0s autopkgtest [05:02:46]: starting date and time: 2025-01-17 05:02:46+0000 0s autopkgtest [05:02:46]: git checkout: 325255d2 Merge branch 'pin-any-arch' into 'ubuntu/production' 0s autopkgtest [05:02:46]: host juju-7f2275-prod-proposed-migration-environment-20; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.0kx079ba/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:krb5 --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=krb5/1.21.3-4 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest-s390x --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-20@bos03-s390x-19.secgroup --name adt-plucky-s390x-sssd-20250117-032702-juju-7f2275-prod-proposed-migration-environment-20-16e2289b-56e1-49d7-abbc-d17b5367f843 --image adt/ubuntu-plucky-s390x-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-20 --net-id=net_prod-proposed-migration-s390x -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com,radosgw.ps5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 80s autopkgtest [05:04:06]: testbed dpkg architecture: s390x 80s autopkgtest [05:04:06]: testbed apt version: 2.9.18 80s autopkgtest [05:04:06]: @@@@@@@@@@@@@@@@@@@@ test bed setup 80s autopkgtest [05:04:06]: testbed release detected to be: None 81s autopkgtest [05:04:07]: updating testbed package index (apt update) 81s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 81s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 81s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 82s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 82s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [15.4 kB] 82s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 82s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [913 kB] 82s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [170 kB] 82s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x Packages [284 kB] 82s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted s390x Packages [756 B] 82s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe s390x Packages [971 kB] 82s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse s390x Packages [6876 B] 82s Fetched 2444 kB in 1s (2550 kB/s) 83s Reading package lists... 83s Reading package lists... 83s Building dependency tree... 83s Reading state information... 83s Calculating upgrade... 83s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 84s Reading package lists... 84s Building dependency tree... 84s Reading state information... 84s 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. 84s autopkgtest [05:04:10]: upgrading testbed (apt dist-upgrade and autopurge) 84s Reading package lists... 84s Building dependency tree... 84s Reading state information... 84s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 84s Starting 2 pkgProblemResolver with broken count: 0 84s Done 84s Entering ResolveByKeep 84s 85s The following packages will be upgraded: 85s krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 85s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 85s Need to get 644 kB of archives. 85s After this operation, 28.7 kB of additional disk space will be used. 85s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x krb5-locales all 1.21.3-4 [14.5 kB] 85s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libgssapi-krb5-2 s390x 1.21.3-4 [149 kB] 85s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libkrb5-3 s390x 1.21.3-4 [355 kB] 85s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libkrb5support0 s390x 1.21.3-4 [35.0 kB] 85s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libk5crypto3 s390x 1.21.3-4 [89.8 kB] 85s Fetched 644 kB in 1s (1145 kB/s) 85s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 55658 files and directories currently installed.) 85s Preparing to unpack .../krb5-locales_1.21.3-4_all.deb ... 85s Unpacking krb5-locales (1.21.3-4) over (1.21.3-3) ... 85s Preparing to unpack .../libgssapi-krb5-2_1.21.3-4_s390x.deb ... 85s Unpacking libgssapi-krb5-2:s390x (1.21.3-4) over (1.21.3-3) ... 85s Preparing to unpack .../libkrb5-3_1.21.3-4_s390x.deb ... 85s Unpacking libkrb5-3:s390x (1.21.3-4) over (1.21.3-3) ... 86s Preparing to unpack .../libkrb5support0_1.21.3-4_s390x.deb ... 86s Unpacking libkrb5support0:s390x (1.21.3-4) over (1.21.3-3) ... 86s Preparing to unpack .../libk5crypto3_1.21.3-4_s390x.deb ... 86s Unpacking libk5crypto3:s390x (1.21.3-4) over (1.21.3-3) ... 86s Setting up krb5-locales (1.21.3-4) ... 86s Setting up libkrb5support0:s390x (1.21.3-4) ... 86s Setting up libk5crypto3:s390x (1.21.3-4) ... 86s Setting up libkrb5-3:s390x (1.21.3-4) ... 86s Setting up libgssapi-krb5-2:s390x (1.21.3-4) ... 86s Processing triggers for libc-bin (2.40-4ubuntu1) ... 86s Reading package lists... 86s Building dependency tree... 86s Reading state information... 86s Starting pkgProblemResolver with broken count: 0 86s Starting 2 pkgProblemResolver with broken count: 0 86s Done 86s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 88s autopkgtest [05:04:14]: testbed running kernel: Linux 6.11.0-8-generic #8-Ubuntu SMP Mon Sep 16 12:49:35 UTC 2024 89s autopkgtest [05:04:15]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 101s Get:1 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (dsc) [5048 B] 101s Get:2 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (tar) [8002 kB] 101s Get:3 http://ftpmaster.internal/ubuntu plucky/main sssd 2.9.5-3ubuntu2 (diff) [49.2 kB] 101s gpgv: Signature made Wed Jul 3 23:54:05 2024 UTC 101s gpgv: using RSA key 8AFD08D3D1B817B2DF8982F501AC4B4083590A98 101s gpgv: Can't check signature: No public key 101s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.5-3ubuntu2.dsc: no acceptable signature found 102s autopkgtest [05:04:28]: testing package sssd version 2.9.5-3ubuntu2 106s autopkgtest [05:04:32]: build not needed 113s autopkgtest [05:04:39]: test ldap-user-group-ldap-auth: preparing testbed 113s Reading package lists... 113s Building dependency tree... 113s Reading state information... 113s Starting pkgProblemResolver with broken count: 0 113s Starting 2 pkgProblemResolver with broken count: 0 113s Done 114s The following NEW packages will be installed: 114s expect ldap-utils libargon2-1 libavahi-client3 libavahi-common-data 114s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 114s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 114s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 114s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 114s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 114s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 114s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 114s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 114s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 114s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 114s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 114s tcl-expect tcl8.6 114s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 114s Need to get 13.2 MB of archives. 114s After this operation, 50.7 MB of additional disk space will be used. 114s Get:1 http://ftpmaster.internal/ubuntu plucky/main s390x libargon2-1 s390x 0~20190702+dfsg-4build1 [54.1 kB] 114s Get:2 http://ftpmaster.internal/ubuntu plucky/main s390x libltdl7 s390x 2.4.7-8 [41.5 kB] 114s Get:3 http://ftpmaster.internal/ubuntu plucky/main s390x libodbc2 s390x 2.3.12-1ubuntu1 [162 kB] 114s Get:4 http://ftpmaster.internal/ubuntu plucky/main s390x slapd s390x 2.6.8+dfsg-1~exp4ubuntu3 [1616 kB] 114s Get:5 http://ftpmaster.internal/ubuntu plucky/main s390x libtcl8.6 s390x 8.6.15+dfsg-2 [1034 kB] 114s Get:6 http://ftpmaster.internal/ubuntu plucky/main s390x tcl8.6 s390x 8.6.15+dfsg-2 [14.8 kB] 114s Get:7 http://ftpmaster.internal/ubuntu plucky/universe s390x tcl-expect s390x 5.45.4-3 [115 kB] 114s Get:8 http://ftpmaster.internal/ubuntu plucky/universe s390x expect s390x 5.45.4-3 [137 kB] 114s Get:9 http://ftpmaster.internal/ubuntu plucky/main s390x ldap-utils s390x 2.6.8+dfsg-1~exp4ubuntu3 [164 kB] 114s Get:10 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-common-data s390x 0.8-14ubuntu1 [30.5 kB] 114s Get:11 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-common3 s390x 0.8-14ubuntu1 [23.6 kB] 114s Get:12 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-client3 s390x 0.8-14ubuntu1 [26.8 kB] 114s Get:13 http://ftpmaster.internal/ubuntu plucky/main s390x libbasicobjects0t64 s390x 0.6.2-3 [5788 B] 114s Get:14 http://ftpmaster.internal/ubuntu plucky/main s390x libcares2 s390x 1.34.4-2.1 [101 kB] 114s Get:15 http://ftpmaster.internal/ubuntu plucky/main s390x libcollection4t64 s390x 0.6.2-3 [23.7 kB] 114s Get:16 http://ftpmaster.internal/ubuntu plucky/main s390x libcrack2 s390x 2.9.6-5.2 [29.6 kB] 114s Get:17 http://ftpmaster.internal/ubuntu plucky/main s390x libdhash1t64 s390x 0.6.2-3 [8880 B] 114s Get:18 http://ftpmaster.internal/ubuntu plucky/main s390x libevent-2.1-7t64 s390x 2.1.12-stable-10 [145 kB] 114s Get:19 http://ftpmaster.internal/ubuntu plucky/main s390x libpath-utils1t64 s390x 0.6.2-3 [9228 B] 114s Get:20 http://ftpmaster.internal/ubuntu plucky/main s390x libref-array1t64 s390x 0.6.2-3 [7190 B] 114s Get:21 http://ftpmaster.internal/ubuntu plucky/main s390x libini-config5t64 s390x 0.6.2-3 [45.9 kB] 114s Get:22 http://ftpmaster.internal/ubuntu plucky/main s390x libipa-hbac0t64 s390x 2.9.5-3ubuntu2 [17.8 kB] 114s Get:23 http://ftpmaster.internal/ubuntu plucky/universe s390x libjose0 s390x 14-1 [45.5 kB] 115s Get:24 http://ftpmaster.internal/ubuntu plucky/main s390x libverto-libevent1t64 s390x 0.3.1-1.2ubuntu3 [6384 B] 115s Get:25 http://ftpmaster.internal/ubuntu plucky/main s390x libverto1t64 s390x 0.3.1-1.2ubuntu3 [11.0 kB] 115s Get:26 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libkrad0 s390x 1.21.3-4 [22.2 kB] 115s Get:27 http://ftpmaster.internal/ubuntu plucky/main s390x libtalloc2 s390x 2.4.2-1build2 [28.4 kB] 115s Get:28 http://ftpmaster.internal/ubuntu plucky/main s390x libtdb1 s390x 1.4.12-1 [49.4 kB] 115s Get:29 http://ftpmaster.internal/ubuntu plucky/main s390x libtevent0t64 s390x 0.16.1-3 [42.6 kB] 115s Get:30 http://ftpmaster.internal/ubuntu plucky/main s390x libldb2 s390x 2:2.9.1+samba4.20.4+dfsg-1ubuntu3 [194 kB] 115s Get:31 http://ftpmaster.internal/ubuntu plucky/main s390x libnfsidmap1 s390x 1:2.6.4-4ubuntu1 [49.9 kB] 115s Get:32 http://ftpmaster.internal/ubuntu plucky/universe s390x libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 115s Get:33 http://ftpmaster.internal/ubuntu plucky/main s390x libpwquality-common all 1.4.5-3build1 [7748 B] 115s Get:34 http://ftpmaster.internal/ubuntu plucky/main s390x libpwquality1 s390x 1.4.5-3build1 [14.8 kB] 115s Get:35 http://ftpmaster.internal/ubuntu plucky/main s390x libpam-pwquality s390x 1.4.5-3build1 [11.5 kB] 115s Get:36 http://ftpmaster.internal/ubuntu plucky/main s390x libwbclient0 s390x 2:4.20.4+dfsg-1ubuntu3 [75.4 kB] 115s Get:37 http://ftpmaster.internal/ubuntu plucky/main s390x samba-libs s390x 2:4.20.4+dfsg-1ubuntu3 [6353 kB] 115s Get:38 http://ftpmaster.internal/ubuntu plucky/main s390x libsmbclient0 s390x 2:4.20.4+dfsg-1ubuntu3 [64.8 kB] 115s Get:39 http://ftpmaster.internal/ubuntu plucky/main s390x libnss-sss s390x 2.9.5-3ubuntu2 [33.2 kB] 115s Get:40 http://ftpmaster.internal/ubuntu plucky/main s390x libpam-sss s390x 2.9.5-3ubuntu2 [52.2 kB] 115s Get:41 http://ftpmaster.internal/ubuntu plucky/main s390x python3-sss s390x 2.9.5-3ubuntu2 [47.4 kB] 115s Get:42 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-certmap0 s390x 2.9.5-3ubuntu2 [47.0 kB] 115s Get:43 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-idmap0 s390x 2.9.5-3ubuntu2 [22.7 kB] 115s Get:44 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-nss-idmap0 s390x 2.9.5-3ubuntu2 [31.8 kB] 115s Get:45 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-common s390x 2.9.5-3ubuntu2 [1113 kB] 115s Get:46 http://ftpmaster.internal/ubuntu plucky/universe s390x sssd-idp s390x 2.9.5-3ubuntu2 [27.0 kB] 115s Get:47 http://ftpmaster.internal/ubuntu plucky/universe s390x sssd-passkey s390x 2.9.5-3ubuntu2 [31.8 kB] 115s Get:48 http://ftpmaster.internal/ubuntu plucky/main s390x libipa-hbac-dev s390x 2.9.5-3ubuntu2 [6666 B] 115s Get:49 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-certmap-dev s390x 2.9.5-3ubuntu2 [5732 B] 115s Get:50 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-idmap-dev s390x 2.9.5-3ubuntu2 [8374 B] 115s Get:51 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-nss-idmap-dev s390x 2.9.5-3ubuntu2 [6702 B] 115s Get:52 http://ftpmaster.internal/ubuntu plucky/universe s390x libsss-sudo s390x 2.9.5-3ubuntu2 [22.1 kB] 115s Get:53 http://ftpmaster.internal/ubuntu plucky/universe s390x python3-libipa-hbac s390x 2.9.5-3ubuntu2 [16.9 kB] 115s Get:54 http://ftpmaster.internal/ubuntu plucky/universe s390x python3-libsss-nss-idmap s390x 2.9.5-3ubuntu2 [9142 B] 115s Get:55 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ad-common s390x 2.9.5-3ubuntu2 [73.6 kB] 115s Get:56 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-krb5-common s390x 2.9.5-3ubuntu2 [88.8 kB] 115s Get:57 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ad s390x 2.9.5-3ubuntu2 [132 kB] 115s Get:58 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ipa s390x 2.9.5-3ubuntu2 [212 kB] 115s Get:59 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-krb5 s390x 2.9.5-3ubuntu2 [14.4 kB] 115s Get:60 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ldap s390x 2.9.5-3ubuntu2 [31.1 kB] 115s Get:61 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-proxy s390x 2.9.5-3ubuntu2 [43.2 kB] 115s Get:62 http://ftpmaster.internal/ubuntu plucky/main s390x sssd s390x 2.9.5-3ubuntu2 [4120 B] 115s Get:63 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-dbus s390x 2.9.5-3ubuntu2 [99.6 kB] 115s Get:64 http://ftpmaster.internal/ubuntu plucky/universe s390x sssd-kcm s390x 2.9.5-3ubuntu2 [135 kB] 115s Get:65 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-tools s390x 2.9.5-3ubuntu2 [97.4 kB] 116s Preconfiguring packages ... 116s Fetched 13.2 MB in 2s (8517 kB/s) 116s Selecting previously unselected package libargon2-1:s390x. 116s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 55658 files and directories currently installed.) 116s Preparing to unpack .../00-libargon2-1_0~20190702+dfsg-4build1_s390x.deb ... 116s Unpacking libargon2-1:s390x (0~20190702+dfsg-4build1) ... 116s Selecting previously unselected package libltdl7:s390x. 116s Preparing to unpack .../01-libltdl7_2.4.7-8_s390x.deb ... 116s Unpacking libltdl7:s390x (2.4.7-8) ... 116s Selecting previously unselected package libodbc2:s390x. 116s Preparing to unpack .../02-libodbc2_2.3.12-1ubuntu1_s390x.deb ... 116s Unpacking libodbc2:s390x (2.3.12-1ubuntu1) ... 116s Selecting previously unselected package slapd. 116s Preparing to unpack .../03-slapd_2.6.8+dfsg-1~exp4ubuntu3_s390x.deb ... 116s Unpacking slapd (2.6.8+dfsg-1~exp4ubuntu3) ... 116s Selecting previously unselected package libtcl8.6:s390x. 116s Preparing to unpack .../04-libtcl8.6_8.6.15+dfsg-2_s390x.deb ... 116s Unpacking libtcl8.6:s390x (8.6.15+dfsg-2) ... 116s Selecting previously unselected package tcl8.6. 116s Preparing to unpack .../05-tcl8.6_8.6.15+dfsg-2_s390x.deb ... 116s Unpacking tcl8.6 (8.6.15+dfsg-2) ... 116s Selecting previously unselected package tcl-expect:s390x. 116s Preparing to unpack .../06-tcl-expect_5.45.4-3_s390x.deb ... 116s Unpacking tcl-expect:s390x (5.45.4-3) ... 116s Selecting previously unselected package expect. 116s Preparing to unpack .../07-expect_5.45.4-3_s390x.deb ... 116s Unpacking expect (5.45.4-3) ... 116s Selecting previously unselected package ldap-utils. 116s Preparing to unpack .../08-ldap-utils_2.6.8+dfsg-1~exp4ubuntu3_s390x.deb ... 116s Unpacking ldap-utils (2.6.8+dfsg-1~exp4ubuntu3) ... 116s Selecting previously unselected package libavahi-common-data:s390x. 116s Preparing to unpack .../09-libavahi-common-data_0.8-14ubuntu1_s390x.deb ... 116s Unpacking libavahi-common-data:s390x (0.8-14ubuntu1) ... 116s Selecting previously unselected package libavahi-common3:s390x. 116s Preparing to unpack .../10-libavahi-common3_0.8-14ubuntu1_s390x.deb ... 116s Unpacking libavahi-common3:s390x (0.8-14ubuntu1) ... 116s Selecting previously unselected package libavahi-client3:s390x. 116s Preparing to unpack .../11-libavahi-client3_0.8-14ubuntu1_s390x.deb ... 116s Unpacking libavahi-client3:s390x (0.8-14ubuntu1) ... 116s Selecting previously unselected package libbasicobjects0t64:s390x. 116s Preparing to unpack .../12-libbasicobjects0t64_0.6.2-3_s390x.deb ... 116s Unpacking libbasicobjects0t64:s390x (0.6.2-3) ... 116s Selecting previously unselected package libcares2:s390x. 116s Preparing to unpack .../13-libcares2_1.34.4-2.1_s390x.deb ... 116s Unpacking libcares2:s390x (1.34.4-2.1) ... 116s Selecting previously unselected package libcollection4t64:s390x. 116s Preparing to unpack .../14-libcollection4t64_0.6.2-3_s390x.deb ... 116s Unpacking libcollection4t64:s390x (0.6.2-3) ... 116s Selecting previously unselected package libcrack2:s390x. 116s Preparing to unpack .../15-libcrack2_2.9.6-5.2_s390x.deb ... 116s Unpacking libcrack2:s390x (2.9.6-5.2) ... 116s Selecting previously unselected package libdhash1t64:s390x. 116s Preparing to unpack .../16-libdhash1t64_0.6.2-3_s390x.deb ... 116s Unpacking libdhash1t64:s390x (0.6.2-3) ... 116s Selecting previously unselected package libevent-2.1-7t64:s390x. 116s Preparing to unpack .../17-libevent-2.1-7t64_2.1.12-stable-10_s390x.deb ... 116s Unpacking libevent-2.1-7t64:s390x (2.1.12-stable-10) ... 116s Selecting previously unselected package libpath-utils1t64:s390x. 116s Preparing to unpack .../18-libpath-utils1t64_0.6.2-3_s390x.deb ... 116s Unpacking libpath-utils1t64:s390x (0.6.2-3) ... 116s Selecting previously unselected package libref-array1t64:s390x. 116s Preparing to unpack .../19-libref-array1t64_0.6.2-3_s390x.deb ... 116s Unpacking libref-array1t64:s390x (0.6.2-3) ... 116s Selecting previously unselected package libini-config5t64:s390x. 116s Preparing to unpack .../20-libini-config5t64_0.6.2-3_s390x.deb ... 116s Unpacking libini-config5t64:s390x (0.6.2-3) ... 116s Selecting previously unselected package libipa-hbac0t64. 116s Preparing to unpack .../21-libipa-hbac0t64_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking libipa-hbac0t64 (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package libjose0:s390x. 116s Preparing to unpack .../22-libjose0_14-1_s390x.deb ... 116s Unpacking libjose0:s390x (14-1) ... 116s Selecting previously unselected package libverto-libevent1t64:s390x. 116s Preparing to unpack .../23-libverto-libevent1t64_0.3.1-1.2ubuntu3_s390x.deb ... 116s Unpacking libverto-libevent1t64:s390x (0.3.1-1.2ubuntu3) ... 116s Selecting previously unselected package libverto1t64:s390x. 116s Preparing to unpack .../24-libverto1t64_0.3.1-1.2ubuntu3_s390x.deb ... 116s Unpacking libverto1t64:s390x (0.3.1-1.2ubuntu3) ... 116s Selecting previously unselected package libkrad0:s390x. 116s Preparing to unpack .../25-libkrad0_1.21.3-4_s390x.deb ... 116s Unpacking libkrad0:s390x (1.21.3-4) ... 116s Selecting previously unselected package libtalloc2:s390x. 116s Preparing to unpack .../26-libtalloc2_2.4.2-1build2_s390x.deb ... 116s Unpacking libtalloc2:s390x (2.4.2-1build2) ... 116s Selecting previously unselected package libtdb1:s390x. 116s Preparing to unpack .../27-libtdb1_1.4.12-1_s390x.deb ... 116s Unpacking libtdb1:s390x (1.4.12-1) ... 116s Selecting previously unselected package libtevent0t64:s390x. 116s Preparing to unpack .../28-libtevent0t64_0.16.1-3_s390x.deb ... 116s Unpacking libtevent0t64:s390x (0.16.1-3) ... 116s Selecting previously unselected package libldb2:s390x. 116s Preparing to unpack .../29-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu3_s390x.deb ... 116s Unpacking libldb2:s390x (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 116s Selecting previously unselected package libnfsidmap1:s390x. 116s Preparing to unpack .../30-libnfsidmap1_1%3a2.6.4-4ubuntu1_s390x.deb ... 116s Unpacking libnfsidmap1:s390x (1:2.6.4-4ubuntu1) ... 116s Selecting previously unselected package libnss-sudo. 116s Preparing to unpack .../31-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 116s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 116s Selecting previously unselected package libpwquality-common. 116s Preparing to unpack .../32-libpwquality-common_1.4.5-3build1_all.deb ... 116s Unpacking libpwquality-common (1.4.5-3build1) ... 116s Selecting previously unselected package libpwquality1:s390x. 116s Preparing to unpack .../33-libpwquality1_1.4.5-3build1_s390x.deb ... 116s Unpacking libpwquality1:s390x (1.4.5-3build1) ... 116s Selecting previously unselected package libpam-pwquality:s390x. 116s Preparing to unpack .../34-libpam-pwquality_1.4.5-3build1_s390x.deb ... 116s Unpacking libpam-pwquality:s390x (1.4.5-3build1) ... 116s Selecting previously unselected package libwbclient0:s390x. 116s Preparing to unpack .../35-libwbclient0_2%3a4.20.4+dfsg-1ubuntu3_s390x.deb ... 116s Unpacking libwbclient0:s390x (2:4.20.4+dfsg-1ubuntu3) ... 116s Selecting previously unselected package samba-libs:s390x. 116s Preparing to unpack .../36-samba-libs_2%3a4.20.4+dfsg-1ubuntu3_s390x.deb ... 116s Unpacking samba-libs:s390x (2:4.20.4+dfsg-1ubuntu3) ... 116s Selecting previously unselected package libsmbclient0:s390x. 116s Preparing to unpack .../37-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu3_s390x.deb ... 116s Unpacking libsmbclient0:s390x (2:4.20.4+dfsg-1ubuntu3) ... 116s Selecting previously unselected package libnss-sss:s390x. 116s Preparing to unpack .../38-libnss-sss_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking libnss-sss:s390x (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package libpam-sss:s390x. 116s Preparing to unpack .../39-libpam-sss_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking libpam-sss:s390x (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package python3-sss. 116s Preparing to unpack .../40-python3-sss_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking python3-sss (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package libsss-certmap0. 116s Preparing to unpack .../41-libsss-certmap0_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking libsss-certmap0 (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package libsss-idmap0. 116s Preparing to unpack .../42-libsss-idmap0_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking libsss-idmap0 (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package libsss-nss-idmap0. 116s Preparing to unpack .../43-libsss-nss-idmap0_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-common. 116s Preparing to unpack .../44-sssd-common_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-common (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-idp. 116s Preparing to unpack .../45-sssd-idp_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-idp (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-passkey. 116s Preparing to unpack .../46-sssd-passkey_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-passkey (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package libipa-hbac-dev. 116s Preparing to unpack .../47-libipa-hbac-dev_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking libipa-hbac-dev (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package libsss-certmap-dev. 116s Preparing to unpack .../48-libsss-certmap-dev_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking libsss-certmap-dev (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package libsss-idmap-dev. 116s Preparing to unpack .../49-libsss-idmap-dev_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking libsss-idmap-dev (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package libsss-nss-idmap-dev. 116s Preparing to unpack .../50-libsss-nss-idmap-dev_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking libsss-nss-idmap-dev (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package libsss-sudo. 116s Preparing to unpack .../51-libsss-sudo_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking libsss-sudo (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package python3-libipa-hbac. 116s Preparing to unpack .../52-python3-libipa-hbac_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking python3-libipa-hbac (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package python3-libsss-nss-idmap. 116s Preparing to unpack .../53-python3-libsss-nss-idmap_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking python3-libsss-nss-idmap (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-ad-common. 116s Preparing to unpack .../54-sssd-ad-common_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-ad-common (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-krb5-common. 116s Preparing to unpack .../55-sssd-krb5-common_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-krb5-common (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-ad. 116s Preparing to unpack .../56-sssd-ad_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-ad (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-ipa. 116s Preparing to unpack .../57-sssd-ipa_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-ipa (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-krb5. 116s Preparing to unpack .../58-sssd-krb5_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-krb5 (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-ldap. 116s Preparing to unpack .../59-sssd-ldap_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-ldap (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-proxy. 116s Preparing to unpack .../60-sssd-proxy_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-proxy (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd. 116s Preparing to unpack .../61-sssd_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-dbus. 116s Preparing to unpack .../62-sssd-dbus_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-dbus (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-kcm. 116s Preparing to unpack .../63-sssd-kcm_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-kcm (2.9.5-3ubuntu2) ... 116s Selecting previously unselected package sssd-tools. 116s Preparing to unpack .../64-sssd-tools_2.9.5-3ubuntu2_s390x.deb ... 116s Unpacking sssd-tools (2.9.5-3ubuntu2) ... 116s Setting up libpwquality-common (1.4.5-3build1) ... 116s Setting up libnfsidmap1:s390x (1:2.6.4-4ubuntu1) ... 116s Setting up libsss-idmap0 (2.9.5-3ubuntu2) ... 116s Setting up libbasicobjects0t64:s390x (0.6.2-3) ... 116s Setting up libipa-hbac0t64 (2.9.5-3ubuntu2) ... 116s Setting up libsss-idmap-dev (2.9.5-3ubuntu2) ... 116s Setting up libref-array1t64:s390x (0.6.2-3) ... 116s Setting up libipa-hbac-dev (2.9.5-3ubuntu2) ... 116s Setting up libtdb1:s390x (1.4.12-1) ... 116s Setting up libargon2-1:s390x (0~20190702+dfsg-4build1) ... 116s Setting up libcollection4t64:s390x (0.6.2-3) ... 116s Setting up libevent-2.1-7t64:s390x (2.1.12-stable-10) ... 116s Setting up ldap-utils (2.6.8+dfsg-1~exp4ubuntu3) ... 116s Setting up libjose0:s390x (14-1) ... 116s Setting up libwbclient0:s390x (2:4.20.4+dfsg-1ubuntu3) ... 116s Setting up libtalloc2:s390x (2.4.2-1build2) ... 116s Setting up libpath-utils1t64:s390x (0.6.2-3) ... 116s Setting up libavahi-common-data:s390x (0.8-14ubuntu1) ... 116s Setting up libcares2:s390x (1.34.4-2.1) ... 116s Setting up libdhash1t64:s390x (0.6.2-3) ... 116s Setting up libtcl8.6:s390x (8.6.15+dfsg-2) ... 116s Setting up libltdl7:s390x (2.4.7-8) ... 116s Setting up libcrack2:s390x (2.9.6-5.2) ... 116s Setting up libodbc2:s390x (2.3.12-1ubuntu1) ... 116s Setting up python3-libipa-hbac (2.9.5-3ubuntu2) ... 116s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 116s Setting up libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 116s Setting up libini-config5t64:s390x (0.6.2-3) ... 116s Setting up libtevent0t64:s390x (0.16.1-3) ... 116s Setting up libnss-sss:s390x (2.9.5-3ubuntu2) ... 116s Setting up slapd (2.6.8+dfsg-1~exp4ubuntu3) ... 117s Creating new user openldap... done. 117s Creating initial configuration... done. 117s Creating LDAP directory... done. 117s Setting up tcl8.6 (8.6.15+dfsg-2) ... 117s Setting up libsss-sudo (2.9.5-3ubuntu2) ... 117s Setting up libsss-nss-idmap-dev (2.9.5-3ubuntu2) ... 117s Setting up libavahi-common3:s390x (0.8-14ubuntu1) ... 117s Setting up tcl-expect:s390x (5.45.4-3) ... 117s Setting up libsss-certmap0 (2.9.5-3ubuntu2) ... 117s Setting up libpwquality1:s390x (1.4.5-3build1) ... 117s Setting up python3-libsss-nss-idmap (2.9.5-3ubuntu2) ... 117s Setting up libldb2:s390x (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 117s Setting up libavahi-client3:s390x (0.8-14ubuntu1) ... 117s Setting up expect (5.45.4-3) ... 117s Setting up libpam-pwquality:s390x (1.4.5-3build1) ... 117s Setting up samba-libs:s390x (2:4.20.4+dfsg-1ubuntu3) ... 117s Setting up libsss-certmap-dev (2.9.5-3ubuntu2) ... 117s Setting up python3-sss (2.9.5-3ubuntu2) ... 117s Setting up libsmbclient0:s390x (2:4.20.4+dfsg-1ubuntu3) ... 117s Setting up libpam-sss:s390x (2.9.5-3ubuntu2) ... 117s Setting up sssd-common (2.9.5-3ubuntu2) ... 117s Creating SSSD system user & group... 117s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 117s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 117s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 117s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 118s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 118s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 118s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 118s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 118s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 118s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 119s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 119s sssd-autofs.service is a disabled or a static unit, not starting it. 119s sssd-nss.service is a disabled or a static unit, not starting it. 119s sssd-pam.service is a disabled or a static unit, not starting it. 119s sssd-ssh.service is a disabled or a static unit, not starting it. 119s sssd-sudo.service is a disabled or a static unit, not starting it. 119s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 119s Setting up sssd-proxy (2.9.5-3ubuntu2) ... 119s Setting up sssd-kcm (2.9.5-3ubuntu2) ... 119s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 119s sssd-kcm.service is a disabled or a static unit, not starting it. 119s Setting up sssd-dbus (2.9.5-3ubuntu2) ... 120s sssd-ifp.service is a disabled or a static unit, not starting it. 120s Setting up sssd-ad-common (2.9.5-3ubuntu2) ... 120s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 120s sssd-pac.service is a disabled or a static unit, not starting it. 120s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 120s Setting up sssd-krb5-common (2.9.5-3ubuntu2) ... 120s Setting up sssd-krb5 (2.9.5-3ubuntu2) ... 120s Setting up sssd-ldap (2.9.5-3ubuntu2) ... 120s Setting up sssd-ad (2.9.5-3ubuntu2) ... 120s Setting up sssd-tools (2.9.5-3ubuntu2) ... 120s Setting up sssd-ipa (2.9.5-3ubuntu2) ... 120s Setting up sssd (2.9.5-3ubuntu2) ... 120s Setting up libverto1t64:s390x (0.3.1-1.2ubuntu3) ... 120s Setting up libkrad0:s390x (1.21.3-4) ... 120s Setting up libverto-libevent1t64:s390x (0.3.1-1.2ubuntu3) ... 120s Setting up sssd-passkey (2.9.5-3ubuntu2) ... 120s Setting up sssd-idp (2.9.5-3ubuntu2) ... 120s Processing triggers for libc-bin (2.40-4ubuntu1) ... 120s Processing triggers for ufw (0.36.2-8) ... 120s Processing triggers for man-db (2.13.0-1) ... 121s Processing triggers for dbus (1.14.10-4ubuntu5) ... 126s autopkgtest [05:04:52]: test ldap-user-group-ldap-auth: [----------------------- 126s + . debian/tests/util 126s + . debian/tests/common-tests 126s + mydomain=example.com 126s + myhostname=ldap.example.com 126s + mysuffix=dc=example,dc=com 126s + admin_dn=cn=admin,dc=example,dc=com 126s + admin_pw=secret 126s + ldap_user=testuser1 126s + ldap_user_pw=testuser1secret 126s + ldap_group=ldapusers 126s + adjust_hostname ldap.example.com 126s + local myhostname=ldap.example.com 126s + echo ldap.example.com 126s + hostname ldap.example.com 126s + grep -qE ldap.example.com /etc/hosts 126s + echo 127.0.1.10 ldap.example.com 126s + reconfigure_slapd 126s + debconf-set-selections 126s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 126s + dpkg-reconfigure -fnoninteractive -pcritical slapd 127s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3... done. 127s Moving old database directory to /var/backups: 127s - directory unknown... done. 127s Creating initial configuration... done. 127s Creating LDAP directory... done. 127s + generate_certs ldap.example.com 127s + local cn=ldap.example.com 127s + local cert=/etc/ldap/server.pem 127s + local key=/etc/ldap/server.key 127s + local cnf=/etc/ldap/openssl.cnf 127s + cat 127s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 127s ..........++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 127s ...................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 127s ----- 127s + chmod 0640 /etc/ldap/server.key 127s + chgrp openldap /etc/ldap/server.key 127s + [ ! -f /etc/ldap/server.pem ] 127s + [ ! -f /etc/ldap/server.key ] 127s + enable_ldap_ssl 127s + cat 127s + cat 127s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 127s + populate_ldap_rfc2307 127s + + cat 127s ldapadd -x -D cn=admin,dc=example,dc=com -w secret 127s + configure_sssd_ldap_rfc2307 127s + cat 127s + chmod 0600 /etc/sssd/sssd.conf 127s + systemctl restart sssd 127s modifying entry "cn=config" 127s 127s adding new entry "ou=People,dc=example,dc=com" 127s 127s adding new entry "ou=Group,dc=example,dc=com" 127s 127s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 127s 127s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 127s 127s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 127s 127s + enable_pam_mkhomedir 127s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 127s Assert local user databases do not have our LDAP test data 127s + echo session optional pam_mkhomedir.so 127s + run_common_tests 127s + echo Assert local user databases do not have our LDAP test data 127s + check_local_user testuser1 127s + local local_user=testuser1 127s + grep -q ^testuser1 /etc/passwd 127s + check_local_group testuser1 127s + local local_group=testuser1 127s + grep -q ^testuser1 /etc/group 127s + check_local_group ldapusers 127s + local local_group=ldapusers 127s + grep -q ^ldapusers /etc/group 127s + echo The LDAP user is known to the system via getent 127s + check_getent_user testuser1 127s + local getent_user=testuser1 127s + local output 127s + getent passwd testuser1 127s The LDAP user is known to the system via getent 127s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 127s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 127s + echo The LDAP user's private group is known to the system via getent 127s + check_getent_group testuser1 127s + local getent_group=testuser1 127s + local output 127s + getent group testuser1 127s The LDAP user's private group is known to the system via getent 127s + output=testuser1:*:10001:testuser1 127s + [ -z testuser1:*:10001:testuser1 ] 127s The LDAP group ldapusers is known to the system via getent 127s + echo The LDAP group ldapusers is known to the system via getent 127s + check_getent_group ldapusers 127s + local getent_group=ldapusers 127s + local output 127s + getent group ldapusers 127s The id(1) command can resolve the group membership of the LDAP user 127s + output=ldapusers:*:10100:testuser1 127s + [ -z ldapusers:*:10100:testuser1 ] 127s + echo The id(1) command can resolve the group membership of the LDAP user 127s + id -Gn testuser1 127s The LDAP user can login on a terminal 127s + output=testuser1 ldapusers 127s + [ testuser1 ldapusers != testuser1 ldapusers ] 127s + echo The LDAP user can login on a terminal 127s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 127s spawn login 127s ldap.example.com login: testuser1 127s Password: 127s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.11.0-8-generic s390x) 127s 127s * Documentation: https://help.ubuntu.com 127s * Management: https://landscape.canonical.com 127s * Support: https://ubuntu.com/pro 127s 127s 127s The programs included with the Ubuntu system are free software; 127s the exact distribution terms for each program are described in the 127s individual files in /usr/share/doc/*/copyright. 