0s autopkgtest [19:32:54]: starting date and time: 2025-03-15 19:32:54+0000 0s autopkgtest [19:32:54]: git checkout: 325255d2 Merge branch 'pin-any-arch' into 'ubuntu/production' 0s autopkgtest [19:32:54]: host juju-7f2275-prod-proposed-migration-environment-20; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.qvyqi9wk/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:glibc --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=glibc/2.41-1ubuntu2 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest-s390x --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-20@bos03-s390x-27.secgroup --name adt-plucky-s390x-sssd-20250315-191708-juju-7f2275-prod-proposed-migration-environment-20-5de4c23d-b7f3-4a09-88a7-0879635dbccd --image adt/ubuntu-plucky-s390x-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-20 --net-id=net_prod-proposed-migration-s390x -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com,radosgw.ps5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 85s autopkgtest [19:34:19]: testbed dpkg architecture: s390x 85s autopkgtest [19:34:19]: testbed apt version: 2.9.33 85s autopkgtest [19:34:19]: @@@@@@@@@@@@@@@@@@@@ test bed setup 86s autopkgtest [19:34:20]: testbed release detected to be: None 86s autopkgtest [19:34:20]: updating testbed package index (apt update) 87s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [126 kB] 87s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 87s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 87s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 87s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [45.1 kB] 87s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [14.5 kB] 87s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [369 kB] 87s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x Packages [77.3 kB] 87s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x c-n-f Metadata [1824 B] 87s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted s390x c-n-f Metadata [116 B] 87s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe s390x Packages [314 kB] 87s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/universe s390x c-n-f Metadata [13.3 kB] 87s Get:13 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse s390x Packages [3532 B] 87s Get:14 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse s390x c-n-f Metadata [240 B] 87s Fetched 965 kB in 1s (1178 kB/s) 88s Reading package lists... 88s Reading package lists... 89s Building dependency tree... 89s Reading state information... 89s Calculating upgrade... 89s Calculating upgrade... 89s The following packages were automatically installed and are no longer required: 89s libnsl2 libpython3.12-minimal libpython3.12-stdlib libpython3.12t64 89s linux-headers-6.11.0-8 linux-headers-6.11.0-8-generic 89s linux-modules-6.11.0-8-generic linux-tools-6.11.0-8 89s linux-tools-6.11.0-8-generic 89s Use 'sudo apt autoremove' to remove them. 89s The following packages will be upgraded: 89s pinentry-curses python3-jinja2 strace 89s 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 89s Need to get 652 kB of archives. 89s After this operation, 27.6 kB of additional disk space will be used. 89s Get:1 http://ftpmaster.internal/ubuntu plucky/main s390x strace s390x 6.13+ds-1ubuntu1 [500 kB] 89s Get:2 http://ftpmaster.internal/ubuntu plucky/main s390x pinentry-curses s390x 1.3.1-2ubuntu3 [42.9 kB] 89s Get:3 http://ftpmaster.internal/ubuntu plucky/main s390x python3-jinja2 all 3.1.5-2ubuntu1 [109 kB] 90s Fetched 652 kB in 1s (1100 kB/s) 90s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81428 files and directories currently installed.) 90s Preparing to unpack .../strace_6.13+ds-1ubuntu1_s390x.deb ... 90s Unpacking strace (6.13+ds-1ubuntu1) over (6.11-0ubuntu1) ... 90s Preparing to unpack .../pinentry-curses_1.3.1-2ubuntu3_s390x.deb ... 90s Unpacking pinentry-curses (1.3.1-2ubuntu3) over (1.3.1-2ubuntu2) ... 90s Preparing to unpack .../python3-jinja2_3.1.5-2ubuntu1_all.deb ... 90s Unpacking python3-jinja2 (3.1.5-2ubuntu1) over (3.1.5-2) ... 90s Setting up pinentry-curses (1.3.1-2ubuntu3) ... 90s Setting up python3-jinja2 (3.1.5-2ubuntu1) ... 90s Setting up strace (6.13+ds-1ubuntu1) ... 90s Processing triggers for man-db (2.13.0-1) ... 91s Reading package lists... 91s Building dependency tree... 91s Reading state information... 91s Solving dependencies... 91s The following packages will be REMOVED: 91s libnsl2* libpython3.12-minimal* libpython3.12-stdlib* libpython3.12t64* 91s linux-headers-6.11.0-8* linux-headers-6.11.0-8-generic* 91s linux-modules-6.11.0-8-generic* linux-tools-6.11.0-8* 91s linux-tools-6.11.0-8-generic* 91s 0 upgraded, 0 newly installed, 9 to remove and 5 not upgraded. 91s After this operation, 167 MB disk space will be freed. 91s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81428 files and directories currently installed.) 91s Removing linux-tools-6.11.0-8-generic (6.11.0-8.8) ... 91s Removing linux-tools-6.11.0-8 (6.11.0-8.8) ... 91s Removing libpython3.12t64:s390x (3.12.9-1) ... 91s Removing libpython3.12-stdlib:s390x (3.12.9-1) ... 91s Removing libnsl2:s390x (1.3.0-3build3) ... 91s Removing libpython3.12-minimal:s390x (3.12.9-1) ... 91s Removing linux-headers-6.11.0-8-generic (6.11.0-8.8) ... 91s Removing linux-headers-6.11.0-8 (6.11.0-8.8) ... 92s Removing linux-modules-6.11.0-8-generic (6.11.0-8.8) ... 92s Processing triggers for libc-bin (2.41-1ubuntu1) ... 92s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56328 files and directories currently installed.) 92s Purging configuration files for libpython3.12-minimal:s390x (3.12.9-1) ... 92s Purging configuration files for linux-modules-6.11.0-8-generic (6.11.0-8.8) ... 92s autopkgtest [19:34:26]: upgrading testbed (apt dist-upgrade and autopurge) 92s Reading package lists... 92s Building dependency tree... 92s Reading state information... 93s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 93s Starting 2 pkgProblemResolver with broken count: 0 93s Done 93s Entering ResolveByKeep 93s 93s Calculating upgrade... 93s The following packages will be upgraded: 93s libc-bin libc-dev-bin libc6 libc6-dev locales 93s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 93s Need to get 9512 kB of archives. 93s After this operation, 8192 B of additional disk space will be used. 93s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libc6-dev s390x 2.41-1ubuntu2 [1678 kB] 94s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libc-dev-bin s390x 2.41-1ubuntu2 [24.3 kB] 94s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libc6 s390x 2.41-1ubuntu2 [2892 kB] 94s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libc-bin s390x 2.41-1ubuntu2 [671 kB] 94s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x locales all 2.41-1ubuntu2 [4246 kB] 94s Preconfiguring packages ... 95s Fetched 9512 kB in 1s (8028 kB/s) 95s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56326 files and directories currently installed.) 95s Preparing to unpack .../libc6-dev_2.41-1ubuntu2_s390x.deb ... 95s Unpacking libc6-dev:s390x (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 95s Preparing to unpack .../libc-dev-bin_2.41-1ubuntu2_s390x.deb ... 95s Unpacking libc-dev-bin (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 95s Preparing to unpack .../libc6_2.41-1ubuntu2_s390x.deb ... 95s Unpacking libc6:s390x (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 95s Setting up libc6:s390x (2.41-1ubuntu2) ... 95s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56326 files and directories currently installed.) 95s Preparing to unpack .../libc-bin_2.41-1ubuntu2_s390x.deb ... 95s Unpacking libc-bin (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 95s Setting up libc-bin (2.41-1ubuntu2) ... 95s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56326 files and directories currently installed.) 95s Preparing to unpack .../locales_2.41-1ubuntu2_all.deb ... 95s Unpacking locales (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 95s Setting up locales (2.41-1ubuntu2) ... 95s Generating locales (this might take a while)... 96s en_US.UTF-8... done 96s Generation complete. 97s Setting up libc-dev-bin (2.41-1ubuntu2) ... 97s Setting up libc6-dev:s390x (2.41-1ubuntu2) ... 97s Processing triggers for man-db (2.13.0-1) ... 97s Processing triggers for systemd (257.3-1ubuntu3) ... 98s Reading package lists... 98s Building dependency tree... 98s Reading state information... 98s Starting pkgProblemResolver with broken count: 0 98s Starting 2 pkgProblemResolver with broken count: 0 98s Done 98s Solving dependencies... 98s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 98s autopkgtest [19:34:32]: rebooting testbed after setup commands that affected boot 115s autopkgtest [19:34:49]: testbed running kernel: Linux 6.14.0-10-generic #10-Ubuntu SMP Wed Mar 12 14:53:49 UTC 2025 118s autopkgtest [19:34:52]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 132s Get:1 http://ftpmaster.internal/ubuntu plucky/main sssd 2.10.1-2ubuntu3 (dsc) [5083 B] 132s Get:2 http://ftpmaster.internal/ubuntu plucky/main sssd 2.10.1-2ubuntu3 (tar) [9197 kB] 132s Get:3 http://ftpmaster.internal/ubuntu plucky/main sssd 2.10.1-2ubuntu3 (diff) [50.0 kB] 132s gpgv: Signature made Thu Feb 20 17:50:10 2025 UTC 132s gpgv: using RSA key 8AFD08D3D1B817B2DF8982F501AC4B4083590A98 132s gpgv: Can't check signature: No public key 132s dpkg-source: warning: cannot verify inline signature for ./sssd_2.10.1-2ubuntu3.dsc: no acceptable signature found 132s autopkgtest [19:35:06]: testing package sssd version 2.10.1-2ubuntu3 137s autopkgtest [19:35:11]: build not needed 144s autopkgtest [19:35:18]: test ldap-user-group-ldap-auth: preparing testbed 144s Reading package lists... 144s Building dependency tree... 144s Reading state information... 144s Starting pkgProblemResolver with broken count: 0 145s Starting 2 pkgProblemResolver with broken count: 0 145s Done 145s The following NEW packages will be installed: 145s expect ldap-utils libargon2-1 libavahi-client3 libavahi-common-data 145s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 145s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 145s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 145s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 145s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 145s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 145s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 145s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 145s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 145s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 145s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 145s tcl-expect tcl8.6 145s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 145s Need to get 13.4 MB of archives. 145s After this operation, 51.3 MB of additional disk space will be used. 145s Get:1 http://ftpmaster.internal/ubuntu plucky/main s390x libargon2-1 s390x 0~20190702+dfsg-4build1 [54.1 kB] 145s Get:2 http://ftpmaster.internal/ubuntu plucky/main s390x libltdl7 s390x 2.5.4-4 [43.8 kB] 145s Get:3 http://ftpmaster.internal/ubuntu plucky/main s390x libodbc2 s390x 2.3.12-2ubuntu1 [163 kB] 145s Get:4 http://ftpmaster.internal/ubuntu plucky/main s390x slapd s390x 2.6.9+dfsg-1~exp2ubuntu1 [1615 kB] 146s Get:5 http://ftpmaster.internal/ubuntu plucky/main s390x libtcl8.6 s390x 8.6.16+dfsg-1 [1034 kB] 146s Get:6 http://ftpmaster.internal/ubuntu plucky/main s390x tcl8.6 s390x 8.6.16+dfsg-1 [14.8 kB] 146s Get:7 http://ftpmaster.internal/ubuntu plucky/universe s390x tcl-expect s390x 5.45.4-4 [115 kB] 146s Get:8 http://ftpmaster.internal/ubuntu plucky/universe s390x expect s390x 5.45.4-4 [136 kB] 146s Get:9 http://ftpmaster.internal/ubuntu plucky/main s390x ldap-utils s390x 2.6.9+dfsg-1~exp2ubuntu1 [165 kB] 146s Get:10 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-common-data s390x 0.8-16ubuntu1 [30.9 kB] 146s Get:11 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-common3 s390x 0.8-16ubuntu1 [23.5 kB] 146s Get:12 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-client3 s390x 0.8-16ubuntu1 [26.3 kB] 146s Get:13 http://ftpmaster.internal/ubuntu plucky/main s390x libbasicobjects0t64 s390x 0.6.2-3 [5788 B] 146s Get:14 http://ftpmaster.internal/ubuntu plucky/main s390x libcares2 s390x 1.34.4-2.1 [101 kB] 146s Get:15 http://ftpmaster.internal/ubuntu plucky/main s390x libcollection4t64 s390x 0.6.2-3 [23.7 kB] 146s Get:16 http://ftpmaster.internal/ubuntu plucky/main s390x libcrack2 s390x 2.9.6-5.2build1 [29.7 kB] 146s Get:17 http://ftpmaster.internal/ubuntu plucky/main s390x libdhash1t64 s390x 0.6.2-3 [8880 B] 146s Get:18 http://ftpmaster.internal/ubuntu plucky/main s390x libevent-2.1-7t64 s390x 2.1.12-stable-10 [145 kB] 146s Get:19 http://ftpmaster.internal/ubuntu plucky/main s390x libpath-utils1t64 s390x 0.6.2-3 [9228 B] 146s Get:20 http://ftpmaster.internal/ubuntu plucky/main s390x libref-array1t64 s390x 0.6.2-3 [7190 B] 146s Get:21 http://ftpmaster.internal/ubuntu plucky/main s390x libini-config5t64 s390x 0.6.2-3 [45.9 kB] 146s Get:22 http://ftpmaster.internal/ubuntu plucky/main s390x libipa-hbac0t64 s390x 2.10.1-2ubuntu3 [18.6 kB] 146s Get:23 http://ftpmaster.internal/ubuntu plucky/universe s390x libjose0 s390x 14-1 [45.5 kB] 146s Get:24 http://ftpmaster.internal/ubuntu plucky/main s390x libverto-libevent1t64 s390x 0.3.1-1.2ubuntu3 [6384 B] 146s Get:25 http://ftpmaster.internal/ubuntu plucky/main s390x libverto1t64 s390x 0.3.1-1.2ubuntu3 [11.0 kB] 146s Get:26 http://ftpmaster.internal/ubuntu plucky/main s390x libkrad0 s390x 1.21.3-4ubuntu2 [23.3 kB] 146s Get:27 http://ftpmaster.internal/ubuntu plucky/main s390x libtalloc2 s390x 2:2.4.2+samba4.21.4+dfsg-1ubuntu3 [72.9 kB] 146s Get:28 http://ftpmaster.internal/ubuntu plucky/main s390x libtdb1 s390x 2:1.4.12+samba4.21.4+dfsg-1ubuntu3 [94.4 kB] 146s Get:29 http://ftpmaster.internal/ubuntu plucky/main s390x libtevent0t64 s390x 2:0.16.1+samba4.21.4+dfsg-1ubuntu3 [41.0 kB] 146s Get:30 http://ftpmaster.internal/ubuntu plucky/main s390x libldb2 s390x 2:2.10.0+samba4.21.4+dfsg-1ubuntu3 [152 kB] 146s Get:31 http://ftpmaster.internal/ubuntu plucky/main s390x libnfsidmap1 s390x 1:2.8.2-2ubuntu1 [51.6 kB] 146s Get:32 http://ftpmaster.internal/ubuntu plucky/universe s390x libnss-sudo all 1.9.16p2-1ubuntu1 [16.7 kB] 146s Get:33 http://ftpmaster.internal/ubuntu plucky/main s390x libpwquality-common all 1.4.5-4 [7714 B] 146s Get:34 http://ftpmaster.internal/ubuntu plucky/main s390x libpwquality1 s390x 1.4.5-4 [14.6 kB] 146s Get:35 http://ftpmaster.internal/ubuntu plucky/main s390x libpam-pwquality s390x 1.4.5-4 [11.6 kB] 146s Get:36 http://ftpmaster.internal/ubuntu plucky/main s390x libwbclient0 s390x 2:4.21.4+dfsg-1ubuntu3 [80.0 kB] 146s Get:37 http://ftpmaster.internal/ubuntu plucky/main s390x samba-libs s390x 2:4.21.4+dfsg-1ubuntu3 [6461 kB] 147s Get:38 http://ftpmaster.internal/ubuntu plucky/main s390x libsmbclient0 s390x 2:4.21.4+dfsg-1ubuntu3 [64.9 kB] 147s Get:39 http://ftpmaster.internal/ubuntu plucky/main s390x libnss-sss s390x 2.10.1-2ubuntu3 [33.7 kB] 147s Get:40 http://ftpmaster.internal/ubuntu plucky/main s390x libpam-sss s390x 2.10.1-2ubuntu3 [53.4 kB] 147s Get:41 http://ftpmaster.internal/ubuntu plucky/main s390x python3-sss s390x 2.10.1-2ubuntu3 [46.5 kB] 147s Get:42 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-certmap0 s390x 2.10.1-2ubuntu3 [48.3 kB] 147s Get:43 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-idmap0 s390x 2.10.1-2ubuntu3 [23.3 kB] 147s Get:44 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-nss-idmap0 s390x 2.10.1-2ubuntu3 [32.2 kB] 147s Get:45 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-common s390x 2.10.1-2ubuntu3 [1101 kB] 147s Get:46 http://ftpmaster.internal/ubuntu plucky/universe s390x sssd-idp s390x 2.10.1-2ubuntu3 [27.2 kB] 147s Get:47 http://ftpmaster.internal/ubuntu plucky/universe s390x sssd-passkey s390x 2.10.1-2ubuntu3 [31.9 kB] 147s Get:48 http://ftpmaster.internal/ubuntu plucky/main s390x libipa-hbac-dev s390x 2.10.1-2ubuntu3 [6664 B] 147s Get:49 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-certmap-dev s390x 2.10.1-2ubuntu3 [5730 B] 147s Get:50 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-idmap-dev s390x 2.10.1-2ubuntu3 [8376 B] 147s Get:51 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-nss-idmap-dev s390x 2.10.1-2ubuntu3 [6706 B] 147s Get:52 http://ftpmaster.internal/ubuntu plucky/universe s390x libsss-sudo s390x 2.10.1-2ubuntu3 [22.4 kB] 147s Get:53 http://ftpmaster.internal/ubuntu plucky/universe s390x python3-libipa-hbac s390x 2.10.1-2ubuntu3 [16.9 kB] 147s Get:54 http://ftpmaster.internal/ubuntu plucky/universe s390x python3-libsss-nss-idmap s390x 2.10.1-2ubuntu3 [9152 B] 147s Get:55 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ad-common s390x 2.10.1-2ubuntu3 [71.8 kB] 147s Get:56 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-krb5-common s390x 2.10.1-2ubuntu3 [89.6 kB] 147s Get:57 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ad s390x 2.10.1-2ubuntu3 [133 kB] 147s Get:58 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ipa s390x 2.10.1-2ubuntu3 [215 kB] 147s Get:59 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-krb5 s390x 2.10.1-2ubuntu3 [14.4 kB] 147s Get:60 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ldap s390x 2.10.1-2ubuntu3 [31.4 kB] 147s Get:61 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-proxy s390x 2.10.1-2ubuntu3 [42.6 kB] 147s Get:62 http://ftpmaster.internal/ubuntu plucky/main s390x sssd s390x 2.10.1-2ubuntu3 [4122 B] 147s Get:63 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-dbus s390x 2.10.1-2ubuntu3 [97.7 kB] 147s Get:64 http://ftpmaster.internal/ubuntu plucky/universe s390x sssd-kcm s390x 2.10.1-2ubuntu3 [133 kB] 147s Get:65 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-tools s390x 2.10.1-2ubuntu3 [97.7 kB] 147s Preconfiguring packages ... 147s Fetched 13.4 MB in 2s (6043 kB/s) 147s Selecting previously unselected package libargon2-1:s390x. 147s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56326 files and directories currently installed.) 147s Preparing to unpack .../00-libargon2-1_0~20190702+dfsg-4build1_s390x.deb ... 147s Unpacking libargon2-1:s390x (0~20190702+dfsg-4build1) ... 147s Selecting previously unselected package libltdl7:s390x. 147s Preparing to unpack .../01-libltdl7_2.5.4-4_s390x.deb ... 147s Unpacking libltdl7:s390x (2.5.4-4) ... 147s Selecting previously unselected package libodbc2:s390x. 147s Preparing to unpack .../02-libodbc2_2.3.12-2ubuntu1_s390x.deb ... 147s Unpacking libodbc2:s390x (2.3.12-2ubuntu1) ... 147s Selecting previously unselected package slapd. 147s Preparing to unpack .../03-slapd_2.6.9+dfsg-1~exp2ubuntu1_s390x.deb ... 148s Unpacking slapd (2.6.9+dfsg-1~exp2ubuntu1) ... 148s Selecting previously unselected package libtcl8.6:s390x. 148s Preparing to unpack .../04-libtcl8.6_8.6.16+dfsg-1_s390x.deb ... 148s Unpacking libtcl8.6:s390x (8.6.16+dfsg-1) ... 148s Selecting previously unselected package tcl8.6. 148s Preparing to unpack .../05-tcl8.6_8.6.16+dfsg-1_s390x.deb ... 148s Unpacking tcl8.6 (8.6.16+dfsg-1) ... 148s Selecting previously unselected package tcl-expect:s390x. 148s Preparing to unpack .../06-tcl-expect_5.45.4-4_s390x.deb ... 148s Unpacking tcl-expect:s390x (5.45.4-4) ... 148s Selecting previously unselected package expect. 148s Preparing to unpack .../07-expect_5.45.4-4_s390x.deb ... 148s Unpacking expect (5.45.4-4) ... 148s Selecting previously unselected package ldap-utils. 148s Preparing to unpack .../08-ldap-utils_2.6.9+dfsg-1~exp2ubuntu1_s390x.deb ... 148s Unpacking ldap-utils (2.6.9+dfsg-1~exp2ubuntu1) ... 148s Selecting previously unselected package libavahi-common-data:s390x. 148s Preparing to unpack .../09-libavahi-common-data_0.8-16ubuntu1_s390x.deb ... 148s Unpacking libavahi-common-data:s390x (0.8-16ubuntu1) ... 148s Selecting previously unselected package libavahi-common3:s390x. 148s Preparing to unpack .../10-libavahi-common3_0.8-16ubuntu1_s390x.deb ... 148s Unpacking libavahi-common3:s390x (0.8-16ubuntu1) ... 148s Selecting previously unselected package libavahi-client3:s390x. 148s Preparing to unpack .../11-libavahi-client3_0.8-16ubuntu1_s390x.deb ... 148s Unpacking libavahi-client3:s390x (0.8-16ubuntu1) ... 148s Selecting previously unselected package libbasicobjects0t64:s390x. 148s Preparing to unpack .../12-libbasicobjects0t64_0.6.2-3_s390x.deb ... 148s Unpacking libbasicobjects0t64:s390x (0.6.2-3) ... 148s Selecting previously unselected package libcares2:s390x. 148s Preparing to unpack .../13-libcares2_1.34.4-2.1_s390x.deb ... 148s Unpacking libcares2:s390x (1.34.4-2.1) ... 148s Selecting previously unselected package libcollection4t64:s390x. 148s Preparing to unpack .../14-libcollection4t64_0.6.2-3_s390x.deb ... 148s Unpacking libcollection4t64:s390x (0.6.2-3) ... 148s Selecting previously unselected package libcrack2:s390x. 148s Preparing to unpack .../15-libcrack2_2.9.6-5.2build1_s390x.deb ... 148s Unpacking libcrack2:s390x (2.9.6-5.2build1) ... 148s Selecting previously unselected package libdhash1t64:s390x. 148s Preparing to unpack .../16-libdhash1t64_0.6.2-3_s390x.deb ... 148s Unpacking libdhash1t64:s390x (0.6.2-3) ... 148s Selecting previously unselected package libevent-2.1-7t64:s390x. 148s Preparing to unpack .../17-libevent-2.1-7t64_2.1.12-stable-10_s390x.deb ... 148s Unpacking libevent-2.1-7t64:s390x (2.1.12-stable-10) ... 148s Selecting previously unselected package libpath-utils1t64:s390x. 148s Preparing to unpack .../18-libpath-utils1t64_0.6.2-3_s390x.deb ... 148s Unpacking libpath-utils1t64:s390x (0.6.2-3) ... 148s Selecting previously unselected package libref-array1t64:s390x. 148s Preparing to unpack .../19-libref-array1t64_0.6.2-3_s390x.deb ... 148s Unpacking libref-array1t64:s390x (0.6.2-3) ... 148s Selecting previously unselected package libini-config5t64:s390x. 148s Preparing to unpack .../20-libini-config5t64_0.6.2-3_s390x.deb ... 148s Unpacking libini-config5t64:s390x (0.6.2-3) ... 148s Selecting previously unselected package libipa-hbac0t64. 148s Preparing to unpack .../21-libipa-hbac0t64_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking libipa-hbac0t64 (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package libjose0:s390x. 148s Preparing to unpack .../22-libjose0_14-1_s390x.deb ... 148s Unpacking libjose0:s390x (14-1) ... 148s Selecting previously unselected package libverto-libevent1t64:s390x. 148s Preparing to unpack .../23-libverto-libevent1t64_0.3.1-1.2ubuntu3_s390x.deb ... 148s Unpacking libverto-libevent1t64:s390x (0.3.1-1.2ubuntu3) ... 148s Selecting previously unselected package libverto1t64:s390x. 148s Preparing to unpack .../24-libverto1t64_0.3.1-1.2ubuntu3_s390x.deb ... 148s Unpacking libverto1t64:s390x (0.3.1-1.2ubuntu3) ... 148s Selecting previously unselected package libkrad0:s390x. 148s Preparing to unpack .../25-libkrad0_1.21.3-4ubuntu2_s390x.deb ... 148s Unpacking libkrad0:s390x (1.21.3-4ubuntu2) ... 148s Selecting previously unselected package libtalloc2:s390x. 148s Preparing to unpack .../26-libtalloc2_2%3a2.4.2+samba4.21.4+dfsg-1ubuntu3_s390x.deb ... 148s Unpacking libtalloc2:s390x (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 148s Selecting previously unselected package libtdb1:s390x. 148s Preparing to unpack .../27-libtdb1_2%3a1.4.12+samba4.21.4+dfsg-1ubuntu3_s390x.deb ... 148s Unpacking libtdb1:s390x (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 148s Selecting previously unselected package libtevent0t64:s390x. 148s Preparing to unpack .../28-libtevent0t64_2%3a0.16.1+samba4.21.4+dfsg-1ubuntu3_s390x.deb ... 148s Unpacking libtevent0t64:s390x (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 148s Selecting previously unselected package libldb2:s390x. 148s Preparing to unpack .../29-libldb2_2%3a2.10.0+samba4.21.4+dfsg-1ubuntu3_s390x.deb ... 148s Unpacking libldb2:s390x (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 148s Selecting previously unselected package libnfsidmap1:s390x. 148s Preparing to unpack .../30-libnfsidmap1_1%3a2.8.2-2ubuntu1_s390x.deb ... 148s Unpacking libnfsidmap1:s390x (1:2.8.2-2ubuntu1) ... 148s Selecting previously unselected package libnss-sudo. 148s Preparing to unpack .../31-libnss-sudo_1.9.16p2-1ubuntu1_all.deb ... 148s Unpacking libnss-sudo (1.9.16p2-1ubuntu1) ... 148s Selecting previously unselected package libpwquality-common. 148s Preparing to unpack .../32-libpwquality-common_1.4.5-4_all.deb ... 148s Unpacking libpwquality-common (1.4.5-4) ... 148s Selecting previously unselected package libpwquality1:s390x. 148s Preparing to unpack .../33-libpwquality1_1.4.5-4_s390x.deb ... 148s Unpacking libpwquality1:s390x (1.4.5-4) ... 148s Selecting previously unselected package libpam-pwquality:s390x. 148s Preparing to unpack .../34-libpam-pwquality_1.4.5-4_s390x.deb ... 148s Unpacking libpam-pwquality:s390x (1.4.5-4) ... 148s Selecting previously unselected package libwbclient0:s390x. 148s Preparing to unpack .../35-libwbclient0_2%3a4.21.4+dfsg-1ubuntu3_s390x.deb ... 148s Unpacking libwbclient0:s390x (2:4.21.4+dfsg-1ubuntu3) ... 148s Selecting previously unselected package samba-libs:s390x. 148s Preparing to unpack .../36-samba-libs_2%3a4.21.4+dfsg-1ubuntu3_s390x.deb ... 148s Unpacking samba-libs:s390x (2:4.21.4+dfsg-1ubuntu3) ... 148s Selecting previously unselected package libsmbclient0:s390x. 148s Preparing to unpack .../37-libsmbclient0_2%3a4.21.4+dfsg-1ubuntu3_s390x.deb ... 148s Unpacking libsmbclient0:s390x (2:4.21.4+dfsg-1ubuntu3) ... 148s Selecting previously unselected package libnss-sss:s390x. 148s Preparing to unpack .../38-libnss-sss_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking libnss-sss:s390x (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package libpam-sss:s390x. 148s Preparing to unpack .../39-libpam-sss_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking libpam-sss:s390x (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package python3-sss. 148s Preparing to unpack .../40-python3-sss_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking python3-sss (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package libsss-certmap0. 148s Preparing to unpack .../41-libsss-certmap0_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking libsss-certmap0 (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package libsss-idmap0. 148s Preparing to unpack .../42-libsss-idmap0_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking libsss-idmap0 (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package libsss-nss-idmap0. 148s Preparing to unpack .../43-libsss-nss-idmap0_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-common. 148s Preparing to unpack .../44-sssd-common_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-common (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-idp. 148s Preparing to unpack .../45-sssd-idp_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-idp (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-passkey. 148s Preparing to unpack .../46-sssd-passkey_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-passkey (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package libipa-hbac-dev. 148s Preparing to unpack .../47-libipa-hbac-dev_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking libipa-hbac-dev (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package libsss-certmap-dev. 148s Preparing to unpack .../48-libsss-certmap-dev_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking libsss-certmap-dev (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package libsss-idmap-dev. 148s Preparing to unpack .../49-libsss-idmap-dev_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking libsss-idmap-dev (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package libsss-nss-idmap-dev. 148s Preparing to unpack .../50-libsss-nss-idmap-dev_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking libsss-nss-idmap-dev (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package libsss-sudo. 148s Preparing to unpack .../51-libsss-sudo_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking libsss-sudo (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package python3-libipa-hbac. 148s Preparing to unpack .../52-python3-libipa-hbac_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking python3-libipa-hbac (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package python3-libsss-nss-idmap. 148s Preparing to unpack .../53-python3-libsss-nss-idmap_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking python3-libsss-nss-idmap (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-ad-common. 148s Preparing to unpack .../54-sssd-ad-common_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-ad-common (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-krb5-common. 148s Preparing to unpack .../55-sssd-krb5-common_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-krb5-common (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-ad. 148s Preparing to unpack .../56-sssd-ad_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-ad (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-ipa. 148s Preparing to unpack .../57-sssd-ipa_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-ipa (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-krb5. 148s Preparing to unpack .../58-sssd-krb5_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-krb5 (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-ldap. 148s Preparing to unpack .../59-sssd-ldap_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-ldap (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-proxy. 148s Preparing to unpack .../60-sssd-proxy_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-proxy (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd. 148s Preparing to unpack .../61-sssd_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-dbus. 148s Preparing to unpack .../62-sssd-dbus_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-dbus (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-kcm. 148s Preparing to unpack .../63-sssd-kcm_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-kcm (2.10.1-2ubuntu3) ... 148s Selecting previously unselected package sssd-tools. 148s Preparing to unpack .../64-sssd-tools_2.10.1-2ubuntu3_s390x.deb ... 148s Unpacking sssd-tools (2.10.1-2ubuntu3) ... 148s Setting up libpwquality-common (1.4.5-4) ... 148s Setting up libnfsidmap1:s390x (1:2.8.2-2ubuntu1) ... 148s Setting up libsss-idmap0 (2.10.1-2ubuntu3) ... 148s Setting up libbasicobjects0t64:s390x (0.6.2-3) ... 148s Setting up libipa-hbac0t64 (2.10.1-2ubuntu3) ... 148s Setting up libsss-idmap-dev (2.10.1-2ubuntu3) ... 148s Setting up libref-array1t64:s390x (0.6.2-3) ... 148s Setting up libipa-hbac-dev (2.10.1-2ubuntu3) ... 148s Setting up libtdb1:s390x (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 148s Setting up libargon2-1:s390x (0~20190702+dfsg-4build1) ... 148s Setting up libcollection4t64:s390x (0.6.2-3) ... 148s Setting up libevent-2.1-7t64:s390x (2.1.12-stable-10) ... 148s Setting up ldap-utils (2.6.9+dfsg-1~exp2ubuntu1) ... 148s Setting up libjose0:s390x (14-1) ... 148s Setting up libwbclient0:s390x (2:4.21.4+dfsg-1ubuntu3) ... 148s Setting up libtalloc2:s390x (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 148s Setting up libpath-utils1t64:s390x (0.6.2-3) ... 148s Setting up libavahi-common-data:s390x (0.8-16ubuntu1) ... 148s Setting up libcares2:s390x (1.34.4-2.1) ... 148s Setting up libdhash1t64:s390x (0.6.2-3) ... 148s Setting up libtcl8.6:s390x (8.6.16+dfsg-1) ... 148s Setting up libltdl7:s390x (2.5.4-4) ... 148s Setting up libcrack2:s390x (2.9.6-5.2build1) ... 148s Setting up libodbc2:s390x (2.3.12-2ubuntu1) ... 148s Setting up python3-libipa-hbac (2.10.1-2ubuntu3) ... 148s Setting up libnss-sudo (1.9.16p2-1ubuntu1) ... 148s Setting up libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 148s Setting up libini-config5t64:s390x (0.6.2-3) ... 148s Setting up libtevent0t64:s390x (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 148s Setting up libnss-sss:s390x (2.10.1-2ubuntu3) ... 148s Setting up slapd (2.6.9+dfsg-1~exp2ubuntu1) ... 148s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 148s Can't find configuration db, was SSSD configured and run? 148s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 148s Can't find configuration db, was SSSD configured and run? 149s Creating new user openldap... [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 149s Can't find configuration db, was SSSD configured and run? 149s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 149s Can't find configuration db, was SSSD configured and run? 149s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 149s Can't find configuration db, was SSSD configured and run? 149s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 149s Can't find configuration db, was SSSD configured and run? 149s done. 149s Creating initial configuration... done. 149s Creating LDAP directory... done. 149s Created symlink '/etc/systemd/system/multi-user.target.wants/slapd.service' → '/usr/lib/systemd/system/slapd.service'. 149s Setting up tcl8.6 (8.6.16+dfsg-1) ... 149s Setting up libsss-sudo (2.10.1-2ubuntu3) ... 149s Setting up libsss-nss-idmap-dev (2.10.1-2ubuntu3) ... 149s Setting up libavahi-common3:s390x (0.8-16ubuntu1) ... 149s Setting up tcl-expect:s390x (5.45.4-4) ... 149s Setting up libsss-certmap0 (2.10.1-2ubuntu3) ... 149s Setting up libpwquality1:s390x (1.4.5-4) ... 149s Setting up python3-libsss-nss-idmap (2.10.1-2ubuntu3) ... 149s Setting up libldb2:s390x (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 149s Setting up libavahi-client3:s390x (0.8-16ubuntu1) ... 149s Setting up expect (5.45.4-4) ... 149s Setting up libpam-pwquality:s390x (1.4.5-4) ... 149s Setting up samba-libs:s390x (2:4.21.4+dfsg-1ubuntu3) ... 149s Setting up libsss-certmap-dev (2.10.1-2ubuntu3) ... 149s Setting up python3-sss (2.10.1-2ubuntu3) ... 149s Setting up libsmbclient0:s390x (2:4.21.4+dfsg-1ubuntu3) ... 149s Setting up libpam-sss:s390x (2.10.1-2ubuntu3) ... 149s Setting up sssd-common (2.10.1-2ubuntu3) ... 149s Creating SSSD system user & group... 