0s autopkgtest [21:55:40]: starting date and time: 2026-01-23 21:55:40+0000 0s autopkgtest [21:55:40]: git checkout: 508d4a25 a-v-ssh wait_for_ssh: demote "ssh connection failed" to a debug message 0s autopkgtest [21:55:40]: host juju-7f2275-prod-proposed-migration-environment-9; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.duianbge/out --timeout-copy=6000 --setup-commands 'ln -s /dev/null /etc/systemd/system/bluetooth.service; printf "http_proxy=http://squid.internal:3128\nhttps_proxy=http://squid.internal:3128\nno_proxy=127.0.0.1,127.0.1.1,localhost,localdomain,internal,login.ubuntu.com,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com,radosgw.ps5.canonical.com\n" >> /etc/environment' --apt-pocket=proposed=src:openssl --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=openssl/3.5.4-1ubuntu1 -- lxd -r lxd-armhf-10.145.243.210 lxd-armhf-10.145.243.210:autopkgtest/ubuntu/resolute/armhf 21s autopkgtest [21:56:01]: testbed dpkg architecture: armhf 23s autopkgtest [21:56:03]: testbed apt version: 3.1.13 27s autopkgtest [21:56:07]: @@@@@@@@@@@@@@@@@@@@ test bed setup 29s autopkgtest [21:56:09]: testbed release detected to be: None 37s autopkgtest [21:56:17]: updating testbed package index (apt update) 39s Get:1 http://ftpmaster.internal/ubuntu resolute-proposed InRelease [124 kB] 39s Get:2 http://ftpmaster.internal/ubuntu resolute InRelease [124 kB] 39s Get:3 http://ftpmaster.internal/ubuntu resolute-updates InRelease [124 kB] 39s Get:4 http://ftpmaster.internal/ubuntu resolute-security InRelease [124 kB] 39s Get:5 http://ftpmaster.internal/ubuntu resolute-proposed/universe Sources [1021 kB] 39s Get:6 http://ftpmaster.internal/ubuntu resolute-proposed/restricted Sources [2820 B] 39s Get:7 http://ftpmaster.internal/ubuntu resolute-proposed/multiverse Sources [24.3 kB] 39s Get:8 http://ftpmaster.internal/ubuntu resolute-proposed/main Sources [97.3 kB] 39s Get:9 http://ftpmaster.internal/ubuntu resolute-proposed/main armhf Packages [109 kB] 39s Get:10 http://ftpmaster.internal/ubuntu resolute-proposed/universe armhf Packages [827 kB] 40s Get:11 http://ftpmaster.internal/ubuntu resolute-proposed/multiverse armhf Packages [8712 B] 40s Get:12 http://ftpmaster.internal/ubuntu resolute/universe Sources [21.4 MB] 42s Get:13 http://ftpmaster.internal/ubuntu resolute/multiverse Sources [310 kB] 42s Get:14 http://ftpmaster.internal/ubuntu resolute/main Sources [1399 kB] 42s Get:15 http://ftpmaster.internal/ubuntu resolute/main armhf Packages [1371 kB] 42s Get:16 http://ftpmaster.internal/ubuntu resolute/universe armhf Packages [15.3 MB] 42s Get:17 http://ftpmaster.internal/ubuntu resolute/multiverse armhf Packages [175 kB] 46s Fetched 42.5 MB in 7s (5875 kB/s) 47s Reading package lists... 53s autopkgtest [21:56:33]: upgrading testbed (apt dist-upgrade and autopurge) 55s Reading package lists... 55s Building dependency tree... 55s Reading state information... 56s Calculating upgrade... 57s The following packages will be upgraded: 57s dhcpcd-base libplymouth5 libssl3t64 libtasn1-6 openssl 57s openssl-provider-legacy plymouth plymouth-theme-ubuntu-text 57s python3-jaraco.context 57s 9 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 57s Need to get 3689 kB of archives. 57s After this operation, 19.5 kB disk space will be freed. 