127s 127s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 127s applicable law. 127s 127s 127s The programs included with the Ubuntu system are free software; 127s the exact distribution terms for each program are described in the 127s individual files in /usr/share/doc/*/copyright. 127s 127s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 127s applicable law. 127s 127s Creating directory '/home/testuser1'. 127s [?2004htestuser1@ldap:~$ id -un 127s [?2004l testuser1 128s [?2004htestuser1@ldap:~$ autopkgtest [05:04:54]: test ldap-user-group-ldap-auth: -----------------------] 128s autopkgtest [05:04:54]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 128s ldap-user-group-ldap-auth PASS 129s autopkgtest [05:04:55]: test ldap-user-group-krb5-auth: preparing testbed 129s Reading package lists... 129s Building dependency tree... 129s Reading state information... 129s Starting pkgProblemResolver with broken count: 0 129s Starting 2 pkgProblemResolver with broken count: 0 129s Done 129s The following NEW packages will be installed: 129s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 129s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 129s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 129s Need to get 623 kB of archives. 129s After this operation, 2132 kB of additional disk space will be used. 129s Get:1 http://ftpmaster.internal/ubuntu plucky/main s390x krb5-config all 2.7 [22.0 kB] 129s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libgssrpc4t64 s390x 1.21.3-4 [59.1 kB] 130s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libkadm5clnt-mit12 s390x 1.21.3-4 [40.7 kB] 130s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libkdb5-10t64 s390x 1.21.3-4 [41.9 kB] 130s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libkadm5srv-mit12 s390x 1.21.3-4 [55.4 kB] 130s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/universe s390x krb5-user s390x 1.21.3-4 [110 kB] 130s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/universe s390x krb5-kdc s390x 1.21.3-4 [198 kB] 130s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/universe s390x krb5-admin-server s390x 1.21.3-4 [95.7 kB] 130s Preconfiguring packages ... 131s Fetched 623 kB in 1s (1134 kB/s) 131s Selecting previously unselected package krb5-config. 131s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56951 files and directories currently installed.) 131s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 131s Unpacking krb5-config (2.7) ... 131s Selecting previously unselected package libgssrpc4t64:s390x. 131s Preparing to unpack .../1-libgssrpc4t64_1.21.3-4_s390x.deb ... 131s Unpacking libgssrpc4t64:s390x (1.21.3-4) ... 131s Selecting previously unselected package libkadm5clnt-mit12:s390x. 131s Preparing to unpack .../2-libkadm5clnt-mit12_1.21.3-4_s390x.deb ... 131s Unpacking libkadm5clnt-mit12:s390x (1.21.3-4) ... 131s Selecting previously unselected package libkdb5-10t64:s390x. 131s Preparing to unpack .../3-libkdb5-10t64_1.21.3-4_s390x.deb ... 131s Unpacking libkdb5-10t64:s390x (1.21.3-4) ... 131s Selecting previously unselected package libkadm5srv-mit12:s390x. 131s Preparing to unpack .../4-libkadm5srv-mit12_1.21.3-4_s390x.deb ... 131s Unpacking libkadm5srv-mit12:s390x (1.21.3-4) ... 131s Selecting previously unselected package krb5-user. 131s Preparing to unpack .../5-krb5-user_1.21.3-4_s390x.deb ... 131s Unpacking krb5-user (1.21.3-4) ... 131s Selecting previously unselected package krb5-kdc. 131s Preparing to unpack .../6-krb5-kdc_1.21.3-4_s390x.deb ... 131s Unpacking krb5-kdc (1.21.3-4) ... 131s Selecting previously unselected package krb5-admin-server. 131s Preparing to unpack .../7-krb5-admin-server_1.21.3-4_s390x.deb ... 131s Unpacking krb5-admin-server (1.21.3-4) ... 131s Setting up libgssrpc4t64:s390x (1.21.3-4) ... 131s Setting up krb5-config (2.7) ... 131s Setting up libkadm5clnt-mit12:s390x (1.21.3-4) ... 131s Setting up libkdb5-10t64:s390x (1.21.3-4) ... 131s Setting up libkadm5srv-mit12:s390x (1.21.3-4) ... 131s Setting up krb5-user (1.21.3-4) ... 131s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 131s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 131s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 131s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 131s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 131s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 131s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 131s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 131s Setting up krb5-kdc (1.21.3-4) ... 132s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 132s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 132s Setting up krb5-admin-server (1.21.3-4) ... 132s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 133s Processing triggers for man-db (2.13.0-1) ... 133s Processing triggers for libc-bin (2.40-4ubuntu1) ... 138s autopkgtest [05:05:04]: test ldap-user-group-krb5-auth: [----------------------- 139s + . debian/tests/util 139s + . debian/tests/common-tests 139s + mydomain=example.com 139s + myhostname=ldap.example.com 139s + mysuffix=dc=example,dc=com 139s + myrealm=EXAMPLE.COM 139s + admin_dn=cn=admin,dc=example,dc=com 139s + admin_pw=secret 139s + ldap_user=testuser1 139s + ldap_user_pw=testuser1secret 139s + kerberos_principal_pw=testuser1kerberos 139s + ldap_group=ldapusers 139s + adjust_hostname ldap.example.com 139s + local myhostname=ldap.example.com 139s + echo ldap.example.com 139s + hostname ldap.example.com 139s + grep -qE ldap.example.com /etc/hosts 139s + reconfigure_slapd 139s + debconf-set-selections 139s + rm -rf /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3 /var/backups/unknown-2.6.8+dfsg-1~exp4ubuntu3-20250117-050453.ldapdb 139s + dpkg-reconfigure -fnoninteractive -pcritical slapd 139s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3... done. 139s Moving old database directory to /var/backups: 139s - directory unknown... done. 139s Creating initial configuration... done. 139s Creating LDAP directory... done. 139s + generate_certs ldap.example.com 139s + local cn=ldap.example.com 139s + local cert=/etc/ldap/server.pem 139s + local key=/etc/ldap/server.key 139s + local cnf=/etc/ldap/openssl.cnf 139s + cat 139s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 139s ......................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 139s ................modifying entry "cn=config" 139s 139s ...............................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 139s ----- 139s + chmod 0640 /etc/ldap/server.key 139s + chgrp openldap /etc/ldap/server.key 139s + [ ! -f /etc/ldap/server.pem ] 139s + [ ! -f /etc/ldap/server.key ] 139s + enable_ldap_ssl 139s + cat 139s + cat 139s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 139s adding new entry "ou=People,dc=example,dc=com" 139s 139s adding new entry "ou=Group,dc=example,dc=com" 139s 139s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 139s 139s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 139s 139s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 139s 139s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 139s master key name 'K/M@EXAMPLE.COM' 139s + populate_ldap_rfc2307 139s + cat 139s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 139s + create_realm EXAMPLE.COM ldap.example.com 139s + local realm_name=EXAMPLE.COM 139s + local kerberos_server=ldap.example.com 139s + rm -rf /var/lib/krb5kdc/* 139s + rm -rf /etc/krb5kdc/kdc.conf 139s + rm -f /etc/krb5.keytab 139s + cat 139s + cat 139s + echo # */admin * 139s + kdb5_util create -s -P secretpassword 139s + systemctl restart krb5-kdc.service krb5-admin-server.service 139s + create_krb_principal testuser1 testuser1kerberos 139s + local principal=testuser1 139s + local password=testuser1kerberos 139s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 139s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 139s Authenticating as principal root/admin@EXAMPLE.COM with password. 139s Principal "testuser1@EXAMPLE.COM" created. 139s + configure_sssd_ldap_rfc2307_krb5_auth 139s + cat 139s + chmod 0600 /etc/sssd/sssd.conf 139s + systemctl restart sssd 140s + enable_pam_mkhomedir 140s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 140s Assert local user databases do not have our LDAP test data 140s + run_common_tests 140s + echo Assert local user databases do not have our LDAP test data 140s + check_local_user testuser1 140s + local local_user=testuser1 140s + grep -q ^testuser1 /etc/passwd 140s + check_local_group testuser1 140s + local local_group=testuser1 140s + grep -q ^testuser1 /etc/group 140s + check_local_group ldapusers 140s + local local_group=ldapusers 140s + grep -q ^ldapusers /etc/group 140s The LDAP user is known to the system via getent 140s + echo The LDAP user is known to the system via getent 140s + check_getent_user testuser1 140s + local getent_user=testuser1 140s + local output 140s + getent passwd testuser1 140s The LDAP user's private group is known to the system via getent 140s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 140s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 140s + echo The LDAP user's private group is known to the system via getent 140s + check_getent_group testuser1 140s + local getent_group=testuser1 140s + local output 140s + getent group testuser1 140s The LDAP group ldapusers is known to the system via getent 140s + output=testuser1:*:10001:testuser1 140s + [ -z testuser1:*:10001:testuser1 ] 140s + echo The LDAP group ldapusers is known to the system via getent 140s + check_getent_group ldapusers 140s + local getent_group=ldapusers 140s + local output 140s + getent group ldapusers 140s The id(1) command can resolve the group membership of the LDAP user 140s + output=ldapusers:*:10100:testuser1 140s + [ -z ldapusers:*:10100:testuser1 ] 140s + echo The id(1) command can resolve the group membership of the LDAP user 140s + id -Gn testuser1 140s The Kerberos principal can login on a terminal 140s + output=testuser1 ldapusers 140s + [ testuser1 ldapusers != testuser1 ldapusers ] 140s + echo The Kerberos principal can login on a terminal 140s + kdestroy 140s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 140s spawn login 140s ldap.example.com login: testuser1 140s Password: 140s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.11.0-8-generic s390x) 140s 140s * Documentation: https://help.ubuntu.com 140s * Management: https://landscape.canonical.com 140s * Support: https://ubuntu.com/pro 140s 140s 140s The programs included with the Ubuntu system are free software; 140s the exact distribution terms for each program are described in the 140s individual files in /usr/share/doc/*/copyright. 140s 140s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 140s applicable law. 140s 140s [?2004htestuser1@ldap:~$ id -un 140s [?2004l testuser1 140s [?2004htestuser1@ldap:~$ klist 140s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_JftMJw 140s Default principal: testuser1@EXAMPLE.COM 140s 140s Valid starting Expires Service principal 140s 01/17/25 05:05:06 01/17/25 15:05:06 krbtgt/EXAMPLE.COM@EXAMPLE.COM 140s renew until 01/18/25 05:05:06 140s autopkgtest [05:05:06]: test ldap-user-group-krb5-auth: -----------------------] 140s autopkgtest [05:05:06]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 140s ldap-user-group-krb5-auth PASS 141s autopkgtest [05:05:07]: test sssd-softhism2-certificates-tests.sh: preparing testbed 223s autopkgtest [05:06:29]: testbed dpkg architecture: s390x 223s autopkgtest [05:06:29]: testbed apt version: 2.9.18 223s autopkgtest [05:06:29]: @@@@@@@@@@@@@@@@@@@@ test bed setup 224s autopkgtest [05:06:30]: testbed release detected to be: plucky 224s autopkgtest [05:06:30]: updating testbed package index (apt update) 225s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 225s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 225s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 225s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 225s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [170 kB] 225s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [913 kB] 225s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 225s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [15.4 kB] 225s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x Packages [284 kB] 225s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted s390x Packages [756 B] 225s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe s390x Packages [971 kB] 225s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse s390x Packages [6876 B] 225s Fetched 2444 kB in 1s (2578 kB/s) 226s Reading package lists... 227s Reading package lists... 227s Building dependency tree... 227s Reading state information... 227s Calculating upgrade... 227s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 227s Reading package lists... 227s Building dependency tree... 227s Reading state information... 227s 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded. 227s autopkgtest [05:06:33]: upgrading testbed (apt dist-upgrade and autopurge) 227s Reading package lists... 227s Building dependency tree... 227s Reading state information... 228s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 228s Starting 2 pkgProblemResolver with broken count: 0 228s Done 228s Entering ResolveByKeep 228s 228s The following packages will be upgraded: 228s krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 228s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 228s Need to get 644 kB of archives. 228s After this operation, 28.7 kB of additional disk space will be used. 228s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x krb5-locales all 1.21.3-4 [14.5 kB] 228s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libgssapi-krb5-2 s390x 1.21.3-4 [149 kB] 228s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libkrb5-3 s390x 1.21.3-4 [355 kB] 229s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libkrb5support0 s390x 1.21.3-4 [35.0 kB] 229s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libk5crypto3 s390x 1.21.3-4 [89.8 kB] 229s Fetched 644 kB in 1s (1170 kB/s) 229s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 55658 files and directories currently installed.) 229s Preparing to unpack .../krb5-locales_1.21.3-4_all.deb ... 229s Unpacking krb5-locales (1.21.3-4) over (1.21.3-3) ... 229s Preparing to unpack .../libgssapi-krb5-2_1.21.3-4_s390x.deb ... 229s Unpacking libgssapi-krb5-2:s390x (1.21.3-4) over (1.21.3-3) ... 229s Preparing to unpack .../libkrb5-3_1.21.3-4_s390x.deb ... 229s Unpacking libkrb5-3:s390x (1.21.3-4) over (1.21.3-3) ... 229s Preparing to unpack .../libkrb5support0_1.21.3-4_s390x.deb ... 229s Unpacking libkrb5support0:s390x (1.21.3-4) over (1.21.3-3) ... 229s Preparing to unpack .../libk5crypto3_1.21.3-4_s390x.deb ... 229s Unpacking libk5crypto3:s390x (1.21.3-4) over (1.21.3-3) ... 229s Setting up krb5-locales (1.21.3-4) ... 229s Setting up libkrb5support0:s390x (1.21.3-4) ... 229s Setting up libk5crypto3:s390x (1.21.3-4) ... 229s Setting up libkrb5-3:s390x (1.21.3-4) ... 229s Setting up libgssapi-krb5-2:s390x (1.21.3-4) ... 229s Processing triggers for libc-bin (2.40-4ubuntu1) ... 229s Reading package lists... 229s Building dependency tree... 229s Reading state information... 230s Starting pkgProblemResolver with broken count: 0 230s Starting 2 pkgProblemResolver with broken count: 0 230s Done 230s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 232s Reading package lists... 232s Building dependency tree... 232s Reading state information... 232s Starting pkgProblemResolver with broken count: 0 232s Starting 2 pkgProblemResolver with broken count: 0 232s Done 233s The following NEW packages will be installed: 233s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 233s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 233s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 233s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 233s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 233s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 233s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 233s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 233s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 233s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 233s Need to get 10.5 MB of archives. 233s After this operation, 41.1 MB of additional disk space will be used. 233s Get:1 http://ftpmaster.internal/ubuntu plucky/main s390x libevent-2.1-7t64 s390x 2.1.12-stable-10 [145 kB] 233s Get:2 http://ftpmaster.internal/ubuntu plucky/main s390x libunbound8 s390x 1.20.0-1ubuntu2.1 [455 kB] 233s Get:3 http://ftpmaster.internal/ubuntu plucky/main s390x libgnutls-dane0t64 s390x 3.8.8-2ubuntu1 [24.4 kB] 233s Get:4 http://ftpmaster.internal/ubuntu plucky/universe s390x gnutls-bin s390x 3.8.8-2ubuntu1 [288 kB] 233s Get:5 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-common-data s390x 0.8-14ubuntu1 [30.5 kB] 233s Get:6 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-common3 s390x 0.8-14ubuntu1 [23.6 kB] 233s Get:7 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-client3 s390x 0.8-14ubuntu1 [26.8 kB] 233s Get:8 http://ftpmaster.internal/ubuntu plucky/main s390x libbasicobjects0t64 s390x 0.6.2-3 [5788 B] 233s Get:9 http://ftpmaster.internal/ubuntu plucky/main s390x libcares2 s390x 1.34.4-2.1 [101 kB] 233s Get:10 http://ftpmaster.internal/ubuntu plucky/main s390x libcollection4t64 s390x 0.6.2-3 [23.7 kB] 233s Get:11 http://ftpmaster.internal/ubuntu plucky/main s390x libcrack2 s390x 2.9.6-5.2 [29.6 kB] 233s Get:12 http://ftpmaster.internal/ubuntu plucky/main s390x libdhash1t64 s390x 0.6.2-3 [8880 B] 233s Get:13 http://ftpmaster.internal/ubuntu plucky/main s390x libpath-utils1t64 s390x 0.6.2-3 [9228 B] 233s Get:14 http://ftpmaster.internal/ubuntu plucky/main s390x libref-array1t64 s390x 0.6.2-3 [7190 B] 233s Get:15 http://ftpmaster.internal/ubuntu plucky/main s390x libini-config5t64 s390x 0.6.2-3 [45.9 kB] 233s Get:16 http://ftpmaster.internal/ubuntu plucky/main s390x libipa-hbac0t64 s390x 2.9.5-3ubuntu2 [17.8 kB] 233s Get:17 http://ftpmaster.internal/ubuntu plucky/main s390x libtalloc2 s390x 2.4.2-1build2 [28.4 kB] 233s Get:18 http://ftpmaster.internal/ubuntu plucky/main s390x libtdb1 s390x 1.4.12-1 [49.4 kB] 233s Get:19 http://ftpmaster.internal/ubuntu plucky/main s390x libtevent0t64 s390x 0.16.1-3 [42.6 kB] 233s Get:20 http://ftpmaster.internal/ubuntu plucky/main s390x libldb2 s390x 2:2.9.1+samba4.20.4+dfsg-1ubuntu3 [194 kB] 233s Get:21 http://ftpmaster.internal/ubuntu plucky/main s390x libnfsidmap1 s390x 1:2.6.4-4ubuntu1 [49.9 kB] 233s Get:22 http://ftpmaster.internal/ubuntu plucky/main s390x libpwquality-common all 1.4.5-3build1 [7748 B] 233s Get:23 http://ftpmaster.internal/ubuntu plucky/main s390x libpwquality1 s390x 1.4.5-3build1 [14.8 kB] 233s Get:24 http://ftpmaster.internal/ubuntu plucky/main s390x libpam-pwquality s390x 1.4.5-3build1 [11.5 kB] 233s Get:25 http://ftpmaster.internal/ubuntu plucky/main s390x libwbclient0 s390x 2:4.20.4+dfsg-1ubuntu3 [75.4 kB] 233s Get:26 http://ftpmaster.internal/ubuntu plucky/main s390x samba-libs s390x 2:4.20.4+dfsg-1ubuntu3 [6353 kB] 234s Get:27 http://ftpmaster.internal/ubuntu plucky/main s390x libsmbclient0 s390x 2:4.20.4+dfsg-1ubuntu3 [64.8 kB] 234s Get:28 http://ftpmaster.internal/ubuntu plucky/main s390x libnss-sss s390x 2.9.5-3ubuntu2 [33.2 kB] 234s Get:29 http://ftpmaster.internal/ubuntu plucky/main s390x libpam-sss s390x 2.9.5-3ubuntu2 [52.2 kB] 234s Get:30 http://ftpmaster.internal/ubuntu plucky/universe s390x softhsm2-common s390x 2.6.1-2.2ubuntu3 [6196 B] 234s Get:31 http://ftpmaster.internal/ubuntu plucky/universe s390x libsofthsm2 s390x 2.6.1-2.2ubuntu3 [267 kB] 234s Get:32 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-certmap0 s390x 2.9.5-3ubuntu2 [47.0 kB] 234s Get:33 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-idmap0 s390x 2.9.5-3ubuntu2 [22.7 kB] 234s Get:34 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-nss-idmap0 s390x 2.9.5-3ubuntu2 [31.8 kB] 234s Get:35 http://ftpmaster.internal/ubuntu plucky/main s390x python3-sss s390x 2.9.5-3ubuntu2 [47.4 kB] 234s Get:36 http://ftpmaster.internal/ubuntu plucky/universe s390x softhsm2 s390x 2.6.1-2.2ubuntu3 [176 kB] 234s Get:37 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-common s390x 2.9.5-3ubuntu2 [1113 kB] 234s Get:38 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ad-common s390x 2.9.5-3ubuntu2 [73.6 kB] 234s Get:39 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-krb5-common s390x 2.9.5-3ubuntu2 [88.8 kB] 234s Get:40 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ad s390x 2.9.5-3ubuntu2 [132 kB] 234s Get:41 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ipa s390x 2.9.5-3ubuntu2 [212 kB] 234s Get:42 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-krb5 s390x 2.9.5-3ubuntu2 [14.4 kB] 234s Get:43 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ldap s390x 2.9.5-3ubuntu2 [31.1 kB] 234s Get:44 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-proxy s390x 2.9.5-3ubuntu2 [43.2 kB] 234s Get:45 http://ftpmaster.internal/ubuntu plucky/main s390x sssd s390x 2.9.5-3ubuntu2 [4120 B] 234s Fetched 10.5 MB in 1s (9348 kB/s) 234s Selecting previously unselected package libevent-2.1-7t64:s390x. 234s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 55658 files and directories currently installed.) 234s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10_s390x.deb ... 234s Unpacking libevent-2.1-7t64:s390x (2.1.12-stable-10) ... 234s Selecting previously unselected package libunbound8:s390x. 234s Preparing to unpack .../01-libunbound8_1.20.0-1ubuntu2.1_s390x.deb ... 234s Unpacking libunbound8:s390x (1.20.0-1ubuntu2.1) ... 234s Selecting previously unselected package libgnutls-dane0t64:s390x. 234s Preparing to unpack .../02-libgnutls-dane0t64_3.8.8-2ubuntu1_s390x.deb ... 234s Unpacking libgnutls-dane0t64:s390x (3.8.8-2ubuntu1) ... 234s Selecting previously unselected package gnutls-bin. 234s Preparing to unpack .../03-gnutls-bin_3.8.8-2ubuntu1_s390x.deb ... 234s Unpacking gnutls-bin (3.8.8-2ubuntu1) ... 234s Selecting previously unselected package libavahi-common-data:s390x. 234s Preparing to unpack .../04-libavahi-common-data_0.8-14ubuntu1_s390x.deb ... 234s Unpacking libavahi-common-data:s390x (0.8-14ubuntu1) ... 234s Selecting previously unselected package libavahi-common3:s390x. 234s Preparing to unpack .../05-libavahi-common3_0.8-14ubuntu1_s390x.deb ... 234s Unpacking libavahi-common3:s390x (0.8-14ubuntu1) ... 234s Selecting previously unselected package libavahi-client3:s390x. 234s Preparing to unpack .../06-libavahi-client3_0.8-14ubuntu1_s390x.deb ... 234s Unpacking libavahi-client3:s390x (0.8-14ubuntu1) ... 234s Selecting previously unselected package libbasicobjects0t64:s390x. 234s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-3_s390x.deb ... 234s Unpacking libbasicobjects0t64:s390x (0.6.2-3) ... 234s Selecting previously unselected package libcares2:s390x. 234s Preparing to unpack .../08-libcares2_1.34.4-2.1_s390x.deb ... 234s Unpacking libcares2:s390x (1.34.4-2.1) ... 234s Selecting previously unselected package libcollection4t64:s390x. 234s Preparing to unpack .../09-libcollection4t64_0.6.2-3_s390x.deb ... 234s Unpacking libcollection4t64:s390x (0.6.2-3) ... 234s Selecting previously unselected package libcrack2:s390x. 234s Preparing to unpack .../10-libcrack2_2.9.6-5.2_s390x.deb ... 234s Unpacking libcrack2:s390x (2.9.6-5.2) ... 234s Selecting previously unselected package libdhash1t64:s390x. 234s Preparing to unpack .../11-libdhash1t64_0.6.2-3_s390x.deb ... 234s Unpacking libdhash1t64:s390x (0.6.2-3) ... 234s Selecting previously unselected package libpath-utils1t64:s390x. 234s Preparing to unpack .../12-libpath-utils1t64_0.6.2-3_s390x.deb ... 234s Unpacking libpath-utils1t64:s390x (0.6.2-3) ... 234s Selecting previously unselected package libref-array1t64:s390x. 234s Preparing to unpack .../13-libref-array1t64_0.6.2-3_s390x.deb ... 234s Unpacking libref-array1t64:s390x (0.6.2-3) ... 234s Selecting previously unselected package libini-config5t64:s390x. 234s Preparing to unpack .../14-libini-config5t64_0.6.2-3_s390x.deb ... 234s Unpacking libini-config5t64:s390x (0.6.2-3) ... 234s Selecting previously unselected package libipa-hbac0t64. 234s Preparing to unpack .../15-libipa-hbac0t64_2.9.5-3ubuntu2_s390x.deb ... 234s Unpacking libipa-hbac0t64 (2.9.5-3ubuntu2) ... 234s Selecting previously unselected package libtalloc2:s390x. 234s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_s390x.deb ... 234s Unpacking libtalloc2:s390x (2.4.2-1build2) ... 234s Selecting previously unselected package libtdb1:s390x. 234s Preparing to unpack .../17-libtdb1_1.4.12-1_s390x.deb ... 234s Unpacking libtdb1:s390x (1.4.12-1) ... 234s Selecting previously unselected package libtevent0t64:s390x. 234s Preparing to unpack .../18-libtevent0t64_0.16.1-3_s390x.deb ... 234s Unpacking libtevent0t64:s390x (0.16.1-3) ... 234s Selecting previously unselected package libldb2:s390x. 234s Preparing to unpack .../19-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu3_s390x.deb ... 234s Unpacking libldb2:s390x (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 234s Selecting previously unselected package libnfsidmap1:s390x. 234s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-4ubuntu1_s390x.deb ... 234s Unpacking libnfsidmap1:s390x (1:2.6.4-4ubuntu1) ... 234s Selecting previously unselected package libpwquality-common. 234s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 234s Unpacking libpwquality-common (1.4.5-3build1) ... 234s Selecting previously unselected package libpwquality1:s390x. 234s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_s390x.deb ... 234s Unpacking libpwquality1:s390x (1.4.5-3build1) ... 234s Selecting previously unselected package libpam-pwquality:s390x. 234s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_s390x.deb ... 234s Unpacking libpam-pwquality:s390x (1.4.5-3build1) ... 234s Selecting previously unselected package libwbclient0:s390x. 234s Preparing to unpack .../24-libwbclient0_2%3a4.20.4+dfsg-1ubuntu3_s390x.deb ... 234s Unpacking libwbclient0:s390x (2:4.20.4+dfsg-1ubuntu3) ... 234s Selecting previously unselected package samba-libs:s390x. 234s Preparing to unpack .../25-samba-libs_2%3a4.20.4+dfsg-1ubuntu3_s390x.deb ... 234s Unpacking samba-libs:s390x (2:4.20.4+dfsg-1ubuntu3) ... 234s Selecting previously unselected package libsmbclient0:s390x. 234s Preparing to unpack .../26-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu3_s390x.deb ... 234s Unpacking libsmbclient0:s390x (2:4.20.4+dfsg-1ubuntu3) ... 234s Selecting previously unselected package libnss-sss:s390x. 234s Preparing to unpack .../27-libnss-sss_2.9.5-3ubuntu2_s390x.deb ... 234s Unpacking libnss-sss:s390x (2.9.5-3ubuntu2) ... 234s Selecting previously unselected package libpam-sss:s390x. 234s Preparing to unpack .../28-libpam-sss_2.9.5-3ubuntu2_s390x.deb ... 234s Unpacking libpam-sss:s390x (2.9.5-3ubuntu2) ... 234s Selecting previously unselected package softhsm2-common. 234s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_s390x.deb ... 234s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 234s Selecting previously unselected package libsofthsm2. 234s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_s390x.deb ... 234s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 234s Selecting previously unselected package libsss-certmap0. 234s Preparing to unpack .../31-libsss-certmap0_2.9.5-3ubuntu2_s390x.deb ... 234s Unpacking libsss-certmap0 (2.9.5-3ubuntu2) ... 234s Selecting previously unselected package libsss-idmap0. 234s Preparing to unpack .../32-libsss-idmap0_2.9.5-3ubuntu2_s390x.deb ... 234s Unpacking libsss-idmap0 (2.9.5-3ubuntu2) ... 234s Selecting previously unselected package libsss-nss-idmap0. 234s Preparing to unpack .../33-libsss-nss-idmap0_2.9.5-3ubuntu2_s390x.deb ... 234s Unpacking libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 234s Selecting previously unselected package python3-sss. 234s Preparing to unpack .../34-python3-sss_2.9.5-3ubuntu2_s390x.deb ... 234s Unpacking python3-sss (2.9.5-3ubuntu2) ... 234s Selecting previously unselected package softhsm2. 234s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_s390x.deb ... 234s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 234s Selecting previously unselected package sssd-common. 234s Preparing to unpack .../36-sssd-common_2.9.5-3ubuntu2_s390x.deb ... 234s Unpacking sssd-common (2.9.5-3ubuntu2) ... 234s Selecting previously unselected package sssd-ad-common. 234s Preparing to unpack .../37-sssd-ad-common_2.9.5-3ubuntu2_s390x.deb ... 234s Unpacking sssd-ad-common (2.9.5-3ubuntu2) ... 234s Selecting previously unselected package sssd-krb5-common. 234s Preparing to unpack .../38-sssd-krb5-common_2.9.5-3ubuntu2_s390x.deb ... 234s Unpacking sssd-krb5-common (2.9.5-3ubuntu2) ... 235s Selecting previously unselected package sssd-ad. 235s Preparing to unpack .../39-sssd-ad_2.9.5-3ubuntu2_s390x.deb ... 235s Unpacking sssd-ad (2.9.5-3ubuntu2) ... 235s Selecting previously unselected package sssd-ipa. 235s Preparing to unpack .../40-sssd-ipa_2.9.5-3ubuntu2_s390x.deb ... 235s Unpacking sssd-ipa (2.9.5-3ubuntu2) ... 235s Selecting previously unselected package sssd-krb5. 235s Preparing to unpack .../41-sssd-krb5_2.9.5-3ubuntu2_s390x.deb ... 235s Unpacking sssd-krb5 (2.9.5-3ubuntu2) ... 235s Selecting previously unselected package sssd-ldap. 235s Preparing to unpack .../42-sssd-ldap_2.9.5-3ubuntu2_s390x.deb ... 235s Unpacking sssd-ldap (2.9.5-3ubuntu2) ... 235s Selecting previously unselected package sssd-proxy. 235s Preparing to unpack .../43-sssd-proxy_2.9.5-3ubuntu2_s390x.deb ... 235s Unpacking sssd-proxy (2.9.5-3ubuntu2) ... 235s Selecting previously unselected package sssd. 235s Preparing to unpack .../44-sssd_2.9.5-3ubuntu2_s390x.deb ... 235s Unpacking sssd (2.9.5-3ubuntu2) ... 235s Setting up libpwquality-common (1.4.5-3build1) ... 235s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 235s Creating config file /etc/softhsm/softhsm2.conf with new version 235s Setting up libnfsidmap1:s390x (1:2.6.4-4ubuntu1) ... 235s Setting up libsss-idmap0 (2.9.5-3ubuntu2) ... 235s Setting up libbasicobjects0t64:s390x (0.6.2-3) ... 235s Setting up libipa-hbac0t64 (2.9.5-3ubuntu2) ... 235s Setting up libref-array1t64:s390x (0.6.2-3) ... 235s Setting up libtdb1:s390x (1.4.12-1) ... 235s Setting up libcollection4t64:s390x (0.6.2-3) ... 235s Setting up libevent-2.1-7t64:s390x (2.1.12-stable-10) ... 235s Setting up libwbclient0:s390x (2:4.20.4+dfsg-1ubuntu3) ... 235s Setting up libtalloc2:s390x (2.4.2-1build2) ... 235s Setting up libpath-utils1t64:s390x (0.6.2-3) ... 235s Setting up libunbound8:s390x (1.20.0-1ubuntu2.1) ... 235s Setting up libgnutls-dane0t64:s390x (3.8.8-2ubuntu1) ... 235s Setting up libavahi-common-data:s390x (0.8-14ubuntu1) ... 235s Setting up libcares2:s390x (1.34.4-2.1) ... 235s Setting up libdhash1t64:s390x (0.6.2-3) ... 235s Setting up libcrack2:s390x (2.9.6-5.2) ... 235s Setting up libsss-nss-idmap0 (2.9.5-3ubuntu2) ... 235s Setting up libini-config5t64:s390x (0.6.2-3) ... 235s Setting up libtevent0t64:s390x (0.16.1-3) ... 235s Setting up libnss-sss:s390x (2.9.5-3ubuntu2) ... 235s Setting up gnutls-bin (3.8.8-2ubuntu1) ... 235s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 235s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 235s Setting up libavahi-common3:s390x (0.8-14ubuntu1) ... 235s Setting up libsss-certmap0 (2.9.5-3ubuntu2) ... 235s Setting up libpwquality1:s390x (1.4.5-3build1) ... 235s Setting up libldb2:s390x (2:2.9.1+samba4.20.4+dfsg-1ubuntu3) ... 235s Setting up libavahi-client3:s390x (0.8-14ubuntu1) ... 235s Setting up libpam-pwquality:s390x (1.4.5-3build1) ... 235s Setting up samba-libs:s390x (2:4.20.4+dfsg-1ubuntu3) ... 235s Setting up python3-sss (2.9.5-3ubuntu2) ... 235s Setting up libsmbclient0:s390x (2:4.20.4+dfsg-1ubuntu3) ... 235s Setting up libpam-sss:s390x (2.9.5-3ubuntu2) ... 235s Setting up sssd-common (2.9.5-3ubuntu2) ... 235s Creating SSSD system user & group... 235s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 235s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 235s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 235s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 235s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 236s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 236s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket' → '/usr/lib/systemd/system/sssd-pam-priv.socket'. 236s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 236s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 236s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 236s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 237s sssd-autofs.service is a disabled or a static unit, not starting it. 237s sssd-nss.service is a disabled or a static unit, not starting it. 237s sssd-pam.service is a disabled or a static unit, not starting it. 237s sssd-ssh.service is a disabled or a static unit, not starting it. 237s sssd-sudo.service is a disabled or a static unit, not starting it. 237s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 237s Setting up sssd-proxy (2.9.5-3ubuntu2) ... 237s Setting up sssd-ad-common (2.9.5-3ubuntu2) ... 237s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 237s sssd-pac.service is a disabled or a static unit, not starting it. 237s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 237s Setting up sssd-krb5-common (2.9.5-3ubuntu2) ... 237s Setting up sssd-krb5 (2.9.5-3ubuntu2) ... 237s Setting up sssd-ldap (2.9.5-3ubuntu2) ... 237s Setting up sssd-ad (2.9.5-3ubuntu2) ... 237s Setting up sssd-ipa (2.9.5-3ubuntu2) ... 237s Setting up sssd (2.9.5-3ubuntu2) ... 237s Processing triggers for man-db (2.13.0-1) ... 238s Processing triggers for libc-bin (2.40-4ubuntu1) ... 245s autopkgtest [05:06:51]: test sssd-softhism2-certificates-tests.sh: [----------------------- 245s + '[' -z ubuntu ']' 245s + required_tools=(p11tool openssl softhsm2-util) 245s + for cmd in "${required_tools[@]}" 245s + command -v p11tool 245s + for cmd in "${required_tools[@]}" 245s + command -v openssl 245s + for cmd in "${required_tools[@]}" 245s + command -v softhsm2-util 245s + PIN=053350 245s +++ find /usr/lib/softhsm/libsofthsm2.so 245s +++ head -n 1 245s ++ realpath /usr/lib/softhsm/libsofthsm2.so 245s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 245s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 245s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 245s + '[' '!' -v NO_SSSD_TESTS ']' 245s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 245s + ca_db_arg=ca_db 245s ++ /usr/libexec/sssd/p11_child --help 245s + p11_child_help='Usage: p11_child [OPTION...] 245s -d, --debug-level=INT Debug level 245s --debug-timestamps=INT Add debug timestamps 245s --debug-microseconds=INT Show timestamps with microseconds 245s --dumpable=INT Allow core dumps 245s --debug-fd=INT An open file descriptor for the debug 245s logs 245s --logger=stderr|files|journald Set logger 245s --auth Run in auth mode 245s --pre Run in pre-auth mode 245s --wait_for_card Wait until card is available 245s --verification Run in verification mode 245s --pin Expect PIN on stdin 245s --keypad Expect PIN on keypad 245s --verify=STRING Tune validation 245s --ca_db=STRING CA DB to use 245s --module_name=STRING Module name for authentication 245s --token_name=STRING Token name for authentication 245s --key_id=STRING Key ID for authentication 245s --label=STRING Label for authentication 245s --certificate=STRING certificate to verify, base64 encoded 245s --uri=STRING PKCS#11 URI to restrict selection 245s --chain-id=LONG Tevent chain ID used for logging 245s purposes 245s 245s Help options: 245s -?, --help Show this help message 245s --usage Display brief usage message' 245s + echo 'Usage: p11_child [OPTION...] 