F4:38:D1:49:31:80:96:BA:D9:E4:34:C9:B7 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 1c:2d:16:de:76:64:92:eb:d6:3a:80:b1:5e:39:09:c6:5d:ae: 324s 42:8f:9b:38:bf:69:43:8c:82:88:ff:bb:0d:4e:2b:0a:f6:97: 324s cd:41:5a:2e:cc:2b:70:14:e6:60:26:7a:a6:d6:85:8d:3a:b2: 324s 0b:b0:31:40:f9:fd:8d:3b:ee:05:ca:52:c5:1f:38:6d:f2:00: 324s c6:ea:1d:7b:93:b1:ac:ab:78:07:dd:a0:f5:fc:e1:ed:36:fa: 324s ad:b0:d9:31:0a:9b:22:18:d5:af:21:b3:e0:06:ee:86:8d:19: 324s 20:ce:dc:a2:c6:7a:55:cb:b3:02:f5:76:3e:06:7b:ba:a0:9d: 324s a8:c3 324s + local found_md5 expected_md5 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s + expected_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895.pem 324s + found_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 324s + '[' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 '!=' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 ']' 324s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895-auth.output 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895-auth.output .output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895-auth.pem 324s + echo -n 053350 324s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 324s [p11_child[2913]] [main] (0x0400): p11_child started. 324s [p11_child[2913]] [main] (0x2000): Running in [auth] mode. 324s [p11_child[2913]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[2913]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[2913]] [do_card] (0x4000): Module List: 324s [p11_child[2913]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[2913]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2913]] [do_card] (0x4000): Description [SoftHSM slot ID 0x114dfd57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[2913]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 324s [p11_child[2913]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x114dfd57][290323799] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2913]] [do_card] (0x4000): Login required. 324s [p11_child[2913]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 324s [p11_child[2913]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[2913]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[2913]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x114dfd57;slot-manufacturer=SoftHSM%20project;slot-id=290323799;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9d421e61114dfd57;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 324s [p11_child[2913]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 324s [p11_child[2913]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 324s [p11_child[2913]] [do_card] (0x4000): Certificate verified and validated. 324s [p11_child[2913]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895-auth.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895-auth.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895-auth.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 4 (0x4) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:a0:39:2f:bd:3b:c7:e2:6d:f8:49:cd:9a:18:e2: 324s c3:4f:b6:0a:52:cd:03:f1:62:fe:0d:d0:92:19:3c: 324s 2e:8b:7b:76:47:df:61:2f:40:2f:36:e9:ba:3f:c4: 324s 30:b1:43:35:58:41:a3:5f:a0:d8:4a:83:da:b6:65: 324s d2:63:cd:3e:4f:77:30:b4:91:70:58:1f:65:7b:55: 324s 05:06:38:aa:9e:44:f7:8d:14:c5:a6:27:44:28:ad: 324s e2:ac:92:f6:19:49:8b:70:af:86:4c:86:e7:fa:87: 324s bd:4e:9d:ae:c6:51:6e:9d:cb:35:96:e9:a9:d4:78: 324s a5:c0:d4:29:0f:e0:10:e0:61 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s A0:21:0D:3B:15:80:87:12:61:12:DA:F8:6A:BE:73:CA:89:42:4B:EA 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 5E:BC:D9:60:AF:68:66:F4:38:D1:49:31:80:96:BA:D9:E4:34:C9:B7 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 1c:2d:16:de:76:64:92:eb:d6:3a:80:b1:5e:39:09:c6:5d:ae: 324s 42:8f:9b:38:bf:69:43:8c:82:88:ff:bb:0d:4e:2b:0a:f6:97: 324s cd:41:5a:2e:cc:2b:70:14:e6:60:26:7a:a6:d6:85:8d:3a:b2: 324s 0b:b0:31:40:f9:fd:8d:3b:ee:05:ca:52:c5:1f:38:6d:f2:00: 324s c6:ea:1d:7b:93:b1:ac:ab:78:07:dd:a0:f5:fc:e1:ed:36:fa: 324s ad:b0:d9:31:0a:9b:22:18:d5:af:21:b3:e0:06:ee:86:8d:19: 324s 20:ce:dc:a2:c6:7a:55:cb:b3:02:f5:76:3e:06:7b:ba:a0:9d: 324s a8:c3 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28895-auth.pem 324s + found_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 324s + '[' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 '!=' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 ']' 324s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem partial_chain 324s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem partial_chain 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 324s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 324s + local verify_option=partial_chain 324s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 324s + local key_cn 324s + local key_name 324s + local tokens_dir 324s + local output_cert_file 324s + token_name= 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem .pem 324s + key_name=test-intermediate-CA-trusted-certificate-0001 324s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s ++ sed -n 's/ *commonName *= //p' 324s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 324s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 324s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 324s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 324s Test Organization Interme Token 324s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 324s + token_name='Test Organization Interme Token' 324s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 324s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 324s + echo 'Test Organization Interme Token' 324s + '[' -n partial_chain ']' 324s + local verify_arg=--verify=partial_chain 324s + local output_base_name=SSSD-child-20350 324s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350.output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350.pem 324s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 324s [p11_child[2923]] [main] (0x0400): p11_child started. 324s [p11_child[2923]] [main] (0x2000): Running in [pre-auth] mode. 324s [p11_child[2923]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[2923]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[2923]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 324s [p11_child[2923]] [do_card] (0x4000): Module List: 324s [p11_child[2923]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[2923]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2923]] [do_card] (0x4000): Description [SoftHSM slot ID 0x114dfd57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[2923]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 324s [p11_child[2923]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x114dfd57][290323799] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2923]] [do_card] (0x4000): Login NOT required. 324s [p11_child[2923]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 324s [p11_child[2923]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[2923]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[2923]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x114dfd57;slot-manufacturer=SoftHSM%20project;slot-id=290323799;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9d421e61114dfd57;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[2923]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 4 (0x4) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:a0:39:2f:bd:3b:c7:e2:6d:f8:49:cd:9a:18:e2: 324s c3:4f:b6:0a:52:cd:03:f1:62:fe:0d:d0:92:19:3c: 324s 2e:8b:7b:76:47:df:61:2f:40:2f:36:e9:ba:3f:c4: 324s 30:b1:43:35:58:41:a3:5f:a0:d8:4a:83:da:b6:65: 324s d2:63:cd:3e:4f:77:30:b4:91:70:58:1f:65:7b:55: 324s 05:06:38:aa:9e:44:f7:8d:14:c5:a6:27:44:28:ad: 324s e2:ac:92:f6:19:49:8b:70:af:86:4c:86:e7:fa:87: 324s bd:4e:9d:ae:c6:51:6e:9d:cb:35:96:e9:a9:d4:78: 324s a5:c0:d4:29:0f:e0:10:e0:61 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s A0:21:0D:3B:15:80:87:12:61:12:DA:F8:6A:BE:73:CA:89:42:4B:EA 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 5E:BC:D9:60:AF:68:66:F4:38:D1:49:31:80:96:BA:D9:E4:34:C9:B7 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 1c:2d:16:de:76:64:92:eb:d6:3a:80:b1:5e:39:09:c6:5d:ae: 324s 42:8f:9b:38:bf:69:43:8c:82:88:ff:bb:0d:4e:2b:0a:f6:97: 324s cd:41:5a:2e:cc:2b:70:14:e6:60:26:7a:a6:d6:85:8d:3a:b2: 324s 0b:b0:31:40:f9:fd:8d:3b:ee:05:ca:52:c5:1f:38:6d:f2:00: 324s c6:ea:1d:7b:93:b1:ac:ab:78:07:dd:a0:f5:fc:e1:ed:36:fa: 324s ad:b0:d9:31:0a:9b:22:18:d5:af:21:b3:e0:06:ee:86:8d:19: 324s 20:ce:dc:a2:c6:7a:55:cb:b3:02:f5:76:3e:06:7b:ba:a0:9d: 324s a8:c3 324s + local found_md5 expected_md5 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s + expected_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350.pem 324s + found_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 324s + '[' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 '!=' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 ']' 324s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350-auth.output 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350-auth.output .output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350-auth.pem 324s + echo -n 053350 324s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 324s [p11_child[2931]] [main] (0x0400): p11_child started. 324s [p11_child[2931]] [main] (0x2000): Running in [auth] mode. 324s [p11_child[2931]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[2931]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[2931]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 324s [p11_child[2931]] [do_card] (0x4000): Module List: 324s [p11_child[2931]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[2931]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2931]] [do_card] (0x4000): Description [SoftHSM slot ID 0x114dfd57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[2931]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 324s [p11_child[2931]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x114dfd57][290323799] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2931]] [do_card] (0x4000): Login required. 324s [p11_child[2931]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 324s [p11_child[2931]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[2931]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[2931]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x114dfd57;slot-manufacturer=SoftHSM%20project;slot-id=290323799;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9d421e61114dfd57;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 324s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 324s [p11_child[2931]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 324s [p11_child[2931]] [do_card] (0x4000): Certificate verified and validated. 324s [p11_child[2931]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350-auth.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350-auth.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350-auth.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 4 (0x4) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:a0:39:2f:bd:3b:c7:e2:6d:f8:49:cd:9a:18:e2: 324s c3:4f:b6:0a:52:cd:03:f1:62:fe:0d:d0:92:19:3c: 324s 2e:8b:7b:76:47:df:61:2f:40:2f:36:e9:ba:3f:c4: 324s 30:b1:43:35:58:41:a3:5f:a0:d8:4a:83:da:b6:65: 324s d2:63:cd:3e:4f:77:30:b4:91:70:58:1f:65:7b:55: 324s 05:06:38:aa:9e:44:f7:8d:14:c5:a6:27:44:28:ad: 324s e2:ac:92:f6:19:49:8b:70:af:86:4c:86:e7:fa:87: 324s bd:4e:9d:ae:c6:51:6e:9d:cb:35:96:e9:a9:d4:78: 324s a5:c0:d4:29:0f:e0:10:e0:61 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s A0:21:0D:3B:15:80:87:12:61:12:DA:F8:6A:BE:73:CA:89:42:4B:EA 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 5E:BC:D9:60:AF:68:66:F4:38:D1:49:31:80:96:BA:D9:E4:34:C9:B7 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 1c:2d:16:de:76:64:92:eb:d6:3a:80:b1:5e:39:09:c6:5d:ae: 324s 42:8f:9b:38:bf:69:43:8c:82:88:ff:bb:0d:4e:2b:0a:f6:97: 324s cd:41:5a:2e:cc:2b:70:14:e6:60:26:7a:a6:d6:85:8d:3a:b2: 324s 0b:b0:31:40:f9:fd:8d:3b:ee:05:ca:52:c5:1f:38:6d:f2:00: 324s c6:ea:1d:7b:93:b1:ac:ab:78:07:dd:a0:f5:fc:e1:ed:36:fa: 324s ad:b0:d9:31:0a:9b:22:18:d5:af:21:b3:e0:06:ee:86:8d:19: 324s 20:ce:dc:a2:c6:7a:55:cb:b3:02:f5:76:3e:06:7b:ba:a0:9d: 324s a8:c3 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20350-auth.pem 324s + found_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 324s + '[' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 '!=' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 ']' 324s + invalid_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 324s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 324s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 324s + local verify_option= 324s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 324s + local key_cn 324s + local key_name 324s + local tokens_dir 324s + local output_cert_file 324s + token_name= 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem .pem 324s + key_name=test-intermediate-CA-trusted-certificate-0001 324s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s ++ sed -n 's/ *commonName *= //p' 324s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 324s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 324s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 324s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 324s Test Organization Interme Token 324s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 324s + token_name='Test Organization Interme Token' 324s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 324s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 324s + echo 'Test Organization Interme Token' 324s + '[' -n '' ']' 324s + local output_base_name=SSSD-child-9487 324s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-9487.output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-9487.pem 324s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 324s [p11_child[2941]] [main] (0x0400): p11_child started. 324s [p11_child[2941]] [main] (0x2000): Running in [pre-auth] mode. 324s [p11_child[2941]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[2941]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[2941]] [do_card] (0x4000): Module List: 324s [p11_child[2941]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[2941]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2941]] [do_card] (0x4000): Description [SoftHSM slot ID 0x114dfd57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[2941]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 324s [p11_child[2941]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x114dfd57][290323799] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2941]] [do_card] (0x4000): Login NOT required. 324s [p11_child[2941]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 324s [p11_child[2941]] [do_verification] (0x0040): X509_verify_cert failed [0]. 324s [p11_child[2941]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 324s [p11_child[2941]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 324s [p11_child[2941]] [do_card] (0x4000): No certificate found. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-9487.output 324s + return 2 324s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem partial_chain 324s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem partial_chain 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 324s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 324s + local verify_option=partial_chain 324s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-20706 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-20706 324s + local key_cn 324s + local key_name 324s + local tokens_dir 324s + local output_cert_file 324s + token_name= 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem .pem 324s + key_name=test-intermediate-CA-trusted-certificate-0001 324s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s ++ sed -n 's/ *commonName *= //p' 324s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 324s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 324s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 324s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 324s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 324s Test Organization Interme Token 324s + token_name='Test Organization Interme Token' 324s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 324s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 324s + echo 'Test Organization Interme Token' 324s + '[' -n partial_chain ']' 324s + local verify_arg=--verify=partial_chain 324s + local output_base_name=SSSD-child-28202 324s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202.output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202.pem 324s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem 324s [p11_child[2948]] [main] (0x0400): p11_child started. 