149s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 149s Can't find configuration db, was SSSD configured and run? 149s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 149s Can't find configuration db, was SSSD configured and run? 149s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 149s Can't find configuration db, was SSSD configured and run? 149s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 149s Can't find configuration db, was SSSD configured and run? 149s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 149s Can't find configuration db, was SSSD configured and run? 149s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 149s Can't find configuration db, was SSSD configured and run? 149s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 149s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 150s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 150s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 150s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 150s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 150s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 150s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 151s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 151s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 151s sssd-autofs.service is a disabled or a static unit, not starting it. 151s sssd-nss.service is a disabled or a static unit, not starting it. 151s sssd-pam.service is a disabled or a static unit, not starting it. 151s sssd-ssh.service is a disabled or a static unit, not starting it. 151s sssd-sudo.service is a disabled or a static unit, not starting it. 151s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 151s Setting up sssd-proxy (2.10.1-2ubuntu3) ... 151s Setting up sssd-kcm (2.10.1-2ubuntu3) ... 151s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 151s sssd-kcm.service is a disabled or a static unit, not starting it. 151s Setting up sssd-dbus (2.10.1-2ubuntu3) ... 152s sssd-ifp.service is a disabled or a static unit, not starting it. 152s Setting up sssd-ad-common (2.10.1-2ubuntu3) ... 152s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 152s sssd-pac.service is a disabled or a static unit, not starting it. 152s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 152s Setting up sssd-krb5-common (2.10.1-2ubuntu3) ... 152s Setting up sssd-krb5 (2.10.1-2ubuntu3) ... 152s Setting up sssd-ldap (2.10.1-2ubuntu3) ... 152s Setting up sssd-ad (2.10.1-2ubuntu3) ... 152s Setting up sssd-tools (2.10.1-2ubuntu3) ... 152s Setting up sssd-ipa (2.10.1-2ubuntu3) ... 152s Setting up sssd (2.10.1-2ubuntu3) ... 152s Setting up libverto1t64:s390x (0.3.1-1.2ubuntu3) ... 152s Setting up libkrad0:s390x (1.21.3-4ubuntu2) ... 152s Setting up libverto-libevent1t64:s390x (0.3.1-1.2ubuntu3) ... 152s Setting up sssd-passkey (2.10.1-2ubuntu3) ... 152s Setting up sssd-idp (2.10.1-2ubuntu3) ... 152s Processing triggers for libc-bin (2.41-1ubuntu2) ... 152s Processing triggers for man-db (2.13.0-1) ... 152s Processing triggers for dbus (1.16.2-1ubuntu1) ... 157s autopkgtest [19:35:31]: test ldap-user-group-ldap-auth: [----------------------- 158s + . debian/tests/util 158s + . debian/tests/common-tests 158s + trap cleanup EXIT 158s + mydomain=example.com 158s + myhostname=ldap.example.com 158s + mysuffix=dc=example,dc=com 158s + admin_dn=cn=admin,dc=example,dc=com 158s + admin_pw=secret 158s + ldap_user=testuser1 158s + ldap_user_pw=testuser1secret 158s + ldap_group=ldapusers 158s + adjust_hostname ldap.example.com 158s + local myhostname=ldap.example.com 158s + echo ldap.example.com 158s + hostname ldap.example.com 158s + grep -qE ldap.example.com /etc/hosts 158s + echo 127.0.1.10 ldap.example.com 158s + reconfigure_slapd 158s + debconf-set-selections 158s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 158s + dpkg-reconfigure -fnoninteractive -pcritical slapd 158s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1... done. 158s Moving old database directory to /var/backups: 158s - directory unknown... done. 158s Creating initial configuration... done. 158s Creating LDAP directory... done. 158s + generate_certs ldap.example.com 158s + local cn=ldap.example.com 158s + local cert=/etc/ldap/server.pem 158s + local key=/etc/ldap/server.key 158s + local cnf=/etc/ldap/openssl.cnf 158s + cat 158s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 159s ..+.....+.+..+++++++++++++++++++++++++++++++++++++++*............+................+..+...+.+........+.+....................+.+......+..+......+....+..+.........+.+.....+....+..+...+.......+...+......+.....+++++++++++++++++++++++++++++++++++++++*.....+.........+..+...+.+...+...............+...+.........+.....+.+..+...+...+.......+.....+.......+...+........+....+..+.+............+........+..........+.........+.....+.+..+.+...............+..............+...+.........+.+.....+.......+...+.................+.+.....+....+...+.....+....+...+..+.+..+......+...............+.........+............+................+..+.+..+.............+......+......+..+...............+.......+......+..+...+.......+..+...+......+.+.....++++++ 159s ..+............+++++++++++++++++++++++++++++++++++++++*.+.........+.+.....+......+....+...+......+..+.......+.....+.+......+...........+...+++++++++++++++++++++++++++++++++++++++*.+..+....+..............+.........+...+...++++++ 159s ----- 159s + chmod 0640 /etc/ldap/server.key 159s + chgrp openldap /etc/ldap/server.key 159s + [ ! -f /etc/ldap/server.pem ] 159s + [ ! -f /etc/ldap/server.key ] 159s + enable_ldap_ssl 159s + cat 159s + cat 159s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 159s modifying entry "cn=config" 159s 159s + populate_ldap_rfc2307 159s + cat 159s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 159s adding new entry "ou=People,dc=example,dc=com" 159s 159s adding new entry "ou=Group,dc=example,dc=com" 159s 159s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 159s 159s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 159s 159s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 159s 159s + configure_sssd_ldap_rfc2307 159s + cat 159s + chmod 0600 /etc/sssd/sssd.conf 159s + systemctl restart sssd 159s + enable_pam_mkhomedir 159s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 159s Assert local user databases do not have our LDAP test data 159s + echo session optional pam_mkhomedir.so 159s + run_common_tests 159s + echo Assert local user databases do not have our LDAP test data 159s + check_local_user testuser1 159s + local local_user=testuser1 159s + grep -q ^testuser1 /etc/passwd 159s + check_local_group testuser1 159s + local local_group=testuser1 159s + grep -q ^testuser1 /etc/group 159s + check_local_group ldapusers 159s + local local_group=ldapusers 159s + grep -q ^ldapusers /etc/group 159s The LDAP user is known to the system via getent 159s + echo The LDAP user is known to the system via getent 159s + check_getent_user testuser1 159s + local getent_user=testuser1 159s + local output 159s + getent passwd testuser1 159s The LDAP user's private group is known to the system via getent 159s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 159s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 159s + echo The LDAP user's private group is known to the system via getent 159s + check_getent_group testuser1 159s + local getent_group=testuser1 159s + local output 159s + getent group testuser1 159s The LDAP group ldapusers is known to the system via getent 159s + output=testuser1:*:10001:testuser1 159s + [ -z testuser1:*:10001:testuser1 ] 159s + echo The LDAP group ldapusers is known to the system via getent 159s + check_getent_group ldapusers 159s + local getent_group=ldapusers 159s + local output 159s + getent group ldapusers 159s + output=ldapusers:*:10100:testuser1 159s + [ -z ldapusers:*:10100:testuser1The id(1) command can resolve the group membership of the LDAP user 159s ] 159s + echo The id(1) command can resolve the group membership of the LDAP user 159s + id -Gn testuser1 159s The LDAP user can login via ssh 159s + output=testuser1 ldapusers 159s + [ testuser1 ldapusers != testuser1 ldapusers ] 159s + echo The LDAP user can login via ssh 159s + setup_sshd_password_auth 159s + cat 159s + systemctl restart ssh 159s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 159s spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no testuser1@localhost 159s Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. 159s testuser1@localhost's password: 159s Creating directory '/home/testuser1'. 159s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.14.0-10-generic s390x) 159s 159s * Documentation: https://help.ubuntu.com 159s * Management: https://landscape.canonical.com 159s * Support: https://ubuntu.com/pro 159s 159s 159s The programs included with the Ubuntu system are free software; 159s the exact distribution terms for each program are described in the 159s individual files in /usr/share/doc/*/copyright. 159s 159s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 159s applicable law. 159s 159s [?2004htestuser1@ldap:~$ id -un 159s [?2004l testuser1 159s [?2004htestuser1@ldap:~$ ## All tests passed, phew 159s + cleanup 159s + result=0 159s + set +e 159s + [ 0 -ne 0 ] 159s + echo ## All tests passed, phew 159s + cleanup_sshd_config 159s + rm -f /etc/ssh/sshd_config.d/00-dep8.conf 159s + systemctl restart ssh 160s autopkgtest [19:35:34]: test ldap-user-group-ldap-auth: -----------------------] 160s ldap-user-group-ldap-auth PASS 160s autopkgtest [19:35:34]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 160s autopkgtest [19:35:34]: test ldap-user-group-krb5-auth: preparing testbed 161s Reading package lists... 161s Building dependency tree... 161s Reading state information... 161s Starting pkgProblemResolver with broken count: 0 161s Starting 2 pkgProblemResolver with broken count: 0 161s Done 161s The following NEW packages will be installed: 161s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 161s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 161s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 161s Need to get 623 kB of archives. 161s After this operation, 2132 kB of additional disk space will be used. 161s Get:1 http://ftpmaster.internal/ubuntu plucky/main s390x krb5-config all 2.7 [22.0 kB] 161s Get:2 http://ftpmaster.internal/ubuntu plucky/main s390x libgssrpc4t64 s390x 1.21.3-4ubuntu2 [59.1 kB] 161s Get:3 http://ftpmaster.internal/ubuntu plucky/main s390x libkadm5clnt-mit12 s390x 1.21.3-4ubuntu2 [40.6 kB] 162s Get:4 http://ftpmaster.internal/ubuntu plucky/main s390x libkdb5-10t64 s390x 1.21.3-4ubuntu2 [42.0 kB] 162s Get:5 http://ftpmaster.internal/ubuntu plucky/main s390x libkadm5srv-mit12 s390x 1.21.3-4ubuntu2 [55.4 kB] 162s Get:6 http://ftpmaster.internal/ubuntu plucky/universe s390x krb5-user s390x 1.21.3-4ubuntu2 [110 kB] 162s Get:7 http://ftpmaster.internal/ubuntu plucky/universe s390x krb5-kdc s390x 1.21.3-4ubuntu2 [198 kB] 162s Get:8 http://ftpmaster.internal/ubuntu plucky/universe s390x krb5-admin-server s390x 1.21.3-4ubuntu2 [95.7 kB] 162s Preconfiguring packages ... 162s Fetched 623 kB in 1s (1060 kB/s) 162s Selecting previously unselected package krb5-config. 162s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57611 files and directories currently installed.) 162s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 162s Unpacking krb5-config (2.7) ... 162s Selecting previously unselected package libgssrpc4t64:s390x. 162s Preparing to unpack .../1-libgssrpc4t64_1.21.3-4ubuntu2_s390x.deb ... 162s Unpacking libgssrpc4t64:s390x (1.21.3-4ubuntu2) ... 162s Selecting previously unselected package libkadm5clnt-mit12:s390x. 162s Preparing to unpack .../2-libkadm5clnt-mit12_1.21.3-4ubuntu2_s390x.deb ... 162s Unpacking libkadm5clnt-mit12:s390x (1.21.3-4ubuntu2) ... 162s Selecting previously unselected package libkdb5-10t64:s390x. 162s Preparing to unpack .../3-libkdb5-10t64_1.21.3-4ubuntu2_s390x.deb ... 162s Unpacking libkdb5-10t64:s390x (1.21.3-4ubuntu2) ... 162s Selecting previously unselected package libkadm5srv-mit12:s390x. 162s Preparing to unpack .../4-libkadm5srv-mit12_1.21.3-4ubuntu2_s390x.deb ... 162s Unpacking libkadm5srv-mit12:s390x (1.21.3-4ubuntu2) ... 162s Selecting previously unselected package krb5-user. 162s Preparing to unpack .../5-krb5-user_1.21.3-4ubuntu2_s390x.deb ... 162s Unpacking krb5-user (1.21.3-4ubuntu2) ... 162s Selecting previously unselected package krb5-kdc. 162s Preparing to unpack .../6-krb5-kdc_1.21.3-4ubuntu2_s390x.deb ... 162s Unpacking krb5-kdc (1.21.3-4ubuntu2) ... 162s Selecting previously unselected package krb5-admin-server. 162s Preparing to unpack .../7-krb5-admin-server_1.21.3-4ubuntu2_s390x.deb ... 162s Unpacking krb5-admin-server (1.21.3-4ubuntu2) ... 162s Setting up libgssrpc4t64:s390x (1.21.3-4ubuntu2) ... 162s Setting up krb5-config (2.7) ... 162s Setting up libkadm5clnt-mit12:s390x (1.21.3-4ubuntu2) ... 162s Setting up libkdb5-10t64:s390x (1.21.3-4ubuntu2) ... 162s Setting up libkadm5srv-mit12:s390x (1.21.3-4ubuntu2) ... 162s Setting up krb5-user (1.21.3-4ubuntu2) ... 162s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 162s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 162s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 162s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 162s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 162s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 162s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 162s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 162s Setting up krb5-kdc (1.21.3-4ubuntu2) ... 163s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 163s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 163s Setting up krb5-admin-server (1.21.3-4ubuntu2) ... 163s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 164s Processing triggers for man-db (2.13.0-1) ... 164s Processing triggers for libc-bin (2.41-1ubuntu2) ... 169s autopkgtest [19:35:43]: test ldap-user-group-krb5-auth: [----------------------- 169s + . debian/tests/util 169s + . debian/tests/common-tests 169s + trap cleanup EXIT 169s + mydomain=example.com 169s + myhostname=ldap.example.com 169s + mysuffix=dc=example,dc=com 169s + myrealm=EXAMPLE.COM 169s + admin_dn=cn=admin,dc=example,dc=com 169s + admin_pw=secret 169s + ldap_user=testuser1 169s + ldap_user_pw=testuser1secret 169s + kerberos_principal_pw=testuser1kerberos 169s + ldap_group=ldapusers 169s + adjust_hostname ldap.example.com 169s + local myhostname=ldap.example.com 169s + echo ldap.example.com 169s + hostname ldap.example.com 169s + grep -qE ldap.example.com /etc/hosts 169s + reconfigure_slapd 169s + debconf-set-selections 169s + rm -rf /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1 /var/backups/unknown-2.6.9+dfsg-1~exp2ubuntu1-20250315-193532.ldapdb 169s + dpkg-reconfigure -fnoninteractive -pcritical slapd 169s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.9+dfsg-1~exp2ubuntu1... done. 169s Moving old database directory to /var/backups: 169s - directory unknown... done. 169s Creating initial configuration... done. 169s Creating LDAP directory... done. 170s + generate_certs ldap.example.com 170s + local cn=ldap.example.com 170s + local cert=/etc/ldap/server.pem 170s + local key=/etc/ldap/server.key 170s + local cnf=/etc/ldap/openssl.cnf 170s + cat 170s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 170s ...+++++++++++++++++++++++++++++++++++++++*...+.....+++++++++++++++++++++++++++++++++++++++*.+...................+...+..+....+..+...+.........+...+.......+..+..........+...+............+...+.....+......+.+.....+...+.+..+....+......+........+.+..............+..........+..............+....................................+.+.....+...+......+......+.+.........+...........+.......+........+....+...+..+.............+...+.....+...+....+.....+.............+.........+...........+..........+..............+...+...+....+.....+.........+..........++++++ 170s .....+..+.+...+...........+..................+.......+........+++++++++++++++++++++++++++++++++++++++*....+...+.....+...+...+.......+...+++++++++++++++++++++++++++++++++++++++*..+...+.........+.......+.........+.....+....+...+...+...........+.+.................+..........+..+.+.........+.....................+.....+.......+......+..+...................+...+.....+......+.+.....+...++++++ 170s ----- 170s + chmod 0640 /etc/ldap/server.key 170s + chgrp openldap /etc/ldap/server.key 170s + [ ! -f /etc/ldap/server.pem ] 170s + [ ! -f /etc/ldap/server.key ] 170s + enable_ldap_ssl 170s + cat 170s + cat 170s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 170s modifying entry "cn=config" 170s 170s + populate_ldap_rfc2307 170s + cat 170s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 170s adding new entry "ou=People,dc=example,dc=com" 170s 170s adding new entry "ou=Group,dc=example,dc=com" 170s 170s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 170s 170s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 170s 170s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 170s 170s + create_realm EXAMPLE.COM ldap.example.com 170s + local realm_name=EXAMPLE.COM 170s + local kerberos_server=ldap.example.com 170s + rm -rf /var/lib/krb5kdc/* 170s + rm -rf /etc/krb5kdc/kdc.conf 170s + rm -f /etc/krb5.keytab 170s + cat 170s + cat 170s + echo # */admin * 170s + kdb5_util create -s -P secretpassword 170s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 170s master key name 'K/M@EXAMPLE.COM' 170s + systemctl restart krb5-kdc.service krb5-admin-server.service 170s + create_krb_principal testuser1 testuser1kerberos 170s + local principal=testuser1 170s + local password=testuser1kerberos 170s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 170s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 170s Authenticating as principal root/admin@EXAMPLE.COM with password. 170s Principal "testuser1@EXAMPLE.COM" created. 170s + configure_sssd_ldap_rfc2307_krb5_auth 170s + cat 170s + chmod 0600 /etc/sssd/sssd.conf 170s + systemctl restart sssd 170s + enable_pam_mkhomedir 170s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 170s + Assert local user databases do not have our LDAP test data 170s run_common_tests 170s + echo Assert local user databases do not have our LDAP test data 170s + check_local_user testuser1 170s + local local_user=testuser1 170s + grep -q ^testuser1 /etc/passwd 170s + check_local_group testuser1 170s + local local_group=testuser1 170s + grep -q ^testuser1 /etc/group 170s + check_local_group ldapusers 170s + local local_group=ldapusers 170s + grep -q ^ldapusers /etc/group 170s + echo The LDAP user is known to the system via getentThe LDAP user is known to the system via getent 170s 170s + check_getent_user testuser1 170s + local getent_user=testuser1 170s + local output 170s + getent passwd testuser1 170s The LDAP user's private group is known to the system via getent 170s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 170s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 170s + echo The LDAP user's private group is known to the system via getent 170s + check_getent_group testuser1 170s + local getent_group=testuser1 170s + local output 170s + getent group testuser1 170s The LDAP group ldapusers is known to the system via getent 170s + output=testuser1:*:10001:testuser1 170s + [ -z testuser1:*:10001:testuser1 ] 170s + echo The LDAP group ldapusers is known to the system via getent 170s + check_getent_group ldapusers 170s + local getent_group=ldapusers 170s + local output 170s + getent group ldapusers 170s + output=ldapusers:*:10100:testuser1 170s + [ -z ldapusers:*:10100:testuser1 ] 170s The id(1) command can resolve the group membership of the LDAP user 170s + echo The id(1) command can resolve the group membership of the LDAP user 170s + id -Gn testuser1 170s The Kerberos principal can login via ssh 170s + output=testuser1 ldapusers 170s + [ testuser1 ldapusers != testuser1 ldapusers ] 170s + echo The Kerberos principal can login via ssh 170s + setup_sshd_password_auth 170s + cat 170s + systemctl restart ssh 170s + kdestroy 170s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 170s spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no testuser1@localhost 170s Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. 171s testuser1@localhost's password: 171s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.14.0-10-generic s390x) 171s 171s * Documentation: https://help.ubuntu.com 171s * Management: https://landscape.canonical.com 171s * Support: https://ubuntu.com/pro 171s 171s Last login: Sat Mar 15 19:35:33 2025 from ::1 171s [?2004htestuser1@ldap:~$ id -un 171s [?2004l testuser1 171s [?2004htestuser1@ldap:~$ klist 171s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_rRkIK6 171s Default principal: testuser1@EXAMPLE.COM 171s + cleanup 171s + result=0 171s + set +e 171s + [ 0 -ne 0 ] 171s + echo ## All tests passed, phew 171s + cleanup_sshd_config 171s + rm -f /etc/ssh/sshd_config.d/00-dep8.conf 171s ## All tests passed, phew 171s + systemctl restart ssh 171s autopkgtest [19:35:45]: test ldap-user-group-krb5-auth: -----------------------] 172s ldap-user-group-krb5-auth PASS 172s autopkgtest [19:35:46]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 172s autopkgtest [19:35:46]: test sssd-softhism2-certificates-tests.sh: preparing testbed 321s autopkgtest [19:38:15]: testbed dpkg architecture: s390x 321s autopkgtest [19:38:15]: testbed apt version: 2.9.33 322s autopkgtest [19:38:16]: @@@@@@@@@@@@@@@@@@@@ test bed setup 322s autopkgtest [19:38:16]: testbed release detected to be: plucky 322s autopkgtest [19:38:16]: updating testbed package index (apt update) 323s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [126 kB] 323s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 323s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 323s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 323s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [369 kB] 324s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [45.1 kB] 324s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [14.5 kB] 324s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x Packages [77.3 kB] 324s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x c-n-f Metadata [1824 B] 324s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted s390x c-n-f Metadata [116 B] 324s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe s390x Packages [314 kB] 324s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/universe s390x c-n-f Metadata [13.3 kB] 324s Get:13 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse s390x Packages [3532 B] 324s Get:14 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse s390x c-n-f Metadata [240 B] 324s Fetched 965 kB in 1s (746 kB/s) 325s Reading package lists... 325s Reading package lists... 325s Building dependency tree... 325s Reading state information... 325s Calculating upgrade... 326s Calculating upgrade... 326s The following packages were automatically installed and are no longer required: 326s libnsl2 libpython3.12-minimal libpython3.12-stdlib libpython3.12t64 326s linux-headers-6.11.0-8 linux-headers-6.11.0-8-generic 326s linux-modules-6.11.0-8-generic linux-tools-6.11.0-8 326s linux-tools-6.11.0-8-generic 326s Use 'sudo apt autoremove' to remove them. 326s The following packages will be upgraded: 326s pinentry-curses python3-jinja2 strace 326s 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 326s Need to get 652 kB of archives. 326s After this operation, 27.6 kB of additional disk space will be used. 326s Get:1 http://ftpmaster.internal/ubuntu plucky/main s390x strace s390x 6.13+ds-1ubuntu1 [500 kB] 326s Get:2 http://ftpmaster.internal/ubuntu plucky/main s390x pinentry-curses s390x 1.3.1-2ubuntu3 [42.9 kB] 326s Get:3 http://ftpmaster.internal/ubuntu plucky/main s390x python3-jinja2 all 3.1.5-2ubuntu1 [109 kB] 327s Fetched 652 kB in 1s (699 kB/s) 327s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81428 files and directories currently installed.) 327s Preparing to unpack .../strace_6.13+ds-1ubuntu1_s390x.deb ... 327s Unpacking strace (6.13+ds-1ubuntu1) over (6.11-0ubuntu1) ... 327s Preparing to unpack .../pinentry-curses_1.3.1-2ubuntu3_s390x.deb ... 327s Unpacking pinentry-curses (1.3.1-2ubuntu3) over (1.3.1-2ubuntu2) ... 327s Preparing to unpack .../python3-jinja2_3.1.5-2ubuntu1_all.deb ... 327s Unpacking python3-jinja2 (3.1.5-2ubuntu1) over (3.1.5-2) ... 327s Setting up pinentry-curses (1.3.1-2ubuntu3) ... 327s Setting up python3-jinja2 (3.1.5-2ubuntu1) ... 327s Setting up strace (6.13+ds-1ubuntu1) ... 327s Processing triggers for man-db (2.13.0-1) ... 328s Reading package lists... 328s Building dependency tree... 328s Reading state information... 328s Solving dependencies... 328s The following packages will be REMOVED: 328s libnsl2* libpython3.12-minimal* libpython3.12-stdlib* libpython3.12t64* 328s linux-headers-6.11.0-8* linux-headers-6.11.0-8-generic* 328s linux-modules-6.11.0-8-generic* linux-tools-6.11.0-8* 328s linux-tools-6.11.0-8-generic* 328s 0 upgraded, 0 newly installed, 9 to remove and 5 not upgraded. 328s After this operation, 167 MB disk space will be freed. 328s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81428 files and directories currently installed.) 328s Removing linux-tools-6.11.0-8-generic (6.11.0-8.8) ... 328s Removing linux-tools-6.11.0-8 (6.11.0-8.8) ... 328s Removing libpython3.12t64:s390x (3.12.9-1) ... 328s Removing libpython3.12-stdlib:s390x (3.12.9-1) ... 328s Removing libnsl2:s390x (1.3.0-3build3) ... 328s Removing libpython3.12-minimal:s390x (3.12.9-1) ... 328s Removing linux-headers-6.11.0-8-generic (6.11.0-8.8) ... 328s Removing linux-headers-6.11.0-8 (6.11.0-8.8) ... 329s Removing linux-modules-6.11.0-8-generic (6.11.0-8.8) ... 329s Processing triggers for libc-bin (2.41-1ubuntu1) ... 329s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56328 files and directories currently installed.) 329s Purging configuration files for libpython3.12-minimal:s390x (3.12.9-1) ... 329s Purging configuration files for linux-modules-6.11.0-8-generic (6.11.0-8.8) ... 329s autopkgtest [19:38:23]: upgrading testbed (apt dist-upgrade and autopurge) 330s Reading package lists... 330s Building dependency tree... 330s Reading state information... 330s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 330s Starting 2 pkgProblemResolver with broken count: 0 330s Done 330s Entering ResolveByKeep 330s 330s Calculating upgrade... 330s The following packages will be upgraded: 330s libc-bin libc-dev-bin libc6 libc6-dev locales 331s 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 331s Need to get 9512 kB of archives. 331s After this operation, 8192 B of additional disk space will be used. 331s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libc6-dev s390x 2.41-1ubuntu2 [1678 kB] 332s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libc-dev-bin s390x 2.41-1ubuntu2 [24.3 kB] 332s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libc6 s390x 2.41-1ubuntu2 [2892 kB] 334s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x libc-bin s390x 2.41-1ubuntu2 [671 kB] 335s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main s390x locales all 2.41-1ubuntu2 [4246 kB] 338s Preconfiguring packages ... 338s Fetched 9512 kB in 7s (1280 kB/s) 338s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56326 files and directories currently installed.) 338s Preparing to unpack .../libc6-dev_2.41-1ubuntu2_s390x.deb ... 338s Unpacking libc6-dev:s390x (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 338s Preparing to unpack .../libc-dev-bin_2.41-1ubuntu2_s390x.deb ... 338s Unpacking libc-dev-bin (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 338s Preparing to unpack .../libc6_2.41-1ubuntu2_s390x.deb ... 338s Unpacking libc6:s390x (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 338s Setting up libc6:s390x (2.41-1ubuntu2) ... 338s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56326 files and directories currently installed.) 339s Preparing to unpack .../libc-bin_2.41-1ubuntu2_s390x.deb ... 339s Unpacking libc-bin (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 339s Setting up libc-bin (2.41-1ubuntu2) ... 339s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56326 files and directories currently installed.) 339s Preparing to unpack .../locales_2.41-1ubuntu2_all.deb ... 339s Unpacking locales (2.41-1ubuntu2) over (2.41-1ubuntu1) ... 339s Setting up locales (2.41-1ubuntu2) ... 339s Generating locales (this might take a while)... 340s en_US.UTF-8... done 340s Generation complete. 340s Setting up libc-dev-bin (2.41-1ubuntu2) ... 340s Setting up libc6-dev:s390x (2.41-1ubuntu2) ... 340s Processing triggers for man-db (2.13.0-1) ... 341s Processing triggers for systemd (257.3-1ubuntu3) ... 341s Reading package lists... 341s Building dependency tree... 341s Reading state information... 342s Starting pkgProblemResolver with broken count: 0 342s Starting 2 pkgProblemResolver with broken count: 0 342s Done 342s Solving dependencies... 342s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 342s autopkgtest [19:38:36]: rebooting testbed after setup commands that affected boot 362s Reading package lists... 362s Building dependency tree... 362s Reading state information... 362s Starting pkgProblemResolver with broken count: 0 362s Starting 2 pkgProblemResolver with broken count: 0 362s Done 363s The following NEW packages will be installed: 363s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 363s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 363s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 363s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 363s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 363s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 363s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 363s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 363s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 363s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 363s Need to get 10.7 MB of archives. 363s After this operation, 41.7 MB of additional disk space will be used. 363s Get:1 http://ftpmaster.internal/ubuntu plucky/main s390x libevent-2.1-7t64 s390x 2.1.12-stable-10 [145 kB] 363s Get:2 http://ftpmaster.internal/ubuntu plucky/main s390x libunbound8 s390x 1.22.0-1ubuntu1 [462 kB] 363s Get:3 http://ftpmaster.internal/ubuntu plucky/main s390x libgnutls-dane0t64 s390x 3.8.9-2ubuntu2 [24.5 kB] 363s Get:4 http://ftpmaster.internal/ubuntu plucky/universe s390x gnutls-bin s390x 3.8.9-2ubuntu2 [287 kB] 364s Get:5 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-common-data s390x 0.8-16ubuntu1 [30.9 kB] 364s Get:6 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-common3 s390x 0.8-16ubuntu1 [23.5 kB] 364s Get:7 http://ftpmaster.internal/ubuntu plucky/main s390x libavahi-client3 s390x 0.8-16ubuntu1 [26.3 kB] 364s Get:8 http://ftpmaster.internal/ubuntu plucky/main s390x libbasicobjects0t64 s390x 0.6.2-3 [5788 B] 364s Get:9 http://ftpmaster.internal/ubuntu plucky/main s390x libcares2 s390x 1.34.4-2.1 [101 kB] 364s Get:10 http://ftpmaster.internal/ubuntu plucky/main s390x libcollection4t64 s390x 0.6.2-3 [23.7 kB] 364s Get:11 http://ftpmaster.internal/ubuntu plucky/main s390x libcrack2 s390x 2.9.6-5.2build1 [29.7 kB] 364s Get:12 http://ftpmaster.internal/ubuntu plucky/main s390x libdhash1t64 s390x 0.6.2-3 [8880 B] 364s Get:13 http://ftpmaster.internal/ubuntu plucky/main s390x libpath-utils1t64 s390x 0.6.2-3 [9228 B] 364s Get:14 http://ftpmaster.internal/ubuntu plucky/main s390x libref-array1t64 s390x 0.6.2-3 [7190 B] 364s Get:15 http://ftpmaster.internal/ubuntu plucky/main s390x libini-config5t64 s390x 0.6.2-3 [45.9 kB] 364s Get:16 http://ftpmaster.internal/ubuntu plucky/main s390x libipa-hbac0t64 s390x 2.10.1-2ubuntu3 [18.6 kB] 364s Get:17 http://ftpmaster.internal/ubuntu plucky/main s390x libtalloc2 s390x 2:2.4.2+samba4.21.4+dfsg-1ubuntu3 [72.9 kB] 364s Get:18 http://ftpmaster.internal/ubuntu plucky/main s390x libtdb1 s390x 2:1.4.12+samba4.21.4+dfsg-1ubuntu3 [94.4 kB] 364s Get:19 http://ftpmaster.internal/ubuntu plucky/main s390x libtevent0t64 s390x 2:0.16.1+samba4.21.4+dfsg-1ubuntu3 [41.0 kB] 364s Get:20 http://ftpmaster.internal/ubuntu plucky/main s390x libldb2 s390x 2:2.10.0+samba4.21.4+dfsg-1ubuntu3 [152 kB] 364s Get:21 http://ftpmaster.internal/ubuntu plucky/main s390x libnfsidmap1 s390x 1:2.8.2-2ubuntu1 [51.6 kB] 364s Get:22 http://ftpmaster.internal/ubuntu plucky/main s390x libpwquality-common all 1.4.5-4 [7714 B] 364s Get:23 http://ftpmaster.internal/ubuntu plucky/main s390x libpwquality1 s390x 1.4.5-4 [14.6 kB] 364s Get:24 http://ftpmaster.internal/ubuntu plucky/main s390x libpam-pwquality s390x 1.4.5-4 [11.6 kB] 364s Get:25 http://ftpmaster.internal/ubuntu plucky/main s390x libwbclient0 s390x 2:4.21.4+dfsg-1ubuntu3 [80.0 kB] 364s Get:26 http://ftpmaster.internal/ubuntu plucky/main s390x samba-libs s390x 2:4.21.4+dfsg-1ubuntu3 [6461 kB] 369s Get:27 http://ftpmaster.internal/ubuntu plucky/main s390x libsmbclient0 s390x 2:4.21.4+dfsg-1ubuntu3 [64.9 kB] 369s Get:28 http://ftpmaster.internal/ubuntu plucky/main s390x libnss-sss s390x 2.10.1-2ubuntu3 [33.7 kB] 369s Get:29 http://ftpmaster.internal/ubuntu plucky/main s390x libpam-sss s390x 2.10.1-2ubuntu3 [53.4 kB] 369s Get:30 http://ftpmaster.internal/ubuntu plucky/universe s390x softhsm2-common s390x 2.6.1-2.2ubuntu3 [6196 B] 369s Get:31 http://ftpmaster.internal/ubuntu plucky/universe s390x libsofthsm2 s390x 2.6.1-2.2ubuntu3 [267 kB] 370s Get:32 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-certmap0 s390x 2.10.1-2ubuntu3 [48.3 kB] 370s Get:33 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-idmap0 s390x 2.10.1-2ubuntu3 [23.3 kB] 370s Get:34 http://ftpmaster.internal/ubuntu plucky/main s390x libsss-nss-idmap0 s390x 2.10.1-2ubuntu3 [32.2 kB] 370s Get:35 http://ftpmaster.internal/ubuntu plucky/main s390x python3-sss s390x 2.10.1-2ubuntu3 [46.5 kB] 370s Get:36 http://ftpmaster.internal/ubuntu plucky/universe s390x softhsm2 s390x 2.6.1-2.2ubuntu3 [176 kB] 370s Get:37 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-common s390x 2.10.1-2ubuntu3 [1101 kB] 371s Get:38 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ad-common s390x 2.10.1-2ubuntu3 [71.8 kB] 371s Get:39 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-krb5-common s390x 2.10.1-2ubuntu3 [89.6 kB] 371s Get:40 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ad s390x 2.10.1-2ubuntu3 [133 kB] 371s Get:41 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ipa s390x 2.10.1-2ubuntu3 [215 kB] 371s Get:42 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-krb5 s390x 2.10.1-2ubuntu3 [14.4 kB] 371s Get:43 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-ldap s390x 2.10.1-2ubuntu3 [31.4 kB] 371s Get:44 http://ftpmaster.internal/ubuntu plucky/main s390x sssd-proxy s390x 2.10.1-2ubuntu3 [42.6 kB] 371s Get:45 http://ftpmaster.internal/ubuntu plucky/main s390x sssd s390x 2.10.1-2ubuntu3 [4122 B] 372s Fetched 10.7 MB in 9s (1249 kB/s) 372s Selecting previously unselected package libevent-2.1-7t64:s390x. 372s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56326 files and directories currently installed.) 372s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10_s390x.deb ... 372s Unpacking libevent-2.1-7t64:s390x (2.1.12-stable-10) ... 372s Selecting previously unselected package libunbound8:s390x. 372s Preparing to unpack .../01-libunbound8_1.22.0-1ubuntu1_s390x.deb ... 372s Unpacking libunbound8:s390x (1.22.0-1ubuntu1) ... 372s Selecting previously unselected package libgnutls-dane0t64:s390x. 372s Preparing to unpack .../02-libgnutls-dane0t64_3.8.9-2ubuntu2_s390x.deb ... 