245s -d, --debug-level=INT Debug level 245s --debug-timestamps=INT Add debug timestamps 245s --debug-microseconds=INT Show timestamps with microseconds 245s --dumpable=INT Allow core dumps 245s --debug-fd=INT An open file descriptor for the debug 245s logs 245s --logger=stderr|files|journald Set logger 245s --auth Run in auth mode 245s --pre Run in pre-auth mode 245s --wait_for_card Wait until card is available 245s --verification Run in verification mode 245s --pin Expect PIN on stdin 245s --keypad Expect PIN on keypad 245s --verify=STRING Tune validation 245s --ca_db=STRING CA DB to use 245s --module_name=STRING Module name for authentication 245s --token_name=STRING Token name for authentication 245s --key_id=STRING Key ID for authentication 245s --label=STRING Label for authentication 245s --certificate=STRING certificate to verify, base64 encoded 245s --uri=STRING PKCS#11 URI to restrict selection 245s --chain-id=LONG Tevent chain ID used for logging 245s purposes 245s 245s Help options: 245s -?, --help Show this help message 245s --usage Display brief usage message' 245s + grep nssdb -qs 245s + echo 'Usage: p11_child [OPTION...] 245s -d, --debug-level=INT Debug level 245s --debug-timestamps=INT Add debug timestamps 245s --debug-microseconds=INT Show timestamps with microseconds 245s --dumpable=INT Allow core dumps 245s --debug-fd=INT An open file descriptor for the debug 245s logs 245s --logger=stderr|files|journald Set logger 245s --auth Run in auth mode 245s --pre Run in pre-auth mode 245s --wait_for_card Wait until card is available 245s --verification Run in verification mode 245s --pin Expect PIN on stdin 245s --keypad Expect PIN on keypad 245s --verify=STRING Tune validation 245s --ca_db=STRING CA DB to use 245s --module_name=STRING Module name for authentication 245s --token_name=STRING Token name for authentication 245s --key_id=STRING Key ID for authentication 245s --label=STRING Label for authentication 245s --certificate=STRING certificate to verify, base64 encoded 245s --uri=STRING PKCS#11 URI to restrict selection 245s --chain-id=LONG Tevent chain ID used for logging 245s purposes 245s 245s Help options: 245s -?, --help Show this help message 245s --usage Display brief usage message' 245s + grep -qs -- --ca_db 245s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 245s ++ mktemp -d -t sssd-softhsm2-XXXXXX 245s + tmpdir=/tmp/sssd-softhsm2-wfKXql 245s + keys_size=1024 245s + [[ ! -v KEEP_TEMPORARY_FILES ]] 245s + trap 'rm -rf "$tmpdir"' EXIT 245s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 245s + echo -n 01 245s + touch /tmp/sssd-softhsm2-wfKXql/index.txt 245s + mkdir -p /tmp/sssd-softhsm2-wfKXql/new_certs 245s + cat 245s + root_ca_key_pass=pass:random-root-CA-password-23004 245s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-wfKXql/test-root-CA-key.pem -passout pass:random-root-CA-password-23004 1024 245s + openssl req -passin pass:random-root-CA-password-23004 -batch -config /tmp/sssd-softhsm2-wfKXql/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-wfKXql/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 245s + openssl x509 -noout -in /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 245s + cat 245s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-24684 245s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-24684 1024 245s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-24684 -config /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.config -key /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-23004 -sha256 -out /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-certificate-request.pem 245s + openssl req -text -noout -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-certificate-request.pem 245s Certificate Request: 245s Data: 245s Version: 1 (0x0) 245s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 245s Subject Public Key Info: 245s Public Key Algorithm: rsaEncryption 245s Public-Key: (1024 bit) 245s Modulus: 245s 00:ca:f3:ad:e0:3b:75:f0:b6:5c:25:11:d9:90:2d: 245s 4a:02:58:a8:62:1d:72:f9:33:3c:9b:43:4f:2e:fc: 245s 6b:6e:f9:cc:76:1c:f1:51:10:dd:22:24:1a:1a:c2: 245s f9:7e:6d:f6:18:b6:c9:8f:64:3e:60:49:3d:c8:6b: 245s 92:88:f4:6a:c9:3d:b2:f9:5f:ff:1c:f3:ae:e7:bb: 245s a4:00:9d:b7:88:e6:fe:48:aa:c6:f2:cd:7a:3f:35: 245s 3b:27:9e:2c:e5:a2:18:33:2c:04:0e:02:fd:93:a2: 245s 85:32:22:6f:04:62:f1:52:4d:9b:43:e9:2a:9f:3b: 245s fe:59:8b:31:cb:c0:bf:b9:03 245s Exponent: 65537 (0x10001) 245s Attributes: 245s (none) 245s Requested Extensions: 245s Signature Algorithm: sha256WithRSAEncryption 245s Signature Value: 245s ba:2d:22:e1:c5:59:f5:07:fa:1c:9b:9d:a3:79:a5:9f:19:1e: 245s 1c:09:41:b6:ec:b1:33:32:07:7a:ec:a7:31:0f:96:0d:ae:05: 245s d0:a5:06:11:52:39:ef:cd:bb:f4:9d:38:8b:b5:d5:cf:0c:ef: 245s dc:1e:d1:ae:55:11:7c:02:8d:f1:fe:53:ae:3c:9d:34:9d:71: 245s 9a:f1:3a:58:18:f4:6c:3d:00:3c:9b:fa:71:5b:e5:72:f8:b3: 245s c2:7c:47:6b:6d:a1:7d:26:05:db:00:cf:b0:f3:52:c7:4b:bd: 245s c4:03:13:f5:5b:57:0c:68:f4:1d:a3:24:29:69:ab:1e:ee:6a: 245s 43:a2 245s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-wfKXql/test-root-CA.config -passin pass:random-root-CA-password-23004 -keyfile /tmp/sssd-softhsm2-wfKXql/test-root-CA-key.pem -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 245s Using configuration from /tmp/sssd-softhsm2-wfKXql/test-root-CA.config 245s Check that the request matches the signature 245s Signature ok 245s Certificate Details: 245s Serial Number: 1 (0x1) 245s Validity 245s Not Before: Jan 17 05:06:51 2025 GMT 245s Not After : Jan 17 05:06:51 2026 GMT 245s Subject: 245s organizationName = Test Organization 245s organizationalUnitName = Test Organization Unit 245s commonName = Test Organization Intermediate CA 245s X509v3 extensions: 245s X509v3 Subject Key Identifier: 245s BD:20:DF:A2:21:1F:38:39:70:C2:7E:99:CB:FD:BF:4A:E4:2F:4B:1E 245s X509v3 Authority Key Identifier: 245s keyid:70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 245s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 245s serial:00 245s X509v3 Basic Constraints: 245s CA:TRUE 245s X509v3 Key Usage: critical 245s Digital Signature, Certificate Sign, CRL Sign 245s Certificate is to be certified until Jan 17 05:06:51 2026 GMT (365 days) 245s 245s /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem: OK 245s Certificate Request: 245s Data: 245s Version: 1 (0x0) 245s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 245s Subject Public Key Info: 245s Public Key Algorithm: rsaEncryption 245s Public-Key: (1024 bit) 245s Modulus: 245s 00:b2:bb:f6:c4:15:75:0d:a1:44:eb:e5:82:9f:9d: 245s be:8b:72:6e:7f:3f:1a:77:b0:d6:52:83:df:dc:45: 245s bd:4a:c0:4d:b1:72:15:9f:d5:b2:ed:7d:7d:ee:fc: 245s f3:eb:cf:81:84:e4:8c:0b:bb:17:e6:39:7d:cf:04: 245s eb:00:e3:44:77:f8:42:16:18:c4:f8:5f:fd:ee:e8: 245s 66:9f:d5:5e:0b:c5:a9:08:af:1e:1e:5a:37:24:2d: 245s 28:1f:db:bb:4a:b2:98:29:3c:4f:d9:cc:bf:ca:9e: 245s df:76:cc:32:69:55:26:86:c0:16:85:ad:11:91:df: 245s 39:cb:39:c7:bf:81:64:e2:9d 245s Exponent: 65537 (0x10001) 245s Attributes: 245s (none) 245s Requested Extensions: 245s Signature Algorithm: sha256WithRSAEncryption 245s Signature Value: 245s 41:3d:4b:33:1b:15:47:05:92:b1:6b:9f:0a:41:50:12:d2:b1: 245s df:ad:f2:54:ff:60:5f:19:36:b9:ee:61:61:b5:45:00:0b:08: 245s ad:2b:0b:88:7a:bc:71:08:3b:5f:96:a9:f7:b0:7d:4b:04:a3: 245s fc:56:c8:9d:73:96:dd:7f:79:48:e8:65:31:11:56:a5:bd:fe: 245s 69:40:63:22:41:d5:43:89:b6:40:7e:17:c5:f3:45:77:4b:36: 245s dc:cc:a2:bc:a4:5c:11:0f:7b:da:13:6e:52:ea:dc:31:80:18: 245s 0b:a0:b4:78:a5:5c:fb:92:94:2d:f2:9e:39:5e:d9:3f:8d:e7: 245s c0:a1 245s Write out database with 1 new entries 245s Database updated 245s + openssl x509 -noout -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 245s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 245s + cat 245s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-26101 245s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-26101 1024 245s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-26101 -config /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-24684 -sha256 -out /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-certificate-request.pem 245s + openssl req -text -noout -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-certificate-request.pem 245s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-24684 -keyfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 245s Using configuration from /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.config 245s Check that the request matches the signature 245s Signature ok 245s Certificate Details: 245s Serial Number: 2 (0x2) 245s Validity 245s Not Before: Jan 17 05:06:51 2025 GMT 245s Not After : Jan 17 05:06:51 2026 GMT 245s Subject: 245s organizationName = Test Organization 245s organizationalUnitName = Test Organization Unit 245s commonName = Test Organization Sub Intermediate CA 245s X509v3 extensions: 245s X509v3 Subject Key Identifier: 245s 23:C8:37:13:2E:24:36:AB:E5:B1:C0:2D:04:A1:57:C1:56:ED:E0:5F 245s X509v3 Authority Key Identifier: 245s keyid:BD:20:DF:A2:21:1F:38:39:70:C2:7E:99:CB:FD:BF:4A:E4:2F:4B:1E 245s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 245s serial:01 245s X509v3 Basic Constraints: 245s CA:TRUE 245s X509v3 Key Usage: critical 245s Digital Signature, Certificate Sign, CRL Sign 245s Certificate is to be certified until Jan 17 05:06:51 2026 GMT (365 days) 245s 245s Write out database with 1 new entries 245s Database updated 245s + openssl x509 -noout -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 245s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 245s /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem: OK 245s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 245s + local cmd=openssl 245s + shift 245s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 245s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 245s error 20 at 0 depth lookup: unable to get local issuer certificate 245s error /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem: verification failed 245s + cat 245s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-8485 245s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-8485 1024 246s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-8485 -key /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001-request.pem 246s + openssl req -text -noout -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001-request.pem 246s Certificate Request: 246s Data: 246s Version: 1 (0x0) 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:c0:9f:d1:7f:3a:a3:c5:69:d9:84:c3:25:ea:bb: 246s d3:b7:8a:2c:f4:0c:55:95:f9:fc:ed:16:19:36:11: 246s c5:1f:21:2d:27:8e:6e:be:22:da:dc:4a:c7:18:8e: 246s 23:80:d0:de:c5:36:cd:41:1f:14:27:9b:c3:2d:19: 246s b3:5b:74:62:ec:c3:a5:f5:a4:c4:9c:54:cc:e9:04: 246s 1e:13:d7:fa:27:3e:b8:a1:7e:db:01:a3:08:55:a5: 246s 07:1d:a4:5e:37:17:c4:3a:ab:26:6b:98:74:48:fe: 246s b8:24:bf:af:2f:c5:d8:81:9b:28:db:2c:84:0f:81: 246s 61:82:af:f9:a5:92:ad:86:5f 246s Exponent: 65537 (0x10001) 246s Attributes: 246s Requested Extensions: 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s 21:7e:ba:b1:e8:df:a5:a0:19:c0:32:af:5a:27:9c:7d:b1:c6: 246s 46:5d:c0:5c:29:5a:6e:20:0e:9b:52:d4:4d:fb:d8:f1:f7:6d: 246s 82:19:15:41:04:e7:6c:81:9d:7b:32:2a:d3:99:e7:29:5b:c5: 246s df:a3:0a:bc:1d:3c:77:59:71:eb:fd:82:a1:0d:eb:bc:a3:88: 246s 7c:25:02:fe:3c:6f:2a:c8:a2:7b:c2:70:f7:21:ff:95:40:d3: 246s 00:cd:6a:c5:2d:ec:8f:aa:c4:3f:d3:63:41:ac:72:3d:56:d6: 246s 5d:a8:df:bc:1d:e8:35:d1:d0:ef:9d:d0:6e:ec:88:6b:72:2b: 246s df:9a 246s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-wfKXql/test-root-CA.config -passin pass:random-root-CA-password-23004 -keyfile /tmp/sssd-softhsm2-wfKXql/test-root-CA-key.pem -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s Using configuration from /tmp/sssd-softhsm2-wfKXql/test-root-CA.config 246s Check that the request matches the signature 246s Signature ok 246s Certificate Details: 246s Serial Number: 3 (0x3) 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: 246s organizationName = Test Organization 246s organizationalUnitName = Test Organization Unit 246s commonName = Test Organization Root Trusted Certificate 0001 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Certificate is to be certified until Jan 17 05:06:52 2026 GMT (365 days) 246s 246s Write out database with 1 new entries 246s Database updated 246s + openssl x509 -noout -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem: OK 246s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local cmd=openssl 246s + shift 246s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s error 20 at 0 depth lookup: unable to get local issuer certificate 246s error /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem: verification failed 246s + cat 246s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 246s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-7135 1024 246s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-7135 -key /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001-request.pem 246s + openssl req -text -noout -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001-request.pem 246s Certificate Request: 246s Data: 246s Version: 1 (0x0) 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:d4:cc:17:7c:ea:88:c9:9e:4c:5a:cb:91:f8:ec: 246s d0:b0:27:bd:0e:45:06:11:d5:c2:ec:f8:15:e6:20: 246s 68:76:e0:4b:34:9f:f2:f4:87:51:62:db:76:1c:7e: 246s 8d:64:a9:ac:c8:3d:4c:0d:d7:8b:41:31:b1:fd:2f: 246s e1:67:6f:b2:fb:26:b3:19:77:03:cd:46:8e:a9:6a: 246s 5b:68:07:e4:2a:c2:99:f1:e9:85:05:82:41:f3:61: 246s 6a:20:d6:e9:22:e3:78:0c:00:0f:e2:38:73:67:90: 246s 3c:da:dd:cb:28:96:97:c8:f9:c5:02:d1:f7:04:db: 246s b7:99:4a:9c:c5:f3:f9:ab:1b 246s Exponent: 65537 (0x10001) 246s Attributes: 246s Requested Extensions: 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Intermediate CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s 93:34:5E:37:11:A3:20:E4:6A:08:48:48:89:CD:42:8D:63:2B:C9:77 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s 1c:fa:5a:e7:d8:50:58:5f:2f:72:7d:e0:cb:ec:a5:c7:40:60: 246s 97:b2:7c:07:d5:b1:70:c3:5d:df:c0:b7:00:e4:3f:89:9a:79: 246s e6:b4:66:12:13:b8:f6:81:bf:e7:3e:0c:62:5e:74:ca:7b:49: 246s 1c:38:c8:84:d8:30:b4:6a:c9:e9:df:fb:55:f7:3d:63:3f:fe: 246s e2:bd:25:ed:e9:a1:c7:ff:17:a7:e0:67:66:cd:2c:a9:9d:0c: 246s 1a:73:70:20:5c:3d:64:a7:98:cd:8b:ea:a8:ac:ff:32:19:47: 246s 9d:35:bb:86:6d:20:07:10:94:d5:6a:c4:09:8e:c2:b0:12:29: 246s eb:a0 246s + openssl ca -passin pass:random-intermediate-CA-password-24684 -config /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s Using configuration from /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.config 246s Check that the request matches the signature 246s Signature ok 246s Certificate Details: 246s Serial Number: 4 (0x4) 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: 246s organizationName = Test Organization 246s organizationalUnitName = Test Organization Unit 246s commonName = Test Organization Intermediate Trusted Certificate 0001 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s BD:20:DF:A2:21:1F:38:39:70:C2:7E:99:CB:FD:BF:4A:E4:2F:4B:1E 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s This certificate should not be trusted fully 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Intermediate CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s 93:34:5E:37:11:A3:20:E4:6A:08:48:48:89:CD:42:8D:63:2B:C9:77 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Certificate is to be certified until Jan 17 05:06:52 2026 GMT (365 days) 246s 246s Write out database with 1 new entries 246s Database updated 246s + openssl x509 -noout -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + echo 'This certificate should not be trusted fully' 246s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + local cmd=openssl 246s + shift 246s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 246s error 2 at 1 depth lookup: unable to get issuer certificate 246s error /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 246s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem: OK 246s + cat 246s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 246s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-7198 1024 246s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-7198 -key /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 246s + openssl req -text -noout -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 246s Certificate Request: 246s Data: 246s Version: 1 (0x0) 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:d0:2e:11:e3:f1:79:17:dd:68:de:a7:7b:ab:5e: 246s 70:ee:8d:63:da:d6:7a:69:4b:0d:67:55:2c:8c:1f: 246s 05:67:d3:b9:cb:45:3f:28:70:31:ad:84:15:4d:89: 246s dc:01:66:1b:28:d6:0d:83:c5:26:1c:c9:98:04:8c: 246s 0a:4f:79:da:f3:49:f0:7f:90:ae:99:91:20:8f:68: 246s a4:b2:50:07:d3:22:65:7b:a7:43:4b:56:72:6a:0b: 246s 39:2b:f1:53:ea:a3:76:25:44:ff:8a:59:31:85:57: 246s d0:af:29:10:8f:c8:83:05:83:02:ca:dc:3f:0a:dd: 246s d2:ce:75:0d:54:a8:e2:3b:67 246s Exponent: 65537 (0x10001) 246s Attributes: 246s Requested Extensions: 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Sub Intermediate CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s C4:07:F4:97:AF:AC:97:E5:F8:4D:07:1D:54:14:CE:32:1F:B0:F5:4D 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s 49:82:95:7a:c7:44:37:25:ba:68:ad:83:0b:0c:ad:ff:70:24: 246s 09:ef:bc:7c:97:63:d8:eb:b0:7d:91:88:b2:98:ee:76:c7:ff: 246s 86:ef:78:65:ec:d0:4d:2c:89:2a:43:30:66:e5:04:24:ae:d0: 246s 31:28:ee:d3:e4:8f:96:4e:b8:44:19:c6:fc:90:1f:be:59:10: 246s 6c:81:62:ef:6a:94:85:13:7b:db:68:56:29:b2:94:b5:16:0f: 246s d5:31:7c:b2:04:67:17:04:a2:28:fd:c7:71:23:09:1b:93:cb: 246s a5:9c:cd:2e:3b:4b:ea:56:2d:18:c6:6a:9d:06:01:fd:69:94: 246s 13:f5 246s + openssl ca -passin pass:random-sub-intermediate-CA-password-26101 -config /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 246s Using configuration from /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.config 246s Check that the request matches the signature 246s Signature ok 246s Certificate Details: 246s Serial Number: 5 (0x5) 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: 246s organizationName = Test Organization 246s organizationalUnitName = Test Organization Unit 246s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 23:C8:37:13:2E:24:36:AB:E5:B1:C0:2D:04:A1:57:C1:56:ED:E0:5F 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Sub Intermediate CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s C4:07:F4:97:AF:AC:97:E5:F8:4D:07:1D:54:14:CE:32:1F:B0:F5:4D 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Certificate is to be certified until Jan 17 05:06:52 2026 GMT (365 days) 246s 246s Write out database with 1 new entries 246s Database updated 246s + openssl x509 -noout -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 246s This certificate should not be trusted fully 246s + echo 'This certificate should not be trusted fully' 246s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 246s + local cmd=openssl 246s + shift 246s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 246s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 246s error 2 at 1 depth lookup: unable to get issuer certificate 246s error /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 246s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 246s + local cmd=openssl 246s + shift 246s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 246s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 246s error 20 at 0 depth lookup: unable to get local issuer certificate 246s error /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 246s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 246s /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 246s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 246s + local cmd=openssl 246s + shift 246s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 246s Building a the full-chain CA file... 246s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 246s error 20 at 0 depth lookup: unable to get local issuer certificate 246s error /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 246s + echo 'Building a the full-chain CA file...' 246s + cat /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 246s + cat /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 246s + cat /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 246s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 246s + openssl pkcs7 -print_certs -noout 246s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s 246s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 246s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s 246s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 246s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 246s 246s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 246s /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem: OK 246s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem: OK 246s /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem: OK 246s /tmp/sssd-softhsm2-wfKXql/test-root-intermediate-chain-CA.pem: OK 246s /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 246s Certificates generation completed! 246s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem /tmp/sssd-softhsm2-wfKXql/test-root-intermediate-chain-CA.pem 246s + openssl verify -CAfile /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 246s + echo 'Certificates generation completed!' 246s + [[ -v NO_SSSD_TESTS ]] 246s + invalid_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /dev/null 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /dev/null 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_ring=/dev/null 246s + local verify_option= 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem .pem 246s Slot 0 has a free/uninitialized token. 246s The token has been initialized and is reassigned to slot 606405174 246s Available slots: 246s Slot 606405174 246s Slot info: 246s Description: SoftHSM slot ID 0x24250236 246s Manufacturer ID: SoftHSM project 246s Hardware version: 2.6 246s Firmware version: 2.6 246s Token present: yes 246s Token info: 246s Manufacturer ID: SoftHSM project 246s Model: SoftHSM v2 246s Hardware version: 2.6 246s Firmware version: 2.6 246s Serial number: f767d5a4a4250236 246s Initialized: yes 246s User PIN init.: yes 246s Label: Test Organization Root Tr Token 246s Slot 1 246s Slot info: 246s Description: SoftHSM slot ID 0x1 246s Manufacturer ID: SoftHSM project 246s Hardware version: 2.6 246s Firmware version: 2.6 246s Token present: yes 246s Token info: 246s Manufacturer ID: SoftHSM project 246s Model: SoftHSM v2 246s Hardware version: 2.6 246s Firmware version: 2.6 246s Serial number: 246s Initialized: no 246s User PIN init.: no 246s Label: 246s + key_name=test-root-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Root Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 246s + token_name='Test Organization Root Tr Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 246s + local key_file 246s + local decrypted_key 246s + mkdir -p /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 246s + key_file=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001-key.pem 246s + decrypted_key=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001-key-decrypted.pem 246s + cat 246s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 246s + softhsm2-util --show-slots 246s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 246s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-8485 -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001-key-decrypted.pem 246s writing RSA key 246s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 246s + rm /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001-key-decrypted.pem 246s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 246s Object 0: 246s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f767d5a4a4250236;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 246s Type: X.509 Certificate (RSA-1024) 246s Expires: Sat Jan 17 05:06:52 2026 246s Label: Test Organization Root Trusted Certificate 0001 246s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 246s 246s Test Organization Root Tr Token 246s + echo 'Test Organization Root Tr Token' 246s + '[' -n '' ']' 246s + local output_base_name=SSSD-child-28309 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-28309.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-28309.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 246s [p11_child[2632]] [main] (0x0400): p11_child started. 246s [p11_child[2632]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2632]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2632]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2632]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 246s [p11_child[2632]] [do_work] (0x0040): init_verification failed. 246s [p11_child[2632]] [main] (0x0020): p11_child failed (5) 246s + return 2 246s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /dev/null no_verification 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /dev/null no_verification 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_ring=/dev/null 246s + local verify_option=no_verification 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-root-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Root Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 246s + token_name='Test Organization Root Tr Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 246s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 ']' 246s Test Organization Root Tr Token 246s + echo 'Test Organization Root Tr Token' 246s + '[' -n no_verification ']' 246s + local verify_arg=--verify=no_verification 246s + local output_base_name=SSSD-child-15877 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15877.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15877.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 246s [p11_child[2638]] [main] (0x0400): p11_child started. 246s [p11_child[2638]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2638]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2638]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2638]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 246s [p11_child[2638]] [do_card] (0x4000): Module List: 246s [p11_child[2638]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2638]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2638]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2638]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2638]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2638]] [do_card] (0x4000): Login NOT required. 246s [p11_child[2638]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2638]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 3 (0x3) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:c0:9f:d1:7f:3a:a3:c5:69:d9:84:c3:25:ea:bb: 246s d3:b7:8a:2c:f4:0c:55:95:f9:fc:ed:16:19:36:11: 246s c5:1f:21:2d:27:8e:6e:be:22:da:dc:4a:c7:18:8e: 246s 23:80:d0:de:c5:36:cd:41:1f:14:27:9b:c3:2d:19: 246s b3:5b:74:62:ec:c3:a5:f5:a4:c4:9c:54:cc:e9:04: 246s 1e:13:d7:fa:27:3e:b8:a1:7e:db:01:a3:08:55:a5: 246s 07:1d:a4:5e:37:17:c4:3a:ab:26:6b:98:74:48:fe: 246s b8:24:bf:af:2f:c5:d8:81:9b:28:db:2c:84:0f:81: 246s 61:82:af:f9:a5:92:ad:86:5f 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s bb:33:cb:0b:ca:1b:aa:0e:57:cb:b0:57:c4:dc:3b:ff:9a:62: 246s a1:02:53:c2:ca:e3:2c:15:85:5a:78:f9:47:12:3a:70:72:0e: 246s 8b:6d:50:c9:31:bd:63:30:1b:93:f9:ff:1d:0e:ae:19:ee:ba: 246s 3b:42:8e:05:62:d8:3a:cd:47:ab:c1:5d:c9:d4:b0:00:eb:7c: 246s ad:cf:56:63:0e:34:4d:c0:f2:8d:e4:3f:fa:5e:ab:87:58:de: 246s b0:12:7e:51:af:cf:42:f5:4b:4d:b6:90:c5:3f:91:51:b6:fd: 246s e2:6d:ec:17:cd:5a:f0:32:a3:a6:69:d2:b4:94:73:c9:8c:84: 246s 51:11 246s [p11_child[2638]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x24250236;slot-manufacturer=SoftHSM%20project;slot-id=606405174;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f767d5a4a4250236;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2638]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15877.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15877.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15877.pem 246s + local found_md5 expected_md5 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + expected_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15877.pem 246s + found_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s + '[' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F '!=' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F ']' 246s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15877-auth.output 246s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-15877-auth.output .output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15877-auth.pem 246s + echo -n 053350 246s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 246s [p11_child[2646]] [main] (0x0400): p11_child started. 246s [p11_child[2646]] [main] (0x2000): Running in [auth] mode. 246s [p11_child[2646]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2646]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2646]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 246s [p11_child[2646]] [do_card] (0x4000): Module List: 246s [p11_child[2646]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2646]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2646]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2646]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2646]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2646]] [do_card] (0x4000): Login required. 246s [p11_child[2646]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2646]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2646]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x24250236;slot-manufacturer=SoftHSM%20project;slot-id=606405174;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f767d5a4a4250236;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 246s [p11_child[2646]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 246s [p11_child[2646]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 246s [p11_child[2646]] [do_card] (0x4000): Certificate verified and validated. 246s [p11_child[2646]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15877-auth.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15877-auth.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15877-auth.pem 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 3 (0x3) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:c0:9f:d1:7f:3a:a3:c5:69:d9:84:c3:25:ea:bb: 246s d3:b7:8a:2c:f4:0c:55:95:f9:fc:ed:16:19:36:11: 246s c5:1f:21:2d:27:8e:6e:be:22:da:dc:4a:c7:18:8e: 246s 23:80:d0:de:c5:36:cd:41:1f:14:27:9b:c3:2d:19: 246s b3:5b:74:62:ec:c3:a5:f5:a4:c4:9c:54:cc:e9:04: 246s 1e:13:d7:fa:27:3e:b8:a1:7e:db:01:a3:08:55:a5: 246s 07:1d:a4:5e:37:17:c4:3a:ab:26:6b:98:74:48:fe: 246s b8:24:bf:af:2f:c5:d8:81:9b:28:db:2c:84:0f:81: 246s 61:82:af:f9:a5:92:ad:86:5f 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s bb:33:cb:0b:ca:1b:aa:0e:57:cb:b0:57:c4:dc:3b:ff:9a:62: 246s a1:02:53:c2:ca:e3:2c:15:85:5a:78:f9:47:12:3a:70:72:0e: 246s 8b:6d:50:c9:31:bd:63:30:1b:93:f9:ff:1d:0e:ae:19:ee:ba: 246s 3b:42:8e:05:62:d8:3a:cd:47:ab:c1:5d:c9:d4:b0:00:eb:7c: 246s ad:cf:56:63:0e:34:4d:c0:f2:8d:e4:3f:fa:5e:ab:87:58:de: 246s b0:12:7e:51:af:cf:42:f5:4b:4d:b6:90:c5:3f:91:51:b6:fd: 246s e2:6d:ec:17:cd:5a:f0:32:a3:a6:69:d2:b4:94:73:c9:8c:84: 246s 51:11 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15877-auth.pem 246s + found_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s + '[' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F '!=' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F ']' 246s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s + local verify_option= 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-root-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Root Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 246s Test Organization Root Tr Token 246s + token_name='Test Organization Root Tr Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 246s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 ']' 246s + echo 'Test Organization Root Tr Token' 246s + '[' -n '' ']' 246s + local output_base_name=SSSD-child-14264 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-14264.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-14264.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s [p11_child[2656]] [main] (0x0400): p11_child started. 246s [p11_child[2656]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2656]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2656]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2656]] [do_card] (0x4000): Module List: 246s [p11_child[2656]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2656]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2656]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2656]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2656]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2656]] [do_card] (0x4000): Login NOT required. 246s [p11_child[2656]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2656]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 246s [p11_child[2656]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2656]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x24250236;slot-manufacturer=SoftHSM%20project;slot-id=606405174;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f767d5a4a4250236;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2656]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-14264.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-14264.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-14264.pem 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 3 (0x3) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:c0:9f:d1:7f:3a:a3:c5:69:d9:84:c3:25:ea:bb: 246s d3:b7:8a:2c:f4:0c:55:95:f9:fc:ed:16:19:36:11: 246s c5:1f:21:2d:27:8e:6e:be:22:da:dc:4a:c7:18:8e: 246s 23:80:d0:de:c5:36:cd:41:1f:14:27:9b:c3:2d:19: 246s b3:5b:74:62:ec:c3:a5:f5:a4:c4:9c:54:cc:e9:04: 246s 1e:13:d7:fa:27:3e:b8:a1:7e:db:01:a3:08:55:a5: 246s 07:1d:a4:5e:37:17:c4:3a:ab:26:6b:98:74:48:fe: 246s b8:24:bf:af:2f:c5:d8:81:9b:28:db:2c:84:0f:81: 246s 61:82:af:f9:a5:92:ad:86:5f 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s bb:33:cb:0b:ca:1b:aa:0e:57:cb:b0:57:c4:dc:3b:ff:9a:62: 246s a1:02:53:c2:ca:e3:2c:15:85:5a:78:f9:47:12:3a:70:72:0e: 246s 8b:6d:50:c9:31:bd:63:30:1b:93:f9:ff:1d:0e:ae:19:ee:ba: 246s 3b:42:8e:05:62:d8:3a:cd:47:ab:c1:5d:c9:d4:b0:00:eb:7c: 246s ad:cf:56:63:0e:34:4d:c0:f2:8d:e4:3f:fa:5e:ab:87:58:de: 246s b0:12:7e:51:af:cf:42:f5:4b:4d:b6:90:c5:3f:91:51:b6:fd: 246s e2:6d:ec:17:cd:5a:f0:32:a3:a6:69:d2:b4:94:73:c9:8c:84: 246s 51:11 246s + local found_md5 expected_md5 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + expected_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-14264.pem 246s + found_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s + '[' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F '!=' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F ']' 246s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-14264-auth.output 246s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-14264-auth.output .output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-14264-auth.pem 246s + echo -n 053350 246s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 246s [p11_child[2664]] [main] (0x0400): p11_child started. 