324s [p11_child[2948]] [main] (0x2000): Running in [pre-auth] mode. 324s [p11_child[2948]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[2948]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[2948]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 324s [p11_child[2948]] [do_card] (0x4000): Module List: 324s [p11_child[2948]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[2948]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2948]] [do_card] (0x4000): Description [SoftHSM slot ID 0x114dfd57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[2948]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 324s [p11_child[2948]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x114dfd57][290323799] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2948]] [do_card] (0x4000): Login NOT required. 324s [p11_child[2948]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 324s [p11_child[2948]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[2948]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[2948]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x114dfd57;slot-manufacturer=SoftHSM%20project;slot-id=290323799;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9d421e61114dfd57;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[2948]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 4 (0x4) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:a0:39:2f:bd:3b:c7:e2:6d:f8:49:cd:9a:18:e2: 324s c3:4f:b6:0a:52:cd:03:f1:62:fe:0d:d0:92:19:3c: 324s 2e:8b:7b:76:47:df:61:2f:40:2f:36:e9:ba:3f:c4: 324s 30:b1:43:35:58:41:a3:5f:a0:d8:4a:83:da:b6:65: 324s d2:63:cd:3e:4f:77:30:b4:91:70:58:1f:65:7b:55: 324s 05:06:38:aa:9e:44:f7:8d:14:c5:a6:27:44:28:ad: 324s e2:ac:92:f6:19:49:8b:70:af:86:4c:86:e7:fa:87: 324s bd:4e:9d:ae:c6:51:6e:9d:cb:35:96:e9:a9:d4:78: 324s a5:c0:d4:29:0f:e0:10:e0:61 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s A0:21:0D:3B:15:80:87:12:61:12:DA:F8:6A:BE:73:CA:89:42:4B:EA 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 5E:BC:D9:60:AF:68:66:F4:38:D1:49:31:80:96:BA:D9:E4:34:C9:B7 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 1c:2d:16:de:76:64:92:eb:d6:3a:80:b1:5e:39:09:c6:5d:ae: 324s 42:8f:9b:38:bf:69:43:8c:82:88:ff:bb:0d:4e:2b:0a:f6:97: 324s cd:41:5a:2e:cc:2b:70:14:e6:60:26:7a:a6:d6:85:8d:3a:b2: 324s 0b:b0:31:40:f9:fd:8d:3b:ee:05:ca:52:c5:1f:38:6d:f2:00: 324s c6:ea:1d:7b:93:b1:ac:ab:78:07:dd:a0:f5:fc:e1:ed:36:fa: 324s ad:b0:d9:31:0a:9b:22:18:d5:af:21:b3:e0:06:ee:86:8d:19: 324s 20:ce:dc:a2:c6:7a:55:cb:b3:02:f5:76:3e:06:7b:ba:a0:9d: 324s a8:c3 324s + local found_md5 expected_md5 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA-trusted-certificate-0001.pem 324s + expected_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202.pem 324s + found_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 324s + '[' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 '!=' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 ']' 324s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202-auth.output 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202-auth.output .output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202-auth.pem 324s + echo -n 053350 324s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 324s [p11_child[2956]] [main] (0x0400): p11_child started. 324s [p11_child[2956]] [main] (0x2000): Running in [auth] mode. 324s [p11_child[2956]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[2956]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[2956]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 324s [p11_child[2956]] [do_card] (0x4000): Module List: 324s [p11_child[2956]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[2956]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2956]] [do_card] (0x4000): Description [SoftHSM slot ID 0x114dfd57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[2956]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 324s [p11_child[2956]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x114dfd57][290323799] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2956]] [do_card] (0x4000): Login required. 324s [p11_child[2956]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 324s [p11_child[2956]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[2956]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[2956]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x114dfd57;slot-manufacturer=SoftHSM%20project;slot-id=290323799;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9d421e61114dfd57;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 324s [p11_child[2956]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 324s [p11_child[2956]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 324s [p11_child[2956]] [do_card] (0x4000): Certificate verified and validated. 324s [p11_child[2956]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202-auth.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202-auth.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202-auth.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 4 (0x4) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:a0:39:2f:bd:3b:c7:e2:6d:f8:49:cd:9a:18:e2: 324s c3:4f:b6:0a:52:cd:03:f1:62:fe:0d:d0:92:19:3c: 324s 2e:8b:7b:76:47:df:61:2f:40:2f:36:e9:ba:3f:c4: 324s 30:b1:43:35:58:41:a3:5f:a0:d8:4a:83:da:b6:65: 324s d2:63:cd:3e:4f:77:30:b4:91:70:58:1f:65:7b:55: 324s 05:06:38:aa:9e:44:f7:8d:14:c5:a6:27:44:28:ad: 324s e2:ac:92:f6:19:49:8b:70:af:86:4c:86:e7:fa:87: 324s bd:4e:9d:ae:c6:51:6e:9d:cb:35:96:e9:a9:d4:78: 324s a5:c0:d4:29:0f:e0:10:e0:61 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s A0:21:0D:3B:15:80:87:12:61:12:DA:F8:6A:BE:73:CA:89:42:4B:EA 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 5E:BC:D9:60:AF:68:66:F4:38:D1:49:31:80:96:BA:D9:E4:34:C9:B7 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 1c:2d:16:de:76:64:92:eb:d6:3a:80:b1:5e:39:09:c6:5d:ae: 324s 42:8f:9b:38:bf:69:43:8c:82:88:ff:bb:0d:4e:2b:0a:f6:97: 324s cd:41:5a:2e:cc:2b:70:14:e6:60:26:7a:a6:d6:85:8d:3a:b2: 324s 0b:b0:31:40:f9:fd:8d:3b:ee:05:ca:52:c5:1f:38:6d:f2:00: 324s c6:ea:1d:7b:93:b1:ac:ab:78:07:dd:a0:f5:fc:e1:ed:36:fa: 324s ad:b0:d9:31:0a:9b:22:18:d5:af:21:b3:e0:06:ee:86:8d:19: 324s 20:ce:dc:a2:c6:7a:55:cb:b3:02:f5:76:3e:06:7b:ba:a0:9d: 324s a8:c3 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-28202-auth.pem 324s + found_md5=Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 324s + '[' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 '!=' Modulus=A0392FBD3BC7E26DF849CD9A18E2C34FB60A52CD03F162FE0DD092193C2E8B7B7647DF612F402F36E9BA3FC430B143355841A35FA0D84A83DAB665D263CD3E4F7730B49170581F657B55050638AA9E44F78D14C5A6274428ADE2AC92F619498B70AF864C86E7FA87BD4E9DAEC6516E9DCB3596E9A9D478A5C0D4290FE010E061 ']' 324s + invalid_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 324s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 324s + local verify_option= 324s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_cn 324s + local key_name 324s + local tokens_dir 324s + local output_cert_file 324s + token_name= 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 324s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 324s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s ++ sed -n 's/ *commonName *= //p' 324s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 324s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 324s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 324s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 324s + token_name='Test Organization Sub Int Token' 324s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 324s + local key_file 324s + local decrypted_key 324s + mkdir -p /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 324s + key_file=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 324s + decrypted_key=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 324s + cat 324s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 324s Slot 0 has a free/uninitialized token. 324s The token has been initialized and is reassigned to slot 1973473449 324s + softhsm2-util --show-slots 324s Available slots: 324s Slot 1973473449 324s Slot info: 324s Description: SoftHSM slot ID 0x75a0d0a9 324s Manufacturer ID: SoftHSM project 324s Hardware version: 2.6 324s Firmware version: 2.6 324s Token present: yes 324s Token info: 324s Manufacturer ID: SoftHSM project 324s Model: SoftHSM v2 324s Hardware version: 2.6 324s Firmware version: 2.6 324s Serial number: 8a5b97a575a0d0a9 324s Initialized: yes 324s User PIN init.: yes 324s Label: Test Organization Sub Int Token 324s Slot 1 324s Slot info: 324s Description: SoftHSM slot ID 0x1 324s Manufacturer ID: SoftHSM project 324s Hardware version: 2.6 324s Firmware version: 2.6 324s Token present: yes 324s Token info: 324s Manufacturer ID: SoftHSM project 324s Model: SoftHSM v2 324s Hardware version: 2.6 324s Firmware version: 2.6 324s Serial number: 324s Initialized: no 324s User PIN init.: no 324s Label: 324s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 324s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-10735 -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 324s writing RSA key 324s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 324s + rm /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 324s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 324s Object 0: 324s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8a5b97a575a0d0a9;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 324s Type: X.509 Certificate (RSA-1024) 324s Expires: Sat Jan 17 09:58:30 2026 324s Label: Test Organization Sub Intermediate Trusted Certificate 0001 324s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 324s 324s Test Organization Sub Int Token 324s + echo 'Test Organization Sub Int Token' 324s + '[' -n '' ']' 324s + local output_base_name=SSSD-child-26506 324s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-26506.output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-26506.pem 324s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 324s [p11_child[2975]] [main] (0x0400): p11_child started. 324s [p11_child[2975]] [main] (0x2000): Running in [pre-auth] mode. 324s [p11_child[2975]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[2975]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[2975]] [do_card] (0x4000): Module List: 324s [p11_child[2975]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[2975]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2975]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[2975]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 324s [p11_child[2975]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2975]] [do_card] (0x4000): Login NOT required. 324s [p11_child[2975]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 324s [p11_child[2975]] [do_verification] (0x0040): X509_verify_cert failed [0]. 324s [p11_child[2975]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 324s [p11_child[2975]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 324s [p11_child[2975]] [do_card] (0x4000): No certificate found. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-26506.output 324s + return 2 324s + invalid_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem partial_chain 324s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem partial_chain 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 324s + local verify_option=partial_chain 324s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_cn 324s + local key_name 324s + local tokens_dir 324s + local output_cert_file 324s + token_name= 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 324s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 324s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s ++ sed -n 's/ *commonName *= //p' 324s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 324s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 324s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 324s Test Organization Sub Int Token 324s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 324s + token_name='Test Organization Sub Int Token' 324s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 324s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 324s + echo 'Test Organization Sub Int Token' 324s + '[' -n partial_chain ']' 324s + local verify_arg=--verify=partial_chain 324s + local output_base_name=SSSD-child-19996 324s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-19996.output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-19996.pem 324s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-root-CA.pem 324s [p11_child[2982]] [main] (0x0400): p11_child started. 324s [p11_child[2982]] [main] (0x2000): Running in [pre-auth] mode. 324s [p11_child[2982]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[2982]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[2982]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 324s [p11_child[2982]] [do_card] (0x4000): Module List: 324s [p11_child[2982]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[2982]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2982]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[2982]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 324s [p11_child[2982]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2982]] [do_card] (0x4000): Login NOT required. 324s [p11_child[2982]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 324s [p11_child[2982]] [do_verification] (0x0040): X509_verify_cert failed [0]. 324s [p11_child[2982]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 324s [p11_child[2982]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 324s [p11_child[2982]] [do_card] (0x4000): No certificate found. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-19996.output 324s + return 2 324s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 324s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 324s + local verify_option= 324s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_cn 324s + local key_name 324s + local tokens_dir 324s + local output_cert_file 324s + token_name= 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 324s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 324s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s ++ sed -n 's/ *commonName *= //p' 324s Test Organization Sub Int Token 324s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 324s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 324s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 324s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 324s + token_name='Test Organization Sub Int Token' 324s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 324s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 324s + echo 'Test Organization Sub Int Token' 324s + '[' -n '' ']' 324s + local output_base_name=SSSD-child-20905 324s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905.output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905.pem 324s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 324s [p11_child[2989]] [main] (0x0400): p11_child started. 324s [p11_child[2989]] [main] (0x2000): Running in [pre-auth] mode. 324s [p11_child[2989]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[2989]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[2989]] [do_card] (0x4000): Module List: 324s [p11_child[2989]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[2989]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2989]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[2989]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 324s [p11_child[2989]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2989]] [do_card] (0x4000): Login NOT required. 