372s Unpacking libgnutls-dane0t64:s390x (3.8.9-2ubuntu2) ... 372s Selecting previously unselected package gnutls-bin. 372s Preparing to unpack .../03-gnutls-bin_3.8.9-2ubuntu2_s390x.deb ... 372s Unpacking gnutls-bin (3.8.9-2ubuntu2) ... 372s Selecting previously unselected package libavahi-common-data:s390x. 372s Preparing to unpack .../04-libavahi-common-data_0.8-16ubuntu1_s390x.deb ... 372s Unpacking libavahi-common-data:s390x (0.8-16ubuntu1) ... 372s Selecting previously unselected package libavahi-common3:s390x. 372s Preparing to unpack .../05-libavahi-common3_0.8-16ubuntu1_s390x.deb ... 372s Unpacking libavahi-common3:s390x (0.8-16ubuntu1) ... 372s Selecting previously unselected package libavahi-client3:s390x. 372s Preparing to unpack .../06-libavahi-client3_0.8-16ubuntu1_s390x.deb ... 372s Unpacking libavahi-client3:s390x (0.8-16ubuntu1) ... 372s Selecting previously unselected package libbasicobjects0t64:s390x. 372s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-3_s390x.deb ... 372s Unpacking libbasicobjects0t64:s390x (0.6.2-3) ... 372s Selecting previously unselected package libcares2:s390x. 372s Preparing to unpack .../08-libcares2_1.34.4-2.1_s390x.deb ... 372s Unpacking libcares2:s390x (1.34.4-2.1) ... 372s Selecting previously unselected package libcollection4t64:s390x. 372s Preparing to unpack .../09-libcollection4t64_0.6.2-3_s390x.deb ... 372s Unpacking libcollection4t64:s390x (0.6.2-3) ... 372s Selecting previously unselected package libcrack2:s390x. 372s Preparing to unpack .../10-libcrack2_2.9.6-5.2build1_s390x.deb ... 372s Unpacking libcrack2:s390x (2.9.6-5.2build1) ... 372s Selecting previously unselected package libdhash1t64:s390x. 372s Preparing to unpack .../11-libdhash1t64_0.6.2-3_s390x.deb ... 372s Unpacking libdhash1t64:s390x (0.6.2-3) ... 372s Selecting previously unselected package libpath-utils1t64:s390x. 372s Preparing to unpack .../12-libpath-utils1t64_0.6.2-3_s390x.deb ... 372s Unpacking libpath-utils1t64:s390x (0.6.2-3) ... 372s Selecting previously unselected package libref-array1t64:s390x. 372s Preparing to unpack .../13-libref-array1t64_0.6.2-3_s390x.deb ... 372s Unpacking libref-array1t64:s390x (0.6.2-3) ... 372s Selecting previously unselected package libini-config5t64:s390x. 372s Preparing to unpack .../14-libini-config5t64_0.6.2-3_s390x.deb ... 372s Unpacking libini-config5t64:s390x (0.6.2-3) ... 372s Selecting previously unselected package libipa-hbac0t64. 372s Preparing to unpack .../15-libipa-hbac0t64_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking libipa-hbac0t64 (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package libtalloc2:s390x. 372s Preparing to unpack .../16-libtalloc2_2%3a2.4.2+samba4.21.4+dfsg-1ubuntu3_s390x.deb ... 372s Unpacking libtalloc2:s390x (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 372s Selecting previously unselected package libtdb1:s390x. 372s Preparing to unpack .../17-libtdb1_2%3a1.4.12+samba4.21.4+dfsg-1ubuntu3_s390x.deb ... 372s Unpacking libtdb1:s390x (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 372s Selecting previously unselected package libtevent0t64:s390x. 372s Preparing to unpack .../18-libtevent0t64_2%3a0.16.1+samba4.21.4+dfsg-1ubuntu3_s390x.deb ... 372s Unpacking libtevent0t64:s390x (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 372s Selecting previously unselected package libldb2:s390x. 372s Preparing to unpack .../19-libldb2_2%3a2.10.0+samba4.21.4+dfsg-1ubuntu3_s390x.deb ... 372s Unpacking libldb2:s390x (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 372s Selecting previously unselected package libnfsidmap1:s390x. 372s Preparing to unpack .../20-libnfsidmap1_1%3a2.8.2-2ubuntu1_s390x.deb ... 372s Unpacking libnfsidmap1:s390x (1:2.8.2-2ubuntu1) ... 372s Selecting previously unselected package libpwquality-common. 372s Preparing to unpack .../21-libpwquality-common_1.4.5-4_all.deb ... 372s Unpacking libpwquality-common (1.4.5-4) ... 372s Selecting previously unselected package libpwquality1:s390x. 372s Preparing to unpack .../22-libpwquality1_1.4.5-4_s390x.deb ... 372s Unpacking libpwquality1:s390x (1.4.5-4) ... 372s Selecting previously unselected package libpam-pwquality:s390x. 372s Preparing to unpack .../23-libpam-pwquality_1.4.5-4_s390x.deb ... 372s Unpacking libpam-pwquality:s390x (1.4.5-4) ... 372s Selecting previously unselected package libwbclient0:s390x. 372s Preparing to unpack .../24-libwbclient0_2%3a4.21.4+dfsg-1ubuntu3_s390x.deb ... 372s Unpacking libwbclient0:s390x (2:4.21.4+dfsg-1ubuntu3) ... 372s Selecting previously unselected package samba-libs:s390x. 372s Preparing to unpack .../25-samba-libs_2%3a4.21.4+dfsg-1ubuntu3_s390x.deb ... 372s Unpacking samba-libs:s390x (2:4.21.4+dfsg-1ubuntu3) ... 372s Selecting previously unselected package libsmbclient0:s390x. 372s Preparing to unpack .../26-libsmbclient0_2%3a4.21.4+dfsg-1ubuntu3_s390x.deb ... 372s Unpacking libsmbclient0:s390x (2:4.21.4+dfsg-1ubuntu3) ... 372s Selecting previously unselected package libnss-sss:s390x. 372s Preparing to unpack .../27-libnss-sss_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking libnss-sss:s390x (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package libpam-sss:s390x. 372s Preparing to unpack .../28-libpam-sss_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking libpam-sss:s390x (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package softhsm2-common. 372s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_s390x.deb ... 372s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 372s Selecting previously unselected package libsofthsm2. 372s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_s390x.deb ... 372s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 372s Selecting previously unselected package libsss-certmap0. 372s Preparing to unpack .../31-libsss-certmap0_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking libsss-certmap0 (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package libsss-idmap0. 372s Preparing to unpack .../32-libsss-idmap0_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking libsss-idmap0 (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package libsss-nss-idmap0. 372s Preparing to unpack .../33-libsss-nss-idmap0_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package python3-sss. 372s Preparing to unpack .../34-python3-sss_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking python3-sss (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package softhsm2. 372s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_s390x.deb ... 372s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 372s Selecting previously unselected package sssd-common. 372s Preparing to unpack .../36-sssd-common_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking sssd-common (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package sssd-ad-common. 372s Preparing to unpack .../37-sssd-ad-common_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking sssd-ad-common (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package sssd-krb5-common. 372s Preparing to unpack .../38-sssd-krb5-common_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking sssd-krb5-common (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package sssd-ad. 372s Preparing to unpack .../39-sssd-ad_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking sssd-ad (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package sssd-ipa. 372s Preparing to unpack .../40-sssd-ipa_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking sssd-ipa (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package sssd-krb5. 372s Preparing to unpack .../41-sssd-krb5_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking sssd-krb5 (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package sssd-ldap. 372s Preparing to unpack .../42-sssd-ldap_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking sssd-ldap (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package sssd-proxy. 372s Preparing to unpack .../43-sssd-proxy_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking sssd-proxy (2.10.1-2ubuntu3) ... 372s Selecting previously unselected package sssd. 372s Preparing to unpack .../44-sssd_2.10.1-2ubuntu3_s390x.deb ... 372s Unpacking sssd (2.10.1-2ubuntu3) ... 372s Setting up libpwquality-common (1.4.5-4) ... 372s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 372s Creating config file /etc/softhsm/softhsm2.conf with new version 372s Setting up libnfsidmap1:s390x (1:2.8.2-2ubuntu1) ... 372s Setting up libsss-idmap0 (2.10.1-2ubuntu3) ... 372s Setting up libbasicobjects0t64:s390x (0.6.2-3) ... 372s Setting up libipa-hbac0t64 (2.10.1-2ubuntu3) ... 372s Setting up libref-array1t64:s390x (0.6.2-3) ... 372s Setting up libtdb1:s390x (2:1.4.12+samba4.21.4+dfsg-1ubuntu3) ... 372s Setting up libcollection4t64:s390x (0.6.2-3) ... 372s Setting up libevent-2.1-7t64:s390x (2.1.12-stable-10) ... 372s Setting up libwbclient0:s390x (2:4.21.4+dfsg-1ubuntu3) ... 372s Setting up libtalloc2:s390x (2:2.4.2+samba4.21.4+dfsg-1ubuntu3) ... 372s Setting up libpath-utils1t64:s390x (0.6.2-3) ... 372s Setting up libunbound8:s390x (1.22.0-1ubuntu1) ... 372s Setting up libgnutls-dane0t64:s390x (3.8.9-2ubuntu2) ... 372s Setting up libavahi-common-data:s390x (0.8-16ubuntu1) ... 372s Setting up libcares2:s390x (1.34.4-2.1) ... 372s Setting up libdhash1t64:s390x (0.6.2-3) ... 372s Setting up libcrack2:s390x (2.9.6-5.2build1) ... 372s Setting up libsss-nss-idmap0 (2.10.1-2ubuntu3) ... 372s Setting up libini-config5t64:s390x (0.6.2-3) ... 372s Setting up libtevent0t64:s390x (2:0.16.1+samba4.21.4+dfsg-1ubuntu3) ... 372s Setting up libnss-sss:s390x (2.10.1-2ubuntu3) ... 372s Setting up gnutls-bin (3.8.9-2ubuntu2) ... 372s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 372s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 372s Setting up libavahi-common3:s390x (0.8-16ubuntu1) ... 372s Setting up libsss-certmap0 (2.10.1-2ubuntu3) ... 372s Setting up libpwquality1:s390x (1.4.5-4) ... 372s Setting up libldb2:s390x (2:2.10.0+samba4.21.4+dfsg-1ubuntu3) ... 372s Setting up libavahi-client3:s390x (0.8-16ubuntu1) ... 372s Setting up libpam-pwquality:s390x (1.4.5-4) ... 373s Setting up samba-libs:s390x (2:4.21.4+dfsg-1ubuntu3) ... 373s Setting up python3-sss (2.10.1-2ubuntu3) ... 373s Setting up libsmbclient0:s390x (2:4.21.4+dfsg-1ubuntu3) ... 373s Setting up libpam-sss:s390x (2.10.1-2ubuntu3) ... 373s Setting up sssd-common (2.10.1-2ubuntu3) ... 373s Creating SSSD system user & group... 373s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 373s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 373s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 373s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 373s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 373s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 374s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 374s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 374s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 374s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 374s sssd-autofs.service is a disabled or a static unit, not starting it. 374s sssd-nss.service is a disabled or a static unit, not starting it. 374s sssd-pam.service is a disabled or a static unit, not starting it. 374s sssd-ssh.service is a disabled or a static unit, not starting it. 374s sssd-sudo.service is a disabled or a static unit, not starting it. 374s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 374s Setting up sssd-proxy (2.10.1-2ubuntu3) ... 374s Setting up sssd-ad-common (2.10.1-2ubuntu3) ... 374s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 375s sssd-pac.service is a disabled or a static unit, not starting it. 375s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 375s Setting up sssd-krb5-common (2.10.1-2ubuntu3) ... 375s Setting up sssd-krb5 (2.10.1-2ubuntu3) ... 375s Setting up sssd-ldap (2.10.1-2ubuntu3) ... 375s Setting up sssd-ad (2.10.1-2ubuntu3) ... 375s Setting up sssd-ipa (2.10.1-2ubuntu3) ... 375s Setting up sssd (2.10.1-2ubuntu3) ... 375s Processing triggers for man-db (2.13.0-1) ... 376s Processing triggers for libc-bin (2.41-1ubuntu2) ... 384s autopkgtest [19:39:18]: test sssd-softhism2-certificates-tests.sh: [----------------------- 384s + '[' -z ubuntu ']' 384s + required_tools=(p11tool openssl softhsm2-util) 384s + for cmd in "${required_tools[@]}" 384s + command -v p11tool 384s + for cmd in "${required_tools[@]}" 384s + command -v openssl 384s + for cmd in "${required_tools[@]}" 384s + command -v softhsm2-util 384s + PIN=053350 384s +++ find /usr/lib/softhsm/libsofthsm2.so 384s +++ head -n 1 384s ++ realpath /usr/lib/softhsm/libsofthsm2.so 384s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 384s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 384s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 384s + '[' '!' -v NO_SSSD_TESTS ']' 384s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 384s + ca_db_arg=ca_db 384s ++ /usr/libexec/sssd/p11_child --help 384s + p11_child_help='Usage: p11_child [OPTION...] 384s -d, --debug-level=INT Debug level 384s --debug-timestamps=INT Add debug timestamps 384s --debug-microseconds=INT Show timestamps with microseconds 384s --dumpable=INT Allow core dumps 384s --backtrace=INT Enable debug backtrace 384s --debug-fd=INT An open file descriptor for the debug 384s logs 384s --logger=stderr|files|journald Set logger 384s --auth Run in auth mode 384s --pre Run in pre-auth mode 384s --wait_for_card Wait until card is available 384s --verification Run in verification mode 384s --pin Expect PIN on stdin 384s --keypad Expect PIN on keypad 384s --verify=STRING Tune validation 384s --ca_db=STRING CA DB to use 384s --module_name=STRING Module name for authentication 384s --token_name=STRING Token name for authentication 384s --key_id=STRING Key ID for authentication 384s --label=STRING Label for authentication 384s --certificate=STRING certificate to verify, base64 encoded 384s --uri=STRING PKCS#11 URI to restrict selection 384s --chain-id=LONG Tevent chain ID used for logging 384s purposes 384s 384s Help options: 384s -?, --help Show this help message 384s --usage Display brief usage message' 384s + echo 'Usage: p11_child [OPTION...] 384s -d, --debug-level=INT Debug level 384s --debug-timestamps=INT Add debug timestamps 384s --debug-microseconds=INT Show timestamps with microseconds 384s --dumpable=INT Allow core dumps 384s --backtrace=INT Enable debug backtrace 384s --debug-fd=INT An open file descriptor for the debug 384s logs 384s --logger=stderr|files|journald Set logger 384s --auth Run in auth mode 384s --pre Run in pre-auth mode 384s --wait_for_card Wait until card is available 384s --verification Run in verification mode 384s --pin Expect PIN on stdin 384s --keypad Expect PIN on keypad 384s --verify=STRING Tune validation 384s --ca_db=STRING CA DB to use 384s --module_name=STRING Module name for authentication 384s --token_name=STRING Token name for authentication 384s --key_id=STRING Key ID for authentication 384s --label=STRING Label for authentication 384s --certificate=STRING certificate to verify, base64 encoded 384s --uri=STRING PKCS#11 URI to restrict selection 384s --chain-id=LONG Tevent chain ID used for logging 384s purposes 384s 384s Help options: 384s -?, --help Show this help message 384s --usage Display brief usage message' 384s + grep nssdb -qs 384s + echo 'Usage: p11_child [OPTION...] 384s -d, --debug-level=INT Debug level 384s --debug-timestamps=INT Add debug timestamps 384s --debug-microseconds=INT Show timestamps with microseconds 384s --dumpable=INT Allow core dumps 384s --backtrace=INT Enable debug backtrace 384s --debug-fd=INT An open file descriptor for the debug 384s logs 384s --logger=stderr|files|journald Set logger 384s --auth Run in auth mode 384s --pre Run in pre-auth mode 384s --wait_for_card Wait until card is available 384s --verification Run in verification mode 384s --pin Expect PIN on stdin 384s --keypad Expect PIN on keypad 384s --verify=STRING Tune validation 384s --ca_db=STRING CA DB to use 384s --module_name=STRING Module name for authentication 384s --token_name=STRING Token name for authentication 384s --key_id=STRING Key ID for authentication 384s --label=STRING Label for authentication 384s --certificate=STRING certificate to verify, base64 encoded 384s --uri=STRING PKCS#11 URI to restrict selection 384s --chain-id=LONG Tevent chain ID used for logging 384s purposes 384s 384s Help options: 384s -?, --help Show this help message 384s --usage Display brief usage message' 384s + grep -qs -- --ca_db 384s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 384s ++ mktemp -d -t sssd-softhsm2-XXXXXX 384s + tmpdir=/tmp/sssd-softhsm2-BRZvMt 384s + keys_size=1024 384s + [[ ! -v KEEP_TEMPORARY_FILES ]] 384s + trap 'rm -rf "$tmpdir"' EXIT 384s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 384s + echo -n 01 384s + touch /tmp/sssd-softhsm2-BRZvMt/index.txt 384s + mkdir -p /tmp/sssd-softhsm2-BRZvMt/new_certs 384s + cat 384s + root_ca_key_pass=pass:random-root-CA-password-14115 384s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-BRZvMt/test-root-CA-key.pem -passout pass:random-root-CA-password-14115 1024 385s + openssl req -passin pass:random-root-CA-password-14115 -batch -config /tmp/sssd-softhsm2-BRZvMt/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-BRZvMt/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 385s + openssl x509 -noout -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 385s + cat 385s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-5315 385s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-5315 1024 385s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-5315 -config /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.config -key /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-14115 -sha256 -out /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-certificate-request.pem 385s + openssl req -text -noout -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-certificate-request.pem 385s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-BRZvMt/test-root-CA.config -passin pass:random-root-CA-password-14115 -keyfile /tmp/sssd-softhsm2-BRZvMt/test-root-CA-key.pem -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 385s Certificate Request: 385s Data: 385s Version: 1 (0x0) 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:c4:e9:a2:10:d8:5a:d3:c3:35:6c:57:ae:18:88: 385s 5e:ed:ee:bf:c5:f9:d2:0c:9d:1b:24:11:26:85:2c: 385s 84:37:03:86:38:ef:9e:d4:a5:61:ff:37:2b:a4:fe: 385s 7d:ee:ac:05:84:6d:9c:3c:ec:55:78:1f:cf:1e:08: 385s 30:19:05:e3:f2:f5:12:77:58:a6:11:79:56:f9:00: 385s 68:f6:07:65:5b:e5:6e:61:2b:79:a5:c5:04:02:35: 385s 4f:f0:88:89:a1:ea:90:4b:25:e5:a7:e6:34:39:00: 385s 15:23:ff:a2:2c:08:e0:75:2e:c5:8b:86:bb:ef:f5: 385s 84:1a:d6:be:5c:84:d3:4d:53 385s Exponent: 65537 (0x10001) 385s Attributes: 385s (none) 385s Requested Extensions: 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 6c:a1:e4:4b:70:5d:b7:0a:28:0d:f7:06:47:a0:23:21:0a:d9: 385s de:de:2c:9d:74:05:53:a8:da:77:78:3f:5c:b7:58:8c:dd:3f: 385s 8b:60:35:7d:92:b6:69:7c:b1:6c:00:09:56:82:3e:e3:dd:42: 385s 75:64:24:42:3c:13:72:27:ca:60:6f:15:66:3c:54:2e:32:25: 385s 06:61:d1:19:c6:27:ec:35:2b:0f:64:f0:7d:ec:3c:dd:f0:26: 385s 96:18:4d:3b:5a:7d:87:e2:85:43:2a:09:ec:5f:e0:df:78:ec: 385s 7b:b1:5b:5d:17:90:55:c2:ed:ca:28:ea:74:35:d8:f6:9d:e9: 385s 04:72 385s Using configuration from /tmp/sssd-softhsm2-BRZvMt/test-root-CA.config 385s Check that the request matches the signature 385s Signature ok 385s Certificate Details: 385s Serial Number: 1 (0x1) 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: 385s organizationName = Test Organization 385s organizationalUnitName = Test Organization Unit 385s commonName = Test Organization Intermediate CA 385s X509v3 extensions: 385s X509v3 Subject Key Identifier: 385s 27:D1:1E:4B:D5:41:35:B6:72:0C:FE:8E:24:55:17:D5:0B:01:87:04 385s X509v3 Authority Key Identifier: 385s keyid:58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 385s serial:00 385s X509v3 Basic Constraints: 385s CA:TRUE 385s X509v3 Key Usage: critical 385s Digital Signature, Certificate Sign, CRL Sign 385s Certificate is to be certified until Mar 15 19:40:44 2026 GMT (365 days) 385s 385s Write out database with 1 new entries 385s Database updated 385s + openssl x509 -noout -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 385s + cat 385s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-4728 385s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-4728 1024 385s /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem: OK 385s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-4728 -config /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-5315 -sha256 -out /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-certificate-request.pem 385s + openssl req -text -noout -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-certificate-request.pem 385s Certificate Request: 385s Data: 385s Version: 1 (0x0) 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:f2:80:8e:5c:1f:53:60:60:93:7a:de:20:c7:f3: 385s a4:cc:ce:f1:4c:e2:63:99:fb:16:4b:6f:68:d5:d0: 385s 6c:97:d8:58:eb:92:fd:6a:03:de:35:67:07:ba:1f: 385s 79:53:b9:c9:39:d1:59:ef:58:c0:45:92:3c:02:13: 385s 86:22:2c:4a:d9:47:77:c3:ad:28:75:f5:9f:ad:cc: 385s 33:a6:4e:e5:c7:13:a9:8e:5f:c4:d4:3b:17:b0:fe: 385s 3a:f2:d7:92:c1:83:f8:3e:aa:8b:f3:e0:a5:7f:c5: 385s 0e:e1:88:c4:41:02:c0:71:03:b4:b6:4e:cf:a7:4e: 385s ca:11:5b:96:c5:e2:55:56:b5 385s Exponent: 65537 (0x10001) 385s Attributes: 385s (none) 385s Requested Extensions: 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 4b:28:20:ae:6e:75:b7:31:44:69:ab:fe:3a:bf:e0:b8:49:f2: 385s 34:56:5c:c1:82:ae:70:59:2e:06:3a:8a:d0:43:b2:83:ef:21: 385s a8:73:8e:ef:ff:63:72:45:27:5b:6b:58:11:3b:87:e3:4d:32: 385s ed:00:1c:88:65:98:fd:d2:46:2c:e2:42:6d:c9:0d:5c:b4:18: 385s bd:68:ee:f6:88:ca:f0:e6:8e:dc:38:f1:a9:16:15:a7:97:18: 385s 5c:b0:bd:f2:91:7c:c9:3c:55:5f:22:ec:88:19:b7:04:1b:19: 385s c4:c8:cf:63:6d:14:79:df:1a:54:95:0f:c2:be:78:15:99:a2: 385s 0f:4f 385s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-5315 -keyfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 385s Using configuration from /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.config 385s Check that the request matches the signature 385s Signature ok 385s Certificate Details: 385s Serial Number: 2 (0x2) 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: 385s organizationName = Test Organization 385s organizationalUnitName = Test Organization Unit 385s commonName = Test Organization Sub Intermediate CA 385s X509v3 extensions: 385s X509v3 Subject Key Identifier: 385s FE:FD:D0:FC:C1:87:9A:91:40:BA:8E:CA:10:66:02:A0:4C:F0:A9:E3 385s X509v3 Authority Key Identifier: 385s keyid:27:D1:1E:4B:D5:41:35:B6:72:0C:FE:8E:24:55:17:D5:0B:01:87:04 385s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 385s serial:01 385s X509v3 Basic Constraints: 385s CA:TRUE 385s X509v3 Key Usage: critical 385s Digital Signature, Certificate Sign, CRL Sign 385s Certificate is to be certified until Mar 15 19:40:44 2026 GMT (365 days) 385s 385s Write out database with 1 new entries 385s Database updated 385s + openssl x509 -noout -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 385s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 385s /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem: OK 385s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 385s + local cmd=openssl 385s + shift 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 385s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 385s error 20 at 0 depth lookup: unable to get local issuer certificate 385s error /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem: verification failed 385s + cat 385s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-17162 1024 385s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-17162 -key /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001-request.pem 385s + openssl req -text -noout -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001-request.pem 385s Certificate Request: 385s Data: 385s Version: 1 (0x0) 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:a4:d0:a9:cb:53:7c:ca:b0:02:bd:76:7a:1b:93: 385s b5:97:d2:8e:17:dc:43:5e:47:b8:c6:71:f9:d0:f4: 385s 31:27:7e:3b:a3:27:56:1d:be:f7:9d:4e:59:37:79: 385s 0c:29:f7:a0:b7:f1:ec:5d:46:37:cf:5e:2e:74:05: 385s b5:7d:c3:5c:de:94:b3:64:f2:fa:89:b3:62:6c:70: 385s b8:86:93:db:ca:81:28:4a:8e:9e:96:f3:8c:28:a7: 385s 89:b9:e2:80:d0:5e:10:2c:cc:54:16:fa:eb:6e:df: 385s d7:c1:73:b6:a5:93:09:1b:e9:35:b8:90:e4:01:a6: 385s cf:26:a1:13:53:35:2b:f9:35 385s Exponent: 65537 (0x10001) 385s Attributes: 385s Requested Extensions: 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 4b:28:54:61:57:1d:37:e5:1b:2e:83:75:3c:48:2e:50:ef:84: 385s 94:5d:87:e1:b1:26:15:c7:29:32:43:33:48:01:68:f9:a7:06: 385s 40:cd:10:85:19:bf:cc:c7:85:77:3c:94:42:9b:7b:e8:32:20: 385s cc:d1:dd:aa:0d:c1:f1:4b:35:90:17:7c:00:a6:b6:99:c1:70: 385s cf:77:24:64:fd:3a:34:cd:40:2d:2e:e1:82:d5:91:45:9a:ef: 385s 80:45:1d:71:bf:9c:2c:64:de:19:06:50:66:10:4a:c8:df:fa: 385s 8f:14:71:6a:0a:f3:9c:c3:5c:a0:fd:45:c0:03:0e:0a:75:d9: 385s 41:54 385s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-BRZvMt/test-root-CA.config -passin pass:random-root-CA-password-14115 -keyfile /tmp/sssd-softhsm2-BRZvMt/test-root-CA-key.pem -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s Using configuration from /tmp/sssd-softhsm2-BRZvMt/test-root-CA.config 385s Check that the request matches the signature 385s Signature ok 385s Certificate Details: 385s Serial Number: 3 (0x3) 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: 385s organizationName = Test Organization 385s organizationalUnitName = Test Organization Unit 385s commonName = Test Organization Root Trusted Certificate 0001 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Certificate is to be certified until Mar 15 19:40:44 2026 GMT (365 days) 385s 385s Write out database with 1 new entries 385s Database updated 385s + openssl x509 -noout -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem: OK 385s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local cmd=openssl 385s + shift 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s error 20 at 0 depth lookup: unable to get local issuer certificate 385s error /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem: verification failed 385s + cat 385s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 385s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-1563 1024 385s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-1563 -key /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001-request.pem 385s + openssl req -text -noout -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001-request.pem 385s Certificate Request: 385s Data: 385s Version: 1 (0x0) 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:b2:19:61:ae:d9:93:0a:ce:10:dd:85:33:e6:c2: 385s 85:b5:f8:54:df:82:b2:da:94:93:a1:3a:b1:5b:c8: 385s e0:11:6f:85:c1:3d:d8:5b:32:b6:2b:50:eb:ef:27: 385s 76:74:02:fb:db:63:aa:ca:e9:3e:11:62:36:3f:60: 385s 6a:70:a5:ca:fd:80:90:4e:61:dd:65:8c:e8:8f:c5: 385s ba:0d:e4:ba:1e:7b:4a:1f:93:f4:70:17:77:da:6d: 385s ef:43:4b:25:eb:b5:c6:74:01:2d:61:64:44:84:bb: 385s e9:69:01:18:ef:d2:f6:2b:36:84:ef:eb:c1:fd:1b: 385s c6:61:6f:74:d1:7a:ac:24:0b 385s Exponent: 65537 (0x10001) 385s Attributes: 385s Requested Extensions: 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 1F:9E:D6:71:89:7E:1C:7B:0F:FB:44:9D:E6:4E:3E:27:06:D7:3A:46 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 54:03:d6:f0:1e:c2:3f:3a:01:de:02:de:8f:97:94:8e:23:9d: 385s 2b:2d:d9:76:18:b1:fd:69:06:2c:79:1e:b7:92:9d:94:9a:7f: 385s cf:9b:cc:90:19:49:fd:4b:65:be:0c:e6:b7:74:56:db:39:a4: 385s 36:d1:c6:3b:af:b6:b6:3c:d3:c4:b7:1c:06:8e:22:20:f8:76: 385s 7d:ea:ec:ec:1d:8a:84:52:c4:f5:48:26:de:99:69:1f:92:21: 385s 8d:9d:17:ec:60:d7:e6:37:c6:f4:ca:ac:d3:db:d7:e6:dc:e1: 385s 76:78:2d:1e:d2:5f:e0:32:2a:01:99:05:99:d0:49:5f:75:ce: 385s 61:e4 385s + openssl ca -passin pass:random-intermediate-CA-password-5315 -config /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 385s Using configuration from /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.config 385s Check that the request matches the signature 385s Signature ok 385s Certificate Details: 385s Serial Number: 4 (0x4) 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: 385s organizationName = Test Organization 385s organizationalUnitName = Test Organization Unit 385s commonName = Test Organization Intermediate Trusted Certificate 0001 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 27:D1:1E:4B:D5:41:35:B6:72:0C:FE:8E:24:55:17:D5:0B:01:87:04 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 1F:9E:D6:71:89:7E:1C:7B:0F:FB:44:9D:E6:4E:3E:27:06:D7:3A:46 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Certificate is to be certified until Mar 15 19:40:44 2026 GMT (365 days) 385s 385s Write out database with 1 new entries 385s Database updated 385s + openssl x509 -noout -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 385s This certificate should not be trusted fully 385s + echo 'This certificate should not be trusted fully' 385s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 385s + local cmd=openssl 385s + shift 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 385s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 385s error 2 at 1 depth lookup: unable to get issuer certificate 385s error /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 385s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 385s /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem: OK 385s + cat 385s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 385s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-2783 1024 385s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-2783 -key /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 385s + openssl req -text -noout -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 385s Certificate Request: 385s Data: 385s Version: 1 (0x0) 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:d2:77:21:3e:dd:80:28:0e:b3:e5:02:85:2b:0b: 385s 55:70:57:d4:1e:a8:40:92:1a:5f:60:fb:90:bc:55: 385s 45:1d:91:29:d7:07:df:0f:56:80:4a:ba:36:93:dc: 385s f1:fd:ce:f3:51:20:70:5b:5f:47:e1:05:6a:f3:dc: 385s b5:98:ae:b1:dc:9d:e9:53:74:eb:c6:6c:86:c6:c3: 385s 25:c2:9e:cd:1e:56:1f:39:a4:90:01:3f:56:14:08: 385s 0e:34:14:c2:83:1f:f0:e5:71:3d:d7:4f:96:b6:28: 385s 8c:fc:1a:d2:6d:35:0d:9c:e3:8c:7d:02:a9:89:3e: 385s 9f:78:13:cb:c9:7e:64:18:df 385s Exponent: 65537 (0x10001) 385s Attributes: 385s Requested Extensions: 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Sub Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 81:FB:CE:86:43:4F:1D:A0:62:CC:75:15:3D:3A:26:CF:B8:BD:FF:74 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 82:96:c8:3f:86:cc:fd:72:07:8d:8e:8c:e1:b7:c3:29:6b:6f: 385s 55:e1:0e:58:6a:15:c3:6b:15:34:49:5f:3a:11:3f:87:48:bd: 385s f0:36:d5:48:ff:a5:c8:46:42:ca:fb:4d:f5:de:76:95:5d:45: 385s dc:90:75:54:21:2a:21:fe:11:76:4c:43:28:0e:91:b9:b6:d6: 385s 7f:f4:c2:cf:76:07:ea:7c:f2:6b:78:bb:67:6f:c4:30:b4:e1: 385s 53:68:55:97:e1:44:56:61:70:57:09:57:9d:89:09:17:00:ea: 385s e0:55:db:bf:f0:75:ce:3d:70:cc:f8:85:40:f2:23:90:1c:7b: 385s 25:31 385s + openssl ca -passin pass:random-sub-intermediate-CA-password-4728 -config /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s Using configuration from /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.config 385s Check that the request matches the signature 385s Signature ok 385s Certificate Details: 385s Serial Number: 5 (0x5) 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: 385s organizationName = Test Organization 385s organizationalUnitName = Test Organization Unit 385s commonName = Test OrgaThis certificate should not be trusted fully 385s nization Sub Intermediate Trusted Certificate 0001 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s FE:FD:D0:FC:C1:87:9A:91:40:BA:8E:CA:10:66:02:A0:4C:F0:A9:E3 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Sub Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 81:FB:CE:86:43:4F:1D:A0:62:CC:75:15:3D:3A:26:CF:B8:BD:FF:74 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Certificate is to be certified until Mar 15 19:40:44 2026 GMT (365 days) 385s 385s Write out database with 1 new entries 385s Database updated 385s + openssl x509 -noout -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + echo 'This certificate should not be trusted fully' 385s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 385s Building a the full-chain CA file... 385s + local cmd=openssl 385s + shift 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 385s error 2 at 1 depth lookup: unable to get issuer certificate 385s error /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 385s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local cmd=openssl 385s + shift 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 385s error 20 at 0 depth lookup: unable to get local issuer certificate 385s error /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 385s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local cmd=openssl 385s + shift 385s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 385s error 20 at 0 depth lookup: unable to get local issuer certificate 385s error /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 385s + echo 'Building a the full-chain CA file...' 385s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s 385s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 385s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s 385s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 385s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 385s 385s /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem: OK 385s /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem: OK 385s /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem: OK 385s /tmp/sssd-softhsm2-BRZvMt/test-root-intermediate-chain-CA.pem: OK 385s /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 385s Certificates generation completed! 385s + cat /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 385s + cat /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 385s + cat /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 385s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 385s + openssl pkcs7 -print_certs -noout 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-root-intermediate-chain-CA.pem 385s + openssl verify -CAfile /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + echo 'Certificates generation completed!' 