246s [p11_child[2664]] [main] (0x2000): Running in [auth] mode. 246s [p11_child[2664]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2664]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2664]] [do_card] (0x4000): Module List: 246s [p11_child[2664]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2664]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2664]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2664]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2664]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2664]] [do_card] (0x4000): Login required. 246s [p11_child[2664]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2664]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 246s [p11_child[2664]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2664]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x24250236;slot-manufacturer=SoftHSM%20project;slot-id=606405174;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f767d5a4a4250236;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 246s [p11_child[2664]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 246s [p11_child[2664]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 246s [p11_child[2664]] [do_card] (0x4000): Certificate verified and validated. 246s [p11_child[2664]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-14264-auth.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-14264-auth.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-14264-auth.pem 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 3 (0x3) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:c0:9f:d1:7f:3a:a3:c5:69:d9:84:c3:25:ea:bb: 246s d3:b7:8a:2c:f4:0c:55:95:f9:fc:ed:16:19:36:11: 246s c5:1f:21:2d:27:8e:6e:be:22:da:dc:4a:c7:18:8e: 246s 23:80:d0:de:c5:36:cd:41:1f:14:27:9b:c3:2d:19: 246s b3:5b:74:62:ec:c3:a5:f5:a4:c4:9c:54:cc:e9:04: 246s 1e:13:d7:fa:27:3e:b8:a1:7e:db:01:a3:08:55:a5: 246s 07:1d:a4:5e:37:17:c4:3a:ab:26:6b:98:74:48:fe: 246s b8:24:bf:af:2f:c5:d8:81:9b:28:db:2c:84:0f:81: 246s 61:82:af:f9:a5:92:ad:86:5f 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s bb:33:cb:0b:ca:1b:aa:0e:57:cb:b0:57:c4:dc:3b:ff:9a:62: 246s a1:02:53:c2:ca:e3:2c:15:85:5a:78:f9:47:12:3a:70:72:0e: 246s 8b:6d:50:c9:31:bd:63:30:1b:93:f9:ff:1d:0e:ae:19:ee:ba: 246s 3b:42:8e:05:62:d8:3a:cd:47:ab:c1:5d:c9:d4:b0:00:eb:7c: 246s ad:cf:56:63:0e:34:4d:c0:f2:8d:e4:3f:fa:5e:ab:87:58:de: 246s b0:12:7e:51:af:cf:42:f5:4b:4d:b6:90:c5:3f:91:51:b6:fd: 246s e2:6d:ec:17:cd:5a:f0:32:a3:a6:69:d2:b4:94:73:c9:8c:84: 246s 51:11 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-14264-auth.pem 246s + found_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s + '[' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F '!=' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F ']' 246s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem partial_chain 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem partial_chain 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s + local verify_option=partial_chain 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-root-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Root Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 246s Test Organization Root Tr Token 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 246s + token_name='Test Organization Root Tr Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 246s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 ']' 246s + echo 'Test Organization Root Tr Token' 246s + '[' -n partial_chain ']' 246s + local verify_arg=--verify=partial_chain 246s + local output_base_name=SSSD-child-15413 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15413.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15413.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s [p11_child[2674]] [main] (0x0400): p11_child started. 246s [p11_child[2674]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2674]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2674]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2674]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 246s [p11_child[2674]] [do_card] (0x4000): Module List: 246s [p11_child[2674]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2674]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2674]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2674]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2674]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2674]] [do_card] (0x4000): Login NOT required. 246s [p11_child[2674]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2674]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 246s [p11_child[2674]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2674]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x24250236;slot-manufacturer=SoftHSM%20project;slot-id=606405174;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f767d5a4a4250236;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2674]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15413.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15413.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15413.pem 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 3 (0x3) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:c0:9f:d1:7f:3a:a3:c5:69:d9:84:c3:25:ea:bb: 246s d3:b7:8a:2c:f4:0c:55:95:f9:fc:ed:16:19:36:11: 246s c5:1f:21:2d:27:8e:6e:be:22:da:dc:4a:c7:18:8e: 246s 23:80:d0:de:c5:36:cd:41:1f:14:27:9b:c3:2d:19: 246s b3:5b:74:62:ec:c3:a5:f5:a4:c4:9c:54:cc:e9:04: 246s 1e:13:d7:fa:27:3e:b8:a1:7e:db:01:a3:08:55:a5: 246s 07:1d:a4:5e:37:17:c4:3a:ab:26:6b:98:74:48:fe: 246s b8:24:bf:af:2f:c5:d8:81:9b:28:db:2c:84:0f:81: 246s 61:82:af:f9:a5:92:ad:86:5f 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s bb:33:cb:0b:ca:1b:aa:0e:57:cb:b0:57:c4:dc:3b:ff:9a:62: 246s a1:02:53:c2:ca:e3:2c:15:85:5a:78:f9:47:12:3a:70:72:0e: 246s 8b:6d:50:c9:31:bd:63:30:1b:93:f9:ff:1d:0e:ae:19:ee:ba: 246s 3b:42:8e:05:62:d8:3a:cd:47:ab:c1:5d:c9:d4:b0:00:eb:7c: 246s ad:cf:56:63:0e:34:4d:c0:f2:8d:e4:3f:fa:5e:ab:87:58:de: 246s b0:12:7e:51:af:cf:42:f5:4b:4d:b6:90:c5:3f:91:51:b6:fd: 246s e2:6d:ec:17:cd:5a:f0:32:a3:a6:69:d2:b4:94:73:c9:8c:84: 246s 51:11 246s + local found_md5 expected_md5 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + expected_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15413.pem 246s + found_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s + '[' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F '!=' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F ']' 246s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15413-auth.output 246s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-15413-auth.output .output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15413-auth.pem 246s + echo -n 053350 246s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 246s [p11_child[2682]] [main] (0x0400): p11_child started. 246s [p11_child[2682]] [main] (0x2000): Running in [auth] mode. 246s [p11_child[2682]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2682]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2682]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 246s [p11_child[2682]] [do_card] (0x4000): Module List: 246s [p11_child[2682]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2682]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2682]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2682]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2682]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2682]] [do_card] (0x4000): Login required. 246s [p11_child[2682]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2682]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 246s [p11_child[2682]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2682]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x24250236;slot-manufacturer=SoftHSM%20project;slot-id=606405174;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f767d5a4a4250236;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 3 (0x3) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:c0:9f:d1:7f:3a:a3:c5:69:d9:84:c3:25:ea:bb: 246s d3:b7:8a:2c:f4:0c:55:95:f9:fc:ed:16:19:36:11: 246s c5:1f:21:2d:27:8e:6e:be:22:da:dc:4a:c7:18:8e: 246s 23:80:d0:de:c5:36:cd:41:1f:14:27:9b:c3:2d:19: 246s b3:5b:74:62:ec:c3:a5:f5:a4:c4:9c:54:cc:e9:04: 246s 1e:13:d7:fa:27:3e:b8:a1:7e:db:01:a3:08:55:a5: 246s 07:1d:a4:5e:37:17:c4:3a:ab:26:6b:98:74:48:fe: 246s b8:24:bf:af:2f:c5:d8:81:9b:28:db:2c:84:0f:81: 246s 61:82:af:f9:a5:92:ad:86:5f 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s bb:33:cb:0b:ca:1b:aa:0e:57:cb:b0:57:c4:dc:3b:ff:9a:62: 246s a1:02:53:c2:ca:e3:2c:15:85:5a:78:f9:47:12:3a:70:72:0e: 246s 8b:6d:50:c9:31:bd:63:30:1b:93:f9:ff:1d:0e:ae:19:ee:ba: 246s 3b:42:8e:05:62:d8:3a:cd:47:ab:c1:5d:c9:d4:b0:00:eb:7c: 246s ad:cf:56:63:0e:34:4d:c0:f2:8d:e4:3f:fa:5e:ab:87:58:de: 246s b0:12:7e:51:af:cf:42:f5:4b:4d:b6:90:c5:3f:91:51:b6:fd: 246s e2:6d:ec:17:cd:5a:f0:32:a3:a6:69:d2:b4:94:73:c9:8c:84: 246s 51:11 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 246s [p11_child[2682]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 246s [p11_child[2682]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 246s [p11_child[2682]] [do_card] (0x4000): Certificate verified and validated. 246s [p11_child[2682]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15413-auth.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15413-auth.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15413-auth.pem 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15413-auth.pem 246s + found_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s + '[' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F '!=' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F ']' 246s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 246s + local verify_option= 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-root-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Root Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s Test Organization Root Tr Token 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 246s + token_name='Test Organization Root Tr Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 246s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 ']' 246s + echo 'Test Organization Root Tr Token' 246s + '[' -n '' ']' 246s + local output_base_name=SSSD-child-24882 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-24882.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-24882.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 246s [p11_child[2692]] [main] (0x0400): p11_child started. 246s [p11_child[2692]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2692]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2692]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2692]] [do_card] (0x4000): Module List: 246s [p11_child[2692]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2692]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2692]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2692]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2692]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2692]] [do_card] (0x4000): Login NOT required. 246s [p11_child[2692]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2692]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 246s [p11_child[2692]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2692]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x24250236;slot-manufacturer=SoftHSM%20project;slot-id=606405174;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f767d5a4a4250236;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2692]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-24882.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-24882.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-24882.pem 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 3 (0x3) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:c0:9f:d1:7f:3a:a3:c5:69:d9:84:c3:25:ea:bb: 246s d3:b7:8a:2c:f4:0c:55:95:f9:fc:ed:16:19:36:11: 246s c5:1f:21:2d:27:8e:6e:be:22:da:dc:4a:c7:18:8e: 246s 23:80:d0:de:c5:36:cd:41:1f:14:27:9b:c3:2d:19: 246s b3:5b:74:62:ec:c3:a5:f5:a4:c4:9c:54:cc:e9:04: 246s 1e:13:d7:fa:27:3e:b8:a1:7e:db:01:a3:08:55:a5: 246s 07:1d:a4:5e:37:17:c4:3a:ab:26:6b:98:74:48:fe: 246s b8:24:bf:af:2f:c5:d8:81:9b:28:db:2c:84:0f:81: 246s 61:82:af:f9:a5:92:ad:86:5f 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s bb:33:cb:0b:ca:1b:aa:0e:57:cb:b0:57:c4:dc:3b:ff:9a:62: 246s a1:02:53:c2:ca:e3:2c:15:85:5a:78:f9:47:12:3a:70:72:0e: 246s 8b:6d:50:c9:31:bd:63:30:1b:93:f9:ff:1d:0e:ae:19:ee:ba: 246s 3b:42:8e:05:62:d8:3a:cd:47:ab:c1:5d:c9:d4:b0:00:eb:7c: 246s ad:cf:56:63:0e:34:4d:c0:f2:8d:e4:3f:fa:5e:ab:87:58:de: 246s b0:12:7e:51:af:cf:42:f5:4b:4d:b6:90:c5:3f:91:51:b6:fd: 246s e2:6d:ec:17:cd:5a:f0:32:a3:a6:69:d2:b4:94:73:c9:8c:84: 246s 51:11 246s + local found_md5 expected_md5 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + expected_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-24882.pem 246s + found_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s + '[' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F '!=' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F ']' 246s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-24882-auth.output 246s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-24882-auth.output .output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-24882-auth.pem 246s + echo -n 053350 246s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 246s [p11_child[2700]] [main] (0x0400): p11_child started. 246s [p11_child[2700]] [main] (0x2000): Running in [auth] mode. 246s [p11_child[2700]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2700]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2700]] [do_card] (0x4000): Module List: 246s [p11_child[2700]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2700]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2700]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2700]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2700]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2700]] [do_card] (0x4000): Login required. 246s [p11_child[2700]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2700]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 246s [p11_child[2700]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2700]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x24250236;slot-manufacturer=SoftHSM%20project;slot-id=606405174;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f767d5a4a4250236;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 246s [p11_child[2700]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 246s [p11_child[2700]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 246s [p11_child[2700]] [do_card] (0x4000): Certificate verified and validated. 246s [p11_child[2700]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-24882-auth.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-24882-auth.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-24882-auth.pem 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 3 (0x3) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:c0:9f:d1:7f:3a:a3:c5:69:d9:84:c3:25:ea:bb: 246s d3:b7:8a:2c:f4:0c:55:95:f9:fc:ed:16:19:36:11: 246s c5:1f:21:2d:27:8e:6e:be:22:da:dc:4a:c7:18:8e: 246s 23:80:d0:de:c5:36:cd:41:1f:14:27:9b:c3:2d:19: 246s b3:5b:74:62:ec:c3:a5:f5:a4:c4:9c:54:cc:e9:04: 246s 1e:13:d7:fa:27:3e:b8:a1:7e:db:01:a3:08:55:a5: 246s 07:1d:a4:5e:37:17:c4:3a:ab:26:6b:98:74:48:fe: 246s b8:24:bf:af:2f:c5:d8:81:9b:28:db:2c:84:0f:81: 246s 61:82:af:f9:a5:92:ad:86:5f 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s bb:33:cb:0b:ca:1b:aa:0e:57:cb:b0:57:c4:dc:3b:ff:9a:62: 246s a1:02:53:c2:ca:e3:2c:15:85:5a:78:f9:47:12:3a:70:72:0e: 246s 8b:6d:50:c9:31:bd:63:30:1b:93:f9:ff:1d:0e:ae:19:ee:ba: 246s 3b:42:8e:05:62:d8:3a:cd:47:ab:c1:5d:c9:d4:b0:00:eb:7c: 246s ad:cf:56:63:0e:34:4d:c0:f2:8d:e4:3f:fa:5e:ab:87:58:de: 246s b0:12:7e:51:af:cf:42:f5:4b:4d:b6:90:c5:3f:91:51:b6:fd: 246s e2:6d:ec:17:cd:5a:f0:32:a3:a6:69:d2:b4:94:73:c9:8c:84: 246s 51:11 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-24882-auth.pem 246s + found_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s + '[' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F '!=' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F ']' 246s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem partial_chain 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem partial_chain 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 246s + local verify_option=partial_chain 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-root-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Root Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 246s Test Organization Root Tr Token 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 246s + token_name='Test Organization Root Tr Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 246s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 ']' 246s + echo 'Test Organization Root Tr Token' 246s + '[' -n partial_chain ']' 246s + local verify_arg=--verify=partial_chain 246s + local output_base_name=SSSD-child-25985 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-25985.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-25985.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 246s [p11_child[2710]] [main] (0x0400): p11_child started. 246s [p11_child[2710]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2710]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2710]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2710]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 246s [p11_child[2710]] [do_card] (0x4000): Module List: 246s [p11_child[2710]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2710]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2710]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2710]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2710]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2710]] [do_card] (0x4000): Login NOT required. 246s [p11_child[2710]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2710]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 246s [p11_child[2710]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2710]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x24250236;slot-manufacturer=SoftHSM%20project;slot-id=606405174;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f767d5a4a4250236;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2710]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-25985.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-25985.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-25985.pem 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 3 (0x3) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:c0:9f:d1:7f:3a:a3:c5:69:d9:84:c3:25:ea:bb: 246s d3:b7:8a:2c:f4:0c:55:95:f9:fc:ed:16:19:36:11: 246s c5:1f:21:2d:27:8e:6e:be:22:da:dc:4a:c7:18:8e: 246s 23:80:d0:de:c5:36:cd:41:1f:14:27:9b:c3:2d:19: 246s b3:5b:74:62:ec:c3:a5:f5:a4:c4:9c:54:cc:e9:04: 246s 1e:13:d7:fa:27:3e:b8:a1:7e:db:01:a3:08:55:a5: 246s 07:1d:a4:5e:37:17:c4:3a:ab:26:6b:98:74:48:fe: 246s b8:24:bf:af:2f:c5:d8:81:9b:28:db:2c:84:0f:81: 246s 61:82:af:f9:a5:92:ad:86:5f 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s bb:33:cb:0b:ca:1b:aa:0e:57:cb:b0:57:c4:dc:3b:ff:9a:62: 246s a1:02:53:c2:ca:e3:2c:15:85:5a:78:f9:47:12:3a:70:72:0e: 246s 8b:6d:50:c9:31:bd:63:30:1b:93:f9:ff:1d:0e:ae:19:ee:ba: 246s 3b:42:8e:05:62:d8:3a:cd:47:ab:c1:5d:c9:d4:b0:00:eb:7c: 246s ad:cf:56:63:0e:34:4d:c0:f2:8d:e4:3f:fa:5e:ab:87:58:de: 246s b0:12:7e:51:af:cf:42:f5:4b:4d:b6:90:c5:3f:91:51:b6:fd: 246s e2:6d:ec:17:cd:5a:f0:32:a3:a6:69:d2:b4:94:73:c9:8c:84: 246s 51:11 246s + local found_md5 expected_md5 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + expected_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-25985.pem 246s + found_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s + '[' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F '!=' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F ']' 246s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-25985-auth.output 246s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-25985-auth.output .output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-25985-auth.pem 246s + echo -n 053350 246s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 246s [p11_child[2718]] [main] (0x0400): p11_child started. 246s [p11_child[2718]] [main] (0x2000): Running in [auth] mode. 246s [p11_child[2718]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2718]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2718]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 246s [p11_child[2718]] [do_card] (0x4000): Module List: 246s [p11_child[2718]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2718]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2718]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2718]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2718]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2718]] [do_card] (0x4000): Login required. 246s [p11_child[2718]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2718]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 246s [p11_child[2718]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2718]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x24250236;slot-manufacturer=SoftHSM%20project;slot-id=606405174;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f767d5a4a4250236;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 3 (0x3) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:c0:9f:d1:7f:3a:a3:c5:69:d9:84:c3:25:ea:bb: 246s d3:b7:8a:2c:f4:0c:55:95:f9:fc:ed:16:19:36:11: 246s c5:1f:21:2d:27:8e:6e:be:22:da:dc:4a:c7:18:8e: 246s 23:80:d0:de:c5:36:cd:41:1f:14:27:9b:c3:2d:19: 246s b3:5b:74:62:ec:c3:a5:f5:a4:c4:9c:54:cc:e9:04: 246s 1e:13:d7:fa:27:3e:b8:a1:7e:db:01:a3:08:55:a5: 246s 07:1d:a4:5e:37:17:c4:3a:ab:26:6b:98:74:48:fe: 246s b8:24:bf:af:2f:c5:d8:81:9b:28:db:2c:84:0f:81: 246s 61:82:af:f9:a5:92:ad:86:5f 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s 70:27:AB:CB:84:1E:33:28:0D:1A:96:45:04:BE:B3:A0:97:7A:CE:45 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Root CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s CB:D8:2F:EA:E1:5E:22:03:1C:B8:B9:31:8F:07:95:61:4D:BF:99:C1 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s bb:33:cb:0b:ca:1b:aa:0e:57:cb:b0:57:c4:dc:3b:ff:9a:62: 246s a1:02:53:c2:ca:e3:2c:15:85:5a:78:f9:47:12:3a:70:72:0e: 246s 8b:6d:50:c9:31:bd:63:30:1b:93:f9:ff:1d:0e:ae:19:ee:ba: 246s 3b:42:8e:05:62:d8:3a:cd:47:ab:c1:5d:c9:d4:b0:00:eb:7c: 246s ad:cf:56:63:0e:34:4d:c0:f2:8d:e4:3f:fa:5e:ab:87:58:de: 246s b0:12:7e:51:af:cf:42:f5:4b:4d:b6:90:c5:3f:91:51:b6:fd: 246s e2:6d:ec:17:cd:5a:f0:32:a3:a6:69:d2:b4:94:73:c9:8c:84: 246s 51:11 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 246s [p11_child[2718]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 246s [p11_child[2718]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 246s [p11_child[2718]] [do_card] (0x4000): Certificate verified and validated. 246s [p11_child[2718]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-25985-auth.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-25985-auth.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-25985-auth.pem 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-25985-auth.pem 246s + found_md5=Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F 246s + '[' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F '!=' Modulus=C09FD17F3AA3C569D984C325EABBD3B78A2CF40C5595F9FCED16193611C51F212D278E6EBE22DADC4AC7188E2380D0DEC536CD411F14279BC32D19B35B7462ECC3A5F5A4C49C54CCE9041E13D7FA273EB8A17EDB01A30855A5071DA45E3717C43AAB266B987448FEB824BFAF2FC5D8819B28DB2C840F816182AFF9A592AD865F ']' 246s + invalid_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 246s + local verify_option= 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-root-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Root Trusted Certificate 0001' 246s Test Organization Root Tr Token 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 246s + token_name='Test Organization Root Tr Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 246s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 ']' 246s + echo 'Test Organization Root Tr Token' 246s + '[' -n '' ']' 246s + local output_base_name=SSSD-child-22996 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-22996.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-22996.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 246s [p11_child[2728]] [main] (0x0400): p11_child started. 246s [p11_child[2728]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2728]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2728]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2728]] [do_card] (0x4000): Module List: 246s [p11_child[2728]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2728]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2728]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2728]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2728]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2728]] [do_card] (0x4000): Login NOT required. 246s [p11_child[2728]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2728]] [do_verification] (0x0040): X509_verify_cert failed [0]. 246s [p11_child[2728]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 246s [p11_child[2728]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 246s [p11_child[2728]] [do_card] (0x4000): No certificate found. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-22996.output 246s + return 2 246s + invalid_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem partial_chain 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem partial_chain 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s Test Organization Root Tr Token 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 246s + local verify_option=partial_chain 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-8485 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-root-ca-trusted-cert-0001-8485 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-root-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-root-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Root Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 246s + token_name='Test Organization Root Tr Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 246s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-root-CA-trusted-certificate-0001 ']' 246s + echo 'Test Organization Root Tr Token' 246s + '[' -n partial_chain ']' 246s + local verify_arg=--verify=partial_chain 246s + local output_base_name=SSSD-child-22278 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-22278.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-22278.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 246s [p11_child[2735]] [main] (0x0400): p11_child started. 246s [p11_child[2735]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2735]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2735]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2735]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 246s [p11_child[2735]] [do_card] (0x4000): Module List: 246s [p11_child[2735]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2735]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2735]] [do_card] (0x4000): Description [SoftHSM slot ID 0x24250236] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2735]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 246s [p11_child[2735]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x24250236][606405174] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2735]] [do_card] (0x4000): Login NOT required. 246s [p11_child[2735]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 246s [p11_child[2735]] [do_verification] (0x0040): X509_verify_cert failed [0]. 246s [p11_child[2735]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 246s [p11_child[2735]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 246s [p11_child[2735]] [do_card] (0x4000): No certificate found. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-22278.output 246s + return 2 246s + invalid_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /dev/null 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /dev/null 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local key_ring=/dev/null 246s + local verify_option= 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-intermediate-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 246s + token_name='Test Organization Interme Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 246s + local key_file 246s + local decrypted_key 246s + mkdir -p /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 246s + key_file=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001-key.pem 246s Slot 0 has a free/uninitialized token. 246s The token has been initialized and is reassigned to slot 1514821530 246s Available slots: 246s Slot 1514821530 246s Slot info: 246s Description: SoftHSM slot ID 0x5a4a579a 246s Manufacturer ID: SoftHSM project 246s Hardware version: 2.6 246s Firmware version: 2.6 246s Token present: yes 246s Token info: 246s Manufacturer ID: SoftHSM project 246s Model: SoftHSM v2 246s Hardware version: 2.6 246s Firmware version: 2.6 246s Serial number: 170b02b5da4a579a 246s Initialized: yes 246s User PIN init.: yes 246s Label: Test Organization Interme Token 246s Slot 1 246s Slot info: 246s Description: SoftHSM slot ID 0x1 246s Manufacturer ID: SoftHSM project 246s Hardware version: 2.6 246s Firmware version: 2.6 246s Token present: yes 246s Token info: 246s Manufacturer ID: SoftHSM project 246s Model: SoftHSM v2 246s Hardware version: 2.6 246s Firmware version: 2.6 246s Serial number: 246s Initialized: no 246s User PIN init.: no 246s Label: 246s + decrypted_key=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 246s + cat 246s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 246s + softhsm2-util --show-slots 246s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 246s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-7135 -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 246s writing RSA key 246s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 246s + rm /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 246s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 246s Object 0: 246s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=170b02b5da4a579a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 246s Type: X.509 Certificate (RSA-1024) 246s Expires: Sat Jan 17 05:06:52 2026 246s Label: Test Organization Intermediate Trusted Certificate 0001 246s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 246s 246s Test Organization Interme Token 246s + echo 'Test Organization Interme Token' 246s + '[' -n '' ']' 246s + local output_base_name=SSSD-child-9543 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-9543.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-9543.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 246s [p11_child[2751]] [main] (0x0400): p11_child started. 246s [p11_child[2751]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2751]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2751]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2751]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 246s [p11_child[2751]] [do_work] (0x0040): init_verification failed. 246s [p11_child[2751]] [main] (0x0020): p11_child failed (5) 246s + return 2 246s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /dev/null no_verification 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /dev/null no_verification 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local key_ring=/dev/null 246s + local verify_option=no_verification 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-intermediate-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 246s Test Organization Interme Token 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 246s + token_name='Test Organization Interme Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 246s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 246s + echo 'Test Organization Interme Token' 246s + '[' -n no_verification ']' 246s + local verify_arg=--verify=no_verification 246s + local output_base_name=SSSD-child-8453 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-8453.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-8453.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 246s [p11_child[2757]] [main] (0x0400): p11_child started. 246s [p11_child[2757]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2757]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2757]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2757]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 246s [p11_child[2757]] [do_card] (0x4000): Module List: 246s [p11_child[2757]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2757]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2757]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a4a579a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2757]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 246s [p11_child[2757]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5a4a579a][1514821530] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2757]] [do_card] (0x4000): Login NOT required. 246s [p11_child[2757]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 246s [p11_child[2757]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2757]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a4a579a;slot-manufacturer=SoftHSM%20project;slot-id=1514821530;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=170b02b5da4a579a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2757]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-8453.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-8453.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-8453.pem 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 4 (0x4) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:d4:cc:17:7c:ea:88:c9:9e:4c:5a:cb:91:f8:ec: 246s d0:b0:27:bd:0e:45:06:11:d5:c2:ec:f8:15:e6:20: 246s 68:76:e0:4b:34:9f:f2:f4:87:51:62:db:76:1c:7e: 246s 8d:64:a9:ac:c8:3d:4c:0d:d7:8b:41:31:b1:fd:2f: 246s e1:67:6f:b2:fb:26:b3:19:77:03:cd:46:8e:a9:6a: 246s 5b:68:07:e4:2a:c2:99:f1:e9:85:05:82:41:f3:61: 246s 6a:20:d6:e9:22:e3:78:0c:00:0f:e2:38:73:67:90: 246s 3c:da:dd:cb:28:96:97:c8:f9:c5:02:d1:f7:04:db: 246s b7:99:4a:9c:c5:f3:f9:ab:1b 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s BD:20:DF:A2:21:1F:38:39:70:C2:7E:99:CB:FD:BF:4A:E4:2F:4B:1E 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Intermediate CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s 93:34:5E:37:11:A3:20:E4:6A:08:48:48:89:CD:42:8D:63:2B:C9:77 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s 36:11:5d:fc:34:be:73:a0:29:a3:79:b0:bd:69:b8:21:1a:a4: 246s 9e:55:d7:b3:53:db:5c:38:5f:11:1d:74:19:9c:02:8b:4b:d1: 246s 64:42:42:94:32:f2:7d:ae:87:97:f7:0a:79:16:df:61:42:60: 246s f9:1e:e2:ff:8f:af:b9:32:d4:e2:ab:c2:82:7f:7d:53:70:12: 246s ef:43:3f:1c:fd:30:32:2c:42:a6:6e:a0:57:e2:2d:7b:8f:35: 246s ac:fe:04:92:bd:e9:22:df:5c:54:f2:ad:4c:9f:39:a9:f6:87: 246s cc:ec:75:d0:f1:d2:66:9f:65:b6:b7:c7:3e:3f:a6:6d:1c:cf: 246s 83:c1 246s + local found_md5 expected_md5 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + expected_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-8453.pem 246s + found_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 246s + '[' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B '!=' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B ']' 246s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-8453-auth.output 246s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-8453-auth.output .output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-8453-auth.pem 246s + echo -n 053350 246s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 246s [p11_child[2765]] [main] (0x0400): p11_child started. 