324s [p11_child[2989]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 324s [p11_child[2989]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[2989]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[2989]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x75a0d0a9;slot-manufacturer=SoftHSM%20project;slot-id=1973473449;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8a5b97a575a0d0a9;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[2989]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 5 (0x5) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:da:f9:79:28:38:e1:15:03:3f:76:86:84:fb:68: 324s 83:ec:c5:a0:a5:b3:f6:65:6b:bb:f2:e5:57:ed:23: 324s f8:01:c0:20:b9:29:56:0b:90:05:2b:60:03:61:72: 324s 91:20:68:c0:f3:bb:9f:6e:b9:79:63:52:81:72:35: 324s 46:29:a4:83:fa:01:ab:13:ff:14:d0:68:4d:e8:83: 324s e7:79:2f:04:a4:79:40:e3:43:05:b1:22:b4:dd:43: 324s 83:59:f5:e3:7d:84:5f:fc:7c:bc:93:74:47:14:ea: 324s d1:b8:71:9b:c0:c0:46:35:9c:8a:ff:4a:a6:85:91: 324s 9e:fe:9c:0a:1f:f0:2c:3b:3b 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s 4E:99:CD:FA:16:8C:35:F9:FB:30:C9:F4:39:3B:7C:F2:DC:B3:47:BD 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Sub Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 54:44:0D:2E:B6:59:F1:37:D9:A0:EB:2F:B2:1A:E4:41:34:2E:49:6C 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 9d:f6:14:d0:cb:36:31:3a:f7:8b:1c:5c:64:da:f7:1c:cf:74: 324s 03:34:4b:51:23:d7:69:64:2d:fa:88:0b:36:af:6b:90:6d:e8: 324s c6:fa:be:82:e1:05:1a:68:13:a8:be:89:4a:04:2c:9c:33:d8: 324s 16:6b:41:64:b1:8a:58:e9:6e:b3:75:86:ca:4a:b8:15:52:bf: 324s b4:76:0f:32:11:65:3a:5c:fa:b9:1d:c1:64:b7:a8:8d:66:5b: 324s e5:e1:53:32:60:4d:a1:24:c6:62:4c:60:99:f6:82:05:16:b4: 324s 8a:6d:06:78:27:08:cf:e0:a1:d8:22:e1:cd:a7:df:6c:3e:dc: 324s a4:ae 324s + local found_md5 expected_md5 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + expected_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905.pem 324s + found_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 324s + '[' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B '!=' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B ']' 324s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905-auth.output 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905-auth.output .output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905-auth.pem 324s + echo -n 053350 324s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 324s [p11_child[2997]] [main] (0x0400): p11_child started. 324s [p11_child[2997]] [main] (0x2000): Running in [auth] mode. 324s [p11_child[2997]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[2997]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[2997]] [do_card] (0x4000): Module List: 324s [p11_child[2997]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[2997]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2997]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[2997]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 324s [p11_child[2997]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[2997]] [do_card] (0x4000): Login required. 324s [p11_child[2997]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 324s [p11_child[2997]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[2997]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[2997]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x75a0d0a9;slot-manufacturer=SoftHSM%20project;slot-id=1973473449;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8a5b97a575a0d0a9;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 324s [p11_child[2997]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 324s [p11_child[2997]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 324s [p11_child[2997]] [do_card] (0x4000): Certificate verified and validated. 324s [p11_child[2997]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905-auth.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905-auth.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905-auth.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 5 (0x5) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:da:f9:79:28:38:e1:15:03:3f:76:86:84:fb:68: 324s 83:ec:c5:a0:a5:b3:f6:65:6b:bb:f2:e5:57:ed:23: 324s f8:01:c0:20:b9:29:56:0b:90:05:2b:60:03:61:72: 324s 91:20:68:c0:f3:bb:9f:6e:b9:79:63:52:81:72:35: 324s 46:29:a4:83:fa:01:ab:13:ff:14:d0:68:4d:e8:83: 324s e7:79:2f:04:a4:79:40:e3:43:05:b1:22:b4:dd:43: 324s 83:59:f5:e3:7d:84:5f:fc:7c:bc:93:74:47:14:ea: 324s d1:b8:71:9b:c0:c0:46:35:9c:8a:ff:4a:a6:85:91: 324s 9e:fe:9c:0a:1f:f0:2c:3b:3b 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s 4E:99:CD:FA:16:8C:35:F9:FB:30:C9:F4:39:3B:7C:F2:DC:B3:47:BD 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Sub Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 54:44:0D:2E:B6:59:F1:37:D9:A0:EB:2F:B2:1A:E4:41:34:2E:49:6C 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 9d:f6:14:d0:cb:36:31:3a:f7:8b:1c:5c:64:da:f7:1c:cf:74: 324s 03:34:4b:51:23:d7:69:64:2d:fa:88:0b:36:af:6b:90:6d:e8: 324s c6:fa:be:82:e1:05:1a:68:13:a8:be:89:4a:04:2c:9c:33:d8: 324s 16:6b:41:64:b1:8a:58:e9:6e:b3:75:86:ca:4a:b8:15:52:bf: 324s b4:76:0f:32:11:65:3a:5c:fa:b9:1d:c1:64:b7:a8:8d:66:5b: 324s e5:e1:53:32:60:4d:a1:24:c6:62:4c:60:99:f6:82:05:16:b4: 324s 8a:6d:06:78:27:08:cf:e0:a1:d8:22:e1:cd:a7:df:6c:3e:dc: 324s a4:ae 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-20905-auth.pem 324s + found_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 324s + '[' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B '!=' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B ']' 324s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem partial_chain 324s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem partial_chain 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 324s + local verify_option=partial_chain 324s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_cn 324s + local key_name 324s + local tokens_dir 324s + local output_cert_file 324s + token_name= 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 324s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 324s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s ++ sed -n 's/ *commonName *= //p' 324s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 324s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 324s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 324s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 324s + token_name='Test Organization Sub Int Token' 324s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 324s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 324s Test Organization Sub Int Token 324s + echo 'Test Organization Sub Int Token' 324s + '[' -n partial_chain ']' 324s + local verify_arg=--verify=partial_chain 324s + local output_base_name=SSSD-child-24759 324s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759.output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759.pem 324s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem 324s [p11_child[3007]] [main] (0x0400): p11_child started. 324s [p11_child[3007]] [main] (0x2000): Running in [pre-auth] mode. 324s [p11_child[3007]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[3007]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[3007]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 324s [p11_child[3007]] [do_card] (0x4000): Module List: 324s [p11_child[3007]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[3007]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3007]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[3007]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 324s [p11_child[3007]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3007]] [do_card] (0x4000): Login NOT required. 324s [p11_child[3007]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 324s [p11_child[3007]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[3007]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[3007]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x75a0d0a9;slot-manufacturer=SoftHSM%20project;slot-id=1973473449;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8a5b97a575a0d0a9;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[3007]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 5 (0x5) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:da:f9:79:28:38:e1:15:03:3f:76:86:84:fb:68: 324s 83:ec:c5:a0:a5:b3:f6:65:6b:bb:f2:e5:57:ed:23: 324s f8:01:c0:20:b9:29:56:0b:90:05:2b:60:03:61:72: 324s 91:20:68:c0:f3:bb:9f:6e:b9:79:63:52:81:72:35: 324s 46:29:a4:83:fa:01:ab:13:ff:14:d0:68:4d:e8:83: 324s e7:79:2f:04:a4:79:40:e3:43:05:b1:22:b4:dd:43: 324s 83:59:f5:e3:7d:84:5f:fc:7c:bc:93:74:47:14:ea: 324s d1:b8:71:9b:c0:c0:46:35:9c:8a:ff:4a:a6:85:91: 324s 9e:fe:9c:0a:1f:f0:2c:3b:3b 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s 4E:99:CD:FA:16:8C:35:F9:FB:30:C9:F4:39:3B:7C:F2:DC:B3:47:BD 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Sub Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 54:44:0D:2E:B6:59:F1:37:D9:A0:EB:2F:B2:1A:E4:41:34:2E:49:6C 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 9d:f6:14:d0:cb:36:31:3a:f7:8b:1c:5c:64:da:f7:1c:cf:74: 324s 03:34:4b:51:23:d7:69:64:2d:fa:88:0b:36:af:6b:90:6d:e8: 324s c6:fa:be:82:e1:05:1a:68:13:a8:be:89:4a:04:2c:9c:33:d8: 324s 16:6b:41:64:b1:8a:58:e9:6e:b3:75:86:ca:4a:b8:15:52:bf: 324s b4:76:0f:32:11:65:3a:5c:fa:b9:1d:c1:64:b7:a8:8d:66:5b: 324s e5:e1:53:32:60:4d:a1:24:c6:62:4c:60:99:f6:82:05:16:b4: 324s 8a:6d:06:78:27:08:cf:e0:a1:d8:22:e1:cd:a7:df:6c:3e:dc: 324s a4:ae 324s + local found_md5 expected_md5 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + expected_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759.pem 324s + found_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 324s + '[' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B '!=' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B ']' 324s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759-auth.output 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759-auth.output .output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759-auth.pem 324s + echo -n 053350 324s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 324s [p11_child[3015]] [main] (0x0400): p11_child started. 324s [p11_child[3015]] [main] (0x2000): Running in [auth] mode. 324s [p11_child[3015]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[3015]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[3015]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 324s [p11_child[3015]] [do_card] (0x4000): Module List: 324s [p11_child[3015]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[3015]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3015]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[3015]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 324s [p11_child[3015]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3015]] [do_card] (0x4000): Login required. 324s [p11_child[3015]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 324s [p11_child[3015]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[3015]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[3015]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x75a0d0a9;slot-manufacturer=SoftHSM%20project;slot-id=1973473449;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8a5b97a575a0d0a9;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 324s [p11_child[3015]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 324s [p11_child[3015]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 324s [p11_child[3015]] [do_card] (0x4000): Certificate verified and validated. 324s [p11_child[3015]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759-auth.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759-auth.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759-auth.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 5 (0x5) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:da:f9:79:28:38:e1:15:03:3f:76:86:84:fb:68: 324s 83:ec:c5:a0:a5:b3:f6:65:6b:bb:f2:e5:57:ed:23: 324s f8:01:c0:20:b9:29:56:0b:90:05:2b:60:03:61:72: 324s 91:20:68:c0:f3:bb:9f:6e:b9:79:63:52:81:72:35: 324s 46:29:a4:83:fa:01:ab:13:ff:14:d0:68:4d:e8:83: 324s e7:79:2f:04:a4:79:40:e3:43:05:b1:22:b4:dd:43: 324s 83:59:f5:e3:7d:84:5f:fc:7c:bc:93:74:47:14:ea: 324s d1:b8:71:9b:c0:c0:46:35:9c:8a:ff:4a:a6:85:91: 324s 9e:fe:9c:0a:1f:f0:2c:3b:3b 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s 4E:99:CD:FA:16:8C:35:F9:FB:30:C9:F4:39:3B:7C:F2:DC:B3:47:BD 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Sub Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 54:44:0D:2E:B6:59:F1:37:D9:A0:EB:2F:B2:1A:E4:41:34:2E:49:6C 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 9d:f6:14:d0:cb:36:31:3a:f7:8b:1c:5c:64:da:f7:1c:cf:74: 324s 03:34:4b:51:23:d7:69:64:2d:fa:88:0b:36:af:6b:90:6d:e8: 324s c6:fa:be:82:e1:05:1a:68:13:a8:be:89:4a:04:2c:9c:33:d8: 324s 16:6b:41:64:b1:8a:58:e9:6e:b3:75:86:ca:4a:b8:15:52:bf: 324s b4:76:0f:32:11:65:3a:5c:fa:b9:1d:c1:64:b7:a8:8d:66:5b: 324s e5:e1:53:32:60:4d:a1:24:c6:62:4c:60:99:f6:82:05:16:b4: 324s 8a:6d:06:78:27:08:cf:e0:a1:d8:22:e1:cd:a7:df:6c:3e:dc: 324s a4:ae 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-24759-auth.pem 324s + found_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 324s + '[' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B '!=' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B ']' 324s + invalid_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 324s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 324s + local verify_option= 324s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_cn 324s + local key_name 324s + local tokens_dir 324s + local output_cert_file 324s + token_name= 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 324s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 324s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s ++ sed -n 's/ *commonName *= //p' 324s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 324s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 324s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 324s Test Organization Sub Int Token 324s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 324s + token_name='Test Organization Sub Int Token' 324s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 324s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 324s + echo 'Test Organization Sub Int Token' 324s + '[' -n '' ']' 324s + local output_base_name=SSSD-child-15735 324s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-15735.output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-15735.pem 324s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 324s [p11_child[3025]] [main] (0x0400): p11_child started. 324s [p11_child[3025]] [main] (0x2000): Running in [pre-auth] mode. 324s [p11_child[3025]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[3025]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[3025]] [do_card] (0x4000): Module List: 324s [p11_child[3025]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[3025]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3025]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[3025]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 324s [p11_child[3025]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3025]] [do_card] (0x4000): Login NOT required. 324s [p11_child[3025]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 324s [p11_child[3025]] [do_verification] (0x0040): X509_verify_cert failed [0]. 324s [p11_child[3025]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 324s [p11_child[3025]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 324s [p11_child[3025]] [do_card] (0x4000): No certificate found. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-15735.output 324s + return 2 324s + invalid_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-root-intermediate-chain-CA.pem partial_chain 324s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-root-intermediate-chain-CA.pem partial_chain 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-root-intermediate-chain-CA.pem 324s + local verify_option=partial_chain 324s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_cn 324s + local key_name 324s + local tokens_dir 324s + local output_cert_file 324s + token_name= 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 324s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 324s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s ++ sed -n 's/ *commonName *= //p' 324s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 324s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 324s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 324s Test Organization Sub Int Token 324s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 324s + token_name='Test Organization Sub Int Token' 324s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 324s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 324s + echo 'Test Organization Sub Int Token' 324s + '[' -n partial_chain ']' 324s + local verify_arg=--verify=partial_chain 324s + local output_base_name=SSSD-child-30478 324s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-30478.output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-30478.pem 324s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-root-intermediate-chain-CA.pem 324s [p11_child[3032]] [main] (0x0400): p11_child started. 