57s Get:1 http://ftpmaster.internal/ubuntu resolute-proposed/main armhf openssl-provider-legacy armhf 3.5.4-1ubuntu1 [30.7 kB] 57s Get:2 http://ftpmaster.internal/ubuntu resolute-proposed/main armhf libssl3t64 armhf 3.5.4-1ubuntu1 [1902 kB] 58s Get:3 http://ftpmaster.internal/ubuntu resolute/main armhf dhcpcd-base armhf 1:10.3.0-7 [194 kB] 58s Get:4 http://ftpmaster.internal/ubuntu resolute/main armhf libtasn1-6 armhf 4.21.0-2 [38.5 kB] 58s Get:5 http://ftpmaster.internal/ubuntu resolute-proposed/main armhf openssl armhf 3.5.4-1ubuntu1 [1214 kB] 58s Get:6 http://ftpmaster.internal/ubuntu resolute/main armhf libplymouth5 armhf 24.004.60+git20250831.4a3c171d-0ubuntu5 [147 kB] 58s Get:7 http://ftpmaster.internal/ubuntu resolute/main armhf plymouth-theme-ubuntu-text armhf 24.004.60+git20250831.4a3c171d-0ubuntu5 [9996 B] 58s Get:8 http://ftpmaster.internal/ubuntu resolute/main armhf plymouth armhf 24.004.60+git20250831.4a3c171d-0ubuntu5 [146 kB] 58s Get:9 http://ftpmaster.internal/ubuntu resolute/main armhf python3-jaraco.context all 6.0.1-2 [8198 B] 59s Fetched 3689 kB in 1s (4891 kB/s) 59s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 66485 files and directories currently installed.) 59s Preparing to unpack .../openssl-provider-legacy_3.5.4-1ubuntu1_armhf.deb ... 59s Unpacking openssl-provider-legacy (3.5.4-1ubuntu1) over (3.5.3-1ubuntu2) ... 59s Setting up openssl-provider-legacy (3.5.4-1ubuntu1) ... 59s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 66485 files and directories currently installed.) 59s Preparing to unpack .../libssl3t64_3.5.4-1ubuntu1_armhf.deb ... 59s Unpacking libssl3t64:armhf (3.5.4-1ubuntu1) over (3.5.3-1ubuntu2) ... 59s Setting up libssl3t64:armhf (3.5.4-1ubuntu1) ... 59s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 66485 files and directories currently installed.) 59s Preparing to unpack .../0-dhcpcd-base_1%3a10.3.0-7_armhf.deb ... 59s Unpacking dhcpcd-base (1:10.3.0-7) over (1:10.3.0-3) ... 59s Preparing to unpack .../1-libtasn1-6_4.21.0-2_armhf.deb ... 59s Unpacking libtasn1-6:armhf (4.21.0-2) over (4.20.0-2ubuntu1) ... 60s Preparing to unpack .../2-openssl_3.5.4-1ubuntu1_armhf.deb ... 60s Unpacking openssl (3.5.4-1ubuntu1) over (3.5.3-1ubuntu2) ... 60s Preparing to unpack .../3-libplymouth5_24.004.60+git20250831.4a3c171d-0ubuntu5_armhf.deb ... 60s Unpacking libplymouth5:armhf (24.004.60+git20250831.4a3c171d-0ubuntu5) over (24.004.60+git20250831.4a3c171d-0ubuntu4) ... 60s Preparing to unpack .../4-plymouth-theme-ubuntu-text_24.004.60+git20250831.4a3c171d-0ubuntu5_armhf.deb ... 60s Unpacking plymouth-theme-ubuntu-text (24.004.60+git20250831.4a3c171d-0ubuntu5) over (24.004.60+git20250831.4a3c171d-0ubuntu4) ... 60s Preparing to unpack .../5-plymouth_24.004.60+git20250831.4a3c171d-0ubuntu5_armhf.deb ... 60s Unpacking plymouth (24.004.60+git20250831.4a3c171d-0ubuntu5) over (24.004.60+git20250831.4a3c171d-0ubuntu4) ... 60s Preparing to unpack .../6-python3-jaraco.context_6.0.1-2_all.deb ... 60s Unpacking python3-jaraco.context (6.0.1-2) over (6.0.1-1build1) ... 60s Setting up python3-jaraco.context (6.0.1-2) ... 60s Setting up dhcpcd-base (1:10.3.0-7) ... 60s Setting up libplymouth5:armhf (24.004.60+git20250831.4a3c171d-0ubuntu5) ... 60s Setting up libtasn1-6:armhf (4.21.0-2) ... 60s Setting up openssl (3.5.4-1ubuntu1) ... 60s Setting up plymouth (24.004.60+git20250831.4a3c171d-0ubuntu5) ... 60s update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults 61s update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults 61s Processing triggers for libc-bin (2.42-2ubuntu4) ... 61s Processing triggers for man-db (2.13.1-1) ... 63s Processing triggers for initramfs-tools (0.150ubuntu7) ... 63s Setting up plymouth-theme-ubuntu-text (24.004.60+git20250831.4a3c171d-0ubuntu5) ... 63s Processing triggers for initramfs-tools (0.150ubuntu7) ... 65s Reading package lists... 65s Building dependency tree... 65s Reading state information... 66s Solving dependencies... 