246s [p11_child[2765]] [main] (0x2000): Running in [auth] mode. 246s [p11_child[2765]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2765]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2765]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 246s [p11_child[2765]] [do_card] (0x4000): Module List: 246s [p11_child[2765]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2765]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2765]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a4a579a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2765]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 246s [p11_child[2765]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5a4a579a][1514821530] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2765]] [do_card] (0x4000): Login required. 246s [p11_child[2765]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 246s [p11_child[2765]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2765]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a4a579a;slot-manufacturer=SoftHSM%20project;slot-id=1514821530;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=170b02b5da4a579a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 246s [p11_child[2765]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 246s [p11_child[2765]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 246s [p11_child[2765]] [do_card] (0x4000): Certificate verified and validated. 246s [p11_child[2765]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-8453-auth.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-8453-auth.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-8453-auth.pem 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-8453-auth.pem 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 4 (0x4) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:d4:cc:17:7c:ea:88:c9:9e:4c:5a:cb:91:f8:ec: 246s d0:b0:27:bd:0e:45:06:11:d5:c2:ec:f8:15:e6:20: 246s 68:76:e0:4b:34:9f:f2:f4:87:51:62:db:76:1c:7e: 246s 8d:64:a9:ac:c8:3d:4c:0d:d7:8b:41:31:b1:fd:2f: 246s e1:67:6f:b2:fb:26:b3:19:77:03:cd:46:8e:a9:6a: 246s 5b:68:07:e4:2a:c2:99:f1:e9:85:05:82:41:f3:61: 246s 6a:20:d6:e9:22:e3:78:0c:00:0f:e2:38:73:67:90: 246s 3c:da:dd:cb:28:96:97:c8:f9:c5:02:d1:f7:04:db: 246s b7:99:4a:9c:c5:f3:f9:ab:1b 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s BD:20:DF:A2:21:1F:38:39:70:C2:7E:99:CB:FD:BF:4A:E4:2F:4B:1E 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Intermediate CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s 93:34:5E:37:11:A3:20:E4:6A:08:48:48:89:CD:42:8D:63:2B:C9:77 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s 36:11:5d:fc:34:be:73:a0:29:a3:79:b0:bd:69:b8:21:1a:a4: 246s 9e:55:d7:b3:53:db:5c:38:5f:11:1d:74:19:9c:02:8b:4b:d1: 246s 64:42:42:94:32:f2:7d:ae:87:97:f7:0a:79:16:df:61:42:60: 246s f9:1e:e2:ff:8f:af:b9:32:d4:e2:ab:c2:82:7f:7d:53:70:12: 246s ef:43:3f:1c:fd:30:32:2c:42:a6:6e:a0:57:e2:2d:7b:8f:35: 246s ac:fe:04:92:bd:e9:22:df:5c:54:f2:ad:4c:9f:39:a9:f6:87: 246s cc:ec:75:d0:f1:d2:66:9f:65:b6:b7:c7:3e:3f:a6:6d:1c:cf: 246s 83:c1 246s + found_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 246s + '[' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B '!=' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B ']' 246s + invalid_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s + local verify_option= 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-intermediate-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 246s + token_name='Test Organization Interme Token' 246s Test Organization Interme Token 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 246s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 246s + echo 'Test Organization Interme Token' 246s + '[' -n '' ']' 246s + local output_base_name=SSSD-child-21634 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-21634.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-21634.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s [p11_child[2775]] [main] (0x0400): p11_child started. 246s [p11_child[2775]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2775]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2775]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2775]] [do_card] (0x4000): Module List: 246s [p11_child[2775]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2775]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2775]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a4a579a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2775]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 246s [p11_child[2775]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5a4a579a][1514821530] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2775]] [do_card] (0x4000): Login NOT required. 246s [p11_child[2775]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 246s [p11_child[2775]] [do_verification] (0x0040): X509_verify_cert failed [0]. 246s [p11_child[2775]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 246s [p11_child[2775]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 246s [p11_child[2775]] [do_card] (0x4000): No certificate found. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-21634.output 246s + return 2 246s + invalid_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem partial_chain 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem partial_chain 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s + local verify_option=partial_chain 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-intermediate-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 246s + token_name='Test Organization Interme Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 246s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 246s + echo 'Test Organization Interme Token' 246s + '[' -n partial_chain ']' 246s + local verify_arg=--verify=partial_chain 246s + local output_base_name=SSSD-child-23953 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-23953.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-23953.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 246s [p11_child[2782]] [main] (0x0400): p11_child started. 246s [p11_child[2782]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2782]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2782]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2782]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 246s [p11_child[2782]] [do_card] (0x4000): Module List: 246s [p11_child[2782]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2782]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2782]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a4a579a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2782]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 246s [p11_child[2782]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5a4a579a][1514821530] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2782]] [do_card] (0x4000): Login NOT required. 246s [p11_child[2782]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 246s [p11_child[2782]] [do_verification] (0x0040): X509_verify_cert failed [0]. 246s [p11_child[2782]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 246s [p11_child[2782]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 246s [p11_child[2782]] [do_card] (0x4000): No certificate found. 246s Test Organization Interme Token 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-23953.output 246s + return 2 246s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 246s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 246s + local verify_option= 246s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 246s + local key_cn 246s + local key_name 246s + local tokens_dir 246s + local output_cert_file 246s + token_name= 246s ++ basename /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem .pem 246s + key_name=test-intermediate-CA-trusted-certificate-0001 246s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s ++ sed -n 's/ *commonName *= //p' 246s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 246s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 246s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 246s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 246s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 246s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 246s + token_name='Test Organization Interme Token' 246s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 246s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 246s + echo 'Test Organization Interme Token' 246s + '[' -n '' ']' 246s + local output_base_name=SSSD-child-24791 246s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-24791.output 246s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-24791.pem 246s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 246s Test Organization Interme Token 246s [p11_child[2789]] [main] (0x0400): p11_child started. 246s [p11_child[2789]] [main] (0x2000): Running in [pre-auth] mode. 246s [p11_child[2789]] [main] (0x2000): Running with effective IDs: [0][0]. 246s [p11_child[2789]] [main] (0x2000): Running with real IDs [0][0]. 246s [p11_child[2789]] [do_card] (0x4000): Module List: 246s [p11_child[2789]] [do_card] (0x4000): common name: [softhsm2]. 246s [p11_child[2789]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2789]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a4a579a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 246s [p11_child[2789]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 246s [p11_child[2789]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5a4a579a][1514821530] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 246s [p11_child[2789]] [do_card] (0x4000): Login NOT required. 246s [p11_child[2789]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 246s [p11_child[2789]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 246s [p11_child[2789]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 246s [p11_child[2789]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a4a579a;slot-manufacturer=SoftHSM%20project;slot-id=1514821530;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=170b02b5da4a579a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 246s [p11_child[2789]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 246s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-24791.output 246s + echo '-----BEGIN CERTIFICATE-----' 246s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-24791.output 246s + echo '-----END CERTIFICATE-----' 246s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-24791.pem 246s Certificate: 246s Data: 246s Version: 3 (0x2) 246s Serial Number: 4 (0x4) 246s Signature Algorithm: sha256WithRSAEncryption 246s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 246s Validity 246s Not Before: Jan 17 05:06:52 2025 GMT 246s Not After : Jan 17 05:06:52 2026 GMT 246s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 246s Subject Public Key Info: 246s Public Key Algorithm: rsaEncryption 246s Public-Key: (1024 bit) 246s Modulus: 246s 00:d4:cc:17:7c:ea:88:c9:9e:4c:5a:cb:91:f8:ec: 246s d0:b0:27:bd:0e:45:06:11:d5:c2:ec:f8:15:e6:20: 246s 68:76:e0:4b:34:9f:f2:f4:87:51:62:db:76:1c:7e: 246s 8d:64:a9:ac:c8:3d:4c:0d:d7:8b:41:31:b1:fd:2f: 246s e1:67:6f:b2:fb:26:b3:19:77:03:cd:46:8e:a9:6a: 246s 5b:68:07:e4:2a:c2:99:f1:e9:85:05:82:41:f3:61: 246s 6a:20:d6:e9:22:e3:78:0c:00:0f:e2:38:73:67:90: 246s 3c:da:dd:cb:28:96:97:c8:f9:c5:02:d1:f7:04:db: 246s b7:99:4a:9c:c5:f3:f9:ab:1b 246s Exponent: 65537 (0x10001) 246s X509v3 extensions: 246s X509v3 Authority Key Identifier: 246s BD:20:DF:A2:21:1F:38:39:70:C2:7E:99:CB:FD:BF:4A:E4:2F:4B:1E 246s X509v3 Basic Constraints: 246s CA:FALSE 246s Netscape Cert Type: 246s SSL Client, S/MIME 246s Netscape Comment: 246s Test Organization Intermediate CA trusted Certificate 246s X509v3 Subject Key Identifier: 246s 93:34:5E:37:11:A3:20:E4:6A:08:48:48:89:CD:42:8D:63:2B:C9:77 246s X509v3 Key Usage: critical 246s Digital Signature, Non Repudiation, Key Encipherment 246s X509v3 Extended Key Usage: 246s TLS Web Client Authentication, E-mail Protection 246s X509v3 Subject Alternative Name: 246s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 246s Signature Algorithm: sha256WithRSAEncryption 246s Signature Value: 246s 36:11:5d:fc:34:be:73:a0:29:a3:79:b0:bd:69:b8:21:1a:a4: 246s 9e:55:d7:b3:53:db:5c:38:5f:11:1d:74:19:9c:02:8b:4b:d1: 246s 64:42:42:94:32:f2:7d:ae:87:97:f7:0a:79:16:df:61:42:60: 246s f9:1e:e2:ff:8f:af:b9:32:d4:e2:ab:c2:82:7f:7d:53:70:12: 246s ef:43:3f:1c:fd:30:32:2c:42:a6:6e:a0:57:e2:2d:7b:8f:35: 246s ac:fe:04:92:bd:e9:22:df:5c:54:f2:ad:4c:9f:39:a9:f6:87: 246s cc:ec:75:d0:f1:d2:66:9f:65:b6:b7:c7:3e:3f:a6:6d:1c:cf: 246s 83:c1 246s + local found_md5 expected_md5 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 246s + expected_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 246s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-24791.pem 247s + found_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 247s + '[' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B '!=' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B ']' 247s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-24791-auth.output 247s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-24791-auth.output .output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-24791-auth.pem 247s + echo -n 053350 247s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 247s [p11_child[2797]] [main] (0x0400): p11_child started. 247s [p11_child[2797]] [main] (0x2000): Running in [auth] mode. 247s [p11_child[2797]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2797]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2797]] [do_card] (0x4000): Module List: 247s [p11_child[2797]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2797]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2797]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a4a579a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2797]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 247s [p11_child[2797]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5a4a579a][1514821530] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2797]] [do_card] (0x4000): Login required. 247s [p11_child[2797]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 247s [p11_child[2797]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2797]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2797]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a4a579a;slot-manufacturer=SoftHSM%20project;slot-id=1514821530;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=170b02b5da4a579a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 247s [p11_child[2797]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 247s [p11_child[2797]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 247s [p11_child[2797]] [do_card] (0x4000): Certificate verified and validated. 247s [p11_child[2797]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-24791-auth.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-24791-auth.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-24791-auth.pem 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 4 (0x4) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d4:cc:17:7c:ea:88:c9:9e:4c:5a:cb:91:f8:ec: 247s d0:b0:27:bd:0e:45:06:11:d5:c2:ec:f8:15:e6:20: 247s 68:76:e0:4b:34:9f:f2:f4:87:51:62:db:76:1c:7e: 247s 8d:64:a9:ac:c8:3d:4c:0d:d7:8b:41:31:b1:fd:2f: 247s e1:67:6f:b2:fb:26:b3:19:77:03:cd:46:8e:a9:6a: 247s 5b:68:07:e4:2a:c2:99:f1:e9:85:05:82:41:f3:61: 247s 6a:20:d6:e9:22:e3:78:0c:00:0f:e2:38:73:67:90: 247s 3c:da:dd:cb:28:96:97:c8:f9:c5:02:d1:f7:04:db: 247s b7:99:4a:9c:c5:f3:f9:ab:1b 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s BD:20:DF:A2:21:1F:38:39:70:C2:7E:99:CB:FD:BF:4A:E4:2F:4B:1E 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s 93:34:5E:37:11:A3:20:E4:6A:08:48:48:89:CD:42:8D:63:2B:C9:77 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 36:11:5d:fc:34:be:73:a0:29:a3:79:b0:bd:69:b8:21:1a:a4: 247s 9e:55:d7:b3:53:db:5c:38:5f:11:1d:74:19:9c:02:8b:4b:d1: 247s 64:42:42:94:32:f2:7d:ae:87:97:f7:0a:79:16:df:61:42:60: 247s f9:1e:e2:ff:8f:af:b9:32:d4:e2:ab:c2:82:7f:7d:53:70:12: 247s ef:43:3f:1c:fd:30:32:2c:42:a6:6e:a0:57:e2:2d:7b:8f:35: 247s ac:fe:04:92:bd:e9:22:df:5c:54:f2:ad:4c:9f:39:a9:f6:87: 247s cc:ec:75:d0:f1:d2:66:9f:65:b6:b7:c7:3e:3f:a6:6d:1c:cf: 247s 83:c1 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-24791-auth.pem 247s + found_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 247s + '[' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B '!=' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B ']' 247s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem partial_chain 247s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem partial_chain 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 247s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 247s + local verify_option=partial_chain 247s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 247s + local key_cn 247s + local key_name 247s + local tokens_dir 247s + local output_cert_file 247s + token_name= 247s ++ basename /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem .pem 247s + key_name=test-intermediate-CA-trusted-certificate-0001 247s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 247s ++ sed -n 's/ *commonName *= //p' 247s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 247s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 247s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 247s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 247s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 247s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 247s + token_name='Test Organization Interme Token' 247s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 247s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 247s + echo 'Test Organization Interme Token' 247s Test Organization Interme Token 247s + '[' -n partial_chain ']' 247s + local verify_arg=--verify=partial_chain 247s + local output_base_name=SSSD-child-2861 247s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-2861.output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-2861.pem 247s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 247s [p11_child[2807]] [main] (0x0400): p11_child started. 247s [p11_child[2807]] [main] (0x2000): Running in [pre-auth] mode. 247s [p11_child[2807]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2807]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2807]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2807]] [do_card] (0x4000): Module List: 247s [p11_child[2807]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2807]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2807]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a4a579a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2807]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 247s [p11_child[2807]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5a4a579a][1514821530] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2807]] [do_card] (0x4000): Login NOT required. 247s [p11_child[2807]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 247s [p11_child[2807]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2807]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2807]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a4a579a;slot-manufacturer=SoftHSM%20project;slot-id=1514821530;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=170b02b5da4a579a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2807]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-2861.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-2861.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-2861.pem 247s + local found_md5 expected_md5 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 4 (0x4) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d4:cc:17:7c:ea:88:c9:9e:4c:5a:cb:91:f8:ec: 247s d0:b0:27:bd:0e:45:06:11:d5:c2:ec:f8:15:e6:20: 247s 68:76:e0:4b:34:9f:f2:f4:87:51:62:db:76:1c:7e: 247s 8d:64:a9:ac:c8:3d:4c:0d:d7:8b:41:31:b1:fd:2f: 247s e1:67:6f:b2:fb:26:b3:19:77:03:cd:46:8e:a9:6a: 247s 5b:68:07:e4:2a:c2:99:f1:e9:85:05:82:41:f3:61: 247s 6a:20:d6:e9:22:e3:78:0c:00:0f:e2:38:73:67:90: 247s 3c:da:dd:cb:28:96:97:c8:f9:c5:02:d1:f7:04:db: 247s b7:99:4a:9c:c5:f3:f9:ab:1b 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s BD:20:DF:A2:21:1F:38:39:70:C2:7E:99:CB:FD:BF:4A:E4:2F:4B:1E 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s 93:34:5E:37:11:A3:20:E4:6A:08:48:48:89:CD:42:8D:63:2B:C9:77 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 36:11:5d:fc:34:be:73:a0:29:a3:79:b0:bd:69:b8:21:1a:a4: 247s 9e:55:d7:b3:53:db:5c:38:5f:11:1d:74:19:9c:02:8b:4b:d1: 247s 64:42:42:94:32:f2:7d:ae:87:97:f7:0a:79:16:df:61:42:60: 247s f9:1e:e2:ff:8f:af:b9:32:d4:e2:ab:c2:82:7f:7d:53:70:12: 247s ef:43:3f:1c:fd:30:32:2c:42:a6:6e:a0:57:e2:2d:7b:8f:35: 247s ac:fe:04:92:bd:e9:22:df:5c:54:f2:ad:4c:9f:39:a9:f6:87: 247s cc:ec:75:d0:f1:d2:66:9f:65:b6:b7:c7:3e:3f:a6:6d:1c:cf: 247s 83:c1 247s + expected_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-2861.pem 247s + found_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 247s + '[' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B '!=' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B ']' 247s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-2861-auth.output 247s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-2861-auth.output .output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-2861-auth.pem 247s + echo -n 053350 247s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 247s [p11_child[2815]] [main] (0x0400): p11_child started. 247s [p11_child[2815]] [main] (0x2000): Running in [auth] mode. 247s [p11_child[2815]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2815]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2815]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2815]] [do_card] (0x4000): Module List: 247s [p11_child[2815]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2815]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2815]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a4a579a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2815]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 247s [p11_child[2815]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5a4a579a][1514821530] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2815]] [do_card] (0x4000): Login required. 247s [p11_child[2815]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 247s [p11_child[2815]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2815]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2815]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a4a579a;slot-manufacturer=SoftHSM%20project;slot-id=1514821530;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=170b02b5da4a579a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 4 (0x4) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d4:cc:17:7c:ea:88:c9:9e:4c:5a:cb:91:f8:ec: 247s d0:b0:27:bd:0e:45:06:11:d5:c2:ec:f8:15:e6:20: 247s 68:76:e0:4b:34:9f:f2:f4:87:51:62:db:76:1c:7e: 247s 8d:64:a9:ac:c8:3d:4c:0d:d7:8b:41:31:b1:fd:2f: 247s e1:67:6f:b2:fb:26:b3:19:77:03:cd:46:8e:a9:6a: 247s 5b:68:07:e4:2a:c2:99:f1:e9:85:05:82:41:f3:61: 247s 6a:20:d6:e9:22:e3:78:0c:00:0f:e2:38:73:67:90: 247s 3c:da:dd:cb:28:96:97:c8:f9:c5:02:d1:f7:04:db: 247s b7:99:4a:9c:c5:f3:f9:ab:1b 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s BD:20:DF:A2:21:1F:38:39:70:C2:7E:99:CB:FD:BF:4A:E4:2F:4B:1E 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s 93:34:5E:37:11:A3:20:E4:6A:08:48:48:89:CD:42:8D:63:2B:C9:77 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 36:11:5d:fc:34:be:73:a0:29:a3:79:b0:bd:69:b8:21:1a:a4: 247s 9e:55:d7:b3:53:db:5c:38:5f:11:1d:74:19:9c:02:8b:4b:d1: 247s 64:42:42:94:32:f2:7d:ae:87:97:f7:0a:79:16:df:61:42:60: 247s f9:1e:e2:ff:8f:af:b9:32:d4:e2:ab:c2:82:7f:7d:53:70:12: 247s ef:43:3f:1c:fd:30:32:2c:42:a6:6e:a0:57:e2:2d:7b:8f:35: 247s ac:fe:04:92:bd:e9:22:df:5c:54:f2:ad:4c:9f:39:a9:f6:87: 247s cc:ec:75:d0:f1:d2:66:9f:65:b6:b7:c7:3e:3f:a6:6d:1c:cf: 247s 83:c1 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 247s [p11_child[2815]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 247s [p11_child[2815]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 247s [p11_child[2815]] [do_card] (0x4000): Certificate verified and validated. 247s [p11_child[2815]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-2861-auth.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-2861-auth.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-2861-auth.pem 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-2861-auth.pem 247s + found_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 247s + '[' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B '!=' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B ']' 247s + invalid_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 247s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 247s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 247s + local verify_option= 247s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 247s + local key_cn 247s + local key_name 247s + local tokens_dir 247s + local output_cert_file 247s + token_name= 247s ++ basename /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem .pem 247s + key_name=test-intermediate-CA-trusted-certificate-0001 247s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 247s ++ sed -n 's/ *commonName *= //p' 247s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 247s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 247s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 247s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 247s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 247s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 247s + token_name='Test Organization Interme Token' 247s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 247s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 247s + echo 'Test Organization Interme Token' 247s + '[' -n '' ']' 247s + local output_base_name=SSSD-child-21063 247s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-21063.output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-21063.pem 247s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 247s Test Organization Interme Token 247s [p11_child[2825]] [main] (0x0400): p11_child started. 247s [p11_child[2825]] [main] (0x2000): Running in [pre-auth] mode. 247s [p11_child[2825]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2825]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2825]] [do_card] (0x4000): Module List: 247s [p11_child[2825]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2825]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2825]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a4a579a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2825]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 247s [p11_child[2825]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5a4a579a][1514821530] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2825]] [do_card] (0x4000): Login NOT required. 247s [p11_child[2825]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 247s [p11_child[2825]] [do_verification] (0x0040): X509_verify_cert failed [0]. 247s [p11_child[2825]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 247s [p11_child[2825]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 247s [p11_child[2825]] [do_card] (0x4000): No certificate found. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-21063.output 247s + return 2 247s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem partial_chain 247s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem partial_chain 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 247s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 247s + local verify_option=partial_chain 247s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7135 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7135 247s + local key_cn 247s + local key_name 247s + local tokens_dir 247s + local output_cert_file 247s + token_name= 247s ++ basename /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem .pem 247s + key_name=test-intermediate-CA-trusted-certificate-0001 247s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 247s ++ sed -n 's/ *commonName *= //p' 247s Test Organization Interme Token 247s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 247s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 247s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 247s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 247s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 247s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 247s + token_name='Test Organization Interme Token' 247s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 247s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 247s + echo 'Test Organization Interme Token' 247s + '[' -n partial_chain ']' 247s + local verify_arg=--verify=partial_chain 247s + local output_base_name=SSSD-child-18988 247s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-18988.output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-18988.pem 247s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem 247s [p11_child[2832]] [main] (0x0400): p11_child started. 247s [p11_child[2832]] [main] (0x2000): Running in [pre-auth] mode. 247s [p11_child[2832]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2832]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2832]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2832]] [do_card] (0x4000): Module List: 247s [p11_child[2832]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2832]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2832]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a4a579a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2832]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 247s [p11_child[2832]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5a4a579a][1514821530] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2832]] [do_card] (0x4000): Login NOT required. 247s [p11_child[2832]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 247s [p11_child[2832]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2832]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 4 (0x4) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d4:cc:17:7c:ea:88:c9:9e:4c:5a:cb:91:f8:ec: 247s d0:b0:27:bd:0e:45:06:11:d5:c2:ec:f8:15:e6:20: 247s 68:76:e0:4b:34:9f:f2:f4:87:51:62:db:76:1c:7e: 247s 8d:64:a9:ac:c8:3d:4c:0d:d7:8b:41:31:b1:fd:2f: 247s e1:67:6f:b2:fb:26:b3:19:77:03:cd:46:8e:a9:6a: 247s 5b:68:07:e4:2a:c2:99:f1:e9:85:05:82:41:f3:61: 247s 6a:20:d6:e9:22:e3:78:0c:00:0f:e2:38:73:67:90: 247s 3c:da:dd:cb:28:96:97:c8:f9:c5:02:d1:f7:04:db: 247s b7:99:4a:9c:c5:f3:f9:ab:1b 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s BD:20:DF:A2:21:1F:38:39:70:C2:7E:99:CB:FD:BF:4A:E4:2F:4B:1E 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s 93:34:5E:37:11:A3:20:E4:6A:08:48:48:89:CD:42:8D:63:2B:C9:77 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 36:11:5d:fc:34:be:73:a0:29:a3:79:b0:bd:69:b8:21:1a:a4: 247s 9e:55:d7:b3:53:db:5c:38:5f:11:1d:74:19:9c:02:8b:4b:d1: 247s 64:42:42:94:32:f2:7d:ae:87:97:f7:0a:79:16:df:61:42:60: 247s f9:1e:e2:ff:8f:af:b9:32:d4:e2:ab:c2:82:7f:7d:53:70:12: 247s ef:43:3f:1c:fd:30:32:2c:42:a6:6e:a0:57:e2:2d:7b:8f:35: 247s ac:fe:04:92:bd:e9:22:df:5c:54:f2:ad:4c:9f:39:a9:f6:87: 247s cc:ec:75:d0:f1:d2:66:9f:65:b6:b7:c7:3e:3f:a6:6d:1c:cf: 247s 83:c1 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 4 (0x4) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d4:cc:17:7c:ea:88:c9:9e:4c:5a:cb:91:f8:ec: 247s d0:b0:27:bd:0e:45:06:11:d5:c2:ec:f8:15:e6:20: 247s 68:76:e0:4b:34:9f:f2:f4:87:51:62:db:76:1c:7e: 247s 8d:64:a9:ac:c8:3d:4c:0d:d7:8b:41:31:b1:fd:2f: 247s e1:67:6f:b2:fb:26:b3:19:77:03:cd:46:8e:a9:6a: 247s 5b:68:07:e4:2a:c2:99:f1:e9:85:05:82:41:f3:61: 247s 6a:20:d6:e9:22:e3:78:0c:00:0f:e2:38:73:67:90: 247s 3c:da:dd:cb:28:96:97:c8:f9:c5:02:d1:f7:04:db: 247s b7:99:4a:9c:c5:f3:f9:ab:1b 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s BD:20:DF:A2:21:1F:38:39:70:C2:7E:99:CB:FD:BF:4A:E4:2F:4B:1E 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s 93:34:5E:37:11:A3:20:E4:6A:08:48:48:89:CD:42:8D:63:2B:C9:77 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 36:11:5d:fc:34:be:73:a0:29:a3:79:b0:bd:69:b8:21:1a:a4: 247s 9e:55:d7:b3:53:db:5c:38:5f:11:1d:74:19:9c:02:8b:4b:d1: 247s 64:42:42:94:32:f2:7d:ae:87:97:f7:0a:79:16:df:61:42:60: 247s f9:1e:e2:ff:8f:af:b9:32:d4:e2:ab:c2:82:7f:7d:53:70:12: 247s ef:43:3f:1c:fd:30:32:2c:42:a6:6e:a0:57:e2:2d:7b:8f:35: 247s ac:fe:04:92:bd:e9:22:df:5c:54:f2:ad:4c:9f:39:a9:f6:87: 247s cc:ec:75:d0:f1:d2:66:9f:65:b6:b7:c7:3e:3f:a6:6d:1c:cf: 247s 83:c1 247s Slot 0 has a free/uninitialized token. 247s The token has been initialized and is reassigned to slot 297789943 247s Available slots: 247s Slot 297789943 247s Slot info: 247s Description: SoftHSM slot ID 0x11bfe9f7 247s Manufacturer ID: SoftHSM project 247s Hardware version: 2.6 247s Firmware version: 2.6 247s Token present: yes 247s Token info: 247s Manufacturer ID: SoftHSM project 247s Model: SoftHSM v2 247s Hardware version: 2.6 247s Firmware version: 2.6 247s Serial number: 752629f111bfe9f7 247s Initialized: yes 247s User PIN init.: yes 247s Label: Test Organization Sub Int Token 247s Slot 1 247s Slot info: 247s Description: SoftHSM slot ID 0x1 247s Manufacturer ID: SoftHSM project 247s Hardware version: 2.6 247s Firmware version: 2.6 247s Token present: yes 247s Token info: 247s Manufacturer ID: SoftHSM project 247s Model: SoftHSM v2 247s Hardware version: 2.6 247s Firmware version: 2.6 247s Serial number: 247s Initialized: no 247s User PIN init.: no 247s Label: 247s [p11_child[2832]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a4a579a;slot-manufacturer=SoftHSM%20project;slot-id=1514821530;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=170b02b5da4a579a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2832]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-18988.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-18988.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-18988.pem 247s + local found_md5 expected_md5 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-intermediate-CA-trusted-certificate-0001.pem 247s + expected_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-18988.pem 247s + found_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 247s + '[' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B '!=' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B ']' 247s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-18988-auth.output 247s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-18988-auth.output .output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-18988-auth.pem 247s + echo -n 053350 247s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-wfKXql/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 247s [p11_child[2840]] [main] (0x0400): p11_child started. 247s [p11_child[2840]] [main] (0x2000): Running in [auth] mode. 247s [p11_child[2840]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2840]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2840]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2840]] [do_card] (0x4000): Module List: 247s [p11_child[2840]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2840]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2840]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a4a579a] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2840]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 247s [p11_child[2840]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5a4a579a][1514821530] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2840]] [do_card] (0x4000): Login required. 