324s [p11_child[3032]] [main] (0x2000): Running in [pre-auth] mode. 324s [p11_child[3032]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[3032]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[3032]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 324s [p11_child[3032]] [do_card] (0x4000): Module List: 324s [p11_child[3032]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[3032]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3032]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[3032]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 324s [p11_child[3032]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3032]] [do_card] (0x4000): Login NOT required. 324s [p11_child[3032]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 324s [p11_child[3032]] [do_verification] (0x0040): X509_verify_cert failed [0]. 324s [p11_child[3032]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 324s [p11_child[3032]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 324s [p11_child[3032]] [do_card] (0x4000): No certificate found. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-30478.output 324s + return 2 324s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem partial_chain 324s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem partial_chain 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 324s + local verify_option=partial_chain 324s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_cn 324s + local key_name 324s + local tokens_dir 324s + local output_cert_file 324s + token_name= 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 324s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 324s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s ++ sed -n 's/ *commonName *= //p' 324s Test Organization Sub Int Token 324s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 324s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 324s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 324s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 324s + token_name='Test Organization Sub Int Token' 324s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 324s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 324s + echo 'Test Organization Sub Int Token' 324s + '[' -n partial_chain ']' 324s + local verify_arg=--verify=partial_chain 324s + local output_base_name=SSSD-child-19189 324s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189.output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189.pem 324s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem 324s [p11_child[3039]] [main] (0x0400): p11_child started. 324s [p11_child[3039]] [main] (0x2000): Running in [pre-auth] mode. 324s [p11_child[3039]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[3039]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[3039]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 324s [p11_child[3039]] [do_card] (0x4000): Module List: 324s [p11_child[3039]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[3039]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3039]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[3039]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 324s [p11_child[3039]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3039]] [do_card] (0x4000): Login NOT required. 324s [p11_child[3039]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 324s [p11_child[3039]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[3039]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[3039]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x75a0d0a9;slot-manufacturer=SoftHSM%20project;slot-id=1973473449;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8a5b97a575a0d0a9;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[3039]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 5 (0x5) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:da:f9:79:28:38:e1:15:03:3f:76:86:84:fb:68: 324s 83:ec:c5:a0:a5:b3:f6:65:6b:bb:f2:e5:57:ed:23: 324s f8:01:c0:20:b9:29:56:0b:90:05:2b:60:03:61:72: 324s 91:20:68:c0:f3:bb:9f:6e:b9:79:63:52:81:72:35: 324s 46:29:a4:83:fa:01:ab:13:ff:14:d0:68:4d:e8:83: 324s e7:79:2f:04:a4:79:40:e3:43:05:b1:22:b4:dd:43: 324s 83:59:f5:e3:7d:84:5f:fc:7c:bc:93:74:47:14:ea: 324s d1:b8:71:9b:c0:c0:46:35:9c:8a:ff:4a:a6:85:91: 324s 9e:fe:9c:0a:1f:f0:2c:3b:3b 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s 4E:99:CD:FA:16:8C:35:F9:FB:30:C9:F4:39:3B:7C:F2:DC:B3:47:BD 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Sub Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 54:44:0D:2E:B6:59:F1:37:D9:A0:EB:2F:B2:1A:E4:41:34:2E:49:6C 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 9d:f6:14:d0:cb:36:31:3a:f7:8b:1c:5c:64:da:f7:1c:cf:74: 324s 03:34:4b:51:23:d7:69:64:2d:fa:88:0b:36:af:6b:90:6d:e8: 324s c6:fa:be:82:e1:05:1a:68:13:a8:be:89:4a:04:2c:9c:33:d8: 324s 16:6b:41:64:b1:8a:58:e9:6e:b3:75:86:ca:4a:b8:15:52:bf: 324s b4:76:0f:32:11:65:3a:5c:fa:b9:1d:c1:64:b7:a8:8d:66:5b: 324s e5:e1:53:32:60:4d:a1:24:c6:62:4c:60:99:f6:82:05:16:b4: 324s 8a:6d:06:78:27:08:cf:e0:a1:d8:22:e1:cd:a7:df:6c:3e:dc: 324s a4:ae 324s + local found_md5 expected_md5 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + expected_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189.pem 324s + found_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 324s + '[' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B '!=' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B ']' 324s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189-auth.output 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189-auth.output .output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189-auth.pem 324s + echo -n 053350 324s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 324s [p11_child[3047]] [main] (0x0400): p11_child started. 324s [p11_child[3047]] [main] (0x2000): Running in [auth] mode. 324s [p11_child[3047]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[3047]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[3047]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 324s [p11_child[3047]] [do_card] (0x4000): Module List: 324s [p11_child[3047]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[3047]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3047]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[3047]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 324s [p11_child[3047]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3047]] [do_card] (0x4000): Login required. 324s [p11_child[3047]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 324s [p11_child[3047]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[3047]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[3047]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x75a0d0a9;slot-manufacturer=SoftHSM%20project;slot-id=1973473449;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8a5b97a575a0d0a9;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 324s [p11_child[3047]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 324s [p11_child[3047]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 324s [p11_child[3047]] [do_card] (0x4000): Certificate verified and validated. 324s [p11_child[3047]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189-auth.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189-auth.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189-auth.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 5 (0x5) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:da:f9:79:28:38:e1:15:03:3f:76:86:84:fb:68: 324s 83:ec:c5:a0:a5:b3:f6:65:6b:bb:f2:e5:57:ed:23: 324s f8:01:c0:20:b9:29:56:0b:90:05:2b:60:03:61:72: 324s 91:20:68:c0:f3:bb:9f:6e:b9:79:63:52:81:72:35: 324s 46:29:a4:83:fa:01:ab:13:ff:14:d0:68:4d:e8:83: 324s e7:79:2f:04:a4:79:40:e3:43:05:b1:22:b4:dd:43: 324s 83:59:f5:e3:7d:84:5f:fc:7c:bc:93:74:47:14:ea: 324s d1:b8:71:9b:c0:c0:46:35:9c:8a:ff:4a:a6:85:91: 324s 9e:fe:9c:0a:1f:f0:2c:3b:3b 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s 4E:99:CD:FA:16:8C:35:F9:FB:30:C9:F4:39:3B:7C:F2:DC:B3:47:BD 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Sub Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 54:44:0D:2E:B6:59:F1:37:D9:A0:EB:2F:B2:1A:E4:41:34:2E:49:6C 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 9d:f6:14:d0:cb:36:31:3a:f7:8b:1c:5c:64:da:f7:1c:cf:74: 324s 03:34:4b:51:23:d7:69:64:2d:fa:88:0b:36:af:6b:90:6d:e8: 324s c6:fa:be:82:e1:05:1a:68:13:a8:be:89:4a:04:2c:9c:33:d8: 324s 16:6b:41:64:b1:8a:58:e9:6e:b3:75:86:ca:4a:b8:15:52:bf: 324s b4:76:0f:32:11:65:3a:5c:fa:b9:1d:c1:64:b7:a8:8d:66:5b: 324s e5:e1:53:32:60:4d:a1:24:c6:62:4c:60:99:f6:82:05:16:b4: 324s 8a:6d:06:78:27:08:cf:e0:a1:d8:22:e1:cd:a7:df:6c:3e:dc: 324s a4:ae 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-19189-auth.pem 324s + found_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 324s + '[' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B '!=' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B ']' 324s + valid_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-intermediate-sub-chain-CA.pem partial_chain 324s + check_certificate /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 /tmp/sssd-softhsm2-LfYLeN/test-intermediate-sub-chain-CA.pem partial_chain 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_ring=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-sub-chain-CA.pem 324s + local verify_option=partial_chain 324s + prepare_softhsm2_card /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local certificate=/tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10735 324s + local key_cn 324s + local key_name 324s + local tokens_dir 324s + local output_cert_file 324s + token_name= 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 324s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 324s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s ++ sed -n 's/ *commonName *= //p' 324s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 324s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 324s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 324s ++ basename /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 324s Test Organization Sub Int Token 324s + tokens_dir=/tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 324s + token_name='Test Organization Sub Int Token' 324s + '[' '!' -e /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 324s + '[' '!' -d /tmp/sssd-softhsm2-LfYLeN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 324s + echo 'Test Organization Sub Int Token' 324s + '[' -n partial_chain ']' 324s + local verify_arg=--verify=partial_chain 324s + local output_base_name=SSSD-child-27124 324s + local output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124.output 324s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124.pem 324s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-sub-chain-CA.pem 324s [p11_child[3057]] [main] (0x0400): p11_child started. 324s [p11_child[3057]] [main] (0x2000): Running in [pre-auth] mode. 324s [p11_child[3057]] [main] (0x2000): Running with effective IDs: [0][0]. 324s [p11_child[3057]] [main] (0x2000): Running with real IDs [0][0]. 324s [p11_child[3057]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 324s [p11_child[3057]] [do_card] (0x4000): Module List: 324s [p11_child[3057]] [do_card] (0x4000): common name: [softhsm2]. 324s [p11_child[3057]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3057]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 324s [p11_child[3057]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 324s [p11_child[3057]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 324s [p11_child[3057]] [do_card] (0x4000): Login NOT required. 324s [p11_child[3057]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 324s [p11_child[3057]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 324s [p11_child[3057]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 324s [p11_child[3057]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x75a0d0a9;slot-manufacturer=SoftHSM%20project;slot-id=1973473449;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8a5b97a575a0d0a9;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 324s [p11_child[3057]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 324s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124.output 324s + echo '-----BEGIN CERTIFICATE-----' 324s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124.output 324s + echo '-----END CERTIFICATE-----' 324s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124.pem 324s Certificate: 324s Data: 324s Version: 3 (0x2) 324s Serial Number: 5 (0x5) 324s Signature Algorithm: sha256WithRSAEncryption 324s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 324s Validity 324s Not Before: Jan 17 09:58:30 2025 GMT 324s Not After : Jan 17 09:58:30 2026 GMT 324s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 324s Subject Public Key Info: 324s Public Key Algorithm: rsaEncryption 324s Public-Key: (1024 bit) 324s Modulus: 324s 00:da:f9:79:28:38:e1:15:03:3f:76:86:84:fb:68: 324s 83:ec:c5:a0:a5:b3:f6:65:6b:bb:f2:e5:57:ed:23: 324s f8:01:c0:20:b9:29:56:0b:90:05:2b:60:03:61:72: 324s 91:20:68:c0:f3:bb:9f:6e:b9:79:63:52:81:72:35: 324s 46:29:a4:83:fa:01:ab:13:ff:14:d0:68:4d:e8:83: 324s e7:79:2f:04:a4:79:40:e3:43:05:b1:22:b4:dd:43: 324s 83:59:f5:e3:7d:84:5f:fc:7c:bc:93:74:47:14:ea: 324s d1:b8:71:9b:c0:c0:46:35:9c:8a:ff:4a:a6:85:91: 324s 9e:fe:9c:0a:1f:f0:2c:3b:3b 324s Exponent: 65537 (0x10001) 324s X509v3 extensions: 324s X509v3 Authority Key Identifier: 324s 4E:99:CD:FA:16:8C:35:F9:FB:30:C9:F4:39:3B:7C:F2:DC:B3:47:BD 324s X509v3 Basic Constraints: 324s CA:FALSE 324s Netscape Cert Type: 324s SSL Client, S/MIME 324s Netscape Comment: 324s Test Organization Sub Intermediate CA trusted Certificate 324s X509v3 Subject Key Identifier: 324s 54:44:0D:2E:B6:59:F1:37:D9:A0:EB:2F:B2:1A:E4:41:34:2E:49:6C 324s X509v3 Key Usage: critical 324s Digital Signature, Non Repudiation, Key Encipherment 324s X509v3 Extended Key Usage: 324s TLS Web Client Authentication, E-mail Protection 324s X509v3 Subject Alternative Name: 324s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 324s Signature Algorithm: sha256WithRSAEncryption 324s Signature Value: 324s 9d:f6:14:d0:cb:36:31:3a:f7:8b:1c:5c:64:da:f7:1c:cf:74: 324s 03:34:4b:51:23:d7:69:64:2d:fa:88:0b:36:af:6b:90:6d:e8: 324s c6:fa:be:82:e1:05:1a:68:13:a8:be:89:4a:04:2c:9c:33:d8: 324s 16:6b:41:64:b1:8a:58:e9:6e:b3:75:86:ca:4a:b8:15:52:bf: 324s b4:76:0f:32:11:65:3a:5c:fa:b9:1d:c1:64:b7:a8:8d:66:5b: 324s e5:e1:53:32:60:4d:a1:24:c6:62:4c:60:99:f6:82:05:16:b4: 324s 8a:6d:06:78:27:08:cf:e0:a1:d8:22:e1:cd:a7:df:6c:3e:dc: 324s a4:ae 324s + local found_md5 expected_md5 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/test-sub-intermediate-CA-trusted-certificate-0001.pem 324s + expected_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 324s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124.pem 325s + found_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 325s + '[' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B '!=' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B ']' 325s + output_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124-auth.output 325s ++ basename /tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124-auth.output .output 325s + output_cert_file=/tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124-auth.pem 325s + echo -n 053350 325s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-LfYLeN/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 325s [p11_child[3065]] [main] (0x0400): p11_child started. 325s [p11_child[3065]] [main] (0x2000): Running in [auth] mode. 325s [p11_child[3065]] [main] (0x2000): Running with effective IDs: [0][0]. 325s [p11_child[3065]] [main] (0x2000): Running with real IDs [0][0]. 325s [p11_child[3065]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 325s [p11_child[3065]] [do_card] (0x4000): Module List: 325s [p11_child[3065]] [do_card] (0x4000): common name: [softhsm2]. 325s [p11_child[3065]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 325s [p11_child[3065]] [do_card] (0x4000): Description [SoftHSM slot ID 0x75a0d0a9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 325s [p11_child[3065]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 325s [p11_child[3065]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x75a0d0a9][1973473449] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 325s [p11_child[3065]] [do_card] (0x4000): Login required. 