385s + [[ -v NO_SSSD_TESTS ]] 385s + invalid_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /dev/null 385s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /dev/null 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_ring=/dev/null 385s + local verify_option= 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-root-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Root Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 385s + token_name='Test Organization Root Tr Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 385s + local key_file 385s + local decrypted_key 385s + mkdir -p /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 385s + key_file=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001-key.pem 385s + decrypted_key=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001-key-decrypted.pem 385s + cat 385s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 385s Slot 0 has a free/uninitialized token. 385s The token has been initialized and is reassigned to slot 575428684 385s + softhsm2-util --show-slots 385s Available slots: 385s Slot 575428684 385s Slot info: 385s Description: SoftHSM slot ID 0x224c584c 385s Manufacturer ID: SoftHSM project 385s Hardware version: 2.6 385s Firmware version: 2.6 385s Token present: yes 385s Token info: 385s Manufacturer ID: SoftHSM project 385s Model: SoftHSM v2 385s Hardware version: 2.6 385s Firmware version: 2.6 385s Serial number: efb5a642224c584c 385s Initialized: yes 385s User PIN init.: yes 385s Label: Test Organization Root Tr Token 385s Slot 1 385s Slot info: 385s Description: SoftHSM slot ID 0x1 385s Manufacturer ID: SoftHSM project 385s Hardware version: 2.6 385s Firmware version: 2.6 385s Token present: yes 385s Token info: 385s Manufacturer ID: SoftHSM project 385s Model: SoftHSM v2 385s Hardware version: 2.6 385s Firmware version: 2.6 385s Serial number: 385s Initialized: no 385s User PIN init.: no 385s Label: 385s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 385s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-17162 -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001-key-decrypted.pem 385s writing RSA key 385s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 385s + rm /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001-key-decrypted.pem 385s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 385s Object 0: 385s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=efb5a642224c584c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 385s Type: X.509 Certificate (RSA-1024) 385s Expires: Sun Mar 15 19:40:44 2026 385s Label: Test Organization Root Trusted Certificate 0001 385s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 385s 385s + echo 'Test Organization Root Tr Token' 385s + '[' -n '' ']' 385s Test Organization Root Tr Token 385s + local output_base_name=SSSD-child-32295 385s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-32295.output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-32295.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 385s [p11_child[2195]] [main] (0x0400): p11_child started. 385s [p11_child[2195]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2195]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2195]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2195]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 385s [p11_child[2195]] [do_work] (0x0040): init_verification failed. 385s [p11_child[2195]] [main] (0x0020): p11_child failed (5) 385s + return 2 385s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /dev/null no_verification 385s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /dev/null no_verification 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_ring=/dev/null 385s + local verify_option=no_verification 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-root-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Root Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 385s Test Organization Root Tr Token 385s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 385s + token_name='Test Organization Root Tr Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 ']' 385s + echo 'Test Organization Root Tr Token' 385s + '[' -n no_verification ']' 385s + local verify_arg=--verify=no_verification 385s + local output_base_name=SSSD-child-4045 385s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045.output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 385s [p11_child[2201]] [main] (0x0400): p11_child started. 385s [p11_child[2201]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2201]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2201]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2201]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 385s [p11_child[2201]] [do_card] (0x4000): Module List: 385s [p11_child[2201]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2201]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2201]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2201]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2201]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2201]] [do_card] (0x4000): Login NOT required. 385s [p11_child[2201]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2201]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2201]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x224c584c;slot-manufacturer=SoftHSM%20project;slot-id=575428684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=efb5a642224c584c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2201]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:a4:d0:a9:cb:53:7c:ca:b0:02:bd:76:7a:1b:93: 385s b5:97:d2:8e:17:dc:43:5e:47:b8:c6:71:f9:d0:f4: 385s 31:27:7e:3b:a3:27:56:1d:be:f7:9d:4e:59:37:79: 385s 0c:29:f7:a0:b7:f1:ec:5d:46:37:cf:5e:2e:74:05: 385s b5:7d:c3:5c:de:94:b3:64:f2:fa:89:b3:62:6c:70: 385s b8:86:93:db:ca:81:28:4a:8e:9e:96:f3:8c:28:a7: 385s 89:b9:e2:80:d0:5e:10:2c:cc:54:16:fa:eb:6e:df: 385s d7:c1:73:b6:a5:93:09:1b:e9:35:b8:90:e4:01:a6: 385s cf:26:a1:13:53:35:2b:f9:35 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 51:dc:ca:af:5b:88:83:92:13:96:a5:d5:80:cb:11:a0:85:01: 385s 00:91:92:04:40:41:5c:6c:0e:61:12:1b:29:44:fc:c6:47:c4: 385s 77:5c:b9:9b:7d:25:6e:d6:83:e5:97:8a:2a:38:f4:18:53:2d: 385s 54:ea:1a:96:03:51:c5:19:8a:2e:53:ab:61:4a:79:23:34:2b: 385s 07:08:1d:34:69:94:16:16:f6:eb:42:eb:48:2f:a5:44:4d:50: 385s ea:7e:b8:d5:f0:d2:56:12:00:2f:54:eb:91:7e:c7:97:b1:99: 385s 30:c0:f8:4f:5a:c2:da:34:20:2f:8e:0a:07:2e:f3:1e:9f:0b: 385s 30:e7 385s + local found_md5 expected_md5 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + expected_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045.pem 385s + found_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s + '[' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 '!=' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 ']' 385s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045-auth.output 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045-auth.output .output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045-auth.pem 385s + echo -n 053350 385s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 385s [p11_child[2209]] [main] (0x0400): p11_child started. 385s [p11_child[2209]] [main] (0x2000): Running in [auth] mode. 385s [p11_child[2209]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2209]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2209]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 385s [p11_child[2209]] [do_card] (0x4000): Module List: 385s [p11_child[2209]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2209]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2209]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2209]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2209]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2209]] [do_card] (0x4000): Login required. 385s [p11_child[2209]] [do_card] (0x4000): Token flags [1069]. 385s [p11_child[2209]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2209]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2209]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x224c584c;slot-manufacturer=SoftHSM%20project;slot-id=575428684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=efb5a642224c584c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 385s [p11_child[2209]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 385s [p11_child[2209]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 385s [p11_child[2209]] [do_card] (0x4000): Certificate verified and validated. 385s [p11_child[2209]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045-auth.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045-auth.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045-auth.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:a4:d0:a9:cb:53:7c:ca:b0:02:bd:76:7a:1b:93: 385s b5:97:d2:8e:17:dc:43:5e:47:b8:c6:71:f9:d0:f4: 385s 31:27:7e:3b:a3:27:56:1d:be:f7:9d:4e:59:37:79: 385s 0c:29:f7:a0:b7:f1:ec:5d:46:37:cf:5e:2e:74:05: 385s b5:7d:c3:5c:de:94:b3:64:f2:fa:89:b3:62:6c:70: 385s b8:86:93:db:ca:81:28:4a:8e:9e:96:f3:8c:28:a7: 385s 89:b9:e2:80:d0:5e:10:2c:cc:54:16:fa:eb:6e:df: 385s d7:c1:73:b6:a5:93:09:1b:e9:35:b8:90:e4:01:a6: 385s cf:26:a1:13:53:35:2b:f9:35 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 51:dc:ca:af:5b:88:83:92:13:96:a5:d5:80:cb:11:a0:85:01: 385s 00:91:92:04:40:41:5c:6c:0e:61:12:1b:29:44:fc:c6:47:c4: 385s 77:5c:b9:9b:7d:25:6e:d6:83:e5:97:8a:2a:38:f4:18:53:2d: 385s 54:ea:1a:96:03:51:c5:19:8a:2e:53:ab:61:4a:79:23:34:2b: 385s 07:08:1d:34:69:94:16:16:f6:eb:42:eb:48:2f:a5:44:4d:50: 385s ea:7e:b8:d5:f0:d2:56:12:00:2f:54:eb:91:7e:c7:97:b1:99: 385s 30:c0:f8:4f:5a:c2:da:34:20:2f:8e:0a:07:2e:f3:1e:9f:0b: 385s 30:e7 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-4045-auth.pem 385s + found_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s + '[' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 '!=' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 ']' 385s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 385s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 385s + local verify_option= 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-root-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Root Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 385s + token_name='Test Organization Root Tr Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 ']' 385s Test Organization Root Tr Token 385s + echo 'Test Organization Root Tr Token' 385s + '[' -n '' ']' 385s + local output_base_name=SSSD-child-13158 385s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158.output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 385s [p11_child[2219]] [main] (0x0400): p11_child started. 385s [p11_child[2219]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2219]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2219]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2219]] [do_card] (0x4000): Module List: 385s [p11_child[2219]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2219]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2219]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2219]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2219]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2219]] [do_card] (0x4000): Login NOT required. 385s [p11_child[2219]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2219]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2219]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2219]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x224c584c;slot-manufacturer=SoftHSM%20project;slot-id=575428684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=efb5a642224c584c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2219]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:a4:d0:a9:cb:53:7c:ca:b0:02:bd:76:7a:1b:93: 385s b5:97:d2:8e:17:dc:43:5e:47:b8:c6:71:f9:d0:f4: 385s 31:27:7e:3b:a3:27:56:1d:be:f7:9d:4e:59:37:79: 385s 0c:29:f7:a0:b7:f1:ec:5d:46:37:cf:5e:2e:74:05: 385s b5:7d:c3:5c:de:94:b3:64:f2:fa:89:b3:62:6c:70: 385s b8:86:93:db:ca:81:28:4a:8e:9e:96:f3:8c:28:a7: 385s 89:b9:e2:80:d0:5e:10:2c:cc:54:16:fa:eb:6e:df: 385s d7:c1:73:b6:a5:93:09:1b:e9:35:b8:90:e4:01:a6: 385s cf:26:a1:13:53:35:2b:f9:35 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 51:dc:ca:af:5b:88:83:92:13:96:a5:d5:80:cb:11:a0:85:01: 385s 00:91:92:04:40:41:5c:6c:0e:61:12:1b:29:44:fc:c6:47:c4: 385s 77:5c:b9:9b:7d:25:6e:d6:83:e5:97:8a:2a:38:f4:18:53:2d: 385s 54:ea:1a:96:03:51:c5:19:8a:2e:53:ab:61:4a:79:23:34:2b: 385s 07:08:1d:34:69:94:16:16:f6:eb:42:eb:48:2f:a5:44:4d:50: 385s ea:7e:b8:d5:f0:d2:56:12:00:2f:54:eb:91:7e:c7:97:b1:99: 385s 30:c0:f8:4f:5a:c2:da:34:20:2f:8e:0a:07:2e:f3:1e:9f:0b: 385s 30:e7 385s + local found_md5 expected_md5 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + expected_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158.pem 385s + found_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s + '[' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 '!=' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 ']' 385s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158-auth.output 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158-auth.output .output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158-auth.pem 385s + echo -n 053350 385s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 385s [p11_child[2227]] [main] (0x0400): p11_child started. 385s [p11_child[2227]] [main] (0x2000): Running in [auth] mode. 385s [p11_child[2227]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2227]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2227]] [do_card] (0x4000): Module List: 385s [p11_child[2227]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2227]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2227]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2227]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2227]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2227]] [do_card] (0x4000): Login required. 385s [p11_child[2227]] [do_card] (0x4000): Token flags [1069]. 385s [p11_child[2227]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2227]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2227]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2227]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x224c584c;slot-manufacturer=SoftHSM%20project;slot-id=575428684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=efb5a642224c584c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 385s [p11_child[2227]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 385s [p11_child[2227]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 385s [p11_child[2227]] [do_card] (0x4000): Certificate verified and validated. 385s [p11_child[2227]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158-auth.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158-auth.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158-auth.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:a4:d0:a9:cb:53:7c:ca:b0:02:bd:76:7a:1b:93: 385s b5:97:d2:8e:17:dc:43:5e:47:b8:c6:71:f9:d0:f4: 385s 31:27:7e:3b:a3:27:56:1d:be:f7:9d:4e:59:37:79: 385s 0c:29:f7:a0:b7:f1:ec:5d:46:37:cf:5e:2e:74:05: 385s b5:7d:c3:5c:de:94:b3:64:f2:fa:89:b3:62:6c:70: 385s b8:86:93:db:ca:81:28:4a:8e:9e:96:f3:8c:28:a7: 385s 89:b9:e2:80:d0:5e:10:2c:cc:54:16:fa:eb:6e:df: 385s d7:c1:73:b6:a5:93:09:1b:e9:35:b8:90:e4:01:a6: 385s cf:26:a1:13:53:35:2b:f9:35 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 51:dc:ca:af:5b:88:83:92:13:96:a5:d5:80:cb:11:a0:85:01: 385s 00:91:92:04:40:41:5c:6c:0e:61:12:1b:29:44:fc:c6:47:c4: 385s 77:5c:b9:9b:7d:25:6e:d6:83:e5:97:8a:2a:38:f4:18:53:2d: 385s 54:ea:1a:96:03:51:c5:19:8a:2e:53:ab:61:4a:79:23:34:2b: 385s 07:08:1d:34:69:94:16:16:f6:eb:42:eb:48:2f:a5:44:4d:50: 385s ea:7e:b8:d5:f0:d2:56:12:00:2f:54:eb:91:7e:c7:97:b1:99: 385s 30:c0:f8:4f:5a:c2:da:34:20:2f:8e:0a:07:2e:f3:1e:9f:0b: 385s 30:e7 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-13158-auth.pem 385s + found_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s + '[' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 '!=' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 ']' 385s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem partial_chain 385s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem partial_chain 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 385s + local verify_option=partial_chain 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-root-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Root Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 385s + token_name='Test Organization Root Tr Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 385s Test Organization Root Tr Token 385s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 ']' 385s + echo 'Test Organization Root Tr Token' 385s + '[' -n partial_chain ']' 385s + local verify_arg=--verify=partial_chain 385s + local output_base_name=SSSD-child-10491 385s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491.output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 385s [p11_child[2237]] [main] (0x0400): p11_child started. 385s [p11_child[2237]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2237]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2237]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2237]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 385s [p11_child[2237]] [do_card] (0x4000): Module List: 385s [p11_child[2237]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2237]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2237]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2237]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2237]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2237]] [do_card] (0x4000): Login NOT required. 385s [p11_child[2237]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2237]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2237]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2237]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x224c584c;slot-manufacturer=SoftHSM%20project;slot-id=575428684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=efb5a642224c584c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2237]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:a4:d0:a9:cb:53:7c:ca:b0:02:bd:76:7a:1b:93: 385s b5:97:d2:8e:17:dc:43:5e:47:b8:c6:71:f9:d0:f4: 385s 31:27:7e:3b:a3:27:56:1d:be:f7:9d:4e:59:37:79: 385s 0c:29:f7:a0:b7:f1:ec:5d:46:37:cf:5e:2e:74:05: 385s b5:7d:c3:5c:de:94:b3:64:f2:fa:89:b3:62:6c:70: 385s b8:86:93:db:ca:81:28:4a:8e:9e:96:f3:8c:28:a7: 385s 89:b9:e2:80:d0:5e:10:2c:cc:54:16:fa:eb:6e:df: 385s d7:c1:73:b6:a5:93:09:1b:e9:35:b8:90:e4:01:a6: 385s cf:26:a1:13:53:35:2b:f9:35 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 51:dc:ca:af:5b:88:83:92:13:96:a5:d5:80:cb:11:a0:85:01: 385s 00:91:92:04:40:41:5c:6c:0e:61:12:1b:29:44:fc:c6:47:c4: 385s 77:5c:b9:9b:7d:25:6e:d6:83:e5:97:8a:2a:38:f4:18:53:2d: 385s 54:ea:1a:96:03:51:c5:19:8a:2e:53:ab:61:4a:79:23:34:2b: 385s 07:08:1d:34:69:94:16:16:f6:eb:42:eb:48:2f:a5:44:4d:50: 385s ea:7e:b8:d5:f0:d2:56:12:00:2f:54:eb:91:7e:c7:97:b1:99: 385s 30:c0:f8:4f:5a:c2:da:34:20:2f:8e:0a:07:2e:f3:1e:9f:0b: 385s 30:e7 385s + local found_md5 expected_md5 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + expected_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491.pem 385s + found_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s + '[' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 '!=' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 ']' 385s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491-auth.output 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491-auth.output .output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491-auth.pem 385s + echo -n 053350 385s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 385s [p11_child[2245]] [main] (0x0400): p11_child started. 385s [p11_child[2245]] [main] (0x2000): Running in [auth] mode. 385s [p11_child[2245]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2245]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2245]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 385s [p11_child[2245]] [do_card] (0x4000): Module List: 385s [p11_child[2245]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2245]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2245]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2245]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2245]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2245]] [do_card] (0x4000): Login required. 385s [p11_child[2245]] [do_card] (0x4000): Token flags [1069]. 385s [p11_child[2245]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2245]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2245]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2245]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x224c584c;slot-manufacturer=SoftHSM%20project;slot-id=575428684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=efb5a642224c584c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 385s [p11_child[2245]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 385s [p11_child[2245]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 385s [p11_child[2245]] [do_card] (0x4000): Certificate verified and validated. 385s [p11_child[2245]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491-auth.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491-auth.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491-auth.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:a4:d0:a9:cb:53:7c:ca:b0:02:bd:76:7a:1b:93: 385s b5:97:d2:8e:17:dc:43:5e:47:b8:c6:71:f9:d0:f4: 385s 31:27:7e:3b:a3:27:56:1d:be:f7:9d:4e:59:37:79: 385s 0c:29:f7:a0:b7:f1:ec:5d:46:37:cf:5e:2e:74:05: 385s b5:7d:c3:5c:de:94:b3:64:f2:fa:89:b3:62:6c:70: 385s b8:86:93:db:ca:81:28:4a:8e:9e:96:f3:8c:28:a7: 385s 89:b9:e2:80:d0:5e:10:2c:cc:54:16:fa:eb:6e:df: 385s d7:c1:73:b6:a5:93:09:1b:e9:35:b8:90:e4:01:a6: 385s cf:26:a1:13:53:35:2b:f9:35 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 51:dc:ca:af:5b:88:83:92:13:96:a5:d5:80:cb:11:a0:85:01: 385s 00:91:92:04:40:41:5c:6c:0e:61:12:1b:29:44:fc:c6:47:c4: 385s 77:5c:b9:9b:7d:25:6e:d6:83:e5:97:8a:2a:38:f4:18:53:2d: 385s 54:ea:1a:96:03:51:c5:19:8a:2e:53:ab:61:4a:79:23:34:2b: 385s 07:08:1d:34:69:94:16:16:f6:eb:42:eb:48:2f:a5:44:4d:50: 385s ea:7e:b8:d5:f0:d2:56:12:00:2f:54:eb:91:7e:c7:97:b1:99: 385s 30:c0:f8:4f:5a:c2:da:34:20:2f:8e:0a:07:2e:f3:1e:9f:0b: 385s 30:e7 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-10491-auth.pem 385s + found_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s + '[' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 '!=' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 ']' 385s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 385s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 385s + local verify_option= 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-root-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Root Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 385s Test Organization Root Tr Token 385s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 385s + token_name='Test Organization Root Tr Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 ']' 385s + echo 'Test Organization Root Tr Token' 385s + '[' -n '' ']' 385s + local output_base_name=SSSD-child-5097 385s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097.output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 385s [p11_child[2255]] [main] (0x0400): p11_child started. 385s [p11_child[2255]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2255]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2255]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2255]] [do_card] (0x4000): Module List: 385s [p11_child[2255]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2255]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2255]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2255]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2255]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2255]] [do_card] (0x4000): Login NOT required. 385s [p11_child[2255]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2255]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2255]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2255]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x224c584c;slot-manufacturer=SoftHSM%20project;slot-id=575428684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=efb5a642224c584c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2255]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:a4:d0:a9:cb:53:7c:ca:b0:02:bd:76:7a:1b:93: 385s b5:97:d2:8e:17:dc:43:5e:47:b8:c6:71:f9:d0:f4: 385s 31:27:7e:3b:a3:27:56:1d:be:f7:9d:4e:59:37:79: 385s 0c:29:f7:a0:b7:f1:ec:5d:46:37:cf:5e:2e:74:05: 385s b5:7d:c3:5c:de:94:b3:64:f2:fa:89:b3:62:6c:70: 385s b8:86:93:db:ca:81:28:4a:8e:9e:96:f3:8c:28:a7: 385s 89:b9:e2:80:d0:5e:10:2c:cc:54:16:fa:eb:6e:df: 385s d7:c1:73:b6:a5:93:09:1b:e9:35:b8:90:e4:01:a6: 385s cf:26:a1:13:53:35:2b:f9:35 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 51:dc:ca:af:5b:88:83:92:13:96:a5:d5:80:cb:11:a0:85:01: 385s 00:91:92:04:40:41:5c:6c:0e:61:12:1b:29:44:fc:c6:47:c4: 385s 77:5c:b9:9b:7d:25:6e:d6:83:e5:97:8a:2a:38:f4:18:53:2d: 385s 54:ea:1a:96:03:51:c5:19:8a:2e:53:ab:61:4a:79:23:34:2b: 385s 07:08:1d:34:69:94:16:16:f6:eb:42:eb:48:2f:a5:44:4d:50: 385s ea:7e:b8:d5:f0:d2:56:12:00:2f:54:eb:91:7e:c7:97:b1:99: 385s 30:c0:f8:4f:5a:c2:da:34:20:2f:8e:0a:07:2e:f3:1e:9f:0b: 385s 30:e7 385s + local found_md5 expected_md5 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + expected_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097.pem 385s + found_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s + '[' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 '!=' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 ']' 385s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097-auth.output 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097-auth.output .output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097-auth.pem 385s + echo -n 053350 385s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 385s [p11_child[2263]] [main] (0x0400): p11_child started. 385s [p11_child[2263]] [main] (0x2000): Running in [auth] mode. 385s [p11_child[2263]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2263]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2263]] [do_card] (0x4000): Module List: 385s [p11_child[2263]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2263]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2263]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2263]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2263]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2263]] [do_card] (0x4000): Login required. 385s [p11_child[2263]] [do_card] (0x4000): Token flags [1069]. 385s [p11_child[2263]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2263]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2263]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2263]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x224c584c;slot-manufacturer=SoftHSM%20project;slot-id=575428684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=efb5a642224c584c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 385s [p11_child[2263]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 385s [p11_child[2263]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 385s [p11_child[2263]] [do_card] (0x4000): Certificate verified and validated. 385s [p11_child[2263]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097-auth.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097-auth.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097-auth.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:a4:d0:a9:cb:53:7c:ca:b0:02:bd:76:7a:1b:93: 385s b5:97:d2:8e:17:dc:43:5e:47:b8:c6:71:f9:d0:f4: 385s 31:27:7e:3b:a3:27:56:1d:be:f7:9d:4e:59:37:79: 385s 0c:29:f7:a0:b7:f1:ec:5d:46:37:cf:5e:2e:74:05: 385s b5:7d:c3:5c:de:94:b3:64:f2:fa:89:b3:62:6c:70: 385s b8:86:93:db:ca:81:28:4a:8e:9e:96:f3:8c:28:a7: 385s 89:b9:e2:80:d0:5e:10:2c:cc:54:16:fa:eb:6e:df: 385s d7:c1:73:b6:a5:93:09:1b:e9:35:b8:90:e4:01:a6: 385s cf:26:a1:13:53:35:2b:f9:35 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 51:dc:ca:af:5b:88:83:92:13:96:a5:d5:80:cb:11:a0:85:01: 385s 00:91:92:04:40:41:5c:6c:0e:61:12:1b:29:44:fc:c6:47:c4: 385s 77:5c:b9:9b:7d:25:6e:d6:83:e5:97:8a:2a:38:f4:18:53:2d: 385s 54:ea:1a:96:03:51:c5:19:8a:2e:53:ab:61:4a:79:23:34:2b: 385s 07:08:1d:34:69:94:16:16:f6:eb:42:eb:48:2f:a5:44:4d:50: 385s ea:7e:b8:d5:f0:d2:56:12:00:2f:54:eb:91:7e:c7:97:b1:99: 385s 30:c0:f8:4f:5a:c2:da:34:20:2f:8e:0a:07:2e:f3:1e:9f:0b: 385s 30:e7 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5097-auth.pem 385s + found_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s + '[' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 '!=' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 ']' 385s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem partial_chain 385s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem partial_chain 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 385s + local verify_option=partial_chain 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-root-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Root Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 385s Test Organization Root Tr Token 385s + token_name='Test Organization Root Tr Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 ']' 385s + echo 'Test Organization Root Tr Token' 385s + '[' -n partial_chain ']' 385s + local verify_arg=--verify=partial_chain 385s + local output_base_name=SSSD-child-7578 385s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578.output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 385s [p11_child[2273]] [main] (0x0400): p11_child started. 385s [p11_child[2273]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2273]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2273]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2273]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 385s [p11_child[2273]] [do_card] (0x4000): Module List: 385s [p11_child[2273]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2273]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2273]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2273]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2273]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2273]] [do_card] (0x4000): Login NOT required. 385s [p11_child[2273]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2273]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2273]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2273]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x224c584c;slot-manufacturer=SoftHSM%20project;slot-id=575428684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=efb5a642224c584c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2273]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:a4:d0:a9:cb:53:7c:ca:b0:02:bd:76:7a:1b:93: 385s b5:97:d2:8e:17:dc:43:5e:47:b8:c6:71:f9:d0:f4: 385s 31:27:7e:3b:a3:27:56:1d:be:f7:9d:4e:59:37:79: 385s 0c:29:f7:a0:b7:f1:ec:5d:46:37:cf:5e:2e:74:05: 385s b5:7d:c3:5c:de:94:b3:64:f2:fa:89:b3:62:6c:70: 385s b8:86:93:db:ca:81:28:4a:8e:9e:96:f3:8c:28:a7: 385s 89:b9:e2:80:d0:5e:10:2c:cc:54:16:fa:eb:6e:df: 385s d7:c1:73:b6:a5:93:09:1b:e9:35:b8:90:e4:01:a6: 385s cf:26:a1:13:53:35:2b:f9:35 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 51:dc:ca:af:5b:88:83:92:13:96:a5:d5:80:cb:11:a0:85:01: 385s 00:91:92:04:40:41:5c:6c:0e:61:12:1b:29:44:fc:c6:47:c4: 385s 77:5c:b9:9b:7d:25:6e:d6:83:e5:97:8a:2a:38:f4:18:53:2d: 385s 54:ea:1a:96:03:51:c5:19:8a:2e:53:ab:61:4a:79:23:34:2b: 385s 07:08:1d:34:69:94:16:16:f6:eb:42:eb:48:2f:a5:44:4d:50: 385s ea:7e:b8:d5:f0:d2:56:12:00:2f:54:eb:91:7e:c7:97:b1:99: 385s 30:c0:f8:4f:5a:c2:da:34:20:2f:8e:0a:07:2e:f3:1e:9f:0b: 385s 30:e7 385s + local found_md5 expected_md5 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + expected_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578.pem 385s + found_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s + '[' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 '!=' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 ']' 385s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578-auth.output 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578-auth.output .output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578-auth.pem 385s + echo -n 053350 385s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 385s [p11_child[2281]] [main] (0x0400): p11_child started. 385s [p11_child[2281]] [main] (0x2000): Running in [auth] mode. 385s [p11_child[2281]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2281]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2281]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 385s [p11_child[2281]] [do_card] (0x4000): Module List: 385s [p11_child[2281]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2281]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2281]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2281]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2281]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2281]] [do_card] (0x4000): Login required. 385s [p11_child[2281]] [do_card] (0x4000): Token flags [1069]. 385s [p11_child[2281]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2281]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2281]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2281]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x224c584c;slot-manufacturer=SoftHSM%20project;slot-id=575428684;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=efb5a642224c584c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 385s [p11_child[2281]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 385s [p11_child[2281]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 385s [p11_child[2281]] [do_card] (0x4000): Certificate verified and validated. 385s [p11_child[2281]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578-auth.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578-auth.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578-auth.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 385s Validity 385s Not Before: Mar 15 19:40:44 2025 GMT 385s Not After : Mar 15 19:40:44 2026 GMT 385s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:a4:d0:a9:cb:53:7c:ca:b0:02:bd:76:7a:1b:93: 385s b5:97:d2:8e:17:dc:43:5e:47:b8:c6:71:f9:d0:f4: 385s 31:27:7e:3b:a3:27:56:1d:be:f7:9d:4e:59:37:79: 385s 0c:29:f7:a0:b7:f1:ec:5d:46:37:cf:5e:2e:74:05: 385s b5:7d:c3:5c:de:94:b3:64:f2:fa:89:b3:62:6c:70: 385s b8:86:93:db:ca:81:28:4a:8e:9e:96:f3:8c:28:a7: 385s 89:b9:e2:80:d0:5e:10:2c:cc:54:16:fa:eb:6e:df: 385s d7:c1:73:b6:a5:93:09:1b:e9:35:b8:90:e4:01:a6: 385s cf:26:a1:13:53:35:2b:f9:35 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 58:98:00:DB:1F:F3:A3:38:CA:40:68:32:CB:FA:78:9F:F4:37:06:F6 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s C0:0E:71:48:5A:6A:24:EA:20:42:C2:D7:AA:D0:B3:13:B1:C6:55:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 51:dc:ca:af:5b:88:83:92:13:96:a5:d5:80:cb:11:a0:85:01: 385s 00:91:92:04:40:41:5c:6c:0e:61:12:1b:29:44:fc:c6:47:c4: 385s 77:5c:b9:9b:7d:25:6e:d6:83:e5:97:8a:2a:38:f4:18:53:2d: 385s 54:ea:1a:96:03:51:c5:19:8a:2e:53:ab:61:4a:79:23:34:2b: 385s 07:08:1d:34:69:94:16:16:f6:eb:42:eb:48:2f:a5:44:4d:50: 385s ea:7e:b8:d5:f0:d2:56:12:00:2f:54:eb:91:7e:c7:97:b1:99: 385s 30:c0:f8:4f:5a:c2:da:34:20:2f:8e:0a:07:2e:f3:1e:9f:0b: 385s 30:e7 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-7578-auth.pem 385s + found_md5=Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 385s + '[' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 '!