247s [p11_child[2840]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 247s [p11_child[2840]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2840]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2840]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a4a579a;slot-manufacturer=SoftHSM%20project;slot-id=1514821530;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=170b02b5da4a579a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 247s [p11_child[2840]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 247s [p11_child[2840]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 247s [p11_child[2840]] [do_card] (0x4000): Certificate verified and validated. 247s [p11_child[2840]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-18988-auth.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-18988-auth.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-18988-auth.pem 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-18988-auth.pem 247s + found_md5=Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B 247s + '[' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B '!=' Modulus=D4CC177CEA88C99E4C5ACB91F8ECD0B027BD0E450611D5C2ECF815E6206876E04B349FF2F4875162DB761C7E8D64A9ACC83D4C0DD78B4131B1FD2FE1676FB2FB26B3197703CD468EA96A5B6807E42AC299F1E985058241F3616A20D6E922E3780C000FE2387367903CDADDCB289697C8F9C502D1F704DBB7994A9CC5F3F9AB1B ']' 247s + invalid_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 247s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 247s + local verify_option= 247s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_cn 247s + local key_name 247s + local tokens_dir 247s + local output_cert_file 247s + token_name= 247s ++ basename /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 247s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 247s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s ++ sed -n 's/ *commonName *= //p' 247s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 247s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 247s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 247s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 247s + token_name='Test Organization Sub Int Token' 247s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 247s + local key_file 247s + local decrypted_key 247s + mkdir -p /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 247s + key_file=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 247s + decrypted_key=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 247s + cat 247s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 247s + softhsm2-util --show-slots 247s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 247s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-7198 -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 247s writing RSA key 247s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 247s + rm /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 247s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 247s Object 0: 247s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=752629f111bfe9f7;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 247s Type: X.509 Certificate (RSA-1024) 247s Expires: Sat Jan 17 05:06:52 2026 247s Label: Test Organization Sub Intermediate Trusted Certificate 0001 247s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 247s 247s + echo 'Test Organization Sub Int Token' 247s + '[' -n '' ']' 247s Test Organization Sub Int Token 247s + local output_base_name=SSSD-child-214 247s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-214.output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-214.pem 247s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 247s [p11_child[2859]] [main] (0x0400): p11_child started. 247s [p11_child[2859]] [main] (0x2000): Running in [pre-auth] mode. 247s [p11_child[2859]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2859]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2859]] [do_card] (0x4000): Module List: 247s [p11_child[2859]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2859]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2859]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2859]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2859]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2859]] [do_card] (0x4000): Login NOT required. 247s [p11_child[2859]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2859]] [do_verification] (0x0040): X509_verify_cert failed [0]. 247s [p11_child[2859]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 247s [p11_child[2859]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 247s [p11_child[2859]] [do_card] (0x4000): No certificate found. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-214.output 247s + return 2 247s + invalid_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem partial_chain 247s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-root-CA.pem partial_chain 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 247s + local verify_option=partial_chain 247s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_cn 247s + local key_name 247s + local tokens_dir 247s + local output_cert_file 247s + token_name= 247s ++ basename /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 247s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 247s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s ++ sed -n 's/ *commonName *= //p' 247s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 247s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 247s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 247s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 247s + token_name='Test Organization Sub Int Token' 247s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 247s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 247s + echo 'Test Organization Sub Int Token' 247s Test Organization Sub Int Token 247s + '[' -n partial_chain ']' 247s + local verify_arg=--verify=partial_chain 247s + local output_base_name=SSSD-child-9439 247s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-9439.output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-9439.pem 247s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-wfKXql/test-root-CA.pem 247s [p11_child[2866]] [main] (0x0400): p11_child started. 247s [p11_child[2866]] [main] (0x2000): Running in [pre-auth] mode. 247s [p11_child[2866]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2866]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2866]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2866]] [do_card] (0x4000): Module List: 247s [p11_child[2866]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2866]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2866]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2866]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2866]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2866]] [do_card] (0x4000): Login NOT required. 247s [p11_child[2866]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2866]] [do_verification] (0x0040): X509_verify_cert failed [0]. 247s [p11_child[2866]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 247s [p11_child[2866]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 247s [p11_child[2866]] [do_card] (0x4000): No certificate found. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-9439.output 247s + return 2 247s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 247s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 247s + local verify_option= 247s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_cn 247s + local key_name 247s + local tokens_dir 247s + local output_cert_file 247s + token_name= 247s ++ basename /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 247s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 247s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s ++ sed -n 's/ *commonName *= //p' 247s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 247s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 247s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 247s Test Organization Sub Int Token 247s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 247s + token_name='Test Organization Sub Int Token' 247s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 247s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 247s + echo 'Test Organization Sub Int Token' 247s + '[' -n '' ']' 247s + local output_base_name=SSSD-child-15927 247s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15927.output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15927.pem 247s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 247s [p11_child[2873]] [main] (0x0400): p11_child started. 247s [p11_child[2873]] [main] (0x2000): Running in [pre-auth] mode. 247s [p11_child[2873]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2873]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2873]] [do_card] (0x4000): Module List: 247s [p11_child[2873]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2873]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2873]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2873]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2873]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2873]] [do_card] (0x4000): Login NOT required. 247s [p11_child[2873]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2873]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2873]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2873]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11bfe9f7;slot-manufacturer=SoftHSM%20project;slot-id=297789943;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=752629f111bfe9f7;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2873]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15927.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15927.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15927.pem 247s + local found_md5 expected_md5 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 5 (0x5) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d0:2e:11:e3:f1:79:17:dd:68:de:a7:7b:ab:5e: 247s 70:ee:8d:63:da:d6:7a:69:4b:0d:67:55:2c:8c:1f: 247s 05:67:d3:b9:cb:45:3f:28:70:31:ad:84:15:4d:89: 247s dc:01:66:1b:28:d6:0d:83:c5:26:1c:c9:98:04:8c: 247s 0a:4f:79:da:f3:49:f0:7f:90:ae:99:91:20:8f:68: 247s a4:b2:50:07:d3:22:65:7b:a7:43:4b:56:72:6a:0b: 247s 39:2b:f1:53:ea:a3:76:25:44:ff:8a:59:31:85:57: 247s d0:af:29:10:8f:c8:83:05:83:02:ca:dc:3f:0a:dd: 247s d2:ce:75:0d:54:a8:e2:3b:67 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s 23:C8:37:13:2E:24:36:AB:E5:B1:C0:2D:04:A1:57:C1:56:ED:E0:5F 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Sub Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s C4:07:F4:97:AF:AC:97:E5:F8:4D:07:1D:54:14:CE:32:1F:B0:F5:4D 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 02:82:52:96:53:ac:52:2c:dc:aa:30:d8:ef:83:da:ca:7a:d9: 247s 78:27:4b:c9:ac:60:84:07:3e:b3:e3:4c:16:c2:23:75:8d:b3: 247s 0e:2d:48:be:1d:1d:2f:48:4e:4a:18:3f:39:8c:1d:7f:5d:7b: 247s c7:2a:96:08:95:1e:4f:20:86:14:e1:c1:ad:34:d8:5b:26:ff: 247s 86:3d:9d:74:75:71:61:db:07:e4:c8:96:03:08:8a:89:51:40: 247s dd:13:05:c6:30:ef:82:17:93:6f:38:4d:d3:82:43:cd:47:d5: 247s b0:de:bc:35:ab:bb:35:90:98:d2:11:e5:60:0e:d2:75:a4:8f: 247s 45:21 247s + expected_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15927.pem 247s + found_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s + '[' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 '!=' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 ']' 247s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15927-auth.output 247s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-15927-auth.output .output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-15927-auth.pem 247s + echo -n 053350 247s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 247s [p11_child[2881]] [main] (0x0400): p11_child started. 247s [p11_child[2881]] [main] (0x2000): Running in [auth] mode. 247s [p11_child[2881]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2881]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2881]] [do_card] (0x4000): Module List: 247s [p11_child[2881]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2881]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2881]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2881]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2881]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2881]] [do_card] (0x4000): Login required. 247s [p11_child[2881]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2881]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2881]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2881]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11bfe9f7;slot-manufacturer=SoftHSM%20project;slot-id=297789943;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=752629f111bfe9f7;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 247s [p11_child[2881]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 247s [p11_child[2881]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 247s [p11_child[2881]] [do_card] (0x4000): Certificate verified and validated. 247s [p11_child[2881]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15927-auth.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-15927-auth.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15927-auth.pem 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 5 (0x5) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d0:2e:11:e3:f1:79:17:dd:68:de:a7:7b:ab:5e: 247s 70:ee:8d:63:da:d6:7a:69:4b:0d:67:55:2c:8c:1f: 247s 05:67:d3:b9:cb:45:3f:28:70:31:ad:84:15:4d:89: 247s dc:01:66:1b:28:d6:0d:83:c5:26:1c:c9:98:04:8c: 247s 0a:4f:79:da:f3:49:f0:7f:90:ae:99:91:20:8f:68: 247s a4:b2:50:07:d3:22:65:7b:a7:43:4b:56:72:6a:0b: 247s 39:2b:f1:53:ea:a3:76:25:44:ff:8a:59:31:85:57: 247s d0:af:29:10:8f:c8:83:05:83:02:ca:dc:3f:0a:dd: 247s d2:ce:75:0d:54:a8:e2:3b:67 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s 23:C8:37:13:2E:24:36:AB:E5:B1:C0:2D:04:A1:57:C1:56:ED:E0:5F 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Sub Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s C4:07:F4:97:AF:AC:97:E5:F8:4D:07:1D:54:14:CE:32:1F:B0:F5:4D 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 02:82:52:96:53:ac:52:2c:dc:aa:30:d8:ef:83:da:ca:7a:d9: 247s 78:27:4b:c9:ac:60:84:07:3e:b3:e3:4c:16:c2:23:75:8d:b3: 247s 0e:2d:48:be:1d:1d:2f:48:4e:4a:18:3f:39:8c:1d:7f:5d:7b: 247s c7:2a:96:08:95:1e:4f:20:86:14:e1:c1:ad:34:d8:5b:26:ff: 247s 86:3d:9d:74:75:71:61:db:07:e4:c8:96:03:08:8a:89:51:40: 247s dd:13:05:c6:30:ef:82:17:93:6f:38:4d:d3:82:43:cd:47:d5: 247s b0:de:bc:35:ab:bb:35:90:98:d2:11:e5:60:0e:d2:75:a4:8f: 247s 45:21 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-15927-auth.pem 247s + found_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s + '[' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 '!=' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 ']' 247s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem partial_chain 247s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem partial_chain 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 247s + local verify_option=partial_chain 247s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_cn 247s + local key_name 247s + local tokens_dir 247s + local output_cert_file 247s + token_name= 247s ++ basename /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 247s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 247s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s ++ sed -n 's/ *commonName *= //p' 247s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 247s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 247s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 247s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 247s + token_name='Test Organization Sub Int Token' 247s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 247s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 247s + echo 'Test Organization Sub Int Token' 247s Test Organization Sub Int Token 247s + '[' -n partial_chain ']' 247s + local verify_arg=--verify=partial_chain 247s + local output_base_name=SSSD-child-18608 247s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-18608.output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-18608.pem 247s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem 247s [p11_child[2891]] [main] (0x0400): p11_child started. 247s [p11_child[2891]] [main] (0x2000): Running in [pre-auth] mode. 247s [p11_child[2891]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2891]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2891]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2891]] [do_card] (0x4000): Module List: 247s [p11_child[2891]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2891]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2891]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2891]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2891]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2891]] [do_card] (0x4000): Login NOT required. 247s [p11_child[2891]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2891]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2891]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2891]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11bfe9f7;slot-manufacturer=SoftHSM%20project;slot-id=297789943;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=752629f111bfe9f7;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2891]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-18608.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-18608.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-18608.pem 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 5 (0x5) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d0:2e:11:e3:f1:79:17:dd:68:de:a7:7b:ab:5e: 247s 70:ee:8d:63:da:d6:7a:69:4b:0d:67:55:2c:8c:1f: 247s 05:67:d3:b9:cb:45:3f:28:70:31:ad:84:15:4d:89: 247s dc:01:66:1b:28:d6:0d:83:c5:26:1c:c9:98:04:8c: 247s 0a:4f:79:da:f3:49:f0:7f:90:ae:99:91:20:8f:68: 247s a4:b2:50:07:d3:22:65:7b:a7:43:4b:56:72:6a:0b: 247s 39:2b:f1:53:ea:a3:76:25:44:ff:8a:59:31:85:57: 247s d0:af:29:10:8f:c8:83:05:83:02:ca:dc:3f:0a:dd: 247s d2:ce:75:0d:54:a8:e2:3b:67 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s 23:C8:37:13:2E:24:36:AB:E5:B1:C0:2D:04:A1:57:C1:56:ED:E0:5F 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Sub Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s C4:07:F4:97:AF:AC:97:E5:F8:4D:07:1D:54:14:CE:32:1F:B0:F5:4D 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 02:82:52:96:53:ac:52:2c:dc:aa:30:d8:ef:83:da:ca:7a:d9: 247s 78:27:4b:c9:ac:60:84:07:3e:b3:e3:4c:16:c2:23:75:8d:b3: 247s 0e:2d:48:be:1d:1d:2f:48:4e:4a:18:3f:39:8c:1d:7f:5d:7b: 247s c7:2a:96:08:95:1e:4f:20:86:14:e1:c1:ad:34:d8:5b:26:ff: 247s 86:3d:9d:74:75:71:61:db:07:e4:c8:96:03:08:8a:89:51:40: 247s dd:13:05:c6:30:ef:82:17:93:6f:38:4d:d3:82:43:cd:47:d5: 247s b0:de:bc:35:ab:bb:35:90:98:d2:11:e5:60:0e:d2:75:a4:8f: 247s 45:21 247s + local found_md5 expected_md5 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + expected_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-18608.pem 247s + found_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s + '[' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 '!=' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 ']' 247s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-18608-auth.output 247s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-18608-auth.output .output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-18608-auth.pem 247s + echo -n 053350 247s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-wfKXql/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 247s [p11_child[2899]] [main] (0x0400): p11_child started. 247s [p11_child[2899]] [main] (0x2000): Running in [auth] mode. 247s [p11_child[2899]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2899]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2899]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2899]] [do_card] (0x4000): Module List: 247s [p11_child[2899]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2899]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2899]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2899]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2899]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2899]] [do_card] (0x4000): Login required. 247s [p11_child[2899]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2899]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2899]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2899]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11bfe9f7;slot-manufacturer=SoftHSM%20project;slot-id=297789943;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=752629f111bfe9f7;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 247s [p11_child[2899]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 247s [p11_child[2899]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 247s [p11_child[2899]] [do_card] (0x4000): Certificate verified and validated. 247s [p11_child[2899]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-18608-auth.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-18608-auth.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-18608-auth.pem 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-18608-auth.pem 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 5 (0x5) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d0:2e:11:e3:f1:79:17:dd:68:de:a7:7b:ab:5e: 247s 70:ee:8d:63:da:d6:7a:69:4b:0d:67:55:2c:8c:1f: 247s 05:67:d3:b9:cb:45:3f:28:70:31:ad:84:15:4d:89: 247s dc:01:66:1b:28:d6:0d:83:c5:26:1c:c9:98:04:8c: 247s 0a:4f:79:da:f3:49:f0:7f:90:ae:99:91:20:8f:68: 247s a4:b2:50:07:d3:22:65:7b:a7:43:4b:56:72:6a:0b: 247s 39:2b:f1:53:ea:a3:76:25:44:ff:8a:59:31:85:57: 247s d0:af:29:10:8f:c8:83:05:83:02:ca:dc:3f:0a:dd: 247s d2:ce:75:0d:54:a8:e2:3b:67 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s 23:C8:37:13:2E:24:36:AB:E5:B1:C0:2D:04:A1:57:C1:56:ED:E0:5F 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Sub Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s C4:07:F4:97:AF:AC:97:E5:F8:4D:07:1D:54:14:CE:32:1F:B0:F5:4D 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 02:82:52:96:53:ac:52:2c:dc:aa:30:d8:ef:83:da:ca:7a:d9: 247s 78:27:4b:c9:ac:60:84:07:3e:b3:e3:4c:16:c2:23:75:8d:b3: 247s 0e:2d:48:be:1d:1d:2f:48:4e:4a:18:3f:39:8c:1d:7f:5d:7b: 247s c7:2a:96:08:95:1e:4f:20:86:14:e1:c1:ad:34:d8:5b:26:ff: 247s 86:3d:9d:74:75:71:61:db:07:e4:c8:96:03:08:8a:89:51:40: 247s dd:13:05:c6:30:ef:82:17:93:6f:38:4d:d3:82:43:cd:47:d5: 247s b0:de:bc:35:ab:bb:35:90:98:d2:11:e5:60:0e:d2:75:a4:8f: 247s 45:21 247s + found_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s + '[' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 '!=' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 ']' 247s + invalid_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 247s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 247s + local verify_option= 247s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_cn 247s + local key_name 247s + local tokens_dir 247s + local output_cert_file 247s + token_name= 247s ++ basename /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 247s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 247s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s ++ sed -n 's/ *commonName *= //p' 247s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 247s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 247s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 247s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 247s + token_name='Test Organization Sub Int Token' 247s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 247s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 247s + echo 'Test Organization Sub Int Token' 247s Test Organization Sub Int Token 247s + '[' -n '' ']' 247s + local output_base_name=SSSD-child-22998 247s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-22998.output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-22998.pem 247s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 247s [p11_child[2909]] [main] (0x0400): p11_child started. 247s [p11_child[2909]] [main] (0x2000): Running in [pre-auth] mode. 247s [p11_child[2909]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2909]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2909]] [do_card] (0x4000): Module List: 247s [p11_child[2909]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2909]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2909]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2909]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2909]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2909]] [do_card] (0x4000): Login NOT required. 247s [p11_child[2909]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2909]] [do_verification] (0x0040): X509_verify_cert failed [0]. 247s [p11_child[2909]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 247s [p11_child[2909]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 247s [p11_child[2909]] [do_card] (0x4000): No certificate found. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-22998.output 247s + return 2 247s + invalid_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-root-intermediate-chain-CA.pem partial_chain 247s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-root-intermediate-chain-CA.pem partial_chain 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-root-intermediate-chain-CA.pem 247s + local verify_option=partial_chain 247s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_cn 247s + local key_name 247s + local tokens_dir 247s + local output_cert_file 247s + token_name= 247s ++ basename /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 247s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 247s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s ++ sed -n 's/ *commonName *= //p' 247s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 247s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 247s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 247s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 247s + token_name='Test Organization Sub Int Token' 247s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 247s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 247s + echo 'Test Organization Sub Int Token' 247s + '[' -n partial_chain ']' 247s + local verify_arg=--verify=partial_chain 247s + local output_base_name=SSSD-child-28233 247s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-28233.output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-28233.pem 247s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-wfKXql/test-root-intermediate-chain-CA.pem 247s Test Organization Sub Int Token 247s [p11_child[2916]] [main] (0x0400): p11_child started. 247s [p11_child[2916]] [main] (0x2000): Running in [pre-auth] mode. 247s [p11_child[2916]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2916]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2916]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2916]] [do_card] (0x4000): Module List: 247s [p11_child[2916]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2916]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2916]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2916]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2916]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2916]] [do_card] (0x4000): Login NOT required. 247s [p11_child[2916]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2916]] [do_verification] (0x0040): X509_verify_cert failed [0]. 247s [p11_child[2916]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 247s [p11_child[2916]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 247s [p11_child[2916]] [do_card] (0x4000): No certificate found. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-28233.output 247s + return 2 247s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem partial_chain 247s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem partial_chain 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 247s + local verify_option=partial_chain 247s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_cn 247s + local key_name 247s + local tokens_dir 247s + local output_cert_file 247s + token_name= 247s ++ basename /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 247s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 247s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s ++ sed -n 's/ *commonName *= //p' 247s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 247s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 247s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 247s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 247s + token_name='Test Organization Sub Int Token' 247s Test Organization Sub Int Token 247s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 247s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 247s + echo 'Test Organization Sub Int Token' 247s + '[' -n partial_chain ']' 247s + local verify_arg=--verify=partial_chain 247s + local output_base_name=SSSD-child-8936 247s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-8936.output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-8936.pem 247s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem 247s [p11_child[2923]] [main] (0x0400): p11_child started. 247s [p11_child[2923]] [main] (0x2000): Running in [pre-auth] mode. 247s [p11_child[2923]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2923]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2923]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2923]] [do_card] (0x4000): Module List: 247s [p11_child[2923]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2923]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2923]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2923]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2923]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2923]] [do_card] (0x4000): Login NOT required. 247s [p11_child[2923]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2923]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2923]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2923]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11bfe9f7;slot-manufacturer=SoftHSM%20project;slot-id=297789943;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=752629f111bfe9f7;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2923]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-8936.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-8936.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-8936.pem 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 5 (0x5) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d0:2e:11:e3:f1:79:17:dd:68:de:a7:7b:ab:5e: 247s 70:ee:8d:63:da:d6:7a:69:4b:0d:67:55:2c:8c:1f: 247s 05:67:d3:b9:cb:45:3f:28:70:31:ad:84:15:4d:89: 247s dc:01:66:1b:28:d6:0d:83:c5:26:1c:c9:98:04:8c: 247s 0a:4f:79:da:f3:49:f0:7f:90:ae:99:91:20:8f:68: 247s a4:b2:50:07:d3:22:65:7b:a7:43:4b:56:72:6a:0b: 247s 39:2b:f1:53:ea:a3:76:25:44:ff:8a:59:31:85:57: 247s d0:af:29:10:8f:c8:83:05:83:02:ca:dc:3f:0a:dd: 247s d2:ce:75:0d:54:a8:e2:3b:67 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s 23:C8:37:13:2E:24:36:AB:E5:B1:C0:2D:04:A1:57:C1:56:ED:E0:5F 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Sub Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s C4:07:F4:97:AF:AC:97:E5:F8:4D:07:1D:54:14:CE:32:1F:B0:F5:4D 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 02:82:52:96:53:ac:52:2c:dc:aa:30:d8:ef:83:da:ca:7a:d9: 247s 78:27:4b:c9:ac:60:84:07:3e:b3:e3:4c:16:c2:23:75:8d:b3: 247s 0e:2d:48:be:1d:1d:2f:48:4e:4a:18:3f:39:8c:1d:7f:5d:7b: 247s c7:2a:96:08:95:1e:4f:20:86:14:e1:c1:ad:34:d8:5b:26:ff: 247s 86:3d:9d:74:75:71:61:db:07:e4:c8:96:03:08:8a:89:51:40: 247s dd:13:05:c6:30:ef:82:17:93:6f:38:4d:d3:82:43:cd:47:d5: 247s b0:de:bc:35:ab:bb:35:90:98:d2:11:e5:60:0e:d2:75:a4:8f: 247s 45:21 247s + local found_md5 expected_md5 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + expected_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-8936.pem 247s + found_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s + '[' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 '!=' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 ']' 247s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-8936-auth.output 247s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-8936-auth.output .output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-8936-auth.pem 247s + echo -n 053350 247s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 247s [p11_child[2931]] [main] (0x0400): p11_child started. 247s [p11_child[2931]] [main] (0x2000): Running in [auth] mode. 247s [p11_child[2931]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2931]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2931]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2931]] [do_card] (0x4000): Module List: 247s [p11_child[2931]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2931]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2931]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2931]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2931]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2931]] [do_card] (0x4000): Login required. 247s [p11_child[2931]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2931]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2931]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2931]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11bfe9f7;slot-manufacturer=SoftHSM%20project;slot-id=297789943;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=752629f111bfe9f7;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 247s [p11_child[2931]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 247s [p11_child[2931]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 247s [p11_child[2931]] [do_card] (0x4000): Certificate verified and validated. 247s [p11_child[2931]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-8936-auth.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-8936-auth.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-8936-auth.pem 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-8936-auth.pem 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 5 (0x5) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d0:2e:11:e3:f1:79:17:dd:68:de:a7:7b:ab:5e: 247s 70:ee:8d:63:da:d6:7a:69:4b:0d:67:55:2c:8c:1f: 247s 05:67:d3:b9:cb:45:3f:28:70:31:ad:84:15:4d:89: 247s dc:01:66:1b:28:d6:0d:83:c5:26:1c:c9:98:04:8c: 247s 0a:4f:79:da:f3:49:f0:7f:90:ae:99:91:20:8f:68: 247s a4:b2:50:07:d3:22:65:7b:a7:43:4b:56:72:6a:0b: 247s 39:2b:f1:53:ea:a3:76:25:44:ff:8a:59:31:85:57: 247s d0:af:29:10:8f:c8:83:05:83:02:ca:dc:3f:0a:dd: 247s d2:ce:75:0d:54:a8:e2:3b:67 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s 23:C8:37:13:2E:24:36:AB:E5:B1:C0:2D:04:A1:57:C1:56:ED:E0:5F 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Sub Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s C4:07:F4:97:AF:AC:97:E5:F8:4D:07:1D:54:14:CE:32:1F:B0:F5:4D 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 02:82:52:96:53:ac:52:2c:dc:aa:30:d8:ef:83:da:ca:7a:d9: 247s 78:27:4b:c9:ac:60:84:07:3e:b3:e3:4c:16:c2:23:75:8d:b3: 247s 0e:2d:48:be:1d:1d:2f:48:4e:4a:18:3f:39:8c:1d:7f:5d:7b: 247s c7:2a:96:08:95:1e:4f:20:86:14:e1:c1:ad:34:d8:5b:26:ff: 247s 86:3d:9d:74:75:71:61:db:07:e4:c8:96:03:08:8a:89:51:40: 247s dd:13:05:c6:30:ef:82:17:93:6f:38:4d:d3:82:43:cd:47:d5: 247s b0:de:bc:35:ab:bb:35:90:98:d2:11:e5:60:0e:d2:75:a4:8f: 247s 45:21 247s + found_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s + '[' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 '!=' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 ']' 247s + valid_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-intermediate-sub-chain-CA.pem partial_chain 247s + check_certificate /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 /tmp/sssd-softhsm2-wfKXql/test-intermediate-sub-chain-CA.pem partial_chain 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_ring=/tmp/sssd-softhsm2-wfKXql/test-intermediate-sub-chain-CA.pem 247s + local verify_option=partial_chain 247s + prepare_softhsm2_card /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local certificate=/tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-7198 247s + local key_cn 247s + local key_name 247s + local tokens_dir 247s + local output_cert_file 247s + token_name= 247s ++ basename /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 247s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 247s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s ++ sed -n 's/ *commonName *= //p' 247s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 247s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 247s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 247s ++ basename /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 247s + tokens_dir=/tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 247s + token_name='Test Organization Sub Int Token' 247s + '[' '!' -e /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 247s + '[' '!' -d /tmp/sssd-softhsm2-wfKXql/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 247s + echo 'Test Organization Sub Int Token' 247s + '[' -n partial_chain ']' 247s + local verify_arg=--verify=partial_chain 247s + local output_base_name=SSSD-child-31592 247s Test Organization Sub Int Token 247s + local output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-31592.output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-31592.pem 247s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-wfKXql/test-intermediate-sub-chain-CA.pem 247s [p11_child[2941]] [main] (0x0400): p11_child started. 247s [p11_child[2941]] [main] (0x2000): Running in [pre-auth] mode. 247s [p11_child[2941]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2941]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2941]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2941]] [do_card] (0x4000): Module List: 247s [p11_child[2941]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2941]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2941]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2941]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2941]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2941]] [do_card] (0x4000): Login NOT required. 247s [p11_child[2941]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2941]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2941]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2941]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11bfe9f7;slot-manufacturer=SoftHSM%20project;slot-id=297789943;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=752629f111bfe9f7;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2941]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-31592.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-31592.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-31592.pem 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 5 (0x5) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d0:2e:11:e3:f1:79:17:dd:68:de:a7:7b:ab:5e: 247s 70:ee:8d:63:da:d6:7a:69:4b:0d:67:55:2c:8c:1f: 247s 05:67:d3:b9:cb:45:3f:28:70:31:ad:84:15:4d:89: 247s dc:01:66:1b:28:d6:0d:83:c5:26:1c:c9:98:04:8c: 247s 0a:4f:79:da:f3:49:f0:7f:90:ae:99:91:20:8f:68: 247s a4:b2:50:07:d3:22:65:7b:a7:43:4b:56:72:6a:0b: 247s 39:2b:f1:53:ea:a3:76:25:44:ff:8a:59:31:85:57: 247s d0:af:29:10:8f:c8:83:05:83:02:ca:dc:3f:0a:dd: 247s d2:ce:75:0d:54:a8:e2:3b:67 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s 23:C8:37:13:2E:24:36:AB:E5:B1:C0:2D:04:A1:57:C1:56:ED:E0:5F 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Sub Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s C4:07:F4:97:AF:AC:97:E5:F8:4D:07:1D:54:14:CE:32:1F:B0:F5:4D 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 02:82:52:96:53:ac:52:2c:dc:aa:30:d8:ef:83:da:ca:7a:d9: 247s 78:27:4b:c9:ac:60:84:07:3e:b3:e3:4c:16:c2:23:75:8d:b3: 247s 0e:2d:48:be:1d:1d:2f:48:4e:4a:18:3f:39:8c:1d:7f:5d:7b: 247s c7:2a:96:08:95:1e:4f:20:86:14:e1:c1:ad:34:d8:5b:26:ff: 247s 86:3d:9d:74:75:71:61:db:07:e4:c8:96:03:08:8a:89:51:40: 247s dd:13:05:c6:30:ef:82:17:93:6f:38:4d:d3:82:43:cd:47:d5: 247s b0:de:bc:35:ab:bb:35:90:98:d2:11:e5:60:0e:d2:75:a4:8f: 247s 45:21 247s + local found_md5 expected_md5 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/test-sub-intermediate-CA-trusted-certificate-0001.pem 247s + expected_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-31592.pem 247s + found_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s + '[' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 '!=' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 ']' 247s + output_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-31592-auth.output 247s ++ basename /tmp/sssd-softhsm2-wfKXql/SSSD-child-31592-auth.output .output 247s + output_cert_file=/tmp/sssd-softhsm2-wfKXql/SSSD-child-31592-auth.pem 247s + echo -n 053350 247s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-wfKXql/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 247s [p11_child[2949]] [main] (0x0400): p11_child started. 247s [p11_child[2949]] [main] (0x2000): Running in [auth] mode. 247s [p11_child[2949]] [main] (0x2000): Running with effective IDs: [0][0]. 247s [p11_child[2949]] [main] (0x2000): Running with real IDs [0][0]. 247s [p11_child[2949]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 247s [p11_child[2949]] [do_card] (0x4000): Module List: 247s [p11_child[2949]] [do_card] (0x4000): common name: [softhsm2]. 247s [p11_child[2949]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2949]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11bfe9f7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 247s [p11_child[2949]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 247s [p11_child[2949]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11bfe9f7][297789943] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 247s [p11_child[2949]] [do_card] (0x4000): Login required. 247s [p11_child[2949]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 247s [p11_child[2949]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 247s [p11_child[2949]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 247s [p11_child[2949]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11bfe9f7;slot-manufacturer=SoftHSM%20project;slot-id=297789943;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=752629f111bfe9f7;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 247s [p11_child[2949]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 247s [p11_child[2949]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 247s [p11_child[2949]] [do_card] (0x4000): Certificate verified and validated. 247s [p11_child[2949]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 247s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-wfKXql/SSSD-child-31592-auth.output 247s + echo '-----BEGIN CERTIFICATE-----' 247s + tail -n1 /tmp/sssd-softhsm2-wfKXql/SSSD-child-31592-auth.output 247s + echo '-----END CERTIFICATE-----' 247s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-31592-auth.pem 247s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-wfKXql/SSSD-child-31592-auth.pem 247s Certificate: 247s Data: 247s Version: 3 (0x2) 247s Serial Number: 5 (0x5) 247s Signature Algorithm: sha256WithRSAEncryption 247s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 247s Validity 247s Not Before: Jan 17 05:06:52 2025 GMT 247s Not After : Jan 17 05:06:52 2026 GMT 247s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 247s Subject Public Key Info: 247s Public Key Algorithm: rsaEncryption 247s Public-Key: (1024 bit) 247s Modulus: 247s 00:d0:2e:11:e3:f1:79:17:dd:68:de:a7:7b:ab:5e: 247s 70:ee:8d:63:da:d6:7a:69:4b:0d:67:55:2c:8c:1f: 247s 05:67:d3:b9:cb:45:3f:28:70:31:ad:84:15:4d:89: 247s dc:01:66:1b:28:d6:0d:83:c5:26:1c:c9:98:04:8c: 247s 0a:4f:79:da:f3:49:f0:7f:90:ae:99:91:20:8f:68: 247s a4:b2:50:07:d3:22:65:7b:a7:43:4b:56:72:6a:0b: 247s 39:2b:f1:53:ea:a3:76:25:44:ff:8a:59:31:85:57: 247s d0:af:29:10:8f:c8:83:05:83:02:ca:dc:3f:0a:dd: 247s d2:ce:75:0d:54:a8:e2:3b:67 247s Exponent: 65537 (0x10001) 247s X509v3 extensions: 247s X509v3 Authority Key Identifier: 247s 23:C8:37:13:2E:24:36:AB:E5:B1:C0:2D:04:A1:57:C1:56:ED:E0:5F 247s X509v3 Basic Constraints: 247s CA:FALSE 247s Netscape Cert Type: 247s SSL Client, S/MIME 247s Netscape Comment: 247s Test Organization Sub Intermediate CA trusted Certificate 247s X509v3 Subject Key Identifier: 247s C4:07:F4:97:AF:AC:97:E5:F8:4D:07:1D:54:14:CE:32:1F:B0:F5:4D 247s X509v3 Key Usage: critical 247s Digital Signature, Non Repudiation, Key Encipherment 247s X509v3 Extended Key Usage: 247s TLS Web Client Authentication, E-mail Protection 247s X509v3 Subject Alternative Name: 247s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 247s Signature Algorithm: sha256WithRSAEncryption 247s Signature Value: 247s 02:82:52:96:53:ac:52:2c:dc:aa:30:d8:ef:83:da:ca:7a:d9: 247s 78:27:4b:c9:ac:60:84:07:3e:b3:e3:4c:16:c2:23:75:8d:b3: 247s 0e:2d:48:be:1d:1d:2f:48:4e:4a:18:3f:39:8c:1d:7f:5d:7b: 247s c7:2a:96:08:95:1e:4f:20:86:14:e1:c1:ad:34:d8:5b:26:ff: 247s 86:3d:9d:74:75:71:61:db:07:e4:c8:96:03:08:8a:89:51:40: 247s dd:13:05:c6:30:ef:82:17:93:6f:38:4d:d3:82:43:cd:47:d5: 247s b0:de:bc:35:ab:bb:35:90:98:d2:11:e5:60:0e:d2:75:a4:8f: 247s 45:21 247s 247s Test completed, Root CA and intermediate issued certificates verified! 247s + found_md5=Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 247s + '[' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 '!=' Modulus=D02E11E3F17917DD68DEA77BAB5E70EE8D63DAD67A694B0D67552C8C1F0567D3B9CB453F287031AD84154D89DC01661B28D60D83C5261CC998048C0A4F79DAF349F07F90AE9991208F68A4B25007D322657BA7434B56726A0B392BF153EAA3762544FF8A59318557D0AF29108FC883058302CADC3F0ADDD2CE750D54A8E23B67 ']' 247s + set +x 247s autopkgtest [05:06:53]: test sssd-softhism2-certificates-tests.sh: -----------------------] 248s autopkgtest [05:06:54]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 248s sssd-softhism2-certificates-tests.sh PASS 248s autopkgtest [05:06:54]: test sssd-smart-card-pam-auth-configs: preparing testbed 249s Reading package lists... 249s Building dependency tree... 249s Reading state information... 249s Starting pkgProblemResolver with broken count: 0 249s Starting 2 pkgProblemResolver with broken count: 0 249s Done 249s The following NEW packages will be installed: 249s pamtester 249s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 249s Need to get 12.2 kB of archives. 249s After this operation, 36.9 kB of additional disk space will be used. 249s Get:1 http://ftpmaster.internal/ubuntu plucky/universe s390x pamtester s390x 0.1.2-4 [12.2 kB] 249s Fetched 12.2 kB in 0s (85.7 kB/s) 250s Selecting previously unselected package pamtester. 250s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56246 files and directories currently installed.) 250s Preparing to unpack .../pamtester_0.1.2-4_s390x.deb ... 250s Unpacking pamtester (0.1.2-4) ... 250s Setting up pamtester (0.1.2-4) ... 250s Processing triggers for man-db (2.13.0-1) ... 251s autopkgtest [05:06:57]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 251s autopkgtest [05:06:57]: test sssd-smart-card-pam-auth-configs: [----------------------- 251s + '[' -z ubuntu ']' 251s + export DEBIAN_FRONTEND=noninteractive 251s + DEBIAN_FRONTEND=noninteractive 251s + required_tools=(pamtester softhsm2-util sssd) 251s + [[ ! -v OFFLINE_MODE ]] 251s + for cmd in "${required_tools[@]}" 251s + command -v pamtester 251s + for cmd in "${required_tools[@]}" 251s + command -v softhsm2-util 251s + for cmd in "${required_tools[@]}" 251s + command -v sssd 251s + PIN=123456 251s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 251s + tmpdir=/tmp/sssd-softhsm2-certs-stuE9a 251s + backupsdir= 251s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 251s + declare -a restore_paths 251s + declare -a delete_paths 251s + trap handle_exit EXIT 251s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 251s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 251s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 251s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 251s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-stuE9a GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 251s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-stuE9a 251s + GENERATE_SMART_CARDS=1 251s + KEEP_TEMPORARY_FILES=1 251s + NO_SSSD_TESTS=1 251s + bash debian/tests/sssd-softhism2-certificates-tests.sh 251s + '[' -z ubuntu ']' 251s + required_tools=(p11tool openssl softhsm2-util) 251s + for cmd in "${required_tools[@]}" 251s + command -v p11tool 251s + for cmd in "${required_tools[@]}" 251s + command -v openssl 251s + for cmd in "${required_tools[@]}" 251s + command -v softhsm2-util 251s + PIN=123456 251s +++ find /usr/lib/softhsm/libsofthsm2.so 251s +++ head -n 1 251s ++ realpath /usr/lib/softhsm/libsofthsm2.so 251s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 251s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 251s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 251s + '[' '!' -v NO_SSSD_TESTS ']' 251s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 251s + tmpdir=/tmp/sssd-softhsm2-certs-stuE9a 251s + keys_size=1024 251s + [[ ! -v KEEP_TEMPORARY_FILES ]] 251s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 251s + echo -n 01 251s + touch /tmp/sssd-softhsm2-certs-stuE9a/index.txt 251s + mkdir -p /tmp/sssd-softhsm2-certs-stuE9a/new_certs 251s + cat 251s + root_ca_key_pass=pass:random-root-CA-password-9738 251s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-key.pem -passout pass:random-root-CA-password-9738 1024 251s + openssl req -passin pass:random-root-CA-password-9738 -batch -config /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.pem 251s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.pem 251s + cat 251s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-30370 251s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-30370 1024 251s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-30370 -config /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-9738 -sha256 -out /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-certificate-request.pem 251s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-certificate-request.pem 251s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.config -passin pass:random-root-CA-password-9738 -keyfile /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem 251s Certificate Request: 251s Data: 251s Version: 1 (0x0) 251s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 251s Subject Public Key Info: 251s Public Key Algorithm: rsaEncryption 251s Public-Key: (1024 bit) 251s Modulus: 251s 00:c4:35:8c:ae:14:59:eb:5a:0c:44:a6:9a:1a:45: 251s d6:08:35:83:22:53:0e:65:bb:48:2f:5d:7c:6d:40: 251s dd:ab:6d:fb:d2:25:30:c3:79:a0:74:8a:ab:2a:e0: 251s 6d:66:c3:77:fe:77:20:95:a6:c6:10:a9:b1:23:e7: 251s bd:05:d9:ca:58:7f:6e:41:22:9b:72:57:4f:bd:be: 251s 21:70:b5:5b:27:52:c6:4b:43:2d:e2:66:85:f8:f6: 251s 30:5a:7e:e8:1b:b5:8f:c1:25:9e:32:04:75:91:74: 251s ea:a5:c1:6e:b0:a0:73:85:c9:e2:ed:62:e8:bf:1c: 251s f4:ec:7e:a1:54:c3:13:90:43 251s Exponent: 65537 (0x10001) 251s Attributes: 251s (none) 251s Requested Extensions: 251s Signature Algorithm: sha256WithRSAEncryption 251s Signature Value: 251s 05:ce:96:21:46:78:dc:5a:9c:7e:8c:f4:5b:a3:58:30:fd:6f: 251s 67:2c:13:79:96:f7:f1:49:58:0a:ae:ac:fc:a9:71:8f:a9:fd: 251s 18:63:22:7b:06:c9:9e:36:fa:c9:49:21:ce:57:73:4e:4a:5b: 251s 94:83:5e:de:53:58:31:17:87:5d:da:1c:20:db:f6:6e:3b:52: 251s 9a:6d:27:0e:93:55:ad:9b:60:6d:24:67:9a:6e:9d:2c:96:f0: 251s 66:e3:66:37:2e:23:f1:f9:04:96:da:d4:d0:8b:6b:99:1f:76: 251s 75:c5:ce:69:e7:ad:16:8c:02:fa:43:49:54:fe:47:0e:13:7c: 251s a2:d3 251s Using configuration from /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.config 251s Check that the request matches the signature 251s Signature ok 251s Certificate Details: 251s Serial Number: 1 (0x1) 251s Validity 251s Not Before: Jan 17 05:06:57 2025 GMT 251s Not After : Jan 17 05:06:57 2026 GMT 251s Subject: 251s organizationName = Test Organization 251s organizationalUnitName = Test Organization Unit 251s commonName = Test Organization Intermediate CA 251s X509v3 extensions: 251s X509v3 Subject Key Identifier: 251s E4:A1:63:98:D7:05:F2:52:EE:CE:90:2D:12:3A:92:76:D5:5F:4C:E6 251s X509v3 Authority Key Identifier: 251s keyid:A8:10:F3:79:C8:D2:A2:EC:0C:E6:C1:DD:2D:1C:81:70:A9:3D:A2:D2 251s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 251s serial:00 251s X509v3 Basic Constraints: 251s CA:TRUE 251s X509v3 Key Usage: critical 251s Digital Signature, Certificate Sign, CRL Sign 251s Certificate is to be certified until Jan 17 05:06:57 2026 GMT (365 days) 251s 251s Write out database with 1 new entries 251s Database updated 251s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem 251s /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem: OK 251s + cat 251s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-5857 251s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-5857 1024 251s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-5857 -config /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-30370 -sha256 -out /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-certificate-request.pem 251s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-certificate-request.pem 251s Certificate Request: 251s Data: 251s Version: 1 (0x0) 251s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 251s Subject Public Key Info: 251s Public Key Algorithm: rsaEncryption 251s Public-Key: (1024 bit) 251s Modulus: 251s 00:d0:ac:2f:11:90:3f:92:fa:fe:87:7d:52:f4:5a: 251s 23:ff:87:ab:c7:b3:80:23:f1:0b:e8:ca:82:5c:1d: 251s 8d:a1:be:7a:63:fe:5e:9a:1f:79:32:82:b3:4d:0a: 251s 42:b5:92:a3:0f:85:55:40:6b:db:05:04:6a:ec:d4: 251s 51:6e:99:3f:62:19:a2:5e:8a:b0:30:6c:0b:b0:4a: 251s 7f:38:2f:55:11:3b:ac:03:01:1d:a3:0c:0b:fe:34: 251s 6a:2d:c0:6b:6a:d5:b3:24:c6:7d:95:f7:68:69:c1: 251s af:c7:2d:42:ac:e9:48:78:71:eb:b6:56:66:1a:38: 251s 94:53:ee:f9:1a:89:66:52:5d 251s Exponent: 65537 (0x10001) 251s Attributes: 251s (none) 251s Requested Extensions: 251s Signature Algorithm: sha256WithRSAEncryption 251s Signature Value: 251s 04:45:61:38:22:ba:59:d4:ec:fe:a0:ab:fc:46:93:49:fb:f2: 251s f4:72:45:90:ed:85:a4:07:a9:1b:f2:17:77:4d:4a:af:7b:8d: 251s b2:86:53:26:4e:d0:93:3f:f7:02:8d:5d:78:01:3b:6f:f5:dd: 251s 5e:56:ce:1d:ab:af:62:41:a4:6c:0e:57:e5:d0:37:02:2e:9a: 251s ca:d5:80:0a:1a:73:6a:35:ea:2d:9e:00:af:d9:39:4d:f1:18: 251s 6c:a6:0a:43:e9:a3:20:06:58:86:4a:53:5b:ff:44:d8:c2:75: 251s 9b:72:16:72:e8:ac:e4:3b:39:18:d6:5c:bf:d5:91:c9:fc:da: 251s 17:a6 251s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-30370 -keyfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem 251s Using configuration from /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.config 251s Check that the request matches the signature 251s Signature ok 251s Certificate Details: 251s Serial Number: 2 (0x2) 251s Validity 251s Not Before: Jan 17 05:06:57 2025 GMT 251s Not After : Jan 17 05:06:57 2026 GMT 251s Subject: 251s organizationName = Test Organization 251s organizationalUnitName = Test Organization Unit 251s commonName = Test Organization Sub Intermediate CA 251s X509v3 extensions: 251s X509v3 Subject Key Identifier: 251s 3A:FF:BE:38:92:70:9E:51:75:3F:D0:56:52:A7:1C:AF:16:E8:B2:A5 251s X509v3 Authority Key Identifier: 251s keyid:E4:A1:63:98:D7:05:F2:52:EE:CE:90:2D:12:3A:92:76:D5:5F:4C:E6 251s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 251s serial:01 251s X509v3 Basic Constraints: 251s CA:TRUE 251s X509v3 Key Usage: critical 251s Digital Signature, Certificate Sign, CRL Sign 251s Certificate is to be certified until Jan 17 05:06:57 2026 GMT (365 days) 251s 251s Write out database with 1 new entries 251s Database updated 251s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem 251s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem 251s /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem: OK 251s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem 251s + local cmd=openssl 251s + shift 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem 251s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 251s error 20 at 0 depth lookup: unable to get local issuer certificate 251s error /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem: verification failed 251s + cat 251s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-6104 251s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-6104 1024 251s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-6104 -key /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001-request.pem 251s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001-request.pem 251s Certificate Request: 251s Data: 251s Version: 1 (0x0) 251s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 251s Subject Public Key Info: 251s Public Key Algorithm: rsaEncryption 251s Public-Key: (1024 bit) 251s Modulus: 251s 00:b7:1e:cc:0a:a1:07:cd:05:5b:7d:eb:9b:73:ac: 251s 23:67:5e:35:3b:84:b9:55:10:d1:30:a3:00:52:a4: 251s b5:ae:6f:f6:6c:b1:39:87:07:88:20:31:24:1c:ee: 251s e3:65:a4:cd:c1:86:86:76:2a:7f:85:62:64:c9:28: 251s e3:df:2f:5d:b2:a9:c4:a9:64:d2:47:13:8c:97:66: 251s db:62:1b:30:2e:3e:bd:ff:45:0c:3f:ff:3b:0c:d0: 251s 7c:7c:d9:3d:45:1c:67:6f:47:bf:32:79:98:54:ee: 251s 44:c7:b0:f5:81:e0:5d:0a:31:20:8d:f8:42:80:d5: 251s 8a:29:74:7f:83:25:f8:4e:ed 251s Exponent: 65537 (0x10001) 251s Attributes: 251s Requested Extensions: 251s X509v3 Basic Constraints: 251s CA:FALSE 251s Netscape Cert Type: 251s SSL Client, S/MIME 251s Netscape Comment: 251s Test Organization Root CA trusted Certificate 251s X509v3 Subject Key Identifier: 251s 5A:37:91:C5:41:B9:A4:E4:C2:DE:82:F4:11:3A:EA:68:E6:E2:EF:8D 251s X509v3 Key Usage: critical 251s Digital Signature, Non Repudiation, Key Encipherment 251s X509v3 Extended Key Usage: 251s TLS Web Client Authentication, E-mail Protection 251s X509v3 Subject Alternative Name: 251s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 251s Signature Algorithm: sha256WithRSAEncryption 251s Signature Value: 251s b4:30:6f:b8:58:d0:7d:66:03:05:0e:ec:48:4a:fb:6c:c2:7e: 251s 69:00:1a:6c:c7:47:93:57:7c:2f:08:e8:cb:ab:7c:bb:68:9b: 251s b8:4b:68:97:c6:e3:4c:10:fc:a1:ae:92:dd:3a:3e:cd:dc:fc: 251s 6b:64:ba:35:94:67:a9:8b:a4:4b:b3:12:92:46:50:40:45:72: 251s 99:3b:bc:b4:bd:58:85:33:d6:8b:74:ee:e2:65:14:2a:8c:6d: 251s 34:61:bc:03:dd:03:ce:61:37:ad:32:c4:03:b7:3d:91:1b:c9: 251s 5d:bb:12:3a:e8:52:b8:78:ae:80:ab:ef:08:1e:35:83:a5:de: 251s 4a:0e 251s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.config -passin pass:random-root-CA-password-9738 -keyfile /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem 251s Using configuration from /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.config 251s Check that the request matches the signature 251s Signature ok 251s Certificate Details: 251s Serial Number: 3 (0x3) 251s Validity 251s Not Before: Jan 17 05:06:57 2025 GMT 251s Not After : Jan 17 05:06:57 2026 GMT 251s Subject: 251s organizationName = Test Organization 251s organizationalUnitName = Test Organization Unit 251s commonName = Test Organization Root Trusted Certificate 0001 251s X509v3 extensions: 251s X509v3 Authority Key Identifier: 251s A8:10:F3:79:C8:D2:A2:EC:0C:E6:C1:DD:2D:1C:81:70:A9:3D:A2:D2 251s X509v3 Basic Constraints: 251s CA:FALSE 251s Netscape Cert Type: 251s SSL Client, S/MIME 251s Netscape Comment: 251s Test Organization Root CA trusted Certificate 251s X509v3 Subject Key Identifier: 251s 5A:37:91:C5:41:B9:A4:E4:C2:DE:82:F4:11:3A:EA:68:E6:E2:EF:8D 251s X509v3 Key Usage: critical 251s Digital Signature, Non Repudiation, Key Encipherment 251s X509v3 Extended Key Usage: 251s TLS Web Client Authentication, E-mail Protection 251s X509v3 Subject Alternative Name: 251s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 251s Certificate is to be certified until Jan 17 05:06:57 2026 GMT (365 days) 251s 251s Write out database with 1 new entries 251s Database updated 251s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem 251s /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem: OK 251s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem 251s + local cmd=openssl 251s + shift 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem 251s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 251s error 20 at 0 depth lookup: unable to get local issuer certificate 251s error /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem: verification failed 251s + cat 251s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-16248 251s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-16248 1024 251s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-16248 -key /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001-request.pem 251s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001-request.pem 251s Certificate Request: 251s Data: 251s Version: 1 (0x0) 251s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 251s Subject Public Key Info: 251s Public Key Algorithm: rsaEncryption 251s Public-Key: (1024 bit) 251s Modulus: 251s 00:d5:49:5c:d9:46:42:3f:54:d4:43:51:a1:5a:ba: 251s ac:4d:a2:de:95:aa:7b:23:9c:43:4b:72:10:8a:fa: 251s f5:1c:d6:0d:71:20:cc:a5:4a:5d:fd:9c:f0:a5:fd: 251s df:f9:d0:29:49:cd:b5:3c:d8:6c:da:78:cd:3f:e7: 251s 9e:a2:85:eb:eb:9d:75:b6:c5:07:2a:56:ff:b7:da: 251s ce:89:e6:19:09:45:e7:39:cf:32:56:95:e9:73:d8: 251s 9d:68:60:1f:fc:0e:17:5c:53:c5:bb:db:29:c6:80: 251s 59:d1:9e:cb:8f:f0:b8:38:0c:86:c1:d0:39:64:09: 251s da:c6:4e:65:b1:05:a5:d9:af 251s Exponent: 65537 (0x10001) 251s Attributes: 251s Requested Extensions: 251s X509v3 Basic Constraints: 251s CA:FALSE 251s Netscape Cert Type: 251s SSL Client, S/MIME 251s Netscape Comment: 251s Test Organization Intermediate CA trusted Certificate 251s X509v3 Subject Key Identifier: 251s 4E:FB:59:96:E6:33:2E:FA:31:D0:F3:9C:14:A7:A5:2B:52:5F:52:F4 251s X509v3 Key Usage: critical 251s Digital Signature, Non Repudiation, Key Encipherment 251s X509v3 Extended Key Usage: 251s TLS Web Client Authentication, E-mail Protection 251s X509v3 Subject Alternative Name: 251s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 251s Signature Algorithm: sha256WithRSAEncryption 251s Signature Value: 251s 0c:cc:5d:b5:9c:8e:65:31:2c:2c:18:ab:35:af:1c:92:13:3b: 251s 93:4f:a7:62:b6:b1:83:59:01:41:39:8a:5a:cb:5d:88:2e:ee: 251s ed:f2:d9:a7:5b:e5:34:d0:ca:7e:6a:57:41:a5:0c:af:8e:74: 251s d6:e1:af:6c:ff:dc:da:71:8c:71:c1:ea:2b:58:5e:3b:b3:c0: 251s 09:8a:1c:0c:5b:05:a7:ea:2b:cb:09:57:51:3a:ca:f1:e7:02: 251s 97:c7:51:cc:3c:3d:2a:09:d2:7b:db:55:49:a4:05:7e:a1:a9: 251s 2c:35:e0:f9:2b:50:dc:6d:c3:14:c3:59:c8:5f:62:85:f6:bb: 251s 6a:ba 251s + openssl ca -passin pass:random-intermediate-CA-password-30370 -config /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem 251s Using configuration from /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.config 251s Check that the request matches the signature 251s Signature ok 251s Certificate Details: 251s Serial Number: 4 (0x4) 251s Validity 251s Not Before: Jan 17 05:06:57 2025 GMT 251s Not After : Jan 17 05:06:57 2026 GMT 251s Subject: 251s organizationName = Test Organization 251s organizationalUnitName = Test Organization Unit 251s commonName = Test Organization Intermediate Trusted Certificate 0001 251s X509v3 extensions: 251s X509v3 Authority Key Identifier: 251s E4:A1:63:98:D7:05:F2:52:EE:CE:90:2D:12:3A:92:76:D5:5F:4C:E6 251s X509v3 Basic Constraints: 251s CA:FALSE 251s Netscape Cert Type: 251s SSL Client, S/MIME 251s Netscape Comment: 251s Test Organization Intermediate CA trusted Certificate 251s X509v3 Subject Key Identifier: 251s 4E:FB:59:96:E6:33:2E:FA:31:D0:F3:9C:14:A7:A5:2B:52:5F:52:F4 251s X509v3 Key Usage: critical 251s Digital Signature, Non Repudiation, Key Encipherment 251s X509v3 Extended Key Usage: 251s TLS Web Client Authentication, E-mail Protection 251s X509v3 Subject Alternative Name: 251s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 251s Certificate is to be certified until Jan 17 05:06:57 2026 GMT (365 days) 251s 251s Write out database with 1 new entries 251s Database updated 251s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem 251s + echo 'This certificate should not be trusted fully' 251s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem 251s + local cmd=openssl 251s + shift 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem 251s This certificate should not be trusted fully 251s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 251s error 2 at 1 depth lookup: unable to get issuer certificate 251s error /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 251s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem 251s /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem: OK 251s + cat 251s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10802 251s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-10802 1024 251s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-10802 -key /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 251s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 251s Certificate Request: 251s Data: 251s Version: 1 (0x0) 251s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 251s Subject Public Key Info: 251s Public Key Algorithm: rsaEncryption 251s Public-Key: (1024 bit) 251s Modulus: 251s 00:d4:04:5f:ef:0b:c0:03:6a:09:08:36:43:d2:8a: 251s 9f:db:41:e4:07:a6:44:67:90:2d:1e:c6:53:73:94: 251s 0d:ed:f2:1a:69:e9:06:0d:81:b8:57:b6:ca:cb:81: 251s a4:aa:1b:96:4b:5d:c6:66:6c:c0:7a:a3:cb:f8:1f: 251s c5:3d:9e:b7:f8:84:79:b3:ad:18:74:cf:9d:68:a6: 251s b3:29:e1:51:a0:6e:4f:70:ab:09:9a:21:45:58:28: 251s 47:36:7a:22:73:72:6c:67:ab:4f:4f:c7:23:0f:72: 251s fd:11:f1:27:ad:bf:c5:7f:b9:89:de:f9:2e:34:7d: 251s bb:f9:5d:e8:11:f2:29:7b:fb 251s Exponent: 65537 (0x10001) 251s Attributes: 251s Requested Extensions: 251s X509v3 Basic Constraints: 251s CA:FALSE 251s Netscape Cert Type: 251s SSL Client, S/MIME 251s Netscape Comment: 251s Test Organization Sub Intermediate CA trusted Certificate 251s X509v3 Subject Key Identifier: 251s 9B:AA:C5:38:9D:9A:6D:CC:1F:A8:E1:3D:EB:34:E3:DD:90:BD:AA:DD 251s X509v3 Key Usage: critical 251s Digital Signature, Non Repudiation, Key Encipherment 251s X509v3 Extended Key Usage: 251s TLS Web Client Authentication, E-mail Protection 251s X509v3 Subject Alternative Name: 251s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 251s Signature Algorithm: sha256WithRSAEncryption 251s Signature Value: 251s 52:35:30:ce:5d:f0:a1:33:49:60:ac:4b:2d:a9:27:b9:cc:fd: 251s 6f:7b:08:9e:be:e2:8d:d3:77:a7:9a:e9:70:6b:62:5e:c9:69: 251s 7d:1d:8b:48:06:dd:c1:37:75:5d:39:b3:68:46:53:b2:50:47: 251s eb:d6:e0:78:eb:d9:7c:4f:5c:fe:80:d5:eb:56:cc:7b:84:54: 251s 9d:e0:58:2e:37:e1:68:d7:85:d4:e6:72:9a:2f:0b:5f:93:8c: 251s dd:8c:54:1a:14:a2:2e:b7:71:2b:95:86:ca:f9:28:2c:ca:ba: 251s 88:f6:61:ef:4c:e7:a9:a1:8c:01:95:48:65:6c:ec:08:04:e3: 251s 48:24 251s + openssl ca -passin pass:random-sub-intermediate-CA-password-5857 -config /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s Using configuration from /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.config 251s Check that the request matches the signature 251s Signature ok 251s Certificate Details: 251s Serial Number: 5 (0x5) 251s Validity 251s Not Before: Jan 17 05:06:57 2025 GMT 251s Not After : Jan 17 05:06:57 2026 GMT 251s Subject: 251s organizationName = Test Organization 251s organizationalUnitName = Test Organization Unit 251s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 251s X509v3 extensions: 251s X509v3 Authority Key Identifier: 251s 3A:FF:BE:38:92:70:9E:51:75:3F:D0:56:52:A7:1C:AF:16:E8:B2:A5 251s X509v3 Basic Constraints: 251s CA:FALSE 251s Netscape Cert Type: 251s SSL Client, S/MIME 251s Netscape Comment: 251s Test Organization Sub Intermediate CA trusted Certificate 251s X509v3 Subject Key Identifier: 251s 9B:AA:C5:38:9D:9A:6D:CC:1F:A8:E1:3D:EB:34:E3:DD:90:BD:AA:DD 251s X509v3 Key Usage: critical 251s Digital Signature, Non Repudiation, Key Encipherment 251s X509v3 Extended Key Usage: 251s TLS Web Client Authentication, E-mail Protection 251s X509v3 Subject Alternative Name: 251s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 251s Certificate is to be certified until Jan 17 05:06:57 2026 GMT (365 days) 251s 251s Write out database with 1 new entries 251s Database updated 251s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s This certificate should not be trusted fully 251s + echo 'This certificate should not be trusted fully' 251s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s + local cmd=openssl 251s + shift 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 251s error 2 at 1 depth lookup: unable to get issuer certificate 251s error /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 251s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s + local cmd=openssl 251s + shift 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 251s error 20 at 0 depth lookup: unable to get local issuer certificate 251s error /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 251s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 251s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s + local cmd=openssl 251s + shift 251s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 251s error 20 at 0 depth lookup: unable to get local issuer certificate 251s error /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 251s Building a the full-chain CA file... 251s + echo 'Building a the full-chain CA file...' 251s + cat /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem 251s + cat /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem 251s + cat /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem 251s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem 251s + openssl pkcs7 -print_certs -noout 251s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 251s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 251s 251s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 251s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 251s 251s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 251s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 251s 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem 251s /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA.pem: OK 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem 251s /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem: OK 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem 251s /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem: OK 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-root-intermediate-chain-CA.pem 251s /tmp/sssd-softhsm2-certs-stuE9a/test-root-intermediate-chain-CA.pem: OK 251s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 251s Certificates generation completed! 251s + echo 'Certificates generation completed!' 251s + [[ -v NO_SSSD_TESTS ]] 251s + [[ -v GENERATE_SMART_CARDS ]] 251s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6104 251s + local certificate=/tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem 251s + local key_pass=pass:random-root-ca-trusted-cert-0001-6104 251s + local key_cn 251s + local key_name 251s + local tokens_dir 251s + local output_cert_file 251s + token_name= 251s ++ basename /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem .pem 251s + key_name=test-root-CA-trusted-certificate-0001 251s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem 251s ++ sed -n 's/ *commonName *= //p' 251s + key_cn='Test Organization Root Trusted Certificate 0001' 251s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 251s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-root-CA-trusted-certificate-0001.conf 251s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-root-CA-trusted-certificate-0001.conf 251s ++ basename /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 251s + tokens_dir=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-root-CA-trusted-certificate-0001 251s + token_name='Test Organization Root Tr Token' 251s + '[' '!' -e /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 251s + local key_file 251s + local decrypted_key 251s + mkdir -p /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-root-CA-trusted-certificate-0001 251s + key_file=/tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001-key.pem 251s + decrypted_key=/tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001-key-decrypted.pem 251s + cat 251s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 251s Slot 0 has a free/uninitialized token. 