325s [p11_child[3065]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 325s [p11_child[3065]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 325s [p11_child[3065]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 325s [p11_child[3065]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x75a0d0a9;slot-manufacturer=SoftHSM%20project;slot-id=1973473449;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8a5b97a575a0d0a9;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 325s [p11_child[3065]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 325s [p11_child[3065]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 325s [p11_child[3065]] [do_card] (0x4000): Certificate verified and validated. 325s [p11_child[3065]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 325s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124-auth.output 325s + echo '-----BEGIN CERTIFICATE-----' 325s + tail -n1 /tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124-auth.output 325s + echo '-----END CERTIFICATE-----' 325s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124-auth.pem 325s Certificate: 325s Data: 325s Version: 3 (0x2) 325s Serial Number: 5 (0x5) 325s Signature Algorithm: sha256WithRSAEncryption 325s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 325s Validity 325s Not Before: Jan 17 09:58:30 2025 GMT 325s Not After : Jan 17 09:58:30 2026 GMT 325s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 325s Subject Public Key Info: 325s Public Key Algorithm: rsaEncryption 325s Public-Key: (1024 bit) 325s Modulus: 325s 00:da:f9:79:28:38:e1:15:03:3f:76:86:84:fb:68: 325s 83:ec:c5:a0:a5:b3:f6:65:6b:bb:f2:e5:57:ed:23: 325s f8:01:c0:20:b9:29:56:0b:90:05:2b:60:03:61:72: 325s 91:20:68:c0:f3:bb:9f:6e:b9:79:63:52:81:72:35: 325s 46:29:a4:83:fa:01:ab:13:ff:14:d0:68:4d:e8:83: 325s e7:79:2f:04:a4:79:40:e3:43:05:b1:22:b4:dd:43: 325s 83:59:f5:e3:7d:84:5f:fc:7c:bc:93:74:47:14:ea: 325s d1:b8:71:9b:c0:c0:46:35:9c:8a:ff:4a:a6:85:91: 325s 9e:fe:9c:0a:1f:f0:2c:3b:3b 325s Exponent: 65537 (0x10001) 325s X509v3 extensions: 325s X509v3 Authority Key Identifier: 325s 4E:99:CD:FA:16:8C:35:F9:FB:30:C9:F4:39:3B:7C:F2:DC:B3:47:BD 325s X509v3 Basic Constraints: 325s CA:FALSE 325s Netscape Cert Type: 325s SSL Client, S/MIME 325s Netscape Comment: 325s Test Organization Sub Intermediate CA trusted Certificate 325s X509v3 Subject Key Identifier: 325s 54:44:0D:2E:B6:59:F1:37:D9:A0:EB:2F:B2:1A:E4:41:34:2E:49:6C 325s X509v3 Key Usage: critical 325s Digital Signature, Non Repudiation, Key Encipherment 325s X509v3 Extended Key Usage: 325s TLS Web Client Authentication, E-mail Protection 325s X509v3 Subject Alternative Name: 325s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 325s Signature Algorithm: sha256WithRSAEncryption 325s Signature Value: 325s 9d:f6:14:d0:cb:36:31:3a:f7:8b:1c:5c:64:da:f7:1c:cf:74: 325s 03:34:4b:51:23:d7:69:64:2d:fa:88:0b:36:af:6b:90:6d:e8: 325s c6:fa:be:82:e1:05:1a:68:13:a8:be:89:4a:04:2c:9c:33:d8: 325s 16:6b:41:64:b1:8a:58:e9:6e:b3:75:86:ca:4a:b8:15:52:bf: 325s b4:76:0f:32:11:65:3a:5c:fa:b9:1d:c1:64:b7:a8:8d:66:5b: 325s e5:e1:53:32:60:4d:a1:24:c6:62:4c:60:99:f6:82:05:16:b4: 325s 8a:6d:06:78:27:08:cf:e0:a1:d8:22:e1:cd:a7:df:6c:3e:dc: 325s a4:ae 325s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-LfYLeN/SSSD-child-27124-auth.pem 325s 325s Test completed, Root CA and intermediate issued certificates verified! 325s + found_md5=Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B 325s + '[' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B '!=' Modulus=DAF9792838E115033F768684FB6883ECC5A0A5B3F6656BBBF2E557ED23F801C020B929560B90052B60036172912068C0F3BB9F6EB97963528172354629A483FA01AB13FF14D0684DE883E7792F04A47940E34305B122B4DD438359F5E37D845FFC7CBC93744714EAD1B8719BC0C046359C8AFF4AA685919EFE9C0A1FF02C3B3B ']' 325s + set +x 325s autopkgtest [09:58:33]: test sssd-softhism2-certificates-tests.sh: -----------------------] 325s autopkgtest [09:58:33]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 325s sssd-softhism2-certificates-tests.sh PASS 327s autopkgtest [09:58:34]: test sssd-smart-card-pam-auth-configs: preparing testbed 327s Reading package lists... 327s Building dependency tree... 327s Reading state information... 327s Starting pkgProblemResolver with broken count: 0 327s Starting 2 pkgProblemResolver with broken count: 0 327s Done 327s The following NEW packages will be installed: 327s pamtester 327s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 327s Need to get 14.6 kB of archives. 327s After this operation, 86.0 kB of additional disk space will be used. 327s Get:1 http://ftpmaster.internal/ubuntu plucky/universe ppc64el pamtester ppc64el 0.1.2-4 [14.6 kB] 327s Fetched 14.6 kB in 0s (69.1 kB/s) 327s Selecting previously unselected package pamtester. 327s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74633 files and directories currently installed.) 327s Preparing to unpack .../pamtester_0.1.2-4_ppc64el.deb ... 327s Unpacking pamtester (0.1.2-4) ... 327s Setting up pamtester (0.1.2-4) ... 327s Processing triggers for man-db (2.13.0-1) ... 328s autopkgtest [09:58:36]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 328s autopkgtest [09:58:36]: test sssd-smart-card-pam-auth-configs: [----------------------- 329s + '[' -z ubuntu ']' 329s + export DEBIAN_FRONTEND=noninteractive 329s + DEBIAN_FRONTEND=noninteractive 329s + required_tools=(pamtester softhsm2-util sssd) 329s + [[ ! -v OFFLINE_MODE ]] 329s + for cmd in "${required_tools[@]}" 329s + command -v pamtester 329s + for cmd in "${required_tools[@]}" 329s + command -v softhsm2-util 329s + for cmd in "${required_tools[@]}" 329s + command -v sssd 329s + PIN=123456 329s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 329s + tmpdir=/tmp/sssd-softhsm2-certs-So901L 329s + backupsdir= 329s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 329s + declare -a restore_paths 329s + declare -a delete_paths 329s + trap handle_exit EXIT 329s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 329s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 329s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 329s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 329s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-So901L GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 329s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-So901L 329s + GENERATE_SMART_CARDS=1 329s + KEEP_TEMPORARY_FILES=1 329s + NO_SSSD_TESTS=1 329s + bash debian/tests/sssd-softhism2-certificates-tests.sh 329s + '[' -z ubuntu ']' 329s + required_tools=(p11tool openssl softhsm2-util) 329s + for cmd in "${required_tools[@]}" 329s + command -v p11tool 329s + for cmd in "${required_tools[@]}" 329s + command -v openssl 329s + for cmd in "${required_tools[@]}" 329s + command -v softhsm2-util 329s + PIN=123456 329s +++ find /usr/lib/softhsm/libsofthsm2.so 329s +++ head -n 1 329s ++ realpath /usr/lib/softhsm/libsofthsm2.so 329s + SOFTHSM2_MODULE=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 329s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 329s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 329s + '[' '!' -v NO_SSSD_TESTS ']' 329s + '[' '!' -e /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so ']' 329s + tmpdir=/tmp/sssd-softhsm2-certs-So901L 329s + keys_size=1024 329s + [[ ! -v KEEP_TEMPORARY_FILES ]] 329s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 329s + echo -n 01 329s + touch /tmp/sssd-softhsm2-certs-So901L/index.txt 329s + mkdir -p /tmp/sssd-softhsm2-certs-So901L/new_certs 329s + cat 329s + root_ca_key_pass=pass:random-root-CA-password-12357 329s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-So901L/test-root-CA-key.pem -passout pass:random-root-CA-password-12357 1024 329s + openssl req -passin pass:random-root-CA-password-12357 -batch -config /tmp/sssd-softhsm2-certs-So901L/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-So901L/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-So901L/test-root-CA.pem 329s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-So901L/test-root-CA.pem 329s + cat 329s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-12088 329s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-12088 1024 329s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-12088 -config /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-12357 -sha256 -out /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-certificate-request.pem 329s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-certificate-request.pem 329s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-So901L/test-root-CA.config -passin pass:random-root-CA-password-12357 -keyfile /tmp/sssd-softhsm2-certs-So901L/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem 329s Certificate Request: 329s Data: 329s Version: 1 (0x0) 329s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 329s Subject Public Key Info: 329s Public Key Algorithm: rsaEncryption 329s Public-Key: (1024 bit) 329s Modulus: 329s 00:c6:85:a7:55:d1:62:91:56:a5:84:4a:14:69:81: 329s 71:a2:04:db:5f:32:d9:d3:99:4e:3b:87:d3:c5:b1: 329s 1d:de:e4:a8:92:66:30:63:29:e9:7c:04:61:9b:ce: 329s 76:ab:ad:9e:5a:91:84:80:df:db:1b:c0:47:44:06: 329s 09:7f:25:ac:1c:06:ab:c1:c8:48:b3:1b:cd:a7:b3: 329s ff:7c:a9:4d:3b:b6:67:fd:d7:b8:3a:51:cd:bd:c1: 329s 21:88:59:5e:89:3c:76:e8:11:37:56:83:42:02:ce: 329s 03:9d:fd:a1:a1:3a:36:9b:17:52:86:76:d5:44:9a: 329s 41:c9:85:03:84:60:b2:de:35 329s Exponent: 65537 (0x10001) 329s Attributes: 329s (none) 329s Requested Extensions: 329s Signature Algorithm: sha256WithRSAEncryption 329s Signature Value: 329s 2f:81:94:36:24:ee:c2:4d:b4:48:56:ce:a8:64:4f:34:b2:ce: 329s 01:68:db:64:b0:43:c4:d6:4f:cf:b6:0d:b4:31:03:ac:39:8e: 329s 26:82:11:23:70:e7:73:a3:01:49:12:92:e3:43:72:30:a3:f1: 329s 05:8e:ec:a8:ba:9f:73:07:c1:75:f5:70:a9:76:58:a2:e7:ef: 329s 6e:32:66:d4:37:f8:35:78:59:c3:b4:13:44:01:85:43:82:dc: 329s 1f:be:99:26:89:89:bb:20:38:f9:a1:7c:c4:38:72:63:51:7f: 329s 21:e7:3f:58:1a:91:2b:58:4a:29:b6:5b:19:22:04:87:b5:e5: 329s 16:1d 329s Using configuration from /tmp/sssd-softhsm2-certs-So901L/test-root-CA.config 329s Check that the request matches the signature 329s Signature ok 329s Certificate Details: 329s Serial Number: 1 (0x1) 329s Validity 329s Not Before: Jan 17 09:58:37 2025 GMT 329s Not After : Jan 17 09:58:37 2026 GMT 329s Subject: 329s organizationName = Test Organization 329s organizationalUnitName = Test Organization Unit 329s commonName = Test Organization Intermediate CA 329s X509v3 extensions: 329s X509v3 Subject Key Identifier: 329s 24:DC:91:DA:39:2A:D7:A2:B7:19:B7:23:05:2A:DF:30:DC:66:45:D1 329s X509v3 Authority Key Identifier: 329s keyid:8D:60:E7:BE:D8:FB:06:11:CC:94:0F:76:04:89:C5:15:09:0B:71:5F 329s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 329s serial:00 329s X509v3 Basic Constraints: 329s CA:TRUE 329s X509v3 Key Usage: critical 329s Digital Signature, Certificate Sign, CRL Sign 329s Certificate is to be certified until Jan 17 09:58:37 2026 GMT (365 days) 329s 329s Write out database with 1 new entries 329s Database updated 329s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-root-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem 329s + cat 329s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-12541 329s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-12541 1024 329s /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem: OK 329s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-12541 -config /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-12088 -sha256 -out /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-certificate-request.pem 329s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-certificate-request.pem 329s Certificate Request: 329s Data: 329s Version: 1 (0x0) 329s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 329s Subject Public Key Info: 329s Public Key Algorithm: rsaEncryption 329s Public-Key: (1024 bit) 329s Modulus: 329s 00:c7:13:f2:a9:aa:9f:eb:1c:e3:65:4a:61:24:e1: 329s e3:54:fa:51:01:c5:6e:2f:6f:44:ac:7c:05:8e:c3: 329s 9d:e0:79:b1:83:1c:98:a0:75:68:23:f9:21:d4:8b: 329s df:01:00:c6:a3:7a:d1:fe:1a:ab:da:6c:f8:fc:f2: 329s 6b:95:f2:9c:bb:15:c3:d7:5f:e8:90:1f:26:6d:d3: 329s 3d:66:3f:be:2d:e1:c1:cf:9f:79:bd:60:90:22:f6: 329s 6d:d0:73:be:da:05:00:2d:6d:d1:d2:ce:41:ce:fe: 329s 97:3c:6b:29:ef:a6:d5:b5:ed:74:00:7c:eb:f4:70: 329s 7c:1d:e0:6a:29:a3:d0:ab:33 329s Exponent: 65537 (0x10001) 329s Attributes: 329s (none) 329s Requested Extensions: 329s Signature Algorithm: sha256WithRSAEncryption 329s Signature Value: 329s 6c:2d:41:66:2c:2f:d1:3c:9b:84:12:8d:60:41:3b:8e:c1:92: 329s 2c:26:e7:2f:13:fe:05:b0:18:d1:25:7a:ce:91:a2:36:98:d2: 329s a8:fb:21:1b:8b:de:7d:e9:53:02:bf:af:10:2b:c2:ab:1f:2c: 329s 41:2f:58:58:07:2f:f7:4f:6f:02:d7:65:ef:36:92:ba:ec:4c: 329s 33:9e:74:82:21:61:aa:47:4a:a1:2f:ed:33:5b:e9:b3:0d:81: 329s b9:e9:44:a6:71:40:87:36:65:ee:4f:36:df:8f:ae:a2:56:73: 329s ea:35:a6:cf:19:77:26:bf:46:fb:8c:79:9e:1e:62:74:16:df: 329s b4:de 329s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-12088 -keyfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem 329s Using configuration from /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.config 329s Check that the request matches the signature 329s Signature ok 329s Certificate Details: 329s Serial Number: 2 (0x2) 329s Validity 329s Not Before: Jan 17 09:58:37 2025 GMT 329s Not After : Jan 17 09:58:37 2026 GMT 329s Subject: 329s organizationName = Test Organization 329s organizationalUnitName = Test Organization Unit 329s commonName = Test Organization Sub Intermediate CA 329s X509v3 extensions: 329s X509v3 Subject Key Identifier: 329s 63:8D:64:8B:03:41:A3:F9:F8:84:42:C6:36:E5:C7:DC:18:86:F0:FE 329s X509v3 Authority Key Identifier: 329s keyid:24:DC:91:DA:39:2A:D7:A2:B7:19:B7:23:05:2A:DF:30:DC:66:45:D1 329s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 329s serial:01 329s X509v3 Basic Constraints: 329s CA:TRUE 329s X509v3 Key Usage: critical 329s Digital Signature, Certificate Sign, CRL Sign 329s Certificate is to be certified until Jan 17 09:58:37 2026 GMT (365 days) 329s 329s Write out database with 1 new entries 329s Database updated 329s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem 329s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem 329s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-root-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem 329s + local cmd=openssl 329s + shift 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-root-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem 329s /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem: OK 329s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 329s error 20 at 0 depth lookup: unable to get local issuer certificate 329s error /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem: verification failed 329s + cat 329s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-5295 329s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-5295 1024 329s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-5295 -key /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001-request.pem 329s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001-request.pem 329s Certificate Request: 329s Data: 329s Version: 1 (0x0) 329s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 329s Subject Public Key Info: 329s Public Key Algorithm: rsaEncryption 329s Public-Key: (1024 bit) 329s Modulus: 329s 00:b0:0e:36:13:53:d3:94:7e:8a:b6:20:08:40:60: 329s cb:61:d8:43:df:12:fa:a5:f6:35:92:2b:94:33:c7: 329s a1:4b:c8:c9:44:85:4d:da:c2:62:1a:85:bb:23:d6: 329s 08:ee:25:9b:27:5c:02:ab:54:63:89:5f:a9:f4:97: 329s 63:f1:97:6e:ce:47:25:00:87:17:56:be:cd:70:d1: 329s ac:48:83:07:5c:4f:f6:a6:6e:4f:92:01:9a:0c:e4: 329s dc:97:c0:22:41:b0:4c:b2:ce:e0:fe:ca:90:b1:c5: 329s a0:02:1f:b8:68:ba:62:97:7c:2a:0e:e4:a3:b9:f5: 329s 8b:23:28:29:fb:2d:3e:d8:05 329s Exponent: 65537 (0x10001) 329s Attributes: 329s Requested Extensions: 329s X509v3 Basic Constraints: 329s CA:FALSE 329s Netscape Cert Type: 329s SSL Client, S/MIME 329s Netscape Comment: 329s Test Organization Root CA trusted Certificate 329s X509v3 Subject Key Identifier: 329s 80:B8:7D:91:9B:B6:85:7D:B7:4B:95:37:42:39:63:EF:54:EC:7E:2D 329s X509v3 Key Usage: critical 329s Digital Signature, Non Repudiation, Key Encipherment 329s X509v3 Extended Key Usage: 329s TLS Web Client Authentication, E-mail Protection 329s X509v3 Subject Alternative Name: 329s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 329s Signature Algorithm: sha256WithRSAEncryption 329s Signature Value: 329s 17:68:c0:89:39:4a:65:1e:2b:28:5e:f1:58:ca:0e:d2:5a:8a: 329s dc:f3:98:80:f0:36:92:04:79:f9:2a:1d:ba:e9:95:11:9b:7c: 329s 07:ba:0a:7b:54:a0:a3:2b:21:72:09:32:e6:14:16:b8:67:5b: 329s