=' Modulus=A4D0A9CB537CCAB002BD767A1B93B597D28E17DC435E47B8C671F9D0F431277E3BA327561DBEF79D4E5937790C29F7A0B7F1EC5D4637CF5E2E7405B57DC35CDE94B364F2FA89B3626C70B88693DBCA81284A8E9E96F38C28A789B9E280D05E102CCC5416FAEB6EDFD7C173B6A593091BE935B890E401A6CF26A11353352BF935 ']' 385s + invalid_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 385s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 385s + local verify_option= 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-root-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Root Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 385s + token_name='Test Organization Root Tr Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 ']' 385s + echo 'Test Organization Root Tr Token' 385s Test Organization Root Tr Token 385s + '[' -n '' ']' 385s + local output_base_name=SSSD-child-17786 385s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-17786.output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-17786.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 385s [p11_child[2291]] [main] (0x0400): p11_child started. 385s [p11_child[2291]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2291]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2291]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2291]] [do_card] (0x4000): Module List: 385s [p11_child[2291]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2291]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2291]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2291]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2291]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2291]] [do_card] (0x4000): Login NOT required. 385s [p11_child[2291]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2291]] [do_verification] (0x0040): X509_verify_cert failed [0]. 385s [p11_child[2291]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 385s [p11_child[2291]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 385s [p11_child[2291]] [do_card] (0x4000): No certificate found. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-17786.output 385s + return 2 385s + invalid_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem partial_chain 385s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem partial_chain 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 385s + local verify_option=partial_chain 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17162 385s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-17162 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-root-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-root-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Root Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 385s Test Organization Root Tr Token 385s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 385s + token_name='Test Organization Root Tr Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-root-CA-trusted-certificate-0001 ']' 385s + echo 'Test Organization Root Tr Token' 385s + '[' -n partial_chain ']' 385s + local verify_arg=--verify=partial_chain 385s + local output_base_name=SSSD-child-26710 385s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-26710.output 385s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-26710.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 385s [p11_child[2298]] [main] (0x0400): p11_child started. 385s [p11_child[2298]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2298]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2298]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2298]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 385s [p11_child[2298]] [do_card] (0x4000): Module List: 385s [p11_child[2298]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2298]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2298]] [do_card] (0x4000): Description [SoftHSM slot ID 0x224c584c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2298]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[2298]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x224c584c][575428684] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2298]] [do_card] (0x4000): Login NOT required. 385s [p11_child[2298]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[2298]] [do_verification] (0x0040): X509_verify_cert failed [0]. 385s [p11_child[2298]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 385s [p11_child[2298]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 385s [p11_child[2298]] [do_card] (0x4000): No certificate found. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-26710.output 386s + return 2 386s + invalid_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /dev/null 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /dev/null 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_ring=/dev/null 386s + local verify_option= 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Interme Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 386s + local key_file 386s + local decrypted_key 386s + mkdir -p /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 386s + key_file=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001-key.pem 386s + decrypted_key=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 386s + cat 386s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 386s Slot 0 has a free/uninitialized token. 386s The token has been initialized and is reassigned to slot 1659209755 386s + softhsm2-util --show-slots 386s Available slots: 386s Slot 1659209755 386s Slot info: 386s Description: SoftHSM slot ID 0x62e5881b 386s Manufacturer ID: SoftHSM project 386s Hardware version: 2.6 386s Firmware version: 2.6 386s Token present: yes 386s Token info: 386s Manufacturer ID: SoftHSM project 386s Model: SoftHSM v2 386s Hardware version: 2.6 386s Firmware version: 2.6 386s Serial number: b5fbcbcd62e5881b 386s Initialized: yes 386s User PIN init.: yes 386s Label: Test Organization Interme Token 386s Slot 1 386s Slot info: 386s Description: SoftHSM slot ID 0x1 386s Manufacturer ID: SoftHSM project 386s Hardware version: 2.6 386s Firmware version: 2.6 386s Token present: yes 386s Token info: 386s Manufacturer ID: SoftHSM project 386s Model: SoftHSM v2 386s Hardware version: 2.6 386s Firmware version: 2.6 386s Serial number: 386s Initialized: no 386s User PIN init.: no 386s Label: 386s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 386s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-1563 -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 386s writing RSA key 386s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 386s + rm /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 386s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 386s Object 0: 386s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b5fbcbcd62e5881b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 386s Type: X.509 Certificate (RSA-1024) 386s Expires: Sun Mar 15 19:40:44 2026 386s Label: Test Organization Intermediate Trusted Certificate 0001 386s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 386s 386s Test Organization Interme Token 386s + echo 'Test Organization Interme Token' 386s + '[' -n '' ']' 386s + local output_base_name=SSSD-child-28874 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-28874.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-28874.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 386s [p11_child[2314]] [main] (0x0400): p11_child started. 386s [p11_child[2314]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2314]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2314]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2314]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 386s [p11_child[2314]] [do_work] (0x0040): init_verification failed. 386s [p11_child[2314]] [main] (0x0020): p11_child failed (5) 386s + return 2 386s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /dev/null no_verification 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /dev/null no_verification 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_ring=/dev/null 386s + local verify_option=no_verification 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Interme Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 386s Test Organization Interme Token 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Interme Token' 386s + '[' -n no_verification ']' 386s + local verify_arg=--verify=no_verification 386s + local output_base_name=SSSD-child-485 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-485.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-485.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 386s [p11_child[2320]] [main] (0x0400): p11_child started. 386s [p11_child[2320]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2320]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2320]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2320]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 386s [p11_child[2320]] [do_card] (0x4000): Module List: 386s [p11_child[2320]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2320]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2320]] [do_card] (0x4000): Description [SoftHSM slot ID 0x62e5881b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2320]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 386s [p11_child[2320]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x62e5881b][1659209755] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2320]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2320]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 386s [p11_child[2320]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2320]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x62e5881b;slot-manufacturer=SoftHSM%20project;slot-id=1659209755;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b5fbcbcd62e5881b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2320]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-485.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-485.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-485.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 4 (0x4) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:b2:19:61:ae:d9:93:0a:ce:10:dd:85:33:e6:c2: 386s 85:b5:f8:54:df:82:b2:da:94:93:a1:3a:b1:5b:c8: 386s e0:11:6f:85:c1:3d:d8:5b:32:b6:2b:50:eb:ef:27: 386s 76:74:02:fb:db:63:aa:ca:e9:3e:11:62:36:3f:60: 386s 6a:70:a5:ca:fd:80:90:4e:61:dd:65:8c:e8:8f:c5: 386s ba:0d:e4:ba:1e:7b:4a:1f:93:f4:70:17:77:da:6d: 386s ef:43:4b:25:eb:b5:c6:74:01:2d:61:64:44:84:bb: 386s e9:69:01:18:ef:d2:f6:2b:36:84:ef:eb:c1:fd:1b: 386s c6:61:6f:74:d1:7a:ac:24:0b 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 27:D1:1E:4B:D5:41:35:B6:72:0C:FE:8E:24:55:17:D5:0B:01:87:04 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 1F:9E:D6:71:89:7E:1C:7B:0F:FB:44:9D:E6:4E:3E:27:06:D7:3A:46 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s 15:4c:cc:ac:a8:43:d1:13:eb:ef:f3:88:95:29:60:22:4a:51: 386s ca:4e:ed:5b:0c:24:c4:d4:51:98:98:38:11:b8:0d:6d:07:38: 386s 9f:4b:84:78:d3:78:76:bf:65:d9:ce:0c:46:f1:ae:d9:a1:e4: 386s 9e:06:d8:71:ea:24:ac:1f:8d:9d:34:a1:c6:46:a7:9e:1e:d1: 386s 31:0b:fa:04:2f:be:72:b3:98:03:ca:f9:48:d5:52:b2:0f:44: 386s 35:c4:ff:46:45:73:3d:ff:db:7b:d3:f1:7e:1a:fd:3e:6c:e1: 386s b1:f1:4a:f7:8f:e5:65:33:1f:05:9b:63:cf:da:2c:50:6a:13: 386s 33:22 386s + local found_md5 expected_md5 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + expected_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-485.pem 386s + found_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s + '[' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B '!=' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B ']' 386s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-485-auth.output 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-485-auth.output .output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-485-auth.pem 386s + echo -n 053350 386s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 386s [p11_child[2328]] [main] (0x0400): p11_child started. 386s [p11_child[2328]] [main] (0x2000): Running in [auth] mode. 386s [p11_child[2328]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2328]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2328]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 386s [p11_child[2328]] [do_card] (0x4000): Module List: 386s [p11_child[2328]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2328]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2328]] [do_card] (0x4000): Description [SoftHSM slot ID 0x62e5881b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2328]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 386s [p11_child[2328]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x62e5881b][1659209755] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2328]] [do_card] (0x4000): Login required. 386s [p11_child[2328]] [do_card] (0x4000): Token flags [1069]. 386s [p11_child[2328]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 386s [p11_child[2328]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2328]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x62e5881b;slot-manufacturer=SoftHSM%20project;slot-id=1659209755;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b5fbcbcd62e5881b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[2328]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[2328]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[2328]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-485-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-485-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-485-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 4 (0x4) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:b2:19:61:ae:d9:93:0a:ce:10:dd:85:33:e6:c2: 386s 85:b5:f8:54:df:82:b2:da:94:93:a1:3a:b1:5b:c8: 386s e0:11:6f:85:c1:3d:d8:5b:32:b6:2b:50:eb:ef:27: 386s 76:74:02:fb:db:63:aa:ca:e9:3e:11:62:36:3f:60: 386s 6a:70:a5:ca:fd:80:90:4e:61:dd:65:8c:e8:8f:c5: 386s ba:0d:e4:ba:1e:7b:4a:1f:93:f4:70:17:77:da:6d: 386s ef:43:4b:25:eb:b5:c6:74:01:2d:61:64:44:84:bb: 386s e9:69:01:18:ef:d2:f6:2b:36:84:ef:eb:c1:fd:1b: 386s c6:61:6f:74:d1:7a:ac:24:0b 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 27:D1:1E:4B:D5:41:35:B6:72:0C:FE:8E:24:55:17:D5:0B:01:87:04 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 1F:9E:D6:71:89:7E:1C:7B:0F:FB:44:9D:E6:4E:3E:27:06:D7:3A:46 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s 15:4c:cc:ac:a8:43:d1:13:eb:ef:f3:88:95:29:60:22:4a:51: 386s ca:4e:ed:5b:0c:24:c4:d4:51:98:98:38:11:b8:0d:6d:07:38: 386s 9f:4b:84:78:d3:78:76:bf:65:d9:ce:0c:46:f1:ae:d9:a1:e4: 386s 9e:06:d8:71:ea:24:ac:1f:8d:9d:34:a1:c6:46:a7:9e:1e:d1: 386s 31:0b:fa:04:2f:be:72:b3:98:03:ca:f9:48:d5:52:b2:0f:44: 386s 35:c4:ff:46:45:73:3d:ff:db:7b:d3:f1:7e:1a:fd:3e:6c:e1: 386s b1:f1:4a:f7:8f:e5:65:33:1f:05:9b:63:cf:da:2c:50:6a:13: 386s 33:22 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-485-auth.pem 386s + found_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s + '[' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B '!=' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B ']' 386s + invalid_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s + local verify_option= 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Interme Token' 386s Test Organization Interme Token 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Interme Token' 386s + '[' -n '' ']' 386s + local output_base_name=SSSD-child-5001 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-5001.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-5001.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s [p11_child[2338]] [main] (0x0400): p11_child started. 386s [p11_child[2338]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2338]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2338]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2338]] [do_card] (0x4000): Module List: 386s [p11_child[2338]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2338]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2338]] [do_card] (0x4000): Description [SoftHSM slot ID 0x62e5881b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2338]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 386s [p11_child[2338]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x62e5881b][1659209755] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2338]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2338]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 386s [p11_child[2338]] [do_verification] (0x0040): X509_verify_cert failed [0]. 386s [p11_child[2338]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 386s [p11_child[2338]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 386s [p11_child[2338]] [do_card] (0x4000): No certificate found. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5001.output 386s + return 2 386s + invalid_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem partial_chain 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem partial_chain 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s + local verify_option=partial_chain 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 386s Test Organization Interme Token 386s + token_name='Test Organization Interme Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Interme Token' 386s + '[' -n partial_chain ']' 386s + local verify_arg=--verify=partial_chain 386s + local output_base_name=SSSD-child-7464 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-7464.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-7464.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s [p11_child[2345]] [main] (0x0400): p11_child started. 386s [p11_child[2345]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2345]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2345]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2345]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2345]] [do_card] (0x4000): Module List: 386s [p11_child[2345]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2345]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2345]] [do_card] (0x4000): Description [SoftHSM slot ID 0x62e5881b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2345]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 386s [p11_child[2345]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x62e5881b][1659209755] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2345]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2345]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 386s [p11_child[2345]] [do_verification] (0x0040): X509_verify_cert failed [0]. 386s [p11_child[2345]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 386s [p11_child[2345]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 386s [p11_child[2345]] [do_card] (0x4000): No certificate found. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-7464.output 386s + return 2 386s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s + local verify_option= 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Interme Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 386s Test Organization Interme Token 386s + echo 'Test Organization Interme Token' 386s + '[' -n '' ']' 386s + local output_base_name=SSSD-child-2669 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s [p11_child[2352]] [main] (0x0400): p11_child started. 386s [p11_child[2352]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2352]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2352]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2352]] [do_card] (0x4000): Module List: 386s [p11_child[2352]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2352]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2352]] [do_card] (0x4000): Description [SoftHSM slot ID 0x62e5881b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2352]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 386s [p11_child[2352]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x62e5881b][1659209755] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2352]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2352]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 386s [p11_child[2352]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2352]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2352]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x62e5881b;slot-manufacturer=SoftHSM%20project;slot-id=1659209755;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b5fbcbcd62e5881b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2352]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 4 (0x4) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:b2:19:61:ae:d9:93:0a:ce:10:dd:85:33:e6:c2: 386s 85:b5:f8:54:df:82:b2:da:94:93:a1:3a:b1:5b:c8: 386s e0:11:6f:85:c1:3d:d8:5b:32:b6:2b:50:eb:ef:27: 386s 76:74:02:fb:db:63:aa:ca:e9:3e:11:62:36:3f:60: 386s 6a:70:a5:ca:fd:80:90:4e:61:dd:65:8c:e8:8f:c5: 386s ba:0d:e4:ba:1e:7b:4a:1f:93:f4:70:17:77:da:6d: 386s ef:43:4b:25:eb:b5:c6:74:01:2d:61:64:44:84:bb: 386s e9:69:01:18:ef:d2:f6:2b:36:84:ef:eb:c1:fd:1b: 386s c6:61:6f:74:d1:7a:ac:24:0b 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 27:D1:1E:4B:D5:41:35:B6:72:0C:FE:8E:24:55:17:D5:0B:01:87:04 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 1F:9E:D6:71:89:7E:1C:7B:0F:FB:44:9D:E6:4E:3E:27:06:D7:3A:46 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s 15:4c:cc:ac:a8:43:d1:13:eb:ef:f3:88:95:29:60:22:4a:51: 386s ca:4e:ed:5b:0c:24:c4:d4:51:98:98:38:11:b8:0d:6d:07:38: 386s 9f:4b:84:78:d3:78:76:bf:65:d9:ce:0c:46:f1:ae:d9:a1:e4: 386s 9e:06:d8:71:ea:24:ac:1f:8d:9d:34:a1:c6:46:a7:9e:1e:d1: 386s 31:0b:fa:04:2f:be:72:b3:98:03:ca:f9:48:d5:52:b2:0f:44: 386s 35:c4:ff:46:45:73:3d:ff:db:7b:d3:f1:7e:1a:fd:3e:6c:e1: 386s b1:f1:4a:f7:8f:e5:65:33:1f:05:9b:63:cf:da:2c:50:6a:13: 386s 33:22 386s + local found_md5 expected_md5 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + expected_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669.pem 386s + found_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s + '[' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B '!=' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B ']' 386s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669-auth.output 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669-auth.output .output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669-auth.pem 386s + echo -n 053350 386s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 386s [p11_child[2360]] [main] (0x0400): p11_child started. 386s [p11_child[2360]] [main] (0x2000): Running in [auth] mode. 386s [p11_child[2360]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2360]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2360]] [do_card] (0x4000): Module List: 386s [p11_child[2360]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2360]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2360]] [do_card] (0x4000): Description [SoftHSM slot ID 0x62e5881b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2360]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 386s [p11_child[2360]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x62e5881b][1659209755] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2360]] [do_card] (0x4000): Login required. 386s [p11_child[2360]] [do_card] (0x4000): Token flags [1069]. 386s [p11_child[2360]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 386s [p11_child[2360]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2360]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2360]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x62e5881b;slot-manufacturer=SoftHSM%20project;slot-id=1659209755;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b5fbcbcd62e5881b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[2360]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[2360]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[2360]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[2360]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 4 (0x4) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:b2:19:61:ae:d9:93:0a:ce:10:dd:85:33:e6:c2: 386s 85:b5:f8:54:df:82:b2:da:94:93:a1:3a:b1:5b:c8: 386s e0:11:6f:85:c1:3d:d8:5b:32:b6:2b:50:eb:ef:27: 386s 76:74:02:fb:db:63:aa:ca:e9:3e:11:62:36:3f:60: 386s 6a:70:a5:ca:fd:80:90:4e:61:dd:65:8c:e8:8f:c5: 386s ba:0d:e4:ba:1e:7b:4a:1f:93:f4:70:17:77:da:6d: 386s ef:43:4b:25:eb:b5:c6:74:01:2d:61:64:44:84:bb: 386s e9:69:01:18:ef:d2:f6:2b:36:84:ef:eb:c1:fd:1b: 386s c6:61:6f:74:d1:7a:ac:24:0b 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 27:D1:1E:4B:D5:41:35:B6:72:0C:FE:8E:24:55:17:D5:0B:01:87:04 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 1F:9E:D6:71:89:7E:1C:7B:0F:FB:44:9D:E6:4E:3E:27:06:D7:3A:46 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s 15:4c:cc:ac:a8:43:d1:13:eb:ef:f3:88:95:29:60:22:4a:51: 386s ca:4e:ed:5b:0c:24:c4:d4:51:98:98:38:11:b8:0d:6d:07:38: 386s 9f:4b:84:78:d3:78:76:bf:65:d9:ce:0c:46:f1:ae:d9:a1:e4: 386s 9e:06:d8:71:ea:24:ac:1f:8d:9d:34:a1:c6:46:a7:9e:1e:d1: 386s 31:0b:fa:04:2f:be:72:b3:98:03:ca:f9:48:d5:52:b2:0f:44: 386s 35:c4:ff:46:45:73:3d:ff:db:7b:d3:f1:7e:1a:fd:3e:6c:e1: 386s b1:f1:4a:f7:8f:e5:65:33:1f:05:9b:63:cf:da:2c:50:6a:13: 386s 33:22 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-2669-auth.pem 386s + found_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s + '[' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B '!=' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B ']' 386s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem partial_chain 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem partial_chain 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s + local verify_option=partial_chain 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 386s Test Organization Interme Token 386s + token_name='Test Organization Interme Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Interme Token' 386s + '[' -n partial_chain ']' 386s + local verify_arg=--verify=partial_chain 386s + local output_base_name=SSSD-child-27575 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s [p11_child[2370]] [main] (0x0400): p11_child started. 386s [p11_child[2370]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2370]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2370]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2370]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2370]] [do_card] (0x4000): Module List: 386s [p11_child[2370]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2370]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2370]] [do_card] (0x4000): Description [SoftHSM slot ID 0x62e5881b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2370]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 386s [p11_child[2370]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x62e5881b][1659209755] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2370]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2370]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 386s [p11_child[2370]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2370]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2370]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x62e5881b;slot-manufacturer=SoftHSM%20project;slot-id=1659209755;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b5fbcbcd62e5881b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2370]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 4 (0x4) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:b2:19:61:ae:d9:93:0a:ce:10:dd:85:33:e6:c2: 386s 85:b5:f8:54:df:82:b2:da:94:93:a1:3a:b1:5b:c8: 386s e0:11:6f:85:c1:3d:d8:5b:32:b6:2b:50:eb:ef:27: 386s 76:74:02:fb:db:63:aa:ca:e9:3e:11:62:36:3f:60: 386s 6a:70:a5:ca:fd:80:90:4e:61:dd:65:8c:e8:8f:c5: 386s ba:0d:e4:ba:1e:7b:4a:1f:93:f4:70:17:77:da:6d: 386s ef:43:4b:25:eb:b5:c6:74:01:2d:61:64:44:84:bb: 386s e9:69:01:18:ef:d2:f6:2b:36:84:ef:eb:c1:fd:1b: 386s c6:61:6f:74:d1:7a:ac:24:0b 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 27:D1:1E:4B:D5:41:35:B6:72:0C:FE:8E:24:55:17:D5:0B:01:87:04 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 1F:9E:D6:71:89:7E:1C:7B:0F:FB:44:9D:E6:4E:3E:27:06:D7:3A:46 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s 15:4c:cc:ac:a8:43:d1:13:eb:ef:f3:88:95:29:60:22:4a:51: 386s ca:4e:ed:5b:0c:24:c4:d4:51:98:98:38:11:b8:0d:6d:07:38: 386s 9f:4b:84:78:d3:78:76:bf:65:d9:ce:0c:46:f1:ae:d9:a1:e4: 386s 9e:06:d8:71:ea:24:ac:1f:8d:9d:34:a1:c6:46:a7:9e:1e:d1: 386s 31:0b:fa:04:2f:be:72:b3:98:03:ca:f9:48:d5:52:b2:0f:44: 386s 35:c4:ff:46:45:73:3d:ff:db:7b:d3:f1:7e:1a:fd:3e:6c:e1: 386s b1:f1:4a:f7:8f:e5:65:33:1f:05:9b:63:cf:da:2c:50:6a:13: 386s 33:22 386s + local found_md5 expected_md5 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + expected_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575.pem 386s + found_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s + '[' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B '!=' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B ']' 386s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575-auth.output 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575-auth.output .output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575-auth.pem 386s + echo -n 053350 386s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 386s [p11_child[2378]] [main] (0x0400): p11_child started. 386s [p11_child[2378]] [main] (0x2000): Running in [auth] mode. 386s [p11_child[2378]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2378]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2378]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2378]] [do_card] (0x4000): Module List: 386s [p11_child[2378]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2378]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2378]] [do_card] (0x4000): Description [SoftHSM slot ID 0x62e5881b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2378]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 386s [p11_child[2378]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x62e5881b][1659209755] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2378]] [do_card] (0x4000): Login required. 386s [p11_child[2378]] [do_card] (0x4000): Token flags [1069]. 386s [p11_child[2378]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 386s [p11_child[2378]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2378]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2378]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x62e5881b;slot-manufacturer=SoftHSM%20project;slot-id=1659209755;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b5fbcbcd62e5881b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[2378]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[2378]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[2378]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[2378]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 4 (0x4) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:b2:19:61:ae:d9:93:0a:ce:10:dd:85:33:e6:c2: 386s 85:b5:f8:54:df:82:b2:da:94:93:a1:3a:b1:5b:c8: 386s e0:11:6f:85:c1:3d:d8:5b:32:b6:2b:50:eb:ef:27: 386s 76:74:02:fb:db:63:aa:ca:e9:3e:11:62:36:3f:60: 386s 6a:70:a5:ca:fd:80:90:4e:61:dd:65:8c:e8:8f:c5: 386s ba:0d:e4:ba:1e:7b:4a:1f:93:f4:70:17:77:da:6d: 386s ef:43:4b:25:eb:b5:c6:74:01:2d:61:64:44:84:bb: 386s e9:69:01:18:ef:d2:f6:2b:36:84:ef:eb:c1:fd:1b: 386s c6:61:6f:74:d1:7a:ac:24:0b 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 27:D1:1E:4B:D5:41:35:B6:72:0C:FE:8E:24:55:17:D5:0B:01:87:04 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 1F:9E:D6:71:89:7E:1C:7B:0F:FB:44:9D:E6:4E:3E:27:06:D7:3A:46 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s 15:4c:cc:ac:a8:43:d1:13:eb:ef:f3:88:95:29:60:22:4a:51: 386s ca:4e:ed:5b:0c:24:c4:d4:51:98:98:38:11:b8:0d:6d:07:38: 386s 9f:4b:84:78:d3:78:76:bf:65:d9:ce:0c:46:f1:ae:d9:a1:e4: 386s 9e:06:d8:71:ea:24:ac:1f:8d:9d:34:a1:c6:46:a7:9e:1e:d1: 386s 31:0b:fa:04:2f:be:72:b3:98:03:ca:f9:48:d5:52:b2:0f:44: 386s 35:c4:ff:46:45:73:3d:ff:db:7b:d3:f1:7e:1a:fd:3e:6c:e1: 386s b1:f1:4a:f7:8f:e5:65:33:1f:05:9b:63:cf:da:2c:50:6a:13: 386s 33:22 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27575-auth.pem 386s + found_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s + '[' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B '!=' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B ']' 386s + invalid_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 386s + local verify_option= 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Interme Token' 386s Test Organization Interme Token 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Interme Token' 386s + '[' -n '' ']' 386s + local output_base_name=SSSD-child-17786 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-17786.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-17786.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 386s [p11_child[2388]] [main] (0x0400): p11_child started. 386s [p11_child[2388]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2388]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2388]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2388]] [do_card] (0x4000): Module List: 386s [p11_child[2388]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2388]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2388]] [do_card] (0x4000): Description [SoftHSM slot ID 0x62e5881b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2388]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 386s [p11_child[2388]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x62e5881b][1659209755] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2388]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2388]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 386s [p11_child[2388]] [do_verification] (0x0040): X509_verify_cert failed [0]. 386s [p11_child[2388]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 386s [p11_child[2388]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 386s [p11_child[2388]] [do_card] (0x4000): No certificate found. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-17786.output 386s + return 2 386s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem partial_chain 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem partial_chain 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 386s + local verify_option=partial_chain 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1563 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Interme Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 386s Test Organization Interme Token 386s + echo 'Test Organization Interme Token' 386s + '[' -n partial_chain ']' 386s + local verify_arg=--verify=partial_chain 386s + local output_base_name=SSSD-child-19212 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem 386s [p11_child[2395]] [main] (0x0400): p11_child started. 