67s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 69s autopkgtest [21:56:49]: rebooting testbed after setup commands that affected boot 111s autopkgtest [21:57:31]: testbed running kernel: Linux 6.8.0-87-generic #88~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Oct 14 14:00:09 UTC 2 137s autopkgtest [21:57:57]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 253s Get:1 http://ftpmaster.internal/ubuntu resolute/main sssd 2.10.1-2ubuntu7 (dsc) [5083 B] 253s Get:2 http://ftpmaster.internal/ubuntu resolute/main sssd 2.10.1-2ubuntu7 (tar) [9197 kB] 253s Get:3 http://ftpmaster.internal/ubuntu resolute/main sssd 2.10.1-2ubuntu7 (diff) [51.3 kB] 254s gpgv: Signature made Thu Dec 11 20:12:42 2025 UTC 254s gpgv: using RSA key 50C4A0DDCF31E452CEB19B516569D855A744BE93 254s gpgv: Can't check signature: No public key 254s dpkg-source: warning: cannot verify inline signature for ./sssd_2.10.1-2ubuntu7.dsc: no acceptable signature found 255s autopkgtest [21:59:55]: testing package sssd version 2.10.1-2ubuntu7 263s autopkgtest [22:00:03]: build not needed 273s autopkgtest [22:00:13]: test ldap-user-group-ldap-auth: preparing testbed 275s Reading package lists... 275s Building dependency tree... 275s Reading state information... 275s Solving dependencies... 276s The following NEW packages will be installed: 276s expect ldap-utils libargon2-1 libavahi-client3 libavahi-common-data 276s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 276s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 276s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 276s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 276s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 276s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 276s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 276s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 276s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 276s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 276s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 276s tcl-expect tcl8.6 276s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 276s Need to get 12.6 MB of archives. 276s After this operation, 50.2 MB of additional disk space will be used. 276s Get:1 http://ftpmaster.internal/ubuntu resolute/main armhf libargon2-1 armhf 0~20190702+dfsg-5 [22.3 kB] 277s Get:2 http://ftpmaster.internal/ubuntu resolute/main armhf libltdl7 armhf 2.5.4-9 [40.4 kB] 277s Get:3 http://ftpmaster.internal/ubuntu resolute/main armhf libodbc2 armhf 2.3.14-1 [147 kB] 277s Get:4 http://ftpmaster.internal/ubuntu resolute/main armhf slapd armhf 2.6.10+dfsg-1ubuntu5 [1451 kB] 277s Get:5 http://ftpmaster.internal/ubuntu resolute/main armhf libtcl8.6 armhf 8.6.17+dfsg-1 [918 kB] 277s Get:6 http://ftpmaster.internal/ubuntu resolute/main armhf tcl8.6 armhf 8.6.17+dfsg-1 [14.6 kB] 277s Get:7 http://ftpmaster.internal/ubuntu resolute/universe armhf tcl-expect armhf 5.45.4-4 [99.7 kB] 277s Get:8 http://ftpmaster.internal/ubuntu resolute/universe armhf expect armhf 5.45.4-4 [136 kB] 277s Get:9 http://ftpmaster.internal/ubuntu resolute/main armhf ldap-utils armhf 2.6.10+dfsg-1ubuntu5 [131 kB] 277s Get:10 http://ftpmaster.internal/ubuntu resolute/main armhf libavahi-common-data armhf 0.8-17ubuntu1 [31.3 kB] 277s Get:11 http://ftpmaster.internal/ubuntu resolute/main armhf libavahi-common3 armhf 0.8-17ubuntu1 [20.4 kB] 277s Get:12 http://ftpmaster.internal/ubuntu resolute/main armhf libavahi-client3 armhf 0.8-17ubuntu1 [24.3 kB] 277s Get:13 http://ftpmaster.internal/ubuntu resolute/main armhf libbasicobjects0t64 armhf 0.6.2-3build1 [5610 B] 277s Get:14 http://ftpmaster.internal/ubuntu resolute/main armhf libcares2 armhf 1.34.6-1 [86.9 kB] 277s Get:15 http://ftpmaster.internal/ubuntu resolute/main armhf libcollection4t64 armhf 0.6.2-3build1 [19.2 kB] 277s Get:16 