c1:89:b6:f4:e6:71:64:e0:ef:75:a4:cd:7b:09:13:36:64:2a: 329s 6c:b1:b7:15:dd:47:90:e8:6f:dd:33:fa:f9:ff:9c:a4:41:c8: 329s 29:d6:ab:05:8f:9e:3e:ee:89:15:69:49:7f:ac:72:8b:5d:18: 329s 02:01:02:f8:d4:cc:65:a5:e5:65:19:ed:fa:9c:ed:64:16:34: 329s af:89 329s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-So901L/test-root-CA.config -passin pass:random-root-CA-password-12357 -keyfile /tmp/sssd-softhsm2-certs-So901L/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem 329s Using configuration from /tmp/sssd-softhsm2-certs-So901L/test-root-CA.config 329s Check that the request matches the signature 329s Signature ok 329s Certificate Details: 329s Serial Number: 3 (0x3) 329s Validity 329s Not Before: Jan 17 09:58:37 2025 GMT 329s Not After : Jan 17 09:58:37 2026 GMT 329s Subject: 329s organizationName = Test Organization 329s organizationalUnitName = Test Organization Unit 329s commonName = Test Organization Root Trusted Certificate 0001 329s X509v3 extensions: 329s X509v3 Authority Key Identifier: 329s 8D:60:E7:BE:D8:FB:06:11:CC:94:0F:76:04:89:C5:15:09:0B:71:5F 329s X509v3 Basic Constraints: 329s CA:FALSE 329s Netscape Cert Type: 329s SSL Client, S/MIME 329s Netscape Comment: 329s Test Organization Root CA trusted Certificate 329s X509v3 Subject Key Identifier: 329s 80:B8:7D:91:9B:B6:85:7D:B7:4B:95:37:42:39:63:EF:54:EC:7E:2D 329s X509v3 Key Usage: critical 329s Digital Signature, Non Repudiation, Key Encipherment 329s X509v3 Extended Key Usage: 329s TLS Web Client Authentication, E-mail Protection 329s X509v3 Subject Alternative Name: 329s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 329s Certificate is to be certified until Jan 17 09:58:37 2026 GMT (365 days) 329s 329s Write out database with 1 new entries 329s Database updated 329s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-root-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem 329s /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem: OK 329s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem 329s + local cmd=openssl 329s + shift 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem 329s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 329s error 20 at 0 depth lookup: unable to get local issuer certificate 329s error /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem: verification failed 329s + cat 329s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-9702 329s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-9702 1024 329s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-9702 -key /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001-request.pem 329s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001-request.pem 329s Certificate Request: 329s Data: 329s Version: 1 (0x0) 329s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 329s Subject Public Key Info: 329s Public Key Algorithm: rsaEncryption 329s Public-Key: (1024 bit) 329s Modulus: 329s 00:db:4c:bc:c3:09:b1:eb:53:5d:73:ab:9c:de:0b: 329s a1:b3:b4:ad:ed:c6:bd:52:a6:99:ba:d3:83:44:4e: 329s 60:6d:11:60:1b:50:28:20:3c:0e:e6:7d:d4:1a:7e: 329s c9:e9:b6:e8:b8:6d:08:8a:94:46:cb:95:2a:2d:2b: 329s 8e:e6:6f:98:b5:b9:3e:f0:47:3a:42:29:e7:ac:69: 329s e4:3d:11:e0:43:35:7b:e6:87:56:e0:54:da:30:f3: 329s 97:c9:ac:e0:93:fb:30:bb:e0:73:ed:99:6c:ee:e3: 329s 84:fc:dd:ff:d6:1c:6c:1c:2e:f7:16:fb:c0:9d:59: 329s d9:7a:9b:74:f0:ae:31:37:e3 329s Exponent: 65537 (0x10001) 329s Attributes: 329s Requested Extensions: 329s X509v3 Basic Constraints: 329s CA:FALSE 329s Netscape Cert Type: 329s SSL Client, S/MIME 329s Netscape Comment: 329s Test Organization Intermediate CA trusted Certificate 329s X509v3 Subject Key Identifier: 329s E1:A1:07:45:B9:56:33:B1:9E:29:DE:C4:DD:CF:EA:80:5C:7B:3E:6F 329s X509v3 Key Usage: critical 329s Digital Signature, Non Repudiation, Key Encipherment 329s X509v3 Extended Key Usage: 329s TLS Web Client Authentication, E-mail Protection 329s X509v3 Subject Alternative Name: 329s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 329s Signature Algorithm: sha256WithRSAEncryption 329s Signature Value: 329s ca:67:e7:91:63:8e:2c:55:b9:bd:7a:c3:ec:0b:e4:fc:04:bb: 329s 9b:74:a9:d8:33:22:b8:6f:7d:2e:dc:78:07:c0:d6:72:3a:2c: 329s 28:3a:1a:e7:a3:69:97:1e:3b:9f:a1:37:58:9f:ae:57:37:df: 329s 1b:e9:fb:dd:b7:0d:36:fd:14:01:73:97:f5:56:60:1e:e2:c0: 329s 2c:fb:03:c8:48:2d:a6:57:63:a9:02:62:97:47:e8:bd:5b:96: 329s 48:e0:74:c6:7b:cc:cb:e5:2c:ac:71:5f:61:33:62:91:30:53: 329s e8:eb:51:1a:47:c4:1f:fd:b0:fd:97:63:00:fc:ed:f6:f6:5d: 329s 31:64 329s + openssl ca -passin pass:random-intermediate-CA-password-12088 -config /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem 329s Using configuration from /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.config 329s Check that the request matches the signature 329s Signature ok 329s Certificate Details: 329s Serial Number: 4 (0x4) 329s Validity 329s Not Before: Jan 17 09:58:37 2025 GMT 329s Not After : Jan 17 09:58:37 2026 GMT 329s Subject: 329s organizationName = Test Organization 329s organizationalUnitName = Test Organization Unit 329s commonName = Test Organization Intermediate Trusted Certificate 0001 329s X509v3 extensions: 329s X509v3 Authority Key Identifier: 329s 24:DC:91:DA:39:2A:D7:A2:B7:19:B7:23:05:2A:DF:30:DC:66:45:D1 329s X509v3 Basic Constraints: 329s CA:FALSE 329s Netscape Cert Type: 329s SSL Client, S/MIME 329s Netscape Comment: 329s Test Organization Intermediate CA trusted Certificate 329s X509v3 Subject Key Identifier: 329s E1:A1:07:45:B9:56:33:B1:9E:29:DE:C4:DD:CF:EA:80:5C:7B:3E:6F 329s X509v3 Key Usage: critical 329s Digital Signature, Non Repudiation, Key Encipherment 329s X509v3 Extended Key Usage: 329s TLS Web Client Authentication, E-mail Protection 329s X509v3 Subject Alternative Name: 329s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 329s Certificate is to be certified until Jan 17 09:58:37 2026 GMT (365 days) 329s 329s Write out database with 1 new entries 329s Database updated 329s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem 329s This certificate should not be trusted fully 329s + echo 'This certificate should not be trusted fully' 329s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem 329s + local cmd=openssl 329s + shift 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem 329s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 329s error 2 at 1 depth lookup: unable to get issuer certificate 329s error /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 329s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem 329s /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem: OK 329s + cat 329s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-15327 329s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-15327 1024 329s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-15327 -key /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 329s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 329s Certificate Request: 329s Data: 329s Version: 1 (0x0) 329s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 329s Subject Public Key Info: 329s Public Key Algorithm: rsaEncryption 329s Public-Key: (1024 bit) 329s Modulus: 329s 00:e6:ae:3e:30:3d:99:90:9c:69:68:74:54:31:5b: 329s ca:cd:b6:94:8e:a4:86:ca:bc:4f:73:6a:84:08:50: 329s ad:bd:f3:b9:06:17:c3:d1:96:e7:6c:c1:e0:ab:96: 329s fd:6a:66:d8:74:35:ac:cc:b2:90:fb:a0:b3:3d:8a: 329s 5e:d3:33:59:a2:26:4c:85:82:d5:c0:9c:af:0d:a9: 329s 8a:f1:d3:44:d3:66:3c:f2:bf:df:05:d3:e1:8d:a1: 329s e7:88:5c:aa:6c:12:f0:20:80:f8:18:d0:51:ac:05: 329s 6f:fb:d9:65:9b:53:42:d9:8f:b0:f1:2e:f5:6f:d9: 329s e5:22:9c:86:9d:5b:63:26:db 329s Exponent: 65537 (0x10001) 329s Attributes: 329s Requested Extensions: 329s X509v3 Basic Constraints: 329s CA:FALSE 329s Netscape Cert Type: 329s SSL Client, S/MIME 329s Netscape Comment: 329s Test Organization Sub Intermediate CA trusted Certificate 329s X509v3 Subject Key Identifier: 329s AF:69:01:0A:9B:41:FD:D3:C0:A3:B9:22:BC:A3:EE:EC:47:DE:CF:B3 329s X509v3 Key Usage: critical 329s Digital Signature, Non Repudiation, Key Encipherment 329s X509v3 Extended Key Usage: 329s TLS Web Client Authentication, E-mail Protection 329s X509v3 Subject Alternative Name: 329s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 329s Signature Algorithm: sha256WithRSAEncryption 329s Signature Value: 329s 08:2a:99:6b:e8:ff:e7:72:9c:b0:30:2e:36:a1:94:ec:04:2b: 329s 51:3a:ad:8c:6a:33:53:82:5e:77:03:30:39:24:0f:ea:e7:be: 329s d9:30:c2:7f:39:e2:bb:5a:11:7c:e1:73:94:17:c3:cf:e8:19: 329s 09:7e:e9:e2:fb:40:7e:d5:f6:95:c0:4b:b9:f0:21:20:57:a2: 329s 63:e8:16:bf:90:65:da:60:7d:bd:01:73:fa:8e:2e:9a:e1:38: 329s 14:7a:46:6e:32:b2:01:d6:4b:a7:e7:b8:61:05:5b:4d:cf:67: 329s 4a:6d:f9:a4:c6:1b:28:c5:96:75:f9:21:78:e5:f1:6b:79:f2: 329s 6b:71 329s + openssl ca -passin pass:random-sub-intermediate-CA-password-12541 -config /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s Using configuration from /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.config 329s Check that the request matches the signature 329s Signature ok 329s Certificate Details: 329s Serial Number: 5 (0x5) 329s Validity 329s Not Before: Jan 17 09:58:37 2025 GMT 329s Not After : Jan 17 09:58:37 2026 GMT 329s Subject: 329s organizationName = Test Organization 329s organizationalUnitName = Test Organization Unit 329s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 329s X509v3 extensions: 329s X509v3 Authority Key Identifier: 329s 63:8D:64:8B:03:41:A3:F9:F8:84:42:C6:36:E5:C7:DC:18:86:F0:FE 329s X509v3 Basic Constraints: 329s CA:FALSE 329s Netscape Cert Type: 329s SSL Client, S/MIME 329s Netscape Comment: 329s Test Organization Sub Intermediate CA trusted Certificate 329s X509v3 Subject Key Identifier: 329s AF:69:01:0A:9B:41:FD:D3:C0:A3:B9:22:BC:A3:EE:EC:47:DE:CF:B3 329s X509v3 Key Usage: critical 329s Digital Signature, Non Repudiation, Key Encipherment 329s X509v3 Extended Key Usage: 329s TLS Web Client Authentication, E-mail Protection 329s X509v3 Subject Alternative Name: 329s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 329s Certificate is to be certified until Jan 17 09:58:37 2026 GMT (365 days) 329s 329s Write out database with 1 new entries 329s Database updated 329s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s This certificate should not be trusted fully 329s + echo 'This certificate should not be trusted fully' 329s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s + local cmd=openssl 329s + shift 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 329s error 2 at 1 depth lookup: unable to get issuer certificate 329s error /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 329s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s + local cmd=openssl 329s + shift 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 329s error 20 at 0 depth lookup: unable to get local issuer certificate 329s error /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 329s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 329s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s + local cmd=openssl 329s + shift 329s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 329s error 20 at 0 depth lookup: unable to get local issuer certificate 329s error /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 329s + echo 'Building a the full-chain CA file...' 329s Building a the full-chain CA file... 329s + cat /tmp/sssd-softhsm2-certs-So901L/test-root-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem 329s + cat /tmp/sssd-softhsm2-certs-So901L/test-root-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem 329s + cat /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem 329s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem 329s + openssl pkcs7 -print_certs -noout 329s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 329s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 329s 329s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 329s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 329s 329s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 329s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 329s 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem 329s /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA.pem: OK 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem 329s /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem: OK 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem 329s /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem: OK 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-root-intermediate-chain-CA.pem 329s /tmp/sssd-softhsm2-certs-So901L/test-root-intermediate-chain-CA.pem: OK 329s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 329s Certificates generation completed! 329s + echo 'Certificates generation completed!' 329s + [[ -v NO_SSSD_TESTS ]] 329s + [[ -v GENERATE_SMART_CARDS ]] 329s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-5295 329s + local certificate=/tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem 329s + local key_pass=pass:random-root-ca-trusted-cert-0001-5295 329s + local key_cn 329s + local key_name 329s + local tokens_dir 329s + local output_cert_file 329s + token_name= 329s ++ basename /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem .pem 329s + key_name=test-root-CA-trusted-certificate-0001 329s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem 329s ++ sed -n 's/ *commonName *= //p' 329s + key_cn='Test Organization Root Trusted Certificate 0001' 329s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 329s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-root-CA-trusted-certificate-0001.conf 329s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-root-CA-trusted-certificate-0001.conf 329s ++ basename /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 329s + tokens_dir=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-root-CA-trusted-certificate-0001 329s + token_name='Test Organization Root Tr Token' 329s + '[' '!' -e /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 329s + local key_file 329s + local decrypted_key 329s + mkdir -p /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-root-CA-trusted-certificate-0001 329s + key_file=/tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001-key.pem 329s + decrypted_key=/tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001-key-decrypted.pem 329s + cat 329s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 329s Slot 0 has a free/uninitialized token. 329s The token has been initialized and is reassigned to slot 1098143636 329s + softhsm2-util --show-slots 329s Available slots: 329s Slot 1098143636 329s Slot info: 329s Description: SoftHSM slot ID 0x41745794 329s Manufacturer ID: SoftHSM project 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Token present: yes 329s Token info: 329s Manufacturer ID: SoftHSM project 329s Model: SoftHSM v2 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Serial number: a667def1c1745794 329s Initialized: yes 329s User PIN init.: yes 329s Label: Test Organization Root Tr Token 329s Slot 1 329s Slot info: 329s Description: SoftHSM slot ID 0x1 329s Manufacturer ID: SoftHSM project 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Token present: yes 329s Token info: 329s Manufacturer ID: SoftHSM project 329s Model: SoftHSM v2 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Serial number: 329s Initialized: no 329s User PIN init.: no 329s Label: 329s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 329s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-5295 -in /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001-key-decrypted.pem 329s writing RSA key 329s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 329s + rm /tmp/sssd-softhsm2-certs-So901L/test-root-CA-trusted-certificate-0001-key-decrypted.pem 329s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 329s Object 0: 329s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a667def1c1745794;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 329s Type: X.509 Certificate (RSA-1024) 329s Expires: Sat Jan 17 09:58:37 2026 329s Label: Test Organization Root Trusted Certificate 0001 329s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 329s 329s Test Organization Root Tr Token 329s + echo 'Test Organization Root Tr Token' 329s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-9702 329s + local certificate=/tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem 329s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-9702 329s + local key_cn 329s + local key_name 329s + local tokens_dir 329s + local output_cert_file 329s + token_name= 329s ++ basename /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem .pem 329s + key_name=test-intermediate-CA-trusted-certificate-0001 329s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem 329s ++ sed -n 's/ *commonName *= //p' 329s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 329s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 329s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 329s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 329s ++ basename /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 329s + tokens_dir=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-intermediate-CA-trusted-certificate-0001 329s + token_name='Test Organization Interme Token' 329s + '[' '!' -e /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 329s + local key_file 329s + local decrypted_key 329s + mkdir -p /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-intermediate-CA-trusted-certificate-0001 329s + key_file=/tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001-key.pem 329s + decrypted_key=/tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 329s + cat 329s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 329s Slot 0 has a free/uninitialized token. 