251s The token has been initialized and is reassigned to slot 732630330 251s + softhsm2-util --show-slots 251s Available slots: 251s Slot 732630330 251s Slot info: 251s Description: SoftHSM slot ID 0x2bab0d3a 251s Manufacturer ID: SoftHSM project 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Token present: yes 251s Token info: 251s Manufacturer ID: SoftHSM project 251s Model: SoftHSM v2 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Serial number: 68ebeb25abab0d3a 251s Initialized: yes 251s User PIN init.: yes 251s Label: Test Organization Root Tr Token 251s Slot 1 251s Slot info: 251s Description: SoftHSM slot ID 0x1 251s Manufacturer ID: SoftHSM project 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Token present: yes 251s Token info: 251s Manufacturer ID: SoftHSM project 251s Model: SoftHSM v2 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Serial number: 251s Initialized: no 251s User PIN init.: no 251s Label: 251s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 251s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-6104 -in /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001-key-decrypted.pem 251s writing RSA key 251s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 251s + rm /tmp/sssd-softhsm2-certs-stuE9a/test-root-CA-trusted-certificate-0001-key-decrypted.pem 251s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 251s Object 0: 251s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68ebeb25abab0d3a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 251s Type: X.509 Certificate (RSA-1024) 251s Expires: Sat Jan 17 05:06:57 2026 251s Label: Test Organization Root Trusted Certificate 0001 251s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 251s 251s Test Organization Root Tr Token 251s + echo 'Test Organization Root Tr Token' 251s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-16248 251s + local certificate=/tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem 251s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-16248 251s + local key_cn 251s + local key_name 251s + local tokens_dir 251s + local output_cert_file 251s + token_name= 251s ++ basename /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem .pem 251s + key_name=test-intermediate-CA-trusted-certificate-0001 251s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem 251s ++ sed -n 's/ *commonName *= //p' 251s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 251s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 251s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 251s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 251s ++ basename /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 251s + tokens_dir=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-intermediate-CA-trusted-certificate-0001 251s + token_name='Test Organization Interme Token' 251s + '[' '!' -e /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 251s + local key_file 251s + local decrypted_key 251s + mkdir -p /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-intermediate-CA-trusted-certificate-0001 251s + key_file=/tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001-key.pem 251s + decrypted_key=/tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 251s + cat 251s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 251s Slot 0 has a free/uninitialized token. 251s The token has been initialized and is reassigned to slot 38918786 251s + softhsm2-util --show-slots 251s Available slots: 251s Slot 38918786 251s Slot info: 251s Description: SoftHSM slot ID 0x251da82 251s Manufacturer ID: SoftHSM project 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Token present: yes 251s Token info: 251s Manufacturer ID: SoftHSM project 251s Model: SoftHSM v2 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Serial number: c66a4acd8251da82 251s Initialized: yes 251s User PIN init.: yes 251s Label: Test Organization Interme Token 251s Slot 1 251s Slot info: 251s Description: SoftHSM slot ID 0x1 251s Manufacturer ID: SoftHSM project 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Token present: yes 251s Token info: 251s Manufacturer ID: SoftHSM project 251s Model: SoftHSM v2 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Serial number: 251s Initialized: no 251s User PIN init.: no 251s Label: 251s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 251s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-16248 -in /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 251s writing RSA key 251s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 251s + rm /tmp/sssd-softhsm2-certs-stuE9a/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 251s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 251s Object 0: 251s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c66a4acd8251da82;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 251s Type: X.509 Certificate (RSA-1024) 251s Expires: Sat Jan 17 05:06:57 2026 251s Label: Test Organization Intermediate Trusted Certificate 0001 251s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 251s 251s Test Organization Interme Token 251s + echo 'Test Organization Interme Token' 251s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10802 251s + local certificate=/tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10802 251s + local key_cn 251s + local key_name 251s + local tokens_dir 251s + local output_cert_file 251s + token_name= 251s ++ basename /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 251s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 251s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem 251s ++ sed -n 's/ *commonName *= //p' 251s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 251s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 251s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 251s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 251s ++ basename /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 251s + tokens_dir=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 251s + token_name='Test Organization Sub Int Token' 251s + '[' '!' -e /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 251s + local key_file 251s + local decrypted_key 251s + mkdir -p /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 251s + key_file=/tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 251s + decrypted_key=/tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 251s + cat 251s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 251s Slot 0 has a free/uninitialized token. 251s The token has been initialized and is reassigned to slot 1497081389 251s + softhsm2-util --show-slots 251s Available slots: 251s Slot 1497081389 251s Slot info: 251s Description: SoftHSM slot ID 0x593ba62d 251s Manufacturer ID: SoftHSM project 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Token present: yes 251s Token info: 251s Manufacturer ID: SoftHSM project 251s Model: SoftHSM v2 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Serial number: 730fa65cd93ba62d 251s Initialized: yes 251s User PIN init.: yes 251s Label: Test Organization Sub Int Token 251s Slot 1 251s Slot info: 251s Description: SoftHSM slot ID 0x1 251s Manufacturer ID: SoftHSM project 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Token present: yes 251s Token info: 251s Manufacturer ID: SoftHSM project 251s Model: SoftHSM v2 251s Hardware version: 2.6 251s Firmware version: 2.6 251s Serial number: 251s Initialized: no 251s User PIN init.: no 251s Label: 251s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 251s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-10802 -in /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 251s writing RSA key 251s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 251s + rm /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 251s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 251s Object 0: 251s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=730fa65cd93ba62d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 251s Type: X.509 Certificate (RSA-1024) 251s Expires: Sat Jan 17 05:06:57 2026 251s Label: Test Organization Sub Intermediate Trusted Certificate 0001 251s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 251s 251s Test Organization Sub Int Token 251s Certificates generation completed! 251s + echo 'Test Organization Sub Int Token' 251s + echo 'Certificates generation completed!' 251s + exit 0 251s + find /tmp/sssd-softhsm2-certs-stuE9a -type d -exec chmod 777 '{}' ';' 251s + find /tmp/sssd-softhsm2-certs-stuE9a -type f -exec chmod 666 '{}' ';' 251s + backup_file /etc/sssd/sssd.conf 251s + '[' -z '' ']' 251s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 251s + backupsdir=/tmp/sssd-softhsm2-backups-c8bDYX 251s + '[' -e /etc/sssd/sssd.conf ']' 251s + delete_paths+=("$1") 251s + rm -f /etc/sssd/sssd.conf 251s ++ runuser -u ubuntu -- sh -c 'echo ~' 251s + user_home=/home/ubuntu 251s + mkdir -p /home/ubuntu 251s + chown ubuntu:ubuntu /home/ubuntu 251s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 251s + user_config=/home/ubuntu/.config 251s + system_config=/etc 251s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 251s + for path_pair in "${softhsm2_conf_paths[@]}" 251s + IFS=: 251s + read -r -a path 251s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 251s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 251s + '[' -z /tmp/sssd-softhsm2-backups-c8bDYX ']' 251s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 251s + delete_paths+=("$1") 251s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 251s + for path_pair in "${softhsm2_conf_paths[@]}" 251s + IFS=: 251s + read -r -a path 251s + path=/etc/softhsm/softhsm2.conf 251s + backup_file /etc/softhsm/softhsm2.conf 251s + '[' -z /tmp/sssd-softhsm2-backups-c8bDYX ']' 251s + '[' -e /etc/softhsm/softhsm2.conf ']' 251s ++ dirname /etc/softhsm/softhsm2.conf 251s + local back_dir=/tmp/sssd-softhsm2-backups-c8bDYX//etc/softhsm 251s ++ basename /etc/softhsm/softhsm2.conf 251s + local back_path=/tmp/sssd-softhsm2-backups-c8bDYX//etc/softhsm/softhsm2.conf 251s + '[' '!' -e /tmp/sssd-softhsm2-backups-c8bDYX//etc/softhsm/softhsm2.conf ']' 251s + mkdir -p /tmp/sssd-softhsm2-backups-c8bDYX//etc/softhsm 251s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-c8bDYX//etc/softhsm/softhsm2.conf 251s + restore_paths+=("$back_path") 251s + rm -f /etc/softhsm/softhsm2.conf 251s + test_authentication login /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem 251s + pam_service=login 251s + certificate_config=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-root-CA-trusted-certificate-0001.conf 251s + ca_db=/tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem 251s + verification_options= 251s + mkdir -p -m 700 /etc/sssd 251s Using CA DB '/tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem' with verification options: '' 251s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 251s + cat 251s + chmod 600 /etc/sssd/sssd.conf 251s + for path_pair in "${softhsm2_conf_paths[@]}" 251s + IFS=: 251s + read -r -a path 251s + user=ubuntu 251s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 251s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 251s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 251s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 251s + runuser -u ubuntu -- softhsm2-util --show-slots 251s + grep 'Test Organization' 251s Label: Test Organization Root Tr Token 251s + for path_pair in "${softhsm2_conf_paths[@]}" 251s + IFS=: 251s + read -r -a path 251s + user=root 251s + path=/etc/softhsm/softhsm2.conf 251s ++ dirname /etc/softhsm/softhsm2.conf 251s + runuser -u root -- mkdir -p /etc/softhsm 251s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 251s + runuser -u root -- softhsm2-util --show-slots 251s + grep 'Test Organization' 251s Label: Test Organization Root Tr Token 251s + systemctl restart sssd 251s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 252s + for alternative in "${alternative_pam_configs[@]}" 252s + pam-auth-update --enable sss-smart-card-optional 252s + cat /etc/pam.d/common-auth 252s # 252s # /etc/pam.d/common-auth - authentication settings common to all services 252s # 252s # This file is included from other service-specific PAM config files, 252s # and should contain a list of the authentication modules that define 252s # the central authentication scheme for use on the system 252s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 252s # traditional Unix authentication mechanisms. 252s # 252s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 252s # To take advantage of this, it is recommended that you configure any 252s # local modules either before or after the default block, and use 252s # pam-auth-update to manage selection of other modules. See 252s # pam-auth-update(8) for details. 252s 252s # here are the per-package modules (the "Primary" block) 252s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 252s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 252s auth [success=1 default=ignore] pam_sss.so use_first_pass 252s # here's the fallback if no module succeeds 252s auth requisite pam_deny.so 252s # prime the stack with a positive return value if there isn't one already; 252s # this avoids us returning an error just because nothing sets a success code 252s # since the modules above will each just jump around 252s auth required pam_permit.so 252s # and here are more per-package modules (the "Additional" block) 252s auth optional pam_cap.so 252s # end of pam-auth-update config 252s + echo -n -e 123456 252s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 252s pamtester: invoking pam_start(login, ubuntu, ...) 252s pamtester: successfully authenticated 252s pamtester: successfully authenticated 252s pamtester: performing operation - authenticate 252s PIN for Test Organization Root Tr Token: + echo -n -e 123456 252s + runuser -u ubuntu -- pamtester -v login '' authenticate 252s pamtester: invoking pam_start(login, , ...) 252s pamtester: performing operation - authenticate 252s PIN for Test Organization Root Tr Token: + echo -n -e wrong123456 252s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 252s pamtester: invoking pam_start(login, ubuntu, ...) 252s pamtester: performing operation - authenticate 255s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 255s + echo -n -e wrong123456 255s + runuser -u ubuntu -- pamtester -v login '' authenticate 255s pamtester: invoking pam_start(login, , ...) 255s pamtester: performing operation - authenticate 258s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 258s + pamtester -v login root authenticate 258s + echo -n -e 123456 258s pamtester: invoking pam_start(login, root, ...) 258s pamtester: performing operation - authenticate 260s Password: pamtester: Authentication failure 260s + for alternative in "${alternative_pam_configs[@]}" 260s + pam-auth-update --enable sss-smart-card-required 261s PAM configuration 261s ----------------- 261s 261s Incompatible PAM profiles selected. 261s 261s The following PAM profiles cannot be used together: 261s 261s SSS required smart card authentication, SSS optional smart card 261s authentication 261s 261s Please select a different set of modules to enable. 261s 261s + cat /etc/pam.d/common-auth 261s # 261s # /etc/pam.d/common-auth - authentication settings common to all services 261s # 261s # This file is included from other service-specific PAM config files, 261s # and should contain a list of the authentication modules that define 261s # the central authentication scheme for use on the system 261s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 261s # traditional Unix authentication mechanisms. 261s # 261s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 261s # To take advantage of this, it is recommended that you configure any 261s # local modules either before or after the default block, and use 261s # pam-auth-update to manage selection of other modules. See 261s # pam-auth-update(8) for details. 261s 261s # here are the per-package modules (the "Primary" block) 261s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 261s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 261s auth [success=1 default=ignore] pam_sss.so use_first_pass 261s # here's the fallback if no module succeeds 261s auth requisite pam_deny.so 261s # prime the stack with a positive return value if there isn't one already; 261s # this avoids us returning an error just because nothing sets a success code 261s # since the modules above will each just jump around 261s auth required pam_permit.so 261s # and here are more per-package modules (the "Additional" block) 261s auth optional pam_cap.so 261s # end of pam-auth-update config 261s + echo -n -e 123456 261s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 261s pamtester: invoking pam_start(login, ubuntu, ...) 261s pamtester: performing operation - authenticate 261s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 261s + echo -n -e 123456 261s pamtester: successfully authenticated 261s + runuser -u ubuntu -- pamtester -v login '' authenticate 261s pamtester: invoking pam_start(login, , ...) 261s pamtester: performing operation - authenticate 261s PIN for Test Organization Root Tr Token: + echo -n -e wrong123456 261s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 261s pamtester: invoking pam_start(login, ubuntu, ...) 261s pamtester: performing operation - authenticate 264s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 264s + echo -n -e wrong123456 264s + runuser -u ubuntu -- pamtester -v login '' authenticate 264s pamtester: invoking pam_start(login, , ...) 264s pamtester: performing operation - authenticate 267s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 267s + echo -n -e 123456 267s + pamtester -v login root authenticate 267s pamtester: invoking pam_start(login, root, ...) 267s pamtester: performing operation - authenticate 270s pamtester: Authentication service cannot retrieve authentication info 270s + test_authentication login /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem 270s + pam_service=login 270s + certificate_config=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 270s + ca_db=/tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem 270s + verification_options= 270s + mkdir -p -m 700 /etc/sssd 270s Using CA DB '/tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem' with verification options: '' 270s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-stuE9a/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 270s + cat 270s + chmod 600 /etc/sssd/sssd.conf 270s + for path_pair in "${softhsm2_conf_paths[@]}" 270s + IFS=: 270s + read -r -a path 270s + user=ubuntu 270s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 270s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 270s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 270s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 270s + runuser -u ubuntu -- softhsm2-util --show-slots 270s + grep 'Test Organization' 270s Label: Test Organization Sub Int Token 270s Label: Test Organization Sub Int Token 270s + for path_pair in "${softhsm2_conf_paths[@]}" 270s + IFS=: 270s + read -r -a path 270s + user=root 270s + path=/etc/softhsm/softhsm2.conf 270s ++ dirname /etc/softhsm/softhsm2.conf 270s + runuser -u root -- mkdir -p /etc/softhsm 270s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 270s + runuser -u root -- softhsm2-util --show-slots 270s + grep 'Test Organization' 270s + systemctl restart sssd 270s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 270s + for alternative in "${alternative_pam_configs[@]}" 270s + pam-auth-update --enable sss-smart-card-optional 270s + cat /etc/pam.d/common-auth 270s # 270s # /etc/pam.d/common-auth - authentication settings common to all services 270s # 270s # This file is included from other service-specific PAM config files, 270s # and should contain a list of the authentication modules that define 270s # the central authentication scheme for use on the system 270s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 270s # traditional Unix authentication mechanisms. 270s # 270s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 270s # To take advantage of this, it is recommended that you configure any 270s # local modules either before or after the default block, and use 270s # pam-auth-update to manage selection of other modules. See 270s # pam-auth-update(8) for details. 270s 270s # here are the per-package modules (the "Primary" block) 270s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 270s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 270s auth [success=1 default=ignore] pam_sss.so use_first_pass 270s # here's the fallback if no module succeeds 270s auth requisite pam_deny.so 270s # prime the stack with a positive return value if there isn't one already; 270s # this avoids us returning an error just because nothing sets a success code 270s # since the modules above will each just jump around 270s auth required pam_permit.so 270s # and here are more per-package modules (the "Additional" block) 270s auth optional pam_cap.so 270s # end of pam-auth-update config 270s + echo -n -e 123456 270s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 270s pamtester: invoking pam_start(login, ubuntu, ...) 270s pamtester: performing operation - authenticate 270s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 270s + echo -n -e 123456 270s + runuser -u ubuntu -- pamtester -v login '' authenticate 270s pamtester: invoking pam_start(login, , ...) 270s pamtester: performing operation - authenticate 270s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 270s + echo -n -e wrong123456 270s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 270s pamtester: invoking pam_start(login, ubuntu, ...) 270s pamtester: performing operation - authenticate 274s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 274s + echo -n -e wrong123456 274s + runuser -u ubuntu -- pamtester -v login '' authenticate 274s pamtester: invoking pam_start(login, , ...) 274s pamtester: performing operation - authenticate 276s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 276s + echo -n -e 123456 276s + pamtester -v login root authenticate 276s pamtester: invoking pam_start(login, root, ...) 276s pamtester: performing operation - authenticate 278s Password: pamtester: Authentication failure 278s + for alternative in "${alternative_pam_configs[@]}" 278s + pam-auth-update --enable sss-smart-card-required 278s PAM configuration 278s ----------------- 278s 278s Incompatible PAM profiles selected. 278s 278s The following PAM profiles cannot be used together: 278s 278s SSS required smart card authentication, SSS optional smart card 278s authentication 278s 278s Please select a different set of modules to enable. 278s 278s + cat /etc/pam.d/common-auth 278s # 278s # /etc/pam.d/common-auth - authentication settings common to all services 278s # 278s # This file is included from other service-specific PAM config files, 278s # and should contain a list of the authentication modules that define 278s # the central authentication scheme for use on the system 278s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 278s # traditional Unix authentication mechanisms. 278s # 278s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 278s # To take advantage of this, it is recommended that you configure any 278s # local modules either before or after the default block, and use 278s # pam-auth-update to manage selection of other modules. See 278s # pam-auth-update(8) for details. 278s 278s # here are the per-package modules (the "Primary" block) 278s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 278s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 278s auth [success=1 default=ignore] pam_sss.so use_first_pass 278s # here's the fallback if no module succeeds 278s auth requisite pam_deny.so 278s # prime the stack with a positive return value if there isn't one already; 278s # this avoids us returning an error just because nothing sets a success code 278s # since the modules above will each just jump around 278s auth required pam_permit.so 278s # and here are more per-package modules (the "Additional" block) 278s auth optional pam_cap.so 278s # end of pam-auth-update config 278s + echo -n -e 123456 278s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 278s pamtester: invoking pam_start(login, ubuntu, ...) 278s pamtester: performing operation - authenticate 278s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 278s pamtester: successfully authenticated 278s + echo -n -e 123456 278s + runuser -u ubuntu -- pamtester -v login '' authenticate 278s pamtester: invoking pam_start(login, , ...) 278s pamtester: performing operation - authenticate 278s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 278s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 278s pamtester: invoking pam_start(login, ubuntu, ...) 278s pamtester: performing operation - authenticate 281s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 281s + echo -n -e wrong123456 281s + runuser -u ubuntu -- pamtester -v login '' authenticate 281s pamtester: invoking pam_start(login, , ...) 281s pamtester: performing operation - authenticate 283s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 283s + echo -n -e 123456 283s + pamtester -v login root authenticate 283s pamtester: invoking pam_start(login, root, ...) 283s pamtester: performing operation - authenticate 286s pamtester: Authentication service cannot retrieve authentication info 286s + test_authentication login /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem partial_chain 286s + pam_service=login 286s + certificate_config=/tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 286s + ca_db=/tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem 286s + verification_options=partial_chain 286s + mkdir -p -m 700 /etc/sssd 286s Using CA DB '/tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 286s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-stuE9a/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 286s + cat 286s + chmod 600 /etc/sssd/sssd.conf 286s + for path_pair in "${softhsm2_conf_paths[@]}" 286s + IFS=: 286s + read -r -a path 286s + user=ubuntu 286s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 286s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 286s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 286s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 286s + runuser -u ubuntu -- softhsm2-util --show-slots 286s + grep 'Test Organization' 286s Label: Test Organization Sub Int Token 286s Label: Test Organization Sub Int Token 286s + for path_pair in "${softhsm2_conf_paths[@]}" 286s + IFS=: 286s + read -r -a path 286s + user=root 286s + path=/etc/softhsm/softhsm2.conf 286s ++ dirname /etc/softhsm/softhsm2.conf 286s + runuser -u root -- mkdir -p /etc/softhsm 286s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-stuE9a/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 286s + runuser -u root -- softhsm2-util --show-slots 286s + grep 'Test Organization' 286s + systemctl restart sssd 287s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 287s + for alternative in "${alternative_pam_configs[@]}" 287s + pam-auth-update --enable sss-smart-card-optional 287s + cat /etc/pam.d/common-auth 287s # 287s # /etc/pam.d/common-auth - authentication settings common to all services 287s # 287s # This file is included from other service-specific PAM config files, 287s # and should contain a list of the authentication modules that define 287s # the central authentication scheme for use on the system 287s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 287s # traditional Unix authentication mechanisms. 287s # 287s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 287s # To take advantage of this, it is recommended that you configure any 287s # local modules either before or after the default block, and use 287s # pam-auth-update to manage selection of other modules. See 287s # pam-auth-update(8) for details. 287s 287s # here are the per-package modules (the "Primary" block) 287s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 287s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 287s auth [success=1 default=ignore] pam_sss.so use_first_pass 287s # here's the fallback if no module succeeds 287s auth requisite pam_deny.so 287s # prime the stack with a positive return value if there isn't one already; 287s # this avoids us returning an error just because nothing sets a success code 287s # since the modules above will each just jump around 287s auth required pam_permit.so 287s # and here are more per-package modules (the "Additional" block) 287s auth optional pam_cap.so 287s # end of pam-auth-update config 287s + echo -n -e 123456 287s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 287s pamtester: invoking pam_start(login, ubuntu, ...) 287s pamtester: performing operation - authenticate 287s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 287s + echo -n -e 123456 287s + runuser -u ubuntu -- pamtester -v login '' authenticate 287s pamtester: invoking pam_start(login, , ...) 287s pamtester: performing operation - authenticate 287s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 287s + echo -n -e wrong123456 287s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 287s pamtester: invoking pam_start(login, ubuntu, ...) 287s pamtester: performing operation - authenticate 290s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 290s + echo -n -e wrong123456 290s + runuser -u ubuntu -- pamtester -v login '' authenticate 290s pamtester: invoking pam_start(login, , ...) 290s pamtester: performing operation - authenticate 293s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 293s + echo -n -e 123456 293s + pamtester -v login root authenticate 293s pamtester: invoking pam_start(login, root, ...) 293s pamtester: performing operation - authenticate 295s Password: pamtester: Authentication failure 295s + for alternative in "${alternative_pam_configs[@]}" 295s + pam-auth-update --enable sss-smart-card-required 295s PAM configuration 295s ----------------- 295s 295s Incompatible PAM profiles selected. 295s 295s The following PAM profiles cannot be used together: 295s 295s SSS required smart card authentication, SSS optional smart card 295s authentication 295s 295s Please select a different set of modules to enable. 295s 295s + cat /etc/pam.d/common-auth 295s # 295s # /etc/pam.d/common-auth - authentication settings common to all services 295s # 295s # This file is included from other service-specific PAM config files, 295s # and should contain a list of the authentication modules that define 295s # the central authentication scheme for use on the system 295s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 295s # traditional Unix authentication mechanisms. 295s # 295s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 295s # To take advantage of this, it is recommended that you configure any 295s # local modules either before or after the default block, and use 295s # pam-auth-update to manage selection of other modules. See 295s # pam-auth-update(8) for details. 295s 295s # here are the per-package modules (the "Primary" block) 295s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 295s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 295s auth [success=1 default=ignore] pam_sss.so use_first_pass 295s # here's the fallback if no module succeeds 295s auth requisite pam_deny.so 295s # prime the stack with a positive return value if there isn't one already; 295s # this avoids us returning an error just because nothing sets a success code 295s # since the modules above will each just jump around 295s auth required pam_permit.so 295s # and here are more per-package modules (the "Additional" block) 295s auth optional pam_cap.so 295s # end of pam-auth-update config 295s + echo -n -e 123456 295s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 295s pamtester: invoking pam_start(login, ubuntu, ...) 295s pamtester: performing operation - authenticate 295s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 295s + echo -n -e 123456 295s + runuser -u ubuntu -- pamtester -v login '' authenticate 295s pamtester: successfully authenticated 295s pamtester: invoking pam_start(login, , ...) 295s pamtester: performing operation - authenticate 295s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 295s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 295s pamtester: invoking pam_start(login, ubuntu, ...) 295s pamtester: performing operation - authenticate 298s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 298s + echo -n -e wrong123456 298s + runuser -u ubuntu -- pamtester -v login '' authenticate 298s pamtester: invoking pam_start(login, , ...) 298s pamtester: performing operation - authenticate 301s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 301s + echo -n -e 123456 301s + pamtester -v login root authenticate 301s pamtester: invoking pam_start(login, root, ...) 301s pamtester: performing operation - authenticate 305s pamtester: Authentication service cannot retrieve authentication info 305s + handle_exit 305s + exit_code=0 305s + restore_changes 305s + for path in "${restore_paths[@]}" 305s + local original_path 305s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-c8bDYX /tmp/sssd-softhsm2-backups-c8bDYX//etc/softhsm/softhsm2.conf 305s + original_path=/etc/softhsm/softhsm2.conf 305s + rm /etc/softhsm/softhsm2.conf 305s + mv /tmp/sssd-softhsm2-backups-c8bDYX//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 305s + for path in "${delete_paths[@]}" 305s + rm -f /etc/sssd/sssd.conf 305s + for path in "${delete_paths[@]}" 305s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 305s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 305s + '[' -e /etc/sssd/sssd.conf ']' 305s + systemctl stop sssd 305s + '[' -e /etc/softhsm/softhsm2.conf ']' 305s + chmod 600 /etc/softhsm/softhsm2.conf 305s + rm -rf /tmp/sssd-softhsm2-certs-stuE9a 305s + '[' 0 = 0 ']' 305s + rm -rf /tmp/sssd-softhsm2-backups-c8bDYX 305s + set +x 305s Script completed successfully! 305s autopkgtest [05:07:51]: test sssd-smart-card-pam-auth-configs: -----------------------] 306s autopkgtest [05:07:52]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 306s sssd-smart-card-pam-auth-configs PASS 306s autopkgtest [05:07:52]: @@@@@@@@@@@@@@@@@@@@ summary 306s ldap-user-group-ldap-auth PASS 306s ldap-user-group-krb5-auth PASS 306s sssd-softhism2-certificates-tests.sh PASS 306s sssd-smart-card-pam-auth-configs PASS 310s nova [W] Using flock in prodstack6-s390x 310s Creating nova instance adt-plucky-s390x-sssd-20250117-032702-juju-7f2275-prod-proposed-migration-environment-20-16e2289b-56e1-49d7-abbc-d17b5367f843 from image adt/ubuntu-plucky-s390x-server-20250116.img (UUID e981a3af-6e9f-4d05-be37-4d186896cb71)... 310s nova [W] Timed out waiting for 4997c4c8-0b4f-430b-8da6-7f7d475271bb to get deleted. 310s nova [W] Using flock in prodstack6-s390x 310s Creating nova instance adt-plucky-s390x-sssd-20250117-032702-juju-7f2275-prod-proposed-migration-environment-20-16e2289b-56e1-49d7-abbc-d17b5367f843 from image adt/ubuntu-plucky-s390x-server-20250116.img (UUID e981a3af-6e9f-4d05-be37-4d186896cb71)... 310s nova [W] Timed out waiting for dc743d26-ba12-46b2-a828-db3ee1e78393 to get deleted.