386s [p11_child[2395]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2395]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2395]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2395]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2395]] [do_card] (0x4000): Module List: 386s [p11_child[2395]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2395]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2395]] [do_card] (0x4000): Description [SoftHSM slot ID 0x62e5881b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2395]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 386s [p11_child[2395]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x62e5881b][1659209755] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2395]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2395]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 386s [p11_child[2395]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2395]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2395]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x62e5881b;slot-manufacturer=SoftHSM%20project;slot-id=1659209755;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b5fbcbcd62e5881b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2395]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 4 (0x4) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:b2:19:61:ae:d9:93:0a:ce:10:dd:85:33:e6:c2: 386s 85:b5:f8:54:df:82:b2:da:94:93:a1:3a:b1:5b:c8: 386s e0:11:6f:85:c1:3d:d8:5b:32:b6:2b:50:eb:ef:27: 386s 76:74:02:fb:db:63:aa:ca:e9:3e:11:62:36:3f:60: 386s 6a:70:a5:ca:fd:80:90:4e:61:dd:65:8c:e8:8f:c5: 386s ba:0d:e4:ba:1e:7b:4a:1f:93:f4:70:17:77:da:6d: 386s ef:43:4b:25:eb:b5:c6:74:01:2d:61:64:44:84:bb: 386s e9:69:01:18:ef:d2:f6:2b:36:84:ef:eb:c1:fd:1b: 386s c6:61:6f:74:d1:7a:ac:24:0b 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 27:D1:1E:4B:D5:41:35:B6:72:0C:FE:8E:24:55:17:D5:0B:01:87:04 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 1F:9E:D6:71:89:7E:1C:7B:0F:FB:44:9D:E6:4E:3E:27:06:D7:3A:46 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s 15:4c:cc:ac:a8:43:d1:13:eb:ef:f3:88:95:29:60:22:4a:51: 386s ca:4e:ed:5b:0c:24:c4:d4:51:98:98:38:11:b8:0d:6d:07:38: 386s 9f:4b:84:78:d3:78:76:bf:65:d9:ce:0c:46:f1:ae:d9:a1:e4: 386s 9e:06:d8:71:ea:24:ac:1f:8d:9d:34:a1:c6:46:a7:9e:1e:d1: 386s 31:0b:fa:04:2f:be:72:b3:98:03:ca:f9:48:d5:52:b2:0f:44: 386s 35:c4:ff:46:45:73:3d:ff:db:7b:d3:f1:7e:1a:fd:3e:6c:e1: 386s b1:f1:4a:f7:8f:e5:65:33:1f:05:9b:63:cf:da:2c:50:6a:13: 386s 33:22 386s + local found_md5 expected_md5 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA-trusted-certificate-0001.pem 386s + expected_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212.pem 386s + found_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s + '[' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B '!=' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B ']' 386s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212-auth.output 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212-auth.output .output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212-auth.pem 386s + echo -n 053350 386s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 386s [p11_child[2403]] [main] (0x0400): p11_child started. 386s [p11_child[2403]] [main] (0x2000): Running in [auth] mode. 386s [p11_child[2403]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2403]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2403]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2403]] [do_card] (0x4000): Module List: 386s [p11_child[2403]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2403]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2403]] [do_card] (0x4000): Description [SoftHSM slot ID 0x62e5881b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2403]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 386s [p11_child[2403]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x62e5881b][1659209755] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2403]] [do_card] (0x4000): Login required. 386s [p11_child[2403]] [do_card] (0x4000): Token flags [1069]. 386s [p11_child[2403]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 386s [p11_child[2403]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2403]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2403]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x62e5881b;slot-manufacturer=SoftHSM%20project;slot-id=1659209755;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b5fbcbcd62e5881b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[2403]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[2403]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[2403]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[2403]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 4 (0x4) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:b2:19:61:ae:d9:93:0a:ce:10:dd:85:33:e6:c2: 386s 85:b5:f8:54:df:82:b2:da:94:93:a1:3a:b1:5b:c8: 386s e0:11:6f:85:c1:3d:d8:5b:32:b6:2b:50:eb:ef:27: 386s 76:74:02:fb:db:63:aa:ca:e9:3e:11:62:36:3f:60: 386s 6a:70:a5:ca:fd:80:90:4e:61:dd:65:8c:e8:8f:c5: 386s ba:0d:e4:ba:1e:7b:4a:1f:93:f4:70:17:77:da:6d: 386s ef:43:4b:25:eb:b5:c6:74:01:2d:61:64:44:84:bb: 386s e9:69:01:18:ef:d2:f6:2b:36:84:ef:eb:c1:fd:1b: 386s c6:61:6f:74:d1:7a:ac:24:0b 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 27:D1:1E:4B:D5:41:35:B6:72:0C:FE:8E:24:55:17:D5:0B:01:87:04 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 1F:9E:D6:71:89:7E:1C:7B:0F:FB:44:9D:E6:4E:3E:27:06:D7:3A:46 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s 15:4c:cc:ac:a8:43:d1:13:eb:ef:f3:88:95:29:60:22:4a:51: 386s ca:4e:ed:5b:0c:24:c4:d4:51:98:98:38:11:b8:0d:6d:07:38: 386s 9f:4b:84:78:d3:78:76:bf:65:d9:ce:0c:46:f1:ae:d9:a1:e4: 386s 9e:06:d8:71:ea:24:ac:1f:8d:9d:34:a1:c6:46:a7:9e:1e:d1: 386s 31:0b:fa:04:2f:be:72:b3:98:03:ca:f9:48:d5:52:b2:0f:44: 386s 35:c4:ff:46:45:73:3d:ff:db:7b:d3:f1:7e:1a:fd:3e:6c:e1: 386s b1:f1:4a:f7:8f:e5:65:33:1f:05:9b:63:cf:da:2c:50:6a:13: 386s 33:22 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-19212-auth.pem 386s + found_md5=Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B 386s + '[' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B '!=' Modulus=B21961AED9930ACE10DD8533E6C285B5F854DF82B2DA9493A13AB15BC8E0116F85C13DD85B32B62B50EBEF27767402FBDB63AACAE93E1162363F606A70A5CAFD80904E61DD658CE88FC5BA0DE4BA1E7B4A1F93F4701777DA6DEF434B25EBB5C674012D61644484BBE9690118EFD2F62B3684EFEBC1FD1BC6616F74D17AAC240B ']' 386s + invalid_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s + local verify_option= 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Sub Int Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 386s + local key_file 386s + local decrypted_key 386s + mkdir -p /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 386s + key_file=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 386s + decrypted_key=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 386s + cat 386s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 386s Slot 0 has a free/uninitialized token. 386s The token has been initialized and is reassigned to slot 1759031556 386s + softhsm2-util --show-slots 386s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 386s Available slots: 386s Slot 1759031556 386s Slot info: 386s Description: SoftHSM slot ID 0x68d8b104 386s Manufacturer ID: SoftHSM project 386s Hardware version: 2.6 386s Firmware version: 2.6 386s Token present: yes 386s Token info: 386s Manufacturer ID: SoftHSM project 386s Model: SoftHSM v2 386s Hardware version: 2.6 386s Firmware version: 2.6 386s Serial number: ed359159e8d8b104 386s Initialized: yes 386s User PIN init.: yes 386s Label: Test Organization Sub Int Token 386s Slot 1 386s Slot info: 386s Description: SoftHSM slot ID 0x1 386s Manufacturer ID: SoftHSM project 386s Hardware version: 2.6 386s Firmware version: 2.6 386s Token present: yes 386s Token info: 386s Manufacturer ID: SoftHSM project 386s Model: SoftHSM v2 386s Hardware version: 2.6 386s Firmware version: 2.6 386s Serial number: 386s Initialized: no 386s User PIN init.: no 386s Label: 386s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-2783 -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 386s writing RSA key 386s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 386s + rm /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 386s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 386s Object 0: 386s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ed359159e8d8b104;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 386s Type: X.509 Certificate (RSA-1024) 386s Expires: Sun Mar 15 19:40:44 2026 386s Label: Test Organization Sub Intermediate Trusted Certificate 0001 386s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 386s 386s Test Organization Sub Int Token 386s + echo 'Test Organization Sub Int Token' 386s + '[' -n '' ']' 386s + local output_base_name=SSSD-child-8697 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-8697.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-8697.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s [p11_child[2422]] [main] (0x0400): p11_child started. 386s [p11_child[2422]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2422]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2422]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2422]] [do_card] (0x4000): Module List: 386s [p11_child[2422]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2422]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2422]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2422]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2422]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2422]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2422]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2422]] [do_verification] (0x0040): X509_verify_cert failed [0]. 386s [p11_child[2422]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 386s [p11_child[2422]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 386s [p11_child[2422]] [do_card] (0x4000): No certificate found. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-8697.output 386s + return 2 386s + invalid_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem partial_chain 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem partial_chain 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s + local verify_option=partial_chain 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 386s Test Organization Sub Int Token 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Sub Int Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Sub Int Token' 386s + '[' -n partial_chain ']' 386s + local verify_arg=--verify=partial_chain 386s + local output_base_name=SSSD-child-3288 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-3288.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-3288.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-root-CA.pem 386s [p11_child[2429]] [main] (0x0400): p11_child started. 386s [p11_child[2429]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2429]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2429]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2429]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2429]] [do_card] (0x4000): Module List: 386s [p11_child[2429]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2429]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2429]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2429]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2429]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2429]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2429]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2429]] [do_verification] (0x0040): X509_verify_cert failed [0]. 386s [p11_child[2429]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 386s [p11_child[2429]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 386s [p11_child[2429]] [do_card] (0x4000): No certificate found. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-3288.output 386s + return 2 386s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s + local verify_option= 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Sub Int Token' 386s Test Organization Sub Int Token 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Sub Int Token' 386s + '[' -n '' ']' 386s + local output_base_name=SSSD-child-17850 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s [p11_child[2436]] [main] (0x0400): p11_child started. 386s [p11_child[2436]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2436]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2436]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2436]] [do_card] (0x4000): Module List: 386s [p11_child[2436]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2436]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2436]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2436]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2436]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2436]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2436]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2436]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2436]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2436]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x68d8b104;slot-manufacturer=SoftHSM%20project;slot-id=1759031556;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ed359159e8d8b104;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2436]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 5 (0x5) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d2:77:21:3e:dd:80:28:0e:b3:e5:02:85:2b:0b: 386s 55:70:57:d4:1e:a8:40:92:1a:5f:60:fb:90:bc:55: 386s 45:1d:91:29:d7:07:df:0f:56:80:4a:ba:36:93:dc: 386s f1:fd:ce:f3:51:20:70:5b:5f:47:e1:05:6a:f3:dc: 386s b5:98:ae:b1:dc:9d:e9:53:74:eb:c6:6c:86:c6:c3: 386s 25:c2:9e:cd:1e:56:1f:39:a4:90:01:3f:56:14:08: 386s 0e:34:14:c2:83:1f:f0:e5:71:3d:d7:4f:96:b6:28: 386s 8c:fc:1a:d2:6d:35:0d:9c:e3:8c:7d:02:a9:89:3e: 386s 9f:78:13:cb:c9:7e:64:18:df 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s FE:FD:D0:FC:C1:87:9A:91:40:BA:8E:CA:10:66:02:A0:4C:F0:A9:E3 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Sub Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 81:FB:CE:86:43:4F:1D:A0:62:CC:75:15:3D:3A:26:CF:B8:BD:FF:74 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s b6:e8:7c:ed:ff:a4:15:b0:bf:0e:c1:71:bb:8c:c5:7d:f3:3d: 386s 79:5e:04:d5:d2:03:ab:3c:c0:86:30:3e:35:84:81:48:9a:f1: 386s bd:4b:6f:55:c4:af:43:56:96:c1:03:93:63:b0:fd:69:3c:64: 386s d1:31:0a:1f:87:ba:27:c8:8d:f8:1e:db:cd:12:ec:a7:0e:9e: 386s 1a:72:14:09:e0:1c:88:0c:30:08:90:44:9c:87:02:32:c2:14: 386s 3d:f7:ad:df:4b:f5:14:bc:4c:3d:40:a9:ca:86:61:f7:b5:d1: 386s 4e:0e:bd:b8:47:80:10:83:78:af:eb:28:a9:70:29:72:f6:43: 386s a4:ee 386s + local found_md5 expected_md5 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + expected_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850.pem 386s + found_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s + '[' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF '!=' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF ']' 386s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850-auth.output 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850-auth.output .output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850-auth.pem 386s + echo -n 053350 386s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 386s [p11_child[2444]] [main] (0x0400): p11_child started. 386s [p11_child[2444]] [main] (0x2000): Running in [auth] mode. 386s [p11_child[2444]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2444]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2444]] [do_card] (0x4000): Module List: 386s [p11_child[2444]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2444]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2444]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2444]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2444]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2444]] [do_card] (0x4000): Login required. 386s [p11_child[2444]] [do_card] (0x4000): Token flags [1069]. 386s [p11_child[2444]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2444]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2444]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2444]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x68d8b104;slot-manufacturer=SoftHSM%20project;slot-id=1759031556;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ed359159e8d8b104;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[2444]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[2444]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[2444]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[2444]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 5 (0x5) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d2:77:21:3e:dd:80:28:0e:b3:e5:02:85:2b:0b: 386s 55:70:57:d4:1e:a8:40:92:1a:5f:60:fb:90:bc:55: 386s 45:1d:91:29:d7:07:df:0f:56:80:4a:ba:36:93:dc: 386s f1:fd:ce:f3:51:20:70:5b:5f:47:e1:05:6a:f3:dc: 386s b5:98:ae:b1:dc:9d:e9:53:74:eb:c6:6c:86:c6:c3: 386s 25:c2:9e:cd:1e:56:1f:39:a4:90:01:3f:56:14:08: 386s 0e:34:14:c2:83:1f:f0:e5:71:3d:d7:4f:96:b6:28: 386s 8c:fc:1a:d2:6d:35:0d:9c:e3:8c:7d:02:a9:89:3e: 386s 9f:78:13:cb:c9:7e:64:18:df 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s FE:FD:D0:FC:C1:87:9A:91:40:BA:8E:CA:10:66:02:A0:4C:F0:A9:E3 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Sub Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 81:FB:CE:86:43:4F:1D:A0:62:CC:75:15:3D:3A:26:CF:B8:BD:FF:74 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s b6:e8:7c:ed:ff:a4:15:b0:bf:0e:c1:71:bb:8c:c5:7d:f3:3d: 386s 79:5e:04:d5:d2:03:ab:3c:c0:86:30:3e:35:84:81:48:9a:f1: 386s bd:4b:6f:55:c4:af:43:56:96:c1:03:93:63:b0:fd:69:3c:64: 386s d1:31:0a:1f:87:ba:27:c8:8d:f8:1e:db:cd:12:ec:a7:0e:9e: 386s 1a:72:14:09:e0:1c:88:0c:30:08:90:44:9c:87:02:32:c2:14: 386s 3d:f7:ad:df:4b:f5:14:bc:4c:3d:40:a9:ca:86:61:f7:b5:d1: 386s 4e:0e:bd:b8:47:80:10:83:78:af:eb:28:a9:70:29:72:f6:43: 386s a4:ee 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-17850-auth.pem 386s + found_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s + '[' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF '!=' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF ']' 386s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem partial_chain 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem partial_chain 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s + local verify_option=partial_chain 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s Test Organization Sub Int Token 386s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Sub Int Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Sub Int Token' 386s + '[' -n partial_chain ']' 386s + local verify_arg=--verify=partial_chain 386s + local output_base_name=SSSD-child-5666 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem 386s [p11_child[2454]] [main] (0x0400): p11_child started. 386s [p11_child[2454]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2454]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2454]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2454]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2454]] [do_card] (0x4000): Module List: 386s [p11_child[2454]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2454]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2454]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2454]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2454]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2454]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2454]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2454]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2454]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2454]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x68d8b104;slot-manufacturer=SoftHSM%20project;slot-id=1759031556;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ed359159e8d8b104;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2454]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 5 (0x5) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d2:77:21:3e:dd:80:28:0e:b3:e5:02:85:2b:0b: 386s 55:70:57:d4:1e:a8:40:92:1a:5f:60:fb:90:bc:55: 386s 45:1d:91:29:d7:07:df:0f:56:80:4a:ba:36:93:dc: 386s f1:fd:ce:f3:51:20:70:5b:5f:47:e1:05:6a:f3:dc: 386s b5:98:ae:b1:dc:9d:e9:53:74:eb:c6:6c:86:c6:c3: 386s 25:c2:9e:cd:1e:56:1f:39:a4:90:01:3f:56:14:08: 386s 0e:34:14:c2:83:1f:f0:e5:71:3d:d7:4f:96:b6:28: 386s 8c:fc:1a:d2:6d:35:0d:9c:e3:8c:7d:02:a9:89:3e: 386s 9f:78:13:cb:c9:7e:64:18:df 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s FE:FD:D0:FC:C1:87:9A:91:40:BA:8E:CA:10:66:02:A0:4C:F0:A9:E3 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Sub Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 81:FB:CE:86:43:4F:1D:A0:62:CC:75:15:3D:3A:26:CF:B8:BD:FF:74 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s b6:e8:7c:ed:ff:a4:15:b0:bf:0e:c1:71:bb:8c:c5:7d:f3:3d: 386s 79:5e:04:d5:d2:03:ab:3c:c0:86:30:3e:35:84:81:48:9a:f1: 386s bd:4b:6f:55:c4:af:43:56:96:c1:03:93:63:b0:fd:69:3c:64: 386s d1:31:0a:1f:87:ba:27:c8:8d:f8:1e:db:cd:12:ec:a7:0e:9e: 386s 1a:72:14:09:e0:1c:88:0c:30:08:90:44:9c:87:02:32:c2:14: 386s 3d:f7:ad:df:4b:f5:14:bc:4c:3d:40:a9:ca:86:61:f7:b5:d1: 386s 4e:0e:bd:b8:47:80:10:83:78:af:eb:28:a9:70:29:72:f6:43: 386s a4:ee 386s + local found_md5 expected_md5 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + expected_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666.pem 386s + found_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s + '[' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF '!=' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF ']' 386s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666-auth.output 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666-auth.output .output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666-auth.pem 386s + echo -n 053350 386s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 386s [p11_child[2462]] [main] (0x0400): p11_child started. 386s [p11_child[2462]] [main] (0x2000): Running in [auth] mode. 386s [p11_child[2462]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2462]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2462]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2462]] [do_card] (0x4000): Module List: 386s [p11_child[2462]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2462]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2462]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2462]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2462]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2462]] [do_card] (0x4000): Login required. 386s [p11_child[2462]] [do_card] (0x4000): Token flags [1069]. 386s [p11_child[2462]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2462]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2462]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2462]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x68d8b104;slot-manufacturer=SoftHSM%20project;slot-id=1759031556;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ed359159e8d8b104;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[2462]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[2462]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[2462]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[2462]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 5 (0x5) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d2:77:21:3e:dd:80:28:0e:b3:e5:02:85:2b:0b: 386s 55:70:57:d4:1e:a8:40:92:1a:5f:60:fb:90:bc:55: 386s 45:1d:91:29:d7:07:df:0f:56:80:4a:ba:36:93:dc: 386s f1:fd:ce:f3:51:20:70:5b:5f:47:e1:05:6a:f3:dc: 386s b5:98:ae:b1:dc:9d:e9:53:74:eb:c6:6c:86:c6:c3: 386s 25:c2:9e:cd:1e:56:1f:39:a4:90:01:3f:56:14:08: 386s 0e:34:14:c2:83:1f:f0:e5:71:3d:d7:4f:96:b6:28: 386s 8c:fc:1a:d2:6d:35:0d:9c:e3:8c:7d:02:a9:89:3e: 386s 9f:78:13:cb:c9:7e:64:18:df 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s FE:FD:D0:FC:C1:87:9A:91:40:BA:8E:CA:10:66:02:A0:4C:F0:A9:E3 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Sub Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 81:FB:CE:86:43:4F:1D:A0:62:CC:75:15:3D:3A:26:CF:B8:BD:FF:74 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s b6:e8:7c:ed:ff:a4:15:b0:bf:0e:c1:71:bb:8c:c5:7d:f3:3d: 386s 79:5e:04:d5:d2:03:ab:3c:c0:86:30:3e:35:84:81:48:9a:f1: 386s bd:4b:6f:55:c4:af:43:56:96:c1:03:93:63:b0:fd:69:3c:64: 386s d1:31:0a:1f:87:ba:27:c8:8d:f8:1e:db:cd:12:ec:a7:0e:9e: 386s 1a:72:14:09:e0:1c:88:0c:30:08:90:44:9c:87:02:32:c2:14: 386s 3d:f7:ad:df:4b:f5:14:bc:4c:3d:40:a9:ca:86:61:f7:b5:d1: 386s 4e:0e:bd:b8:47:80:10:83:78:af:eb:28:a9:70:29:72:f6:43: 386s a4:ee 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-5666-auth.pem 386s + found_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s + '[' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF '!=' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF ']' 386s + invalid_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 386s + local verify_option= 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 386s Test Organization Sub Int Token 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Sub Int Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Sub Int Token' 386s + '[' -n '' ']' 386s + local output_base_name=SSSD-child-10858 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-10858.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-10858.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 386s [p11_child[2472]] [main] (0x0400): p11_child started. 386s [p11_child[2472]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2472]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2472]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2472]] [do_card] (0x4000): Module List: 386s [p11_child[2472]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2472]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2472]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2472]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2472]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2472]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2472]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2472]] [do_verification] (0x0040): X509_verify_cert failed [0]. 386s [p11_child[2472]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 386s [p11_child[2472]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 386s [p11_child[2472]] [do_card] (0x4000): No certificate found. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-10858.output 386s + return 2 386s + invalid_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-root-intermediate-chain-CA.pem partial_chain 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-root-intermediate-chain-CA.pem partial_chain 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-root-intermediate-chain-CA.pem 386s + local verify_option=partial_chain 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s Test Organization Sub Int Token 386s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Sub Int Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Sub Int Token' 386s + '[' -n partial_chain ']' 386s + local verify_arg=--verify=partial_chain 386s + local output_base_name=SSSD-child-25070 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-25070.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-25070.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-root-intermediate-chain-CA.pem 386s [p11_child[2479]] [main] (0x0400): p11_child started. 386s [p11_child[2479]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2479]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2479]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2479]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2479]] [do_card] (0x4000): Module List: 386s [p11_child[2479]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2479]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2479]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2479]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2479]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2479]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2479]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2479]] [do_verification] (0x0040): X509_verify_cert failed [0]. 386s [p11_child[2479]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 386s [p11_child[2479]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 386s [p11_child[2479]] [do_card] (0x4000): No certificate found. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-25070.output 386s + return 2 386s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem partial_chain 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem partial_chain 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 386s + local verify_option=partial_chain 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s Test Organization Sub Int Token 386s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Sub Int Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Sub Int Token' 386s + '[' -n partial_chain ']' 386s + local verify_arg=--verify=partial_chain 386s + local output_base_name=SSSD-child-27974 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem 386s [p11_child[2486]] [main] (0x0400): p11_child started. 386s [p11_child[2486]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2486]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2486]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2486]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2486]] [do_card] (0x4000): Module List: 386s [p11_child[2486]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2486]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2486]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2486]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2486]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2486]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2486]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2486]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2486]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2486]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x68d8b104;slot-manufacturer=SoftHSM%20project;slot-id=1759031556;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ed359159e8d8b104;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2486]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 5 (0x5) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d2:77:21:3e:dd:80:28:0e:b3:e5:02:85:2b:0b: 386s 55:70:57:d4:1e:a8:40:92:1a:5f:60:fb:90:bc:55: 386s 45:1d:91:29:d7:07:df:0f:56:80:4a:ba:36:93:dc: 386s f1:fd:ce:f3:51:20:70:5b:5f:47:e1:05:6a:f3:dc: 386s b5:98:ae:b1:dc:9d:e9:53:74:eb:c6:6c:86:c6:c3: 386s 25:c2:9e:cd:1e:56:1f:39:a4:90:01:3f:56:14:08: 386s 0e:34:14:c2:83:1f:f0:e5:71:3d:d7:4f:96:b6:28: 386s 8c:fc:1a:d2:6d:35:0d:9c:e3:8c:7d:02:a9:89:3e: 386s 9f:78:13:cb:c9:7e:64:18:df 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s FE:FD:D0:FC:C1:87:9A:91:40:BA:8E:CA:10:66:02:A0:4C:F0:A9:E3 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Sub Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 81:FB:CE:86:43:4F:1D:A0:62:CC:75:15:3D:3A:26:CF:B8:BD:FF:74 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s b6:e8:7c:ed:ff:a4:15:b0:bf:0e:c1:71:bb:8c:c5:7d:f3:3d: 386s 79:5e:04:d5:d2:03:ab:3c:c0:86:30:3e:35:84:81:48:9a:f1: 386s bd:4b:6f:55:c4:af:43:56:96:c1:03:93:63:b0:fd:69:3c:64: 386s d1:31:0a:1f:87:ba:27:c8:8d:f8:1e:db:cd:12:ec:a7:0e:9e: 386s 1a:72:14:09:e0:1c:88:0c:30:08:90:44:9c:87:02:32:c2:14: 386s 3d:f7:ad:df:4b:f5:14:bc:4c:3d:40:a9:ca:86:61:f7:b5:d1: 386s 4e:0e:bd:b8:47:80:10:83:78:af:eb:28:a9:70:29:72:f6:43: 386s a4:ee 386s + local found_md5 expected_md5 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + expected_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974.pem 386s + found_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s + '[' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF '!=' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF ']' 386s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974-auth.output 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974-auth.output .output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974-auth.pem 386s + echo -n 053350 386s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 386s [p11_child[2494]] [main] (0x0400): p11_child started. 386s [p11_child[2494]] [main] (0x2000): Running in [auth] mode. 386s [p11_child[2494]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2494]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2494]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2494]] [do_card] (0x4000): Module List: 386s [p11_child[2494]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2494]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2494]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2494]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2494]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2494]] [do_card] (0x4000): Login required. 386s [p11_child[2494]] [do_card] (0x4000): Token flags [1069]. 386s [p11_child[2494]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2494]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2494]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2494]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x68d8b104;slot-manufacturer=SoftHSM%20project;slot-id=1759031556;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ed359159e8d8b104;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[2494]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[2494]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[2494]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[2494]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 5 (0x5) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d2:77:21:3e:dd:80:28:0e:b3:e5:02:85:2b:0b: 386s 55:70:57:d4:1e:a8:40:92:1a:5f:60:fb:90:bc:55: 386s 45:1d:91:29:d7:07:df:0f:56:80:4a:ba:36:93:dc: 386s f1:fd:ce:f3:51:20:70:5b:5f:47:e1:05:6a:f3:dc: 386s b5:98:ae:b1:dc:9d:e9:53:74:eb:c6:6c:86:c6:c3: 386s 25:c2:9e:cd:1e:56:1f:39:a4:90:01:3f:56:14:08: 386s 0e:34:14:c2:83:1f:f0:e5:71:3d:d7:4f:96:b6:28: 386s 8c:fc:1a:d2:6d:35:0d:9c:e3:8c:7d:02:a9:89:3e: 386s 9f:78:13:cb:c9:7e:64:18:df 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s FE:FD:D0:FC:C1:87:9A:91:40:BA:8E:CA:10:66:02:A0:4C:F0:A9:E3 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Sub Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 81:FB:CE:86:43:4F:1D:A0:62:CC:75:15:3D:3A:26:CF:B8:BD:FF:74 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s b6:e8:7c:ed:ff:a4:15:b0:bf:0e:c1:71:bb:8c:c5:7d:f3:3d: 386s 79:5e:04:d5:d2:03:ab:3c:c0:86:30:3e:35:84:81:48:9a:f1: 386s bd:4b:6f:55:c4:af:43:56:96:c1:03:93:63:b0:fd:69:3c:64: 386s d1:31:0a:1f:87:ba:27:c8:8d:f8:1e:db:cd:12:ec:a7:0e:9e: 386s 1a:72:14:09:e0:1c:88:0c:30:08:90:44:9c:87:02:32:c2:14: 386s 3d:f7:ad:df:4b:f5:14:bc:4c:3d:40:a9:ca:86:61:f7:b5:d1: 386s 4e:0e:bd:b8:47:80:10:83:78:af:eb:28:a9:70:29:72:f6:43: 386s a4:ee 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-27974-auth.pem 386s + found_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s + '[' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF '!=' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF ']' 386s + valid_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-intermediate-sub-chain-CA.pem partial_chain 386s + check_certificate /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 /tmp/sssd-softhsm2-BRZvMt/test-intermediate-sub-chain-CA.pem partial_chain 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_ring=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-sub-chain-CA.pem 386s + local verify_option=partial_chain 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local certificate=/tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-2783 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 386s Test Organization Sub Int Token 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 386s + token_name='Test Organization Sub Int Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-BRZvMt/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Sub Int Token' 386s + '[' -n partial_chain ']' 386s + local verify_arg=--verify=partial_chain 386s + local output_base_name=SSSD-child-18432 386s + local output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432.output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-sub-chain-CA.pem 386s [p11_child[2504]] [main] (0x0400): p11_child started. 386s [p11_child[2504]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[2504]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2504]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2504]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2504]] [do_card] (0x4000): Module List: 386s [p11_child[2504]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2504]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2504]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2504]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2504]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2504]] [do_card] (0x4000): Login NOT required. 386s [p11_child[2504]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2504]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2504]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2504]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x68d8b104;slot-manufacturer=SoftHSM%20project;slot-id=1759031556;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ed359159e8d8b104;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2504]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 5 (0x5) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d2:77:21:3e:dd:80:28:0e:b3:e5:02:85:2b:0b: 386s 55:70:57:d4:1e:a8:40:92:1a:5f:60:fb:90:bc:55: 386s 45:1d:91:29:d7:07:df:0f:56:80:4a:ba:36:93:dc: 386s f1:fd:ce:f3:51:20:70:5b:5f:47:e1:05:6a:f3:dc: 386s b5:98:ae:b1:dc:9d:e9:53:74:eb:c6:6c:86:c6:c3: 386s 25:c2:9e:cd:1e:56:1f:39:a4:90:01:3f:56:14:08: 386s 0e:34:14:c2:83:1f:f0:e5:71:3d:d7:4f:96:b6:28: 386s 8c:fc:1a:d2:6d:35:0d:9c:e3:8c:7d:02:a9:89:3e: 386s 9f:78:13:cb:c9:7e:64:18:df 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s FE:FD:D0:FC:C1:87:9A:91:40:BA:8E:CA:10:66:02:A0:4C:F0:A9:E3 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Sub Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 81:FB:CE:86:43:4F:1D:A0:62:CC:75:15:3D:3A:26:CF:B8:BD:FF:74 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s b6:e8:7c:ed:ff:a4:15:b0:bf:0e:c1:71:bb:8c:c5:7d:f3:3d: 386s 79:5e:04:d5:d2:03:ab:3c:c0:86:30:3e:35:84:81:48:9a:f1: 386s bd:4b:6f:55:c4:af:43:56:96:c1:03:93:63:b0:fd:69:3c:64: 386s d1:31:0a:1f:87:ba:27:c8:8d:f8:1e:db:cd:12:ec:a7:0e:9e: 386s 1a:72:14:09:e0:1c:88:0c:30:08:90:44:9c:87:02:32:c2:14: 386s 3d:f7:ad:df:4b:f5:14:bc:4c:3d:40:a9:ca:86:61:f7:b5:d1: 386s 4e:0e:bd:b8:47:80:10:83:78:af:eb:28:a9:70:29:72:f6:43: 386s a4:ee 386s + local found_md5 expected_md5 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/test-sub-intermediate-CA-trusted-certificate-0001.pem 386s + expected_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432.pem 386s + found_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s + '[' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF '!=' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF ']' 386s + output_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432-auth.output 386s ++ basename /tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432-auth.output .output 386s + output_cert_file=/tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432-auth.pem 386s + echo -n 053350 386s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-BRZvMt/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 386s [p11_child[2512]] [main] (0x0400): p11_child started. 386s [p11_child[2512]] [main] (0x2000): Running in [auth] mode. 386s [p11_child[2512]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[2512]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[2512]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[2512]] [do_card] (0x4000): Module List: 386s [p11_child[2512]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[2512]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2512]] [do_card] (0x4000): Description [SoftHSM slot ID 0x68d8b104] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[2512]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 386s [p11_child[2512]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x68d8b104][1759031556] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[2512]] [do_card] (0x4000): Login required. 386s [p11_child[2512]] [do_card] (0x4000): Token flags [1069]. 386s [p11_child[2512]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 386s [p11_child[2512]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[2512]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[2512]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x68d8b104;slot-manufacturer=SoftHSM%20project;slot-id=1759031556;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ed359159e8d8b104;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[2512]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[2512]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[2512]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[2512]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 5 (0x5) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 386s Validity 386s Not Before: Mar 15 19:40:44 2025 GMT 386s Not After : Mar 15 19:40:44 2026 GMT 386s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d2:77:21:3e:dd:80:28:0e:b3:e5:02:85:2b:0b: 386s 55:70:57:d4:1e:a8:40:92:1a:5f:60:fb:90:bc:55: 386s 45:1d:91:29:d7:07:df:0f:56:80:4a:ba:36:93:dc: 386s f1:fd:ce:f3:51:20:70:5b:5f:47:e1:05:6a:f3:dc: 386s b5:98:ae:b1:dc:9d:e9:53:74:eb:c6:6c:86:c6:c3: 386s 25:c2:9e:cd:1e:56:1f:39:a4:90:01:3f:56:14:08: 386s 0e:34:14:c2:83:1f:f0:e5:71:3d:d7:4f:96:b6:28: 386s 8c:fc:1a:d2:6d:35:0d:9c:e3:8c:7d:02:a9:89:3e: 386s 9f:78:13:cb:c9:7e:64:18:df 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s FE:FD:D0:FC:C1:87:9A:91:40:BA:8E:CA:10:66:02:A0:4C:F0:A9:E3 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Sub Intermediate CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s 81:FB:CE:86:43:4F:1D:A0:62:CC:75:15:3D:3A:26:CF:B8:BD:FF:74 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s b6:e8:7c:ed:ff:a4:15:b0:bf:0e:c1:71:bb:8c:c5:7d:f3:3d: 386s 79:5e:04:d5:d2:03:ab:3c:c0:86:30:3e:35:84:81:48:9a:f1: 386s bd:4b:6f:55:c4:af:43:56:96:c1:03:93:63:b0:fd:69:3c:64: 386s d1:31:0a:1f:87:ba:27:c8:8d:f8:1e:db:cd:12:ec:a7:0e:9e: 386s 1a:72:14:09:e0:1c:88:0c:30:08:90:44:9c:87:02:32:c2:14: 386s 3d:f7:ad:df:4b:f5:14:bc:4c:3d:40:a9:ca:86:61:f7:b5:d1: 386s 4e:0e:bd:b8:47:80:10:83:78:af:eb:28:a9:70:29:72:f6:43: 386s a4:ee 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-BRZvMt/SSSD-child-18432-auth.pem 386s 386s Test completed, Root CA and intermediate issued certificates verified! 386s + found_md5=Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF 386s + '[' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF '!=' Modulus=D277213EDD80280EB3E502852B0B557057D41EA840921A5F60FB90BC55451D9129D707DF0F56804ABA3693DCF1FDCEF35120705B5F47E1056AF3DCB598AEB1DC9DE95374EBC66C86C6C325C29ECD1E561F39A490013F5614080E3414C2831FF0E5713DD74F96B6288CFC1AD26D350D9CE38C7D02A9893E9F7813CBC97E6418DF ']' 386s + set +x 387s autopkgtest [19:39:21]: test sssd-softhism2-certificates-tests.sh: -----------------------] 387s autopkgtest [19:39:21]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 387s sssd-softhism2-certificates-tests.sh PASS 388s autopkgtest [19:39:22]: test sssd-smart-card-pam-auth-configs: preparing testbed 388s Reading package lists... 388s Building dependency tree... 388s Reading state information... 388s Starting pkgProblemResolver with broken count: 0 388s Starting 2 pkgProblemResolver with broken count: 0 388s Done 388s The following NEW packages will be installed: 388s pamtester 388s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 388s Need to get 12.2 kB of archives. 388s After this operation, 36.9 kB of additional disk space will be used. 388s Get:1 http://ftpmaster.internal/ubuntu plucky/universe s390x pamtester s390x 0.1.2-4 [12.2 kB] 389s Fetched 12.2 kB in 0s (70.7 kB/s) 389s Selecting previously unselected package pamtester. 389s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 56911 files and directories currently installed.) 389s Preparing to unpack .../pamtester_0.1.2-4_s390x.deb ... 389s Unpacking pamtester (0.1.2-4) ... 389s Setting up pamtester (0.1.2-4) ... 389s Processing triggers for man-db (2.13.0-1) ... 390s autopkgtest [19:39:24]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 390s autopkgtest [19:39:24]: test sssd-smart-card-pam-auth-configs: [----------------------- 390s + '[' -z ubuntu ']' 390s + export DEBIAN_FRONTEND=noninteractive 390s + DEBIAN_FRONTEND=noninteractive 390s + required_tools=(pamtester softhsm2-util sssd) 390s + [[ ! -v OFFLINE_MODE ]] 390s + for cmd in "${required_tools[@]}" 390s + command -v pamtester 390s + for cmd in "${required_tools[@]}" 390s + command -v softhsm2-util 390s + for cmd in "${required_tools[@]}" 390s + command -v sssd 390s + PIN=123456 390s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 390s + tmpdir=/tmp/sssd-softhsm2-certs-Gfh8aM 390s + backupsdir= 390s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 390s + declare -a restore_paths 390s + declare -a delete_paths 390s + trap handle_exit EXIT 390s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 390s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 390s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 390s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 390s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-Gfh8aM GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 390s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-Gfh8aM 390s + GENERATE_SMART_CARDS=1 390s + KEEP_TEMPORARY_FILES=1 390s + NO_SSSD_TESTS=1 390s + bash debian/tests/sssd-softhism2-certificates-tests.sh 390s + '[' -z ubuntu ']' 390s + required_tools=(p11tool openssl softhsm2-util) 390s + for cmd in "${required_tools[@]}" 390s + command -v p11tool 390s + for cmd in "${required_tools[@]}" 390s + command -v openssl 390s + for cmd in "${required_tools[@]}" 390s + command -v softhsm2-util 390s + PIN=123456 390s +++ find /usr/lib/softhsm/libsofthsm2.so 390s +++ head -n 1 390s ++ realpath /usr/lib/softhsm/libsofthsm2.so 390s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 390s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 390s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 390s + '[' '!' -v NO_SSSD_TESTS ']' 390s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 390s + tmpdir=/tmp/sssd-softhsm2-certs-Gfh8aM 390s + keys_size=1024 390s + [[ ! -v KEEP_TEMPORARY_FILES ]] 390s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 390s + echo -n 01 390s + touch /tmp/sssd-softhsm2-certs-Gfh8aM/index.txt 390s + mkdir -p /tmp/sssd-softhsm2-certs-Gfh8aM/new_certs 390s + cat 390s + root_ca_key_pass=pass:random-root-CA-password-29580 390s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-key.pem -passout pass:random-root-CA-password-29580 1024 390s + openssl req -passin pass:random-root-CA-password-29580 -batch -config /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.pem 390s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.pem 390s + cat 390s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-26493 390s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-26493 1024 390s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-26493 -config /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-29580 -sha256 -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-certificate-request.pem 390s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-certificate-request.pem 390s Certificate Request: 390s Data: 390s Version: 1 (0x0) 390s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 390s Subject Public Key Info: 390s Public Key Algorithm: rsaEncryption 390s Public-Key: (1024 bit) 390s Modulus: 390s 00:d6:ea:6e:14:06:9b:5e:3b:7c:b0:ce:2b:b7:70: 390s 17:c6:00:9d:f7:0f:29:5f:58:f0:48:92:fc:ed:94: 390s bf:5d:e2:5a:80:45:c1:77:41:5b:da:e2:15:2f:25: 390s 5a:1f:df:f4:95:37:cd:0d:18:17:dd:6e:1d:f2:87: 390s f5:a0:89:b9:d6:95:0c:90:c0:35:b4:74:4a:54:a3: 390s f4:f7:08:de:27:a6:34:f2:8c:ad:5c:6f:c8:1a:0d: 390s 37:21:b8:fd:40:27:ad:f8:f1:4e:e0:88:2a:45:0e: 390s 4f:33:63:d4:94:c8:38:4b:5a:db:5c:25:c6:0f:e6: 390s 8a:70:3f:05:df:eb:c7:2f:19 390s Exponent: 65537 (0x10001) 390s Attributes: 390s (none) 390s Requested Extensions: 390s Signature Algorithm: sha256WithRSAEncryption 390s Signature Value: 390s 84:a4:0c:17:0e:26:8b:e5:d8:93:bf:0e:c4:9c:4e:ed:8f:1e: 390s fa:a3:88:85:a2:e6:c4:22:24:cc:81:bb:57:6c:eb:74:ec:33: 390s 75:19:23:84:ba:bc:38:c9:22:02:e9:69:f8:55:f8:b3:cd:fe: 390s 02:26:91:90:47:4c:df:79:43:d0:85:07:f8:38:fe:19:88:59: 390s a9:07:5d:a7:e7:13:dd:92:d0:c0:2d:16:a9:4a:f3:b5:fc:f3: 390s d2:fc:b4:10:54:fe:d5:b9:66:24:ee:dc:9d:20:06:3b:eb:29: 390s bc:b1:87:a0:68:d2:c0:0f:61:47:11:6a:ec:0b:e4:b7:f6:e1: 390s 31:f1 390s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.config -passin pass:random-root-CA-password-29580 -keyfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem 390s Using configuration from /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.config 390s Check that the request matches the signature 390s Signature ok 390s Certificate Details: 390s Serial Number: 1 (0x1) 390s Validity 390s Not Before: Mar 15 19:39:24 2025 GMT 390s Not After : Mar 15 19:39:24 2026 GMT 390s Subject: 390s organizationName = Test Organization 390s organizationalUnitName = Test Organization Unit 390s commonName = Test Organization Intermediate CA 390s X509v3 extensions: 390s X509v3 Subject Key Identifier: 390s 74:42:45:7C:15:BA:7F:31:CA:51:6E:35:62:4A:A2:C6:96:12:62:6C 390s X509v3 Authority Key Identifier: 390s keyid:98:A7:04:0C:AD:FD:4A:38:14:F1:C3:02:A5:22:F9:90:A3:D2:04:9E 390s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 390s serial:00 390s X509v3 Basic Constraints: 390s CA:TRUE 390s X509v3 Key Usage: critical 390s Digital Signature, Certificate Sign, CRL Sign 390s Certificate is to be certified until Mar 15 19:39:24 2026 GMT (365 days) 390s 390s Write out database with 1 new entries 390s Database updated 390s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem 390s /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem: OK 390s + cat 390s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-16862 390s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-16862 1024 390s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-16862 -config /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-26493 -sha256 -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-certificate-request.pem 390s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-certificate-request.pem 390s Certificate Request: 390s Data: 390s Version: 1 (0x0) 390s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 390s Subject Public Key Info: 390s Public Key Algorithm: rsaEncryption 390s Public-Key: (1024 bit) 390s Modulus: 390s 00:c3:c0:69:f3:f8:7b:23:ce:59:2a:3d:51:64:c5: 390s 9b:07:af:9c:82:20:8f:a0:aa:f1:4c:47:6f:c9:33: 390s b4:4a:4d:1b:bc:9d:a6:fa:9a:48:f6:64:44:ad:e5: 390s b0:b6:56:39:fb:00:15:ad:e5:1d:d0:82:b4:30:fa: 390s dc:2d:75:9b:4a:bd:08:4f:59:7e:f3:82:11:05:f2: 390s 53:27:7e:c6:4e:bc:bd:96:eb:6a:66:5e:d3:27:29: 390s 9c:ec:89:b7:df:ac:cd:a0:73:5a:bd:9b:ac:c5:71: 390s 72:ab:8b:c7:86:34:1e:5a:fb:cf:7e:7e:dd:8b:20: 390s 97:1c:b9:5f:7d:4b:84:90:05 390s Exponent: 65537 (0x10001) 390s Attributes: 390s (none) 390s Requested Extensions: 390s Signature Algorithm: sha256WithRSAEncryption 390s Signature Value: 390s 8d:dd:0e:eb:32:cc:9c:59:db:b0:61:80:ab:5d:3c:84:84:e3: 390s 82:23:fc:ee:5e:68:ac:d4:e0:cd:88:02:50:69:ef:dc:a1:80: 390s 7f:07:15:37:67:84:bc:7a:f0:d2:5a:17:cf:68:7b:1c:c2:3f: 390s 8b:de:ec:6f:45:5a:19:9b:6e:db:da:0b:09:5c:70:ac:c4:9a: 390s 3e:93:60:bf:fe:4e:a9:62:26:14:02:16:69:c6:5f:1e:c8:44: 390s 76:9d:c9:1a:7a:b5:f1:2d:a7:12:8a:af:ad:e9:93:0b:8d:5d: 390s 12:c7:c7:3e:05:5f:e6:0a:6d:85:15:01:e1:da:8f:da:bd:44: 390s d4:3a 390s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-26493 -keyfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem 390s Using configuration from /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.config 390s Check that the request matches the signature 390s Signature ok 390s Certificate Details: 390s Serial Number: 2 (0x2) 390s Validity 390s Not Before: Mar 15 19:39:24 2025 GMT 390s Not After : Mar 15 19:39:24 2026 GMT 390s Subject: 390s organizationName = Test Organization 390s organizationalUnitName = Test Organization Unit 390s commonName = Test Organization Sub Intermediate CA 390s X509v3 extensions: 390s X509v3 Subject Key Identifier: 390s AC:D3:72:AC:CD:09:2C:A4:02:5D:64:92:92:DF:0E:8A:8D:F6:27:3F 390s X509v3 Authority Key Identifier: 390s keyid:74:42:45:7C:15:BA:7F:31:CA:51:6E:35:62:4A:A2:C6:96:12:62:6C 390s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 390s serial:01 390s X509v3 Basic Constraints: 390s CA:TRUE 390s X509v3 Key Usage: critical 390s Digital Signature, Certificate Sign, CRL Sign 390s Certificate is to be certified until Mar 15 19:39:24 2026 GMT (365 days) 390s 390s Write out database with 1 new entries 390s Database updated 390s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem 390s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem 390s /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem: OK 390s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem 390s + local cmd=openssl 390s + shift 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem 390s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 390s error 20 at 0 depth lookup: unable to get local issuer certificate 390s error /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem: verification failed 390s + cat 390s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-12631 390s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-12631 1024 390s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-12631 -key /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001-request.pem 390s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001-request.pem 390s Certificate Request: 390s Data: 390s Version: 1 (0x0) 390s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 390s Subject Public Key Info: 390s Public Key Algorithm: rsaEncryption 390s Public-Key: (1024 bit) 390s Modulus: 390s 00:cb:83:a9:c6:9f:2b:60:eb:0d:f0:30:a9:5b:e4: 390s 29:2a:83:59:1d:f5:d8:61:88:8c:68:ed:1e:ad:bd: 390s 7b:51:72:80:fa:e1:8f:43:8b:2f:92:ab:bf:06:39: 390s 1d:3f:54:08:72:6e:22:c5:71:71:35:1e:d4:d7:94: 390s e4:86:93:63:92:6d:b5:ed:e5:2e:43:ad:d2:59:59: 390s d2:2b:d1:4f:a3:d3:d3:31:c5:2d:f1:3a:29:92:7c: 390s c7:3a:dd:95:ef:23:c6:a3:2a:46:f8:e5:c5:bc:9f: 390s 04:ce:a6:68:b7:35:a2:08:8e:71:54:34:f7:1e:7d: 390s d3:2b:15:ef:d0:19:2e:b2:9f 390s Exponent: 65537 (0x10001) 390s Attributes: 390s Requested Extensions: 390s X509v3 Basic Constraints: 390s CA:FALSE 390s Netscape Cert Type: 390s SSL Client, S/MIME 390s Netscape Comment: 390s Test Organization Root CA trusted Certificate 390s X509v3 Subject Key Identifier: 390s E8:A0:48:02:A9:67:A9:37:DC:28:7F:A1:3C:3D:F9:98:02:C7:C5:3D 390s X509v3 Key Usage: critical 390s Digital Signature, Non Repudiation, Key Encipherment 390s X509v3 Extended Key Usage: 390s TLS Web Client Authentication, E-mail Protection 390s X509v3 Subject Alternative Name: 390s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 390s Signature Algorithm: sha256WithRSAEncryption 390s Signature Value: 390s 61:67:2b:ab:93:f2:72:77:13:6a:db:f4:e7:87:45:26:4a:b2: 390s 4c:95:48:a7:b0:e1:92:c0:6c:b1:18:f2:bc:a1:12:28:de:c9: 390s 27:c7:d2:97:f6:d9:6a:9b:0e:24:22:b1:25:30:03:fd:0f:04: 390s 28:9d:24:66:21:8e:f3:1e:90:55:46:7a:78:c3:5c:c5:a2:0e: 390s 83:68:12:4c:06:d4:47:14:f2:78:16:d0:29:fe:7c:db:cb:49: 390s ca:47:1c:7c:3c:3d:40:61:3c:53:ec:7c:47:d2:04:ac:53:5f: 390s 53:5e:dc:88:c3:05:8e:40:4b:27:ed:cd:13:31:13:38:18:5f: 390s 02:99 390s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.config -passin pass:random-root-CA-password-29580 -keyfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem 390s Using configuration from /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.config 390s Check that the request matches the signature 390s Signature ok 390s Certificate Details: 390s Serial Number: 3 (0x3) 390s Validity 390s Not Before: Mar 15 19:39:24 2025 GMT 390s Not After : Mar 15 19:39:24 2026 GMT 390s Subject: 390s organizationName = Test Organization 390s organizationalUnitName = Test Organization Unit 390s commonName = Test Organization Root Trusted Certificate 0001 390s X509v3 extensions: 390s X509v3 Authority Key Identifier: 390s 98:A7:04:0C:AD:FD:4A:38:14:F1:C3:02:A5:22:F9:90:A3:D2:04:9E 390s X509v3 Basic Constraints: 390s CA:FALSE 390s Netscape Cert Type: 390s SSL Client, S/MIME 390s Netscape Comment: 390s Test Organization Root CA trusted Certificate 390s X509v3 Subject Key Identifier: 390s E8:A0:48:02:A9:67:A9:37:DC:28:7F:A1:3C:3D:F9:98:02:C7:C5:3D 390s X509v3 Key Usage: critical 390s Digital Signature, Non Repudiation, Key Encipherment 390s X509v3 Extended Key Usage: 390s TLS Web Client Authentication, E-mail Protection 390s X509v3 Subject Alternative Name: 390s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 390s Certificate is to be certified until Mar 15 19:39:24 2026 GMT (365 days) 390s 390s Write out database with 1 new entries 390s Database updated 390s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem 390s /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem: OK 390s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem 390s + local cmd=openssl 390s + shift 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem 390s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 390s error 20 at 0 depth lookup: unable to get local issuer certificate 390s error /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem: verification failed 390s + cat 390s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-16595 390s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-16595 1024 390s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-16595 -key /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001-request.pem 390s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001-request.pem 390s Certificate Request: 390s Data: 390s Version: 1 (0x0) 390s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 390s Subject Public Key Info: 390s Public Key Algorithm: rsaEncryption 390s Public-Key: (1024 bit) 390s Modulus: 390s 00:aa:71:6c:e6:8f:49:03:8e:25:ea:d5:32:e7:30: 390s 20:bb:52:85:36:97:5a:d9:8e:0d:3a:11:ad:6b:66: 390s ad:f8:65:96:5e:82:c4:01:38:8f:9a:a3:17:60:73: 390s 18:ab:db:d3:1d:66:c0:04:72:4c:2a:91:02:b0:d1: 390s 2e:b9:98:f9:21:d6:5c:c6:d8:dd:fb:8b:61:47:4a: 390s 46:25:95:d9:2e:ca:c8:1a:94:13:f0:52:6d:a2:64: 390s 32:f0:7c:d6:7b:47:1a:b1:5b:aa:83:76:13:7f:bc: 390s 44:f1:ae:77:9a:83:0d:78:fe:75:f9:dc:44:18:16: 390s 0d:80:44:9f:8b:19:0a:2f:41 390s Exponent: 65537 (0x10001) 390s Attributes: 390s Requested Extensions: 390s X509v3 Basic Constraints: 390s CA:FALSE 390s Netscape Cert Type: 390s SSL Client, S/MIME 390s Netscape Comment: 390s Test Organization Intermediate CA trusted Certificate 390s X509v3 Subject Key Identifier: 390s 13:C4:91:72:AF:E8:21:AD:21:FA:1E:E8:48:64:6C:21:00:7D:5E:68 390s X509v3 Key Usage: critical 390s Digital Signature, Non Repudiation, Key Encipherment 390s X509v3 Extended Key Usage: 390s TLS Web Client Authentication, E-mail Protection 390s X509v3 Subject Alternative Name: 390s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 390s Signature Algorithm: sha256WithRSAEncryption 390s Signature Value: 390s 4f:a6:32:20:0e:84:80:70:cb:e7:db:9f:12:58:9e:77:8f:03: 390s 80:dd:7c:45:e2:ff:6a:8f:7e:90:2a:55:b2:21:07:a9:fa:d6: 390s 06:68:1e:dc:89:5f:75:ae:38:b4:6c:99:9f:93:20:90:de:26: 390s 12:20:eb:53:8c:e9:88:6e:43:ab:47:90:9b:88:11:7a:bc:0f: 390s ac:7b:e4:b5:db:11:2b:23:fd:b1:6d:b4:3b:1b:3e:e0:af:89: 390s 21:16:1d:4d:0c:cf:c8:c8:42:9f:dd:fd:1d:b2:15:f4:95:44: 390s f8:8b:f7:2a:8d:1b:28:96:d1:5b:be:8e:e6:e6:74:a9:ac:35: 390s 82:c0 390s + openssl ca -passin pass:random-intermediate-CA-password-26493 -config /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem 390s Using configuration from /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.config 390s Check that the request matches the signature 390s Signature ok 390s Certificate Details: 390s Serial Number: 4 (0x4) 390s Validity 390s Not Before: Mar 15 19:39:24 2025 GMT 390s Not After : Mar 15 19:39:24 2026 GMT 390s Subject: 390s organizationName = Test Organization 390s organizationalUnitName = Test Organization Unit 390s commonName = Test Organization Intermediate Trusted Certificate 0001 390s X509v3 extensions: 390s X509v3 Authority Key Identifier: 390s 74:42:45:7C:15:BA:7F:31:CA:51:6E:35:62:4A:A2:C6:96:12:62:6C 390s X509v3 Basic Constraints: 390s CA:FALSE 390s Netscape Cert Type: 390s SSL Client, S/MIME 390s Netscape Comment: 390s Test Organization Intermediate CA trusted Certificate 390s X509v3 Subject Key Identifier: 390s 13:C4:91:72:AF:E8:21:AD:21:FA:1E:E8:48:64:6C:21:00:7D:5E:68 390s X509v3 Key Usage: critical 390s Digital Signature, Non Repudiation, Key Encipherment 390s X509v3 Extended Key Usage: 390s TLS Web Client Authentication, E-mail Protection 390s X509v3 Subject Alternative Name: 390s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 390s Certificate is to be certified until Mar 15 19:39:24 2026 GMT (365 days) 390s 390s Write out database with 1 new entries 390s Database updated 390s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem 390s This certificate should not be trusted fully 390s + echo 'This certificate should not be trusted fully' 390s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem 390s + local cmd=openssl 390s + shift 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem 390s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 390s error 2 at 1 depth lookup: unable to get issuer certificate 390s error /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 390s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem 390s + cat 390s /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem: OK 390s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31191 390s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-31191 1024 390s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-31191 -key /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 390s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 390s Certificate Request: 390s Data: 390s Version: 1 (0x0) 390s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 390s Subject Public Key Info: 390s Public Key Algorithm: rsaEncryption 390s Public-Key: (1024 bit) 390s Modulus: 390s 00:b6:c1:da:46:4a:9d:9a:23:51:c6:3a:26:97:08: 390s b3:65:ed:20:67:f2:92:5f:b6:8d:54:1b:91:93:28: 390s a2:de:0e:e5:62:fc:86:a6:f1:5c:fe:bb:93:65:9f: 390s 1d:8d:6a:35:d7:94:f9:ca:2f:04:5c:57:99:1c:c5: 390s 03:01:b9:53:f1:c7:34:a3:1d:56:25:9b:5a:5b:76: 390s 7f:88:01:1d:c3:f0:7e:af:20:20:06:ff:0e:ff:3b: 390s 1a:d4:35:d1:3f:52:db:9a:eb:37:83:58:1f:39:28: 390s 5c:f2:33:be:73:55:11:9b:bf:0e:62:b2:d8:fb:60: 390s 5e:b9:e3:9e:4b:34:cb:2a:59 390s Exponent: 65537 (0x10001) 390s Attributes: 390s Requested Extensions: 390s X509v3 Basic Constraints: 390s CA:FALSE 390s Netscape Cert Type: 390s SSL Client, S/MIME 390s Netscape Comment: 390s Test Organization Sub Intermediate CA trusted Certificate 390s X509v3 Subject Key Identifier: 390s 1B:ED:87:40:69:8E:AF:70:7E:38:62:A3:07:8A:C9:F9:49:67:D1:0E 390s X509v3 Key Usage: critical 390s Digital Signature, Non Repudiation, Key Encipherment 390s X509v3 Extended Key Usage: 390s TLS Web Client Authentication, E-mail Protection 390s X509v3 Subject Alternative Name: 390s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 390s Signature Algorithm: sha256WithRSAEncryption 390s Signature Value: 390s 71:11:0a:7e:87:3c:d4:a2:21:03:37:df:e0:eb:3b:41:7f:4c: 390s af:b3:00:f2:69:3d:fd:fe:f3:77:4f:3b:dd:07:51:71:89:20: 390s e7:28:c3:9c:28:45:70:df:e2:14:f2:cc:3d:bf:49:51:92:a8: 390s 4b:c3:eb:0d:01:ca:46:d5:bb:d7:d2:cc:b5:1e:ca:48:27:46: 390s 2f:f5:ca:89:be:d0:4f:a9:80:6d:c3:11:8b:a0:1f:b8:cb:78: 390s 94:d7:69:5d:f9:3d:5d:aa:cc:73:5a:16:9f:18:34:7e:5f:5f: 390s ce:03:ac:be:44:79:01:ed:ca:22:6b:10:ce:8b:85:57:b4:e3: 390s d1:3b 390s + openssl ca -passin pass:random-sub-intermediate-CA-password-16862 -config /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 390s Using configuration from /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.config 390s Check that the request matches the signature 390s Signature ok 390s Certificate Details: 390s Serial Number: 5 (0x5) 390s Validity 390s Not Before: Mar 15 19:39:24 2025 GMT 390s Not After : Mar 15 19:39:24 2026 GMT 390s Subject: 390s organizationName = Test Organization 390s organizationalUnitName = Test Organization Unit 390s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 390s X509v3 extensions: 390s X509v3 Authority Key Identifier: 390s AC:D3:72:AC:CD:09:2C:A4:02:5D:64:92:92:DF:0E:8A:8D:F6:27:3F 390s X509v3 Basic Constraints: 390s CA:FALSE 390s Netscape Cert Type: 390s SSL Client, S/MIME 390s Netscape Comment: 390s Test Organization Sub Intermediate CA trusted Certificate 390s X509v3 Subject Key Identifier: 390s 1B:ED:87:40:69:8E:AF:70:7E:38:62:A3:07:8A:C9:F9:49:67:D1:0E 390s X509v3 Key Usage: critical 390s Digital Signature, Non Repudiation, Key Encipherment 390s X509v3 Extended Key Usage: 390s TLS Web Client Authentication, E-mail Protection 390s X509v3 Subject Alternative Name: 390s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 390s Certificate is to be certified until Mar 15 19:39:24 2026 GMT (365 days) 390s 390s Write out database with 1 new entries 390s Database updated 390s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 390s + echo 'This certificate should not be trusted fully' 390s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 390s This certificate should not be trusted fully 390s + local cmd=openssl 390s + shift 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 390s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 390s error 2 at 1 depth lookup: unable to get issuer certificate 390s error /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 390s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 390s + local cmd=openssl 390s + shift 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 390s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 390s error 20 at 0 depth lookup: unable to get local issuer certificate 390s error /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 390s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 390s /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 390s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 390s + local cmd=openssl 390s + shift 390s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 390s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 390s error 20 at 0 depth lookup: unable to get local issuer certificate 390s error /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 390s + echo 'Building a the full-chain CA file...' 390s + cat /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem 390s Building a the full-chain CA file... 390s + cat /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem 390s + cat /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem 390s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem 390s + openssl pkcs7 -print_certs -noout 390s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 390s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 390s 390s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 390s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 390s 390s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 390s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 390s 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem 390s /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA.pem: OK 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem 390s /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem: OK 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem 390s /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem: OK 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-intermediate-chain-CA.pem 390s /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-intermediate-chain-CA.pem: OK 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 390s /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 390s Certificates generation completed! 390s + echo 'Certificates generation completed!' 