329s The token has been initialized and is reassigned to slot 1547082777 329s + softhsm2-util --show-slots 329s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 329s Available slots: 329s Slot 1547082777 329s Slot info: 329s Description: SoftHSM slot ID 0x5c369c19 329s Manufacturer ID: SoftHSM project 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Token present: yes 329s Token info: 329s Manufacturer ID: SoftHSM project 329s Model: SoftHSM v2 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Serial number: b01559a3dc369c19 329s Initialized: yes 329s User PIN init.: yes 329s Label: Test Organization Interme Token 329s Slot 1 329s Slot info: 329s Description: SoftHSM slot ID 0x1 329s Manufacturer ID: SoftHSM project 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Token present: yes 329s Token info: 329s Manufacturer ID: SoftHSM project 329s Model: SoftHSM v2 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Serial number: 329s Initialized: no 329s User PIN init.: no 329s Label: 329s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-9702 -in /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 329s writing RSA key 329s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 329s + rm /tmp/sssd-softhsm2-certs-So901L/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 329s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 329s Object 0: 329s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b01559a3dc369c19;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 329s Type: X.509 Certificate (RSA-1024) 329s Expires: Sat Jan 17 09:58:37 2026 329s Label: Test Organization Intermediate Trusted Certificate 0001 329s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 329s 329s Test Organization Interme Token 329s + echo 'Test Organization Interme Token' 329s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-15327 329s + local certificate=/tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-15327 329s + local key_cn 329s + local key_name 329s + local tokens_dir 329s + local output_cert_file 329s + token_name= 329s ++ basename /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 329s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 329s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem 329s ++ sed -n 's/ *commonName *= //p' 329s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 329s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 329s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 329s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 329s ++ basename /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 329s + tokens_dir=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 329s + token_name='Test Organization Sub Int Token' 329s + '[' '!' -e /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 329s + local key_file 329s + local decrypted_key 329s + mkdir -p /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 329s + key_file=/tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 329s + decrypted_key=/tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 329s + cat 329s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 329s Slot 0 has a free/uninitialized token. 329s The token has been initialized and is reassigned to slot 1020400104 329s + softhsm2-util --show-slots 329s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 329s Available slots: 329s Slot 1020400104 329s Slot info: 329s Description: SoftHSM slot ID 0x3cd211e8 329s Manufacturer ID: SoftHSM project 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Token present: yes 329s Token info: 329s Manufacturer ID: SoftHSM project 329s Model: SoftHSM v2 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Serial number: 28472c6c3cd211e8 329s Initialized: yes 329s User PIN init.: yes 329s Label: Test Organization Sub Int Token 329s Slot 1 329s Slot info: 329s Description: SoftHSM slot ID 0x1 329s Manufacturer ID: SoftHSM project 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Token present: yes 329s Token info: 329s Manufacturer ID: SoftHSM project 329s Model: SoftHSM v2 329s Hardware version: 2.6 329s Firmware version: 2.6 329s Serial number: 329s Initialized: no 329s User PIN init.: no 329s Label: 329s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-15327 -in /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 329s writing RSA key 329s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 329s + rm /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 329s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 329s Object 0: 329s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=28472c6c3cd211e8;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 329s Type: X.509 Certificate (RSA-1024) 329s Expires: Sat Jan 17 09:58:37 2026 329s Label: Test Organization Sub Intermediate Trusted Certificate 0001 329s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 329s 329s Test Organization Sub Int Token 329s Certificates generation completed! 329s + echo 'Test Organization Sub Int Token' 329s + echo 'Certificates generation completed!' 329s + exit 0 329s + find /tmp/sssd-softhsm2-certs-So901L -type d -exec chmod 777 '{}' ';' 329s + find /tmp/sssd-softhsm2-certs-So901L -type f -exec chmod 666 '{}' ';' 329s + backup_file /etc/sssd/sssd.conf 329s + '[' -z '' ']' 329s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 329s + backupsdir=/tmp/sssd-softhsm2-backups-P3uYhi 329s + '[' -e /etc/sssd/sssd.conf ']' 329s + delete_paths+=("$1") 329s + rm -f /etc/sssd/sssd.conf 329s ++ runuser -u ubuntu -- sh -c 'echo ~' 329s + user_home=/home/ubuntu 329s + mkdir -p /home/ubuntu 329s + chown ubuntu:ubuntu /home/ubuntu 329s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 329s + user_config=/home/ubuntu/.config 329s + system_config=/etc 329s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 329s + for path_pair in "${softhsm2_conf_paths[@]}" 329s + IFS=: 329s + read -r -a path 329s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 329s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 329s + '[' -z /tmp/sssd-softhsm2-backups-P3uYhi ']' 329s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 329s + delete_paths+=("$1") 329s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 329s + for path_pair in "${softhsm2_conf_paths[@]}" 329s + IFS=: 329s + read -r -a path 329s + path=/etc/softhsm/softhsm2.conf 329s + backup_file /etc/softhsm/softhsm2.conf 329s + '[' -z /tmp/sssd-softhsm2-backups-P3uYhi ']' 329s + '[' -e /etc/softhsm/softhsm2.conf ']' 329s ++ dirname /etc/softhsm/softhsm2.conf 329s + local back_dir=/tmp/sssd-softhsm2-backups-P3uYhi//etc/softhsm 329s ++ basename /etc/softhsm/softhsm2.conf 329s + local back_path=/tmp/sssd-softhsm2-backups-P3uYhi//etc/softhsm/softhsm2.conf 329s + '[' '!' -e /tmp/sssd-softhsm2-backups-P3uYhi//etc/softhsm/softhsm2.conf ']' 329s + mkdir -p /tmp/sssd-softhsm2-backups-P3uYhi//etc/softhsm 329s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-P3uYhi//etc/softhsm/softhsm2.conf 329s + restore_paths+=("$back_path") 329s + rm -f /etc/softhsm/softhsm2.conf 329s + test_authentication login /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem 329s + pam_service=login 329s + certificate_config=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-root-CA-trusted-certificate-0001.conf 329s + ca_db=/tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem 329s + verification_options= 329s + mkdir -p -m 700 /etc/sssd 329s Using CA DB '/tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem' with verification options: '' 329s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 329s + cat 329s + chmod 600 /etc/sssd/sssd.conf 329s + for path_pair in "${softhsm2_conf_paths[@]}" 329s + IFS=: 329s + read -r -a path 329s + user=ubuntu 329s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 329s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 329s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 329s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 329s + runuser -u ubuntu -- softhsm2-util --show-slots 329s + grep 'Test Organization' 329s Label: Test Organization Root Tr Token 329s + for path_pair in "${softhsm2_conf_paths[@]}" 329s + IFS=: 329s + read -r -a path 329s + user=root 329s + path=/etc/softhsm/softhsm2.conf 329s ++ dirname /etc/softhsm/softhsm2.conf 329s + runuser -u root -- mkdir -p /etc/softhsm 329s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 329s + runuser -u root -- softhsm2-util --show-slots 329s + grep 'Test Organization' 329s Label: Test Organization Root Tr Token 329s + systemctl restart sssd 330s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 330s + for alternative in "${alternative_pam_configs[@]}" 330s + pam-auth-update --enable sss-smart-card-optional 330s + cat /etc/pam.d/common-auth 330s # 330s # /etc/pam.d/common-auth - authentication settings common to all services 330s # 330s # This file is included from other service-specific PAM config files, 330s # and should contain a list of the authentication modules that define 330s # the central authentication scheme for use on the system 330s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 330s # traditional Unix authentication mechanisms. 330s # 330s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 330s # To take advantage of this, it is recommended that you configure any 330s # local modules either before or after the default block, and use 330s # pam-auth-update to manage selection of other modules. See 330s # pam-auth-update(8) for details. 330s 330s # here are the per-package modules (the "Primary" block) 330s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 330s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 330s auth [success=1 default=ignore] pam_sss.so use_first_pass 330s # here's the fallback if no module succeeds 330s auth requisite pam_deny.so 330s # prime the stack with a positive return value if there isn't one already; 330s # this avoids us returning an error just because nothing sets a success code 330s # since the modules above will each just jump around 330s auth required pam_permit.so 330s # and here are more per-package modules (the "Additional" block) 330s auth optional pam_cap.so 330s # end of pam-auth-update config 330s + echo -n -e 123456 330s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 330s pamtester: invoking pam_start(login, ubuntu, ...) 330s pamtester: performing operation - authenticate 330s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 330s + echo -n -e 123456 330s + runuser -u ubuntu -- pamtester -v login '' authenticate 330s pamtester: invoking pam_start(login, , ...) 330s pamtester: performing operation - authenticate 330s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 330s + echo -n -e wrong123456 330s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 330s pamtester: invoking pam_start(login, ubuntu, ...) 330s pamtester: performing operation - authenticate 334s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 334s + echo -n -e wrong123456 334s + runuser -u ubuntu -- pamtester -v login '' authenticate 334s pamtester: invoking pam_start(login, , ...) 334s pamtester: performing operation - authenticate 337s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 337s + echo -n -e 123456 337s + pamtester -v login root authenticate 337s pamtester: invoking pam_start(login, root, ...) 337s pamtester: performing operation - authenticate 340s Password: pamtester: Authentication failure 340s + for alternative in "${alternative_pam_configs[@]}" 340s + pam-auth-update --enable sss-smart-card-required 340s PAM configuration 340s ----------------- 340s 340s Incompatible PAM profiles selected. 340s 340s The following PAM profiles cannot be used together: 340s 340s SSS required smart card authentication, SSS optional smart card 340s authentication 340s 340s Please select a different set of modules to enable. 340s 340s + cat /etc/pam.d/common-auth 340s # 340s # /etc/pam.d/common-auth - authentication settings common to all services 340s # 340s # This file is included from other service-specific PAM config files, 340s # and should contain a list of the authentication modules that define 340s # the central authentication scheme for use on the system 340s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 340s # traditional Unix authentication mechanisms. 340s # 340s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 340s # To take advantage of this, it is recommended that you configure any 340s # local modules either before or after the default block, and use 340s # pam-auth-update to manage selection of other modules. See 340s # pam-auth-update(8) for details. 340s 340s # here are the per-package modules (the "Primary" block) 340s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 340s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 340s auth [success=1 default=ignore] pam_sss.so use_first_pass 340s # here's the fallback if no module succeeds 340s auth requisite pam_deny.so 340s # prime the stack with a positive return value if there isn't one already; 340s # this avoids us returning an error just because nothing sets a success code 340s # since the modules above will each just jump around 340s auth required pam_permit.so 340s # and here are more per-package modules (the "Additional" block) 340s auth optional pam_cap.so 340s # end of pam-auth-update config 340s + echo -n -e 123456 340s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 340s pamtester: invoking pam_start(login, ubuntu, ...) 340s pamtester: performing operation - authenticate 340s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 340s + echo -n -e 123456 340s + runuser -u ubuntu -- pamtester -v login '' authenticate 340s pamtester: invoking pam_start(login, , ...) 340s pamtester: performing operation - authenticate 340s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 340s + echo -n -e wrong123456 340s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 340s pamtester: invoking pam_start(login, ubuntu, ...) 340s pamtester: performing operation - authenticate 342s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 342s + echo -n -e wrong123456 342s + runuser -u ubuntu -- pamtester -v login '' authenticate 342s pamtester: invoking pam_start(login, , ...) 342s pamtester: performing operation - authenticate 346s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 346s + echo -n -e 123456 346s + pamtester -v login root authenticate 346s pamtester: invoking pam_start(login, root, ...) 346s pamtester: performing operation - authenticate 349s Using CA DB '/tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem' with verification options: '' 349s pamtester: Authentication service cannot retrieve authentication info 349s + test_authentication login /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem 349s + pam_service=login 349s + certificate_config=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 349s + ca_db=/tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem 349s + verification_options= 349s + mkdir -p -m 700 /etc/sssd 349s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-So901L/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 349s + cat 349s + chmod 600 /etc/sssd/sssd.conf 349s + for path_pair in "${softhsm2_conf_paths[@]}" 349s + IFS=: 349s + read -r -a path 349s + user=ubuntu 349s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 349s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 349s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 349s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 349s + runuser -u ubuntu -- softhsm2-util --show-slots 349s + grep 'Test Organization' 349s Label: Test Organization Sub Int Token 349s + for path_pair in "${softhsm2_conf_paths[@]}" 349s + IFS=: 349s + read -r -a path 349s Label: Test Organization Sub Int Token 349s + user=root 349s + path=/etc/softhsm/softhsm2.conf 349s ++ dirname /etc/softhsm/softhsm2.conf 349s + runuser -u root -- mkdir -p /etc/softhsm 349s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 349s + runuser -u root -- softhsm2-util --show-slots 349s + grep 'Test Organization' 349s + systemctl restart sssd 350s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 350s + for alternative in "${alternative_pam_configs[@]}" 350s + pam-auth-update --enable sss-smart-card-optional 350s + cat /etc/pam.d/common-auth 350s # 350s # /etc/pam.d/common-auth - authentication settings common to all services 350s # 350s # This file is included from other service-specific PAM config files, 350s # and should contain a list of the authentication modules that define 350s # the central authentication scheme for use on the system 350s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 350s # traditional Unix authentication mechanisms. 350s # 350s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 350s # To take advantage of this, it is recommended that you configure any 350s # local modules either before or after the default block, and use 350s # pam-auth-update to manage selection of other modules. See 350s # pam-auth-update(8) for details. 350s 350s # here are the per-package modules (the "Primary" block) 350s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 350s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 350s auth [success=1 default=ignore] pam_sss.so use_first_pass 350s # here's the fallback if no module succeeds 350s auth requisite pam_deny.so 350s # prime the stack with a positive return value if there isn't one already; 350s # this avoids us returning an error just because nothing sets a success code 350s # since the modules above will each just jump around 350s auth required pam_permit.so 350s # and here are more per-package modules (the "Additional" block) 350s auth optional pam_cap.so 350s # end of pam-auth-update config 350s + echo -n -e 123456 350s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 350s pamtester: invoking pam_start(login, ubuntu, ...) 350s pamtester: performing operation - authenticate 350s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 350s + echo -n -e 123456 350s + runuser -u ubuntu -- pamtester -v login '' authenticate 350s pamtester: invoking pam_start(login, , ...) 350s pamtester: performing operation - authenticate 350s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 350s + echo -n -e wrong123456 350s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 350s pamtester: invoking pam_start(login, ubuntu, ...) 350s pamtester: performing operation - authenticate 352s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 352s + echo -n -e wrong123456 352s + runuser -u ubuntu -- pamtester -v login '' authenticate 352s pamtester: invoking pam_start(login, , ...) 352s pamtester: performing operation - authenticate 354s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 354s + pamtester -v login root authenticate 354s + echo -n -e 123456 354s pamtester: invoking pam_start(login, root, ...) 354s pamtester: performing operation - authenticate 358s Password: pamtester: Authentication failure 358s + for alternative in "${alternative_pam_configs[@]}" 358s + pam-auth-update --enable sss-smart-card-required 358s PAM configuration 358s ----------------- 358s 358s Incompatible PAM profiles selected. 358s 358s The following PAM profiles cannot be used together: 358s 358s SSS required smart card authentication, SSS optional smart card 358s authentication 358s 358s Please select a different set of modules to enable. 358s 358s + cat /etc/pam.d/common-auth 358s # 358s # /etc/pam.d/common-auth - authentication settings common to all services 358s # 358s # This file is included from other service-specific PAM config files, 358s # and should contain a list of the authentication modules that define 358s # the central authentication scheme for use on the system 358s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 358s # traditional Unix authentication mechanisms. 358s # 358s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 358s # To take advantage of this, it is recommended that you configure any 358s # local modules either before or after the default block, and use 358s # pam-auth-update to manage selection of other modules. See 358s # pam-auth-update(8) for details. 358s 358s # here are the per-package modules (the "Primary" block) 358s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 358s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 358s auth [success=1 default=ignore] pam_sss.so use_first_pass 358s # here's the fallback if no module succeeds 358s auth requisite pam_deny.so 358s # prime the stack with a positive return value if there isn't one already; 358s # this avoids us returning an error just because nothing sets a success code 358s # since the modules above will each just jump around 358s auth required pam_permit.so 358s # and here are more per-package modules (the "Additional" block) 358s auth optional pam_cap.so 358s # end of pam-auth-update config 358s + echo -n -e 123456 358s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 358s pamtester: invoking pam_start(login, ubuntu, ...) 358s pamtester: performing operation - authenticate 358s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 358s + echo -n -e 123456 358s + runuser -u ubuntu -- pamtester -v login '' authenticate 358s pamtester: invoking pam_start(login, , ...) 358s pamtester: performing operation - authenticate 358s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 358s + echo -n -e wrong123456 358s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 358s pamtester: invoking pam_start(login, ubuntu, ...) 358s pamtester: performing operation - authenticate 361s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 361s + echo -n -e wrong123456 361s + runuser -u ubuntu -- pamtester -v login '' authenticate 361s pamtester: invoking pam_start(login, , ...) 361s pamtester: performing operation - authenticate 365s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 365s + echo -n -e 123456 365s + pamtester -v login root authenticate 365s pamtester: invoking pam_start(login, root, ...) 365s pamtester: performing operation - authenticate 368s pamtester: Authentication service cannot retrieve authentication info 368s + test_authentication login /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem partial_chain 368s + pam_service=login 368s + certificate_config=/tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 368s + ca_db=/tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem 368s + verification_options=partial_chain 368s + mkdir -p -m 700 /etc/sssd 368s Using CA DB '/tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 368s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-So901L/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 368s + cat 368s + chmod 600 /etc/sssd/sssd.conf 368s + for path_pair in "${softhsm2_conf_paths[@]}" 368s + IFS=: 368s + read -r -a path 368s + user=ubuntu 368s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 368s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 368s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 368s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 369s + runuser -u ubuntu -- softhsm2-util --show-slots 369s + grep 'Test Organization' 369s Label: Test Organization Sub Int Token 369s Label: Test Organization Sub Int Token 369s + for path_pair in "${softhsm2_conf_paths[@]}" 369s + IFS=: 369s + read -r -a path 369s + user=root 369s + path=/etc/softhsm/softhsm2.conf 369s ++ dirname /etc/softhsm/softhsm2.conf 369s + runuser -u root -- mkdir -p /etc/softhsm 369s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-So901L/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 369s + runuser -u root -- softhsm2-util --show-slots 369s + grep 'Test Organization' 369s + systemctl restart sssd 369s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 369s + for alternative in "${alternative_pam_configs[@]}" 369s + pam-auth-update --enable sss-smart-card-optional 369s + cat /etc/pam.d/common-auth 369s # 369s # /etc/pam.d/common-auth - authentication settings common to all services 369s # 369s # This file is included from other service-specific PAM config files, 369s # and should contain a list of the authentication modules that define 369s # the central authentication scheme for use on the system 369s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 369s # traditional Unix authentication mechanisms. 369s # 369s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 369s # To take advantage of this, it is recommended that you configure any 369s # local modules either before or after the default block, and use 369s # pam-auth-update to manage selection of other modules. See 369s # pam-auth-update(8) for details. 369s 369s # here are the per-package modules (the "Primary" block) 369s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 369s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 369s auth [success=1 default=ignore] pam_sss.so use_first_pass 369s # here's the fallback if no module succeeds 369s auth requisite pam_deny.so 369s # prime the stack with a positive return value if there isn't one already; 369s # this avoids us returning an error just because nothing sets a success code 369s # since the modules above will each just jump around 369s auth required pam_permit.so 369s # and here are more per-package modules (the "Additional" block) 369s auth optional pam_cap.so 369s # end of pam-auth-update config 369s + echo -n -e 123456 369s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 369s pamtester: invoking pam_start(login, ubuntu, ...) 369s pamtester: performing operation - authenticate 369s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 369s + echo -n -e 123456 369s + runuser -u ubuntu -- pamtester -v login '' authenticate 369s pamtester: invoking pam_start(login, , ...) 369s pamtester: performing operation - authenticate 369s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 369s + echo -n -e wrong123456 369s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 369s pamtester: invoking pam_start(login, ubuntu, ...) 369s pamtester: performing operation - authenticate 372s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 372s + echo -n -e wrong123456 372s + runuser -u ubuntu -- pamtester -v login '' authenticate 372s pamtester: invoking pam_start(login, , ...) 372s pamtester: performing operation - authenticate 375s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 375s + echo -n -e 123456 375s + pamtester -v login root authenticate 375s pamtester: invoking pam_start(login, root, ...) 375s pamtester: performing operation - authenticate 377s Password: pamtester: Authentication failure 377s + for alternative in "${alternative_pam_configs[@]}" 377s + pam-auth-update --enable sss-smart-card-required 377s PAM configuration 377s ----------------- 377s 377s Incompatible PAM profiles selected. 377s 377s The following PAM profiles cannot be used together: 377s 377s SSS required smart card authentication, SSS optional smart card 377s authentication 377s 377s Please select a different set of modules to enable. 377s 377s + cat /etc/pam.d/common-auth 377s + echo -n -e 123456 377s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 377s # 377s # /etc/pam.d/common-auth - authentication settings common to all services 377s # 377s # This file is included from other service-specific PAM config files, 377s # and should contain a list of the authentication modules that define 377s # the central authentication scheme for use on the system 377s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 377s # traditional Unix authentication mechanisms. 377s # 377s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 377s # To take advantage of this, it is recommended that you configure any 377s # local modules either before or after the default block, and use 377s # pam-auth-update to manage selection of other modules. See 377s # pam-auth-update(8) for details. 377s 377s # here are the per-package modules (the "Primary" block) 377s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 377s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 377s auth [success=1 default=ignore] pam_sss.so use_first_pass 377s # here's the fallback if no module succeeds 377s auth requisite pam_deny.so 377s # prime the stack with a positive return value if there isn't one already; 377s # this avoids us returning an error just because nothing sets a success code 377s # since the modules above will each just jump around 377s auth required pam_permit.so 377s # and here are more per-package modules (the "Additional" block) 377s auth optional pam_cap.so 377s # end of pam-auth-update config 377s pamtester: invoking pam_start(login, ubuntu, ...) 377s pamtester: performing operation - authenticate 377s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 377s + echo -n -e 123456 377s + runuser -u ubuntu -- pamtester -v login '' authenticate 377s pamtester: invoking pam_start(login, , ...) 377s pamtester: performing operation - authenticate 377s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 377s + echo -n -e wrong123456 377s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 377s pamtester: invoking pam_start(login, ubuntu, ...) 377s pamtester: performing operation - authenticate 381s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 381s + echo -n -e wrong123456 381s + runuser -u ubuntu -- pamtester -v login '' authenticate 381s pamtester: invoking pam_start(login, , ...) 381s pamtester: performing operation - authenticate 383s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 383s + echo -n -e 123456 383s + pamtester -v login root authenticate 383s pamtester: invoking pam_start(login, root, ...) 383s pamtester: performing operation - authenticate 386s pamtester: Authentication service cannot retrieve authentication info 386s + handle_exit 386s + exit_code=0 386s + restore_changes 386s + for path in "${restore_paths[@]}" 386s + local original_path 386s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-P3uYhi /tmp/sssd-softhsm2-backups-P3uYhi//etc/softhsm/softhsm2.conf 386s + original_path=/etc/softhsm/softhsm2.conf 386s + rm /etc/softhsm/softhsm2.conf 386s + mv /tmp/sssd-softhsm2-backups-P3uYhi//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 386s + for path in "${delete_paths[@]}" 386s + rm -f /etc/sssd/sssd.conf 386s + for path in "${delete_paths[@]}" 386s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 386s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 386s + '[' -e /etc/sssd/sssd.conf ']' 386s + systemctl stop sssd 386s + '[' -e /etc/softhsm/softhsm2.conf ']' 386s + chmod 600 /etc/softhsm/softhsm2.conf 386s + rm -rf /tmp/sssd-softhsm2-certs-So901L 386s Script completed successfully! 386s + '[' 0 = 0 ']' 386s + rm -rf /tmp/sssd-softhsm2-backups-P3uYhi 386s + set +x 387s autopkgtest [09:59:35]: test sssd-smart-card-pam-auth-configs: -----------------------] 387s sssd-smart-card-pam-auth-configs PASS 387s autopkgtest [09:59:35]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 388s autopkgtest [09:59:36]: @@@@@@@@@@@@@@@@@@@@ summary 388s ldap-user-group-ldap-auth PASS 388s ldap-user-group-krb5-auth PASS 388s sssd-softhism2-certificates-tests.sh PASS 388s sssd-smart-card-pam-auth-configs PASS 392s nova [W] Using flock in prodstack6-ppc64el 392s Creating nova instance adt-plucky-ppc64el-sssd-20250117-095308-juju-7f2275-prod-proposed-migration-environment-15-6a69be5a-90d4-4553-abf5-e080b7b64efb from image adt/ubuntu-plucky-ppc64el-server-20250117.img (UUID fc4495f7-ff1c-4a92-a3fe-ee8c580d771a)... 392s nova [W] Timed out waiting for d65c56d7-10ed-49a1-8df3-e058d525b529 to get deleted. 392s nova [W] Using flock in prodstack6-ppc64el 392s Creating nova instance adt-plucky-ppc64el-sssd-20250117-095308-juju-7f2275-prod-proposed-migration-environment-15-6a69be5a-90d4-4553-abf5-e080b7b64efb from image adt/ubuntu-plucky-ppc64el-server-20250117.img (UUID fc4495f7-ff1c-4a92-a3fe-ee8c580d771a)... 392s nova [W] Timed out waiting for af34f18a-81e2-41f6-bfd1-263bcb4c3f17 to get deleted.