390s + [[ -v NO_SSSD_TESTS ]] 390s + [[ -v GENERATE_SMART_CARDS ]] 390s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-12631 390s + local certificate=/tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem 390s + local key_pass=pass:random-root-ca-trusted-cert-0001-12631 390s + local key_cn 390s + local key_name 390s + local tokens_dir 390s + local output_cert_file 390s + token_name= 390s ++ basename /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem .pem 390s + key_name=test-root-CA-trusted-certificate-0001 391s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem 391s ++ sed -n 's/ *commonName *= //p' 391s + key_cn='Test Organization Root Trusted Certificate 0001' 391s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 391s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-root-CA-trusted-certificate-0001.conf 391s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-root-CA-trusted-certificate-0001.conf 391s ++ basename /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 391s + tokens_dir=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-root-CA-trusted-certificate-0001 391s + token_name='Test Organization Root Tr Token' 391s + '[' '!' -e /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 391s + local key_file 391s + local decrypted_key 391s + mkdir -p /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-root-CA-trusted-certificate-0001 391s + key_file=/tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001-key.pem 391s + decrypted_key=/tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001-key-decrypted.pem 391s + cat 391s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 391s Slot 0 has a free/uninitialized token. 391s The token has been initialized and is reassigned to slot 112371596 391s + softhsm2-util --show-slots 391s Available slots: 391s Slot 112371596 391s Slot info: 391s Description: SoftHSM slot ID 0x6b2a78c 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: 3e3f052606b2a78c 391s Initialized: yes 391s User PIN init.: yes 391s Label: Test Organization Root Tr Token 391s Slot 1 391s Slot info: 391s Description: SoftHSM slot ID 0x1 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: 391s Initialized: no 391s User PIN init.: no 391s Label: 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 391s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-12631 -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001-key-decrypted.pem 391s writing RSA key 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 391s + rm /tmp/sssd-softhsm2-certs-Gfh8aM/test-root-CA-trusted-certificate-0001-key-decrypted.pem 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 391s Object 0: 391s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3e3f052606b2a78c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 391s Type: X.509 Certificate (RSA-1024) 391s Expires: Sun Mar 15 19:39:24 2026 391s Label: Test Organization Root Trusted Certificate 0001 391s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 391s 391s + echo 'Test Organization Root Tr Token' 391s Test Organization Root Tr Token 391s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-16595 391s + local certificate=/tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem 391s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-16595 391s + local key_cn 391s + local key_name 391s + local tokens_dir 391s + local output_cert_file 391s + token_name= 391s ++ basename /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem .pem 391s + key_name=test-intermediate-CA-trusted-certificate-0001 391s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem 391s ++ sed -n 's/ *commonName *= //p' 391s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 391s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 391s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 391s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 391s ++ basename /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 391s + tokens_dir=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-intermediate-CA-trusted-certificate-0001 391s + token_name='Test Organization Interme Token' 391s + '[' '!' -e /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 391s + local key_file 391s + local decrypted_key 391s + mkdir -p /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-intermediate-CA-trusted-certificate-0001 391s + key_file=/tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001-key.pem 391s + decrypted_key=/tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s + cat 391s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 391s Slot 0 has a free/uninitialized token. 391s The token has been initialized and is reassigned to slot 1142129474 391s + softhsm2-util --show-slots 391s Available slots: 391s Slot 1142129474 391s Slot info: 391s Description: SoftHSM slot ID 0x44138342 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: cf78d7a444138342 391s Initialized: yes 391s User PIN init.: yes 391s Label: Test Organization Interme Token 391s Slot 1 391s Slot info: 391s Description: SoftHSM slot ID 0x1 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: 391s Initialized: no 391s User PIN init.: no 391s Label: 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 391s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-16595 -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s writing RSA key 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 391s + rm /tmp/sssd-softhsm2-certs-Gfh8aM/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 391s Object 0: 391s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=cf78d7a444138342;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 391s Type: X.509 Certificate (RSA-1024) 391s Expires: Sun Mar 15 19:39:24 2026 391s Label: Test Organization Intermediate Trusted Certificate 0001 391s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 391s 391s Test Organization Interme Token 391s + echo 'Test Organization Interme Token' 391s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-31191 391s + local certificate=/tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-31191 391s + local key_cn 391s + local key_name 391s + local tokens_dir 391s + local output_cert_file 391s + token_name= 391s ++ basename /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 391s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 391s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s ++ sed -n 's/ *commonName *= //p' 391s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 391s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 391s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 391s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 391s ++ basename /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 391s + tokens_dir=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 391s + token_name='Test Organization Sub Int Token' 391s + '[' '!' -e /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 391s + local key_file 391s + local decrypted_key 391s + mkdir -p /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 391s + key_file=/tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 391s + decrypted_key=/tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s + cat 391s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 391s + softhsm2-util --show-slots 391s Slot 0 has a free/uninitialized token. 391s The token has been initialized and is reassigned to slot 1377410845 391s Available slots: 391s Slot 1377410845 391s Slot info: 391s Description: SoftHSM slot ID 0x52199f1d 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: 02e8094fd2199f1d 391s Initialized: yes 391s User PIN init.: yes 391s Label: Test Organization Sub Int Token 391s Slot 1 391s Slot info: 391s Description: SoftHSM slot ID 0x1 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: 391s Initialized: no 391s User PIN init.: no 391s Label: 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 391s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-31191 -in /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s writing RSA key 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 391s + rm /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 391s Object 0: 391s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=02e8094fd2199f1d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 391s Type: X.509 Certificate (RSA-1024) 391s Expires: Sun Mar 15 19:39:24 2026 391s Label: Test Organization Sub Intermediate Trusted Certificate 0001 391s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 391s 391s Test Organization Sub Int Token 391s Certificates generation completed! 391s + echo 'Test Organization Sub Int Token' 391s + echo 'Certificates generation completed!' 391s + exit 0 391s + find /tmp/sssd-softhsm2-certs-Gfh8aM -type d -exec chmod 777 '{}' ';' 391s + find /tmp/sssd-softhsm2-certs-Gfh8aM -type f -exec chmod 666 '{}' ';' 391s + backup_file /etc/sssd/sssd.conf 391s + '[' -z '' ']' 391s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 391s + backupsdir=/tmp/sssd-softhsm2-backups-C90agf 391s + '[' -e /etc/sssd/sssd.conf ']' 391s + delete_paths+=("$1") 391s + rm -f /etc/sssd/sssd.conf 391s ++ runuser -u ubuntu -- sh -c 'echo ~' 391s + user_home=/home/ubuntu 391s + mkdir -p /home/ubuntu 391s + chown ubuntu:ubuntu /home/ubuntu 391s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 391s + user_config=/home/ubuntu/.config 391s + system_config=/etc 391s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 391s + for path_pair in "${softhsm2_conf_paths[@]}" 391s + IFS=: 391s + read -r -a path 391s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 391s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 391s + '[' -z /tmp/sssd-softhsm2-backups-C90agf ']' 391s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 391s + delete_paths+=("$1") 391s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 391s + for path_pair in "${softhsm2_conf_paths[@]}" 391s + IFS=: 391s + read -r -a path 391s + path=/etc/softhsm/softhsm2.conf 391s + backup_file /etc/softhsm/softhsm2.conf 391s + '[' -z /tmp/sssd-softhsm2-backups-C90agf ']' 391s + '[' -e /etc/softhsm/softhsm2.conf ']' 391s ++ dirname /etc/softhsm/softhsm2.conf 391s + local back_dir=/tmp/sssd-softhsm2-backups-C90agf//etc/softhsm 391s ++ basename /etc/softhsm/softhsm2.conf 391s + local back_path=/tmp/sssd-softhsm2-backups-C90agf//etc/softhsm/softhsm2.conf 391s + '[' '!' -e /tmp/sssd-softhsm2-backups-C90agf//etc/softhsm/softhsm2.conf ']' 391s + mkdir -p /tmp/sssd-softhsm2-backups-C90agf//etc/softhsm 391s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-C90agf//etc/softhsm/softhsm2.conf 391s + restore_paths+=("$back_path") 391s + rm -f /etc/softhsm/softhsm2.conf 391s + test_authentication login /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem 391s + pam_service=login 391s + certificate_config=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-root-CA-trusted-certificate-0001.conf 391s + ca_db=/tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem 391s + verification_options= 391s + mkdir -p -m 700 /etc/sssd 391s Using CA DB '/tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem' with verification options: '' 391s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 391s + cat 391s + chmod 600 /etc/sssd/sssd.conf 391s + for path_pair in "${softhsm2_conf_paths[@]}" 391s + IFS=: 391s + read -r -a path 391s + user=ubuntu 391s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 391s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 391s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 391s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 391s + runuser -u ubuntu -- softhsm2-util --show-slots 391s + grep 'Test Organization' 391s Label: Test Organization Root Tr Token 391s + for path_pair in "${softhsm2_conf_paths[@]}" 391s + IFS=: 391s + read -r -a path 391s + user=root 391s + path=/etc/softhsm/softhsm2.conf 391s ++ dirname /etc/softhsm/softhsm2.conf 391s + runuser -u root -- mkdir -p /etc/softhsm 391s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 391s + runuser -u root -- softhsm2-util --show-slots 391s + grep 'Test Organization' 391s Label: Test Organization Root Tr Token 391s + systemctl restart sssd 391s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 391s + for alternative in "${alternative_pam_configs[@]}" 391s + pam-auth-update --enable sss-smart-card-optional 391s + cat /etc/pam.d/common-auth 391s # 391s # /etc/pam.d/common-auth - authentication settings common to all services 391s # 391s # This file is included from other service-specific PAM config files, 391s # and should contain a list of the authentication modules that define 391s # the central authentication scheme for use on the system 391s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 391s # traditional Unix authentication mechanisms. 391s # 391s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 391s # To take advantage of this, it is recommended that you configure any 391s # local modules either before or after the default block, and use 391s # pam-auth-update to manage selection of other modules. See 391s # pam-auth-update(8) for details. 391s 391s # here are the per-package modules (the "Primary" block) 391s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 391s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 391s auth [success=1 default=ignore] pam_sss.so use_first_pass 391s # here's the fallback if no module succeeds 391s auth requisite pam_deny.so 391s # prime the stack with a positive return value if there isn't one already; 391s # this avoids us returning an error just because nothing sets a success code 391s # since the modules above will each just jump around 391s auth required pam_permit.so 391s # and here are more per-package modules (the "Additional" block) 391s auth optional pam_cap.so 391s # end of pam-auth-update config 391s + echo -n -e 123456 391s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 391s pamtester: invoking pam_start(login, ubuntu, ...) 391s pamtester: performing operation - authenticate 391s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 391s + echo -n -e 123456 391s + runuser -u ubuntu -- pamtester -v login '' authenticate 391s pamtester: invoking pam_start(login, , ...) 391s pamtester: performing operation - authenticate 391s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 391s + echo -n -e wrong123456 391s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 391s pamtester: invoking pam_start(login, ubuntu, ...) 391s pamtester: performing operation - authenticate 394s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 394s + echo -n -e wrong123456 394s + runuser -u ubuntu -- pamtester -v login '' authenticate 394s pamtester: invoking pam_start(login, , ...) 394s pamtester: performing operation - authenticate 397s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 397s + echo -n -e 123456 397s + pamtester -v login root authenticate 397s pamtester: invoking pam_start(login, root, ...) 397s pamtester: performing operation - authenticate 401s Password: pamtester: Authentication failure 401s + for alternative in "${alternative_pam_configs[@]}" 401s + pam-auth-update --enable sss-smart-card-required 401s PAM configuration 401s ----------------- 401s 401s Incompatible PAM profiles selected. 401s 401s The following PAM profiles cannot be used together: 401s 401s SSS required smart card authentication, SSS optional smart card 401s authentication 401s 401s Please select a different set of modules to enable. 401s 401s + cat /etc/pam.d/common-auth 401s # 401s # /etc/pam.d/common-auth - authentication settings common to all services 401s # 401s # This file is included from other service-specific PAM config files, 401s # and should contain a list of the authentication modules that define 401s # the central authentication scheme for use on the system 401s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 401s # traditional Unix authentication mechanisms. 401s # 401s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 401s # To take advantage of this, it is recommended that you configure any 401s # local modules either before or after the default block, and use 401s # pam-auth-update to manage selection of other modules. See 401s # pam-auth-update(8) for details. 401s 401s # here are the per-package modules (the "Primary" block) 401s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 401s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 401s auth [success=1 default=ignore] pam_sss.so use_first_pass 401s # here's the fallback if no module succeeds 401s auth requisite pam_deny.so 401s # prime the stack with a positive return value if there isn't one already; 401s # this avoids us returning an error just because nothing sets a success code 401s # since the modules above will each just jump around 401s auth required pam_permit.so 401s # and here are more per-package modules (the "Additional" block) 401s auth optional pam_cap.so 401s # end of pam-auth-update config 401s + echo -n -e 123456 401s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 401s pamtester: invoking pam_start(login, ubuntu, ...) 401s pamtester: performing operation - authenticate 401s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 401s pamtester: successfully authenticated 401s + echo -n -e 123456 401s + runuser -u ubuntu -- pamtester -v login '' authenticate 401s pamtester: invoking pam_start(login, , ...) 401s pamtester: performing operation - authenticate 401s PIN for Test Organization Root Tr Token: + echo -n -e wrong123456 401s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 401s pamtester: invoking pam_start(login, ubuntu, ...) 401s pamtester: performing operation - authenticate 404s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 404s + echo -n -e wrong123456 404s + runuser -u ubuntu -- pamtester -v login '' authenticate 404s pamtester: invoking pam_start(login, , ...) 404s pamtester: performing operation - authenticate 407s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 407s + echo -n -e 123456 407s + pamtester -v login root authenticate 407s pamtester: invoking pam_start(login, root, ...) 407s pamtester: performing operation - authenticate 411s pamtester: Authentication service cannot retrieve authentication info 411s + test_authentication login /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem 411s + pam_service=login 411s + certificate_config=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 411s + ca_db=/tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem 411s + verification_options= 411s + mkdir -p -m 700 /etc/sssd 411s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 411s + cat 411s Using CA DB '/tmp/sssd-softhsm2-certs-Gfh8aM/test-full-chain-CA.pem' with verification options: '' 411s + chmod 600 /etc/sssd/sssd.conf 411s + for path_pair in "${softhsm2_conf_paths[@]}" 411s + IFS=: 411s + read -r -a path 411s + user=ubuntu 411s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 411s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 411s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 411s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 411s + runuser -u ubuntu -- softhsm2-util --show-slots 411s + grep 'Test Organization' 411s + for path_pair in "${softhsm2_conf_paths[@]}" 411s + IFS=: 411s + read -r -a path 411s + user=root 411s + path=/etc/softhsm/softhsm2.conf 411s ++ dirname /etc/softhsm/softhsm2.conf 411s + runuser -u root -- mkdir -p /etc/softhsm 411s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 411s + runuser -u root -- softhsm2-util --show-slots 411s + grep 'Test Organization' 411s + systemctl restart sssd 411s Label: Test Organization Sub Int Token 411s Label: Test Organization Sub Int Token 411s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 412s + for alternative in "${alternative_pam_configs[@]}" 412s + pam-auth-update --enable sss-smart-card-optional 412s + cat /etc/pam.d/common-auth 412s # 412s # /etc/pam.d/common-auth - authentication settings common to all services 412s # 412s # This file is included from other service-specific PAM config files, 412s # and should contain a list of the authentication modules that define 412s # the central authentication scheme for use on the system 412s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 412s # traditional Unix authentication mechanisms. 412s # 412s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 412s # To take advantage of this, it is recommended that you configure any 412s # local modules either before or after the default block, and use 412s # pam-auth-update to manage selection of other modules. See 412s # pam-auth-update(8) for details. 412s 412s # here are the per-package modules (the "Primary" block) 412s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 412s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 412s auth [success=1 default=ignore] pam_sss.so use_first_pass 412s # here's the fallback if no module succeeds 412s auth requisite pam_deny.so 412s # prime the stack with a positive return value if there isn't one already; 412s # this avoids us returning an error just because nothing sets a success code 412s # since the modules above will each just jump around 412s auth required pam_permit.so 412s # and here are more per-package modules (the "Additional" block) 412s auth optional pam_cap.so 412s # end of pam-auth-update config 412s + echo -n -e 123456 412s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 412s pamtester: invoking pam_start(login, ubuntu, ...) 412s pamtester: performing operation - authenticate 412s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 412s + echo -n -e 123456 412s + runuser -u ubuntu -- pamtester -v login '' authenticate 412s pamtester: invoking pam_start(login, , ...) 412s pamtester: performing operation - authenticate 412s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 412s + echo -n -e wrong123456 412s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 412s pamtester: invoking pam_start(login, ubuntu, ...) 412s pamtester: performing operation - authenticate 415s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 415s + echo -n -e wrong123456 415s + runuser -u ubuntu -- pamtester -v login '' authenticate 415s pamtester: invoking pam_start(login, , ...) 415s pamtester: performing operation - authenticate 418s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 418s + echo -n -e 123456 418s + pamtester -v login root authenticate 418s pamtester: invoking pam_start(login, root, ...) 418s pamtester: performing operation - authenticate 422s Password: pamtester: Authentication failure 422s + for alternative in "${alternative_pam_configs[@]}" 422s + pam-auth-update --enable sss-smart-card-required 422s + cat /etc/pam.d/common-auth 422s PAM configuration 422s ----------------- 422s 422s Incompatible PAM profiles selected. 422s 422s The following PAM profiles cannot be used together: 422s 422s SSS required smart card authentication, SSS optional smart card 422s authentication 422s 422s Please select a different set of modules to enable. 422s 422s # 422s # /etc/pam.d/common-auth - authentication settings common to all services 422s # 422s # This file is included from other service-specific PAM config files, 422s # and should contain a list of the authentication modules that define 422s # the central authentication scheme for use on the system 422s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 422s # traditional Unix authentication mechanisms. 422s # 422s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 422s # To take advantage of this, it is recommended that you configure any 422s # local modules either before or after the default block, and use 422s # pam-auth-update to manage selection of other modules. See 422s # pam-auth-update(8) for details. 422s 422s # here are the per-package modules (the "Primary" block) 422s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 422s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 422s auth [success=1 default=ignore] pam_sss.so use_first_pass 422s # here's the fallback if no module succeeds 422s auth requisite pam_deny.so 422s # prime the stack with a positive return value if there isn't one already; 422s # this avoids us returning an error just because nothing sets a success code 422s # since the modules above will each just jump around 422s auth required pam_permit.so 422s # and here are more per-package modules (the "Additional" block) 422s auth optional pam_cap.so 422s # end of pam-auth-update config 422s + echo -n -e 123456 422s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 422s pamtester: invoking pam_start(login, ubuntu, ...) 422s pamtester: performing operation - authenticate 422s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 422s pamtester: successfully authenticated 422s + echo -n -e 123456 422s + runuser -u ubuntu -- pamtester -v login '' authenticate 422s pamtester: invoking pam_start(login, , ...) 422s pamtester: performing operation - authenticate 422s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 422s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 422s pamtester: invoking pam_start(login, ubuntu, ...) 422s pamtester: performing operation - authenticate 425s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 425s + echo -n -e wrong123456 425s + runuser -u ubuntu -- pamtester -v login '' authenticate 425s pamtester: invoking pam_start(login, , ...) 425s pamtester: performing operation - authenticate 428s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 428s + pamtester -v login root authenticate 428s + echo -n -e 123456 428s pamtester: invoking pam_start(login, root, ...) 428s pamtester: performing operation - authenticate 432s pamtester: Authentication service cannot retrieve authentication info 432s + test_authentication login /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem partial_chain 432s + pam_service=login 432s + certificate_config=/tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 432s + ca_db=/tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem 432s + verification_options=partial_chain 432s + mkdir -p -m 700 /etc/sssd 432s Using CA DB '/tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 432s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-Gfh8aM/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 432s + cat 432s + chmod 600 /etc/sssd/sssd.conf 432s + for path_pair in "${softhsm2_conf_paths[@]}" 432s + IFS=: 432s + read -r -a path 432s + user=ubuntu 432s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 432s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 432s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 432s Label: Test Organization Sub Int Token 432s Label: Test Organization Sub Int Token 432s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 432s + runuser -u ubuntu -- softhsm2-util --show-slots 432s + grep 'Test Organization' 432s + for path_pair in "${softhsm2_conf_paths[@]}" 432s + IFS=: 432s + read -r -a path 432s + user=root 432s + path=/etc/softhsm/softhsm2.conf 432s ++ dirname /etc/softhsm/softhsm2.conf 432s + runuser -u root -- mkdir -p /etc/softhsm 432s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-Gfh8aM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 432s + runuser -u root -- softhsm2-util --show-slots 432s + grep 'Test Organization' 432s + systemctl restart sssd 432s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 432s + for alternative in "${alternative_pam_configs[@]}" 432s + pam-auth-update --enable sss-smart-card-optional 432s # 432s # /etc/pam.d/common-auth - authentication settings common to all services 432s # 432s # This file is included from other service-specific PAM config files, 432s # and should contain a list of the authentication modules that define 432s # the central authentication scheme for use on the system 432s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 432s # traditional Unix authentication mechanisms. 432s # 432s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 432s # To take advantage of this, it is recommended that you configure any 432s # local modules either before or after the default block, and use 432s # pam-auth-update to manage selection of other modules. See 432s # pam-auth-update(8) for details. 432s 432s # here are the per-package modules (the "Primary" block) 432s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 432s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 432s auth [success=1 default=ignore] pam_sss.so use_first_pass 432s # here's the fallback if no module succeeds 432s auth requisite pam_deny.so 432s # prime the stack with a positive return value if there isn't one already; 432s # this avoids us returning an error just because nothing sets a success code 432s # since the modules above will each just jump around 432s auth required pam_permit.so 432s # and here are more per-package modules (the "Additional" block) 432s auth optional pam_cap.so 432s # end of pam-auth-update config 432s + cat /etc/pam.d/common-auth 432s + echo -n -e 123456 432s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 432s pamtester: invoking pam_start(login, ubuntu, ...) 432s pamtester: performing operation - authenticate 432s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 432s + echo -n -e 123456 432s + runuser -u ubuntu -- pamtester -v login '' authenticate 432s pamtester: invoking pam_start(login, , ...) 432s pamtester: performing operation - authenticate 432s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 432s + echo -n -e wrong123456 432s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 432s pamtester: invoking pam_start(login, ubuntu, ...) 432s pamtester: performing operation - authenticate 436s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 436s + echo -n -e wrong123456 436s + runuser -u ubuntu -- pamtester -v login '' authenticate 436s pamtester: invoking pam_start(login, , ...) 436s pamtester: performing operation - authenticate 439s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 439s + echo -n -e 123456 439s + pamtester -v login root authenticate 439s pamtester: invoking pam_start(login, root, ...) 439s pamtester: performing operation - authenticate 441s Password: pamtester: Authentication failure 441s + for alternative in "${alternative_pam_configs[@]}" 441s + pam-auth-update --enable sss-smart-card-required 441s PAM configuration 441s ----------------- 441s 441s Incompatible PAM profiles selected. 441s 441s The following PAM profiles cannot be used together: 441s 441s SSS required smart card authentication, SSS optional smart card 441s authentication 441s 441s Please select a different set of modules to enable. 441s 441s + cat /etc/pam.d/common-auth 441s # 441s # /etc/pam.d/common-auth - authentication settings common to all services 441s # 441s # This file is included from other service-specific PAM config files, 441s # and should contain a list of the authentication modules that define 441s # the central authentication scheme for use on the system 441s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 441s # traditional Unix authentication mechanisms. 441s # 441s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 441s # To take advantage of this, it is recommended that you configure any 441s # local modules either before or after the default block, and use 441s # pam-auth-update to manage selection of other modules. See 441s # pam-auth-update(8) for details. 441s 441s # here are the per-package modules (the "Primary" block) 441s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 441s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 441s auth [success=1 default=ignore] pam_sss.so use_first_pass 441s # here's the fallback if no module succeeds 441s auth requisite pam_deny.so 441s # prime the stack with a positive return value if there isn't one already; 441s # this avoids us returning an error just because nothing sets a success code 441s # since the modules above will each just jump around 441s auth required pam_permit.so 441s # and here are more per-package modules (the "Additional" block) 441s auth optional pam_cap.so 441s # end of pam-auth-update config 441s + echo -n -e 123456 441s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 441s pamtester: invoking pam_start(login, ubuntu, ...) 441s pamtester: performing operation - authenticate 441s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 441s pamtester: successfully authenticated 441s + echo -n -e 123456 441s + runuser -u ubuntu -- pamtester -v login '' authenticate 441s pamtester: invoking pam_start(login, , ...) 441s pamtester: performing operation - authenticate 441s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 441s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 441s pamtester: invoking pam_start(login, ubuntu, ...) 441s pamtester: performing operation - authenticate 444s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 444s + echo -n -e wrong123456 444s + runuser -u ubuntu -- pamtester -v login '' authenticate 444s pamtester: invoking pam_start(login, , ...) 444s pamtester: performing operation - authenticate 448s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 448s + echo -n -e 123456 448s + pamtester -v login root authenticate 448s pamtester: invoking pam_start(login, root, ...) 448s pamtester: performing operation - authenticate 450s pamtester: Authentication service cannot retrieve authentication info 450s + handle_exit 450s + exit_code=0 450s + restore_changes 450s + for path in "${restore_paths[@]}" 450s + local original_path 450s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-C90agf /tmp/sssd-softhsm2-backups-C90agf//etc/softhsm/softhsm2.conf 450s + original_path=/etc/softhsm/softhsm2.conf 450s + rm /etc/softhsm/softhsm2.conf 450s + mv /tmp/sssd-softhsm2-backups-C90agf//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 450s + for path in "${delete_paths[@]}" 450s + rm -f /etc/sssd/sssd.conf 450s + for path in "${delete_paths[@]}" 450s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 450s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 450s + '[' -e /etc/sssd/sssd.conf ']' 450s + systemctl stop sssd 450s + '[' -e /etc/softhsm/softhsm2.conf ']' 450s + chmod 600 /etc/softhsm/softhsm2.conf 450s + rm -rf /tmp/sssd-softhsm2-certs-Gfh8aM 450s Script completed successfully! 450s + '[' 0 = 0 ']' 450s + rm -rf /tmp/sssd-softhsm2-backups-C90agf 450s + set +x 451s autopkgtest [19:40:25]: test sssd-smart-card-pam-auth-configs: -----------------------] 451s sssd-smart-card-pam-auth-configs PASS 451s autopkgtest [19:40:25]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 452s autopkgtest [19:40:26]: @@@@@@@@@@@@@@@@@@@@ summary 452s ldap-user-group-ldap-auth PASS 452s ldap-user-group-krb5-auth PASS 452s sssd-softhism2-certificates-tests.sh PASS 452s sssd-smart-card-pam-auth-configs PASS 456s nova [W] Using flock in prodstack6-s390x 456s Creating nova instance adt-plucky-s390x-sssd-20250315-191708-juju-7f2275-prod-proposed-migration-environment-20-5de4c23d-b7f3-4a09-88a7-0879635dbccd from image adt/ubuntu-plucky-s390x-server-20250315.img (UUID 3d3557fa-fd0f-4bba-9b89-8d5964e09f61)... 456s nova [W] Timed out waiting for ef44a26f-cec4-49f5-9ace-26a5d74bd942 to get deleted. 456s nova [W] Using flock in prodstack6-s390x 456s Creating nova instance adt-plucky-s390x-sssd-20250315-191708-juju-7f2275-prod-proposed-migration-environment-20-5de4c23d-b7f3-4a09-88a7-0879635dbccd from image adt/ubuntu-plucky-s390x-server-20250315.img (UUID 3d3557fa-fd0f-4bba-9b89-8d5964e09f61)... 456s nova [W] Timed out waiting for 62ad59da-ee8d-4123-9c82-8cddd3635c58 to get deleted.