http://ftpmaster.internal/ubuntu resolute/main armhf libcrack2 armhf 2.9.6-5.2build2 [27.0 kB] 277s Get:17 http://ftpmaster.internal/ubuntu resolute/main armhf libdhash1t64 armhf 0.6.2-3build1 [8064 B] 277s Get:18 http://ftpmaster.internal/ubuntu resolute/main armhf libevent-2.1-7t64 armhf 2.1.12-stable-10build1 [130 kB] 277s Get:19 http://ftpmaster.internal/ubuntu resolute/main armhf libpath-utils1t64 armhf 0.6.2-3build1 [8020 B] 277s Get:20 http://ftpmaster.internal/ubuntu resolute/main armhf libref-array1t64 armhf 0.6.2-3build1 [6566 B] 277s Get:21 http://ftpmaster.internal/ubuntu resolute/main armhf libini-config5t64 armhf 0.6.2-3build1 [37.4 kB] 277s Get:22 http://ftpmaster.internal/ubuntu resolute/main armhf libipa-hbac0t64 armhf 2.10.1-2ubuntu7 [18.4 kB] 277s Get:23 http://ftpmaster.internal/ubuntu resolute/universe armhf libjose0 armhf 14-2build1 [40.2 kB] 277s Get:24 http://ftpmaster.internal/ubuntu resolute/main armhf libverto-libevent1t64 armhf 0.3.1-1.2ubuntu4 [6520 B] 277s Get:25 http://ftpmaster.internal/ubuntu resolute/main armhf libverto1t64 armhf 0.3.1-1.2ubuntu4 [9618 B] 277s Get:26 http://ftpmaster.internal/ubuntu resolute/main armhf libkrad0 armhf 1.22.1-2 [20.9 kB] 277s Get:27 http://ftpmaster.internal/ubuntu resolute/main armhf libtalloc2 armhf 2:2.4.3+samba4.23.4+dfsg-1ubuntu1 [75.3 kB] 277s Get:28 http://ftpmaster.internal/ubuntu resolute/main armhf libtdb1 armhf 2:1.4.14+samba4.23.4+dfsg-1ubuntu1 [93.2 kB] 277s Get:29 http://ftpmaster.internal/ubuntu resolute/main armhf libtevent0t64 armhf 2:0.17.1+samba4.23.4+dfsg-1ubuntu1 [37.1 kB] 277s Get:30 http://ftpmaster.internal/ubuntu resolute/main armhf libldb2 armhf 2:2.11.0+samba4.23.4+dfsg-1ubuntu1 [127 kB] 277s Get:31 http://ftpmaster.internal/ubuntu resolute/main armhf libnfsidmap1 armhf 1:2.8.4-1ubuntu1 [57.1 kB] 277s Get:32 http://ftpmaster.internal/ubuntu resolute/universe armhf libnss-sudo all 1.9.17p2-1ubuntu1 [17.8 kB] 277s Get:33 http://ftpmaster.internal/ubuntu resolute/main armhf libpwquality-common all 1.4.5-5 [7752 B] 277s Get:34 http://ftpmaster.internal/ubuntu resolute/main armhf libpwquality1 armhf 1.4.5-5 [12.3 kB] 277s Get:35 http://ftpmaster.internal/ubuntu resolute/main armhf libpam-pwquality armhf 1.4.5-5 [11.4 kB] 277s Get:36 http://ftpmaster.internal/ubuntu resolute/main armhf libwbclient0 armhf 2:4.23.4+dfsg-1ubuntu1 [81.8 kB] 277s Get:37 http://ftpmaster.internal/ubuntu resolute/main armhf samba-libs armhf 2:4.23.4+dfsg-1ubuntu1 [6285 kB] 277s Get:38 http://ftpmaster.internal/ubuntu resolute/main armhf libsmbclient0 armhf 2:4.23.4+dfsg-1ubuntu1 [59.2 kB] 277s Get:39 http://ftpmaster.internal/ubuntu resolute/main armhf libnss-sss armhf 2.10.1-2ubuntu7 [30.4 kB] 277s Get:40 http://ftpmaster.internal/ubuntu resolute/main armhf libpam-sss armhf 2.10.1-2ubuntu7 [46.8 kB] 277s Get:41 http://ftpmaster.internal/ubuntu resolute/main armhf python3-sss armhf 2.10.1-2ubuntu7 [45.6 kB] 277s Get:42 http://ftpmaster.internal/ubuntu resolute/main armhf libsss-certmap0 armhf 2.10.1-2ubuntu7 [44.6 kB] 277s Get:43 http://ftpmaster.internal/ubuntu resolute/main armhf libsss-idmap0 armhf 2.10.1-2ubuntu7 [21.6 kB] 277s Get:44 http://ftpmaster.internal/ubuntu resolute/main armhf libsss-nss-idmap0 armhf 2.10.1-2ubuntu7 [28.9 kB] 277s Get:45 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-common armhf 2.10.1-2ubuntu7 [1054 kB] 278s Get:46 http://ftpmaster.internal/ubuntu resolute/universe armhf sssd-idp armhf 2.10.1-2ubuntu7 [25.2 kB] 278s Get:47 http://ftpmaster.internal/ubuntu resolute/universe armhf sssd-passkey armhf 2.10.1-2ubuntu7 [29.6 kB] 278s Get:48 http://ftpmaster.internal/ubuntu resolute/main armhf libipa-hbac-dev armhf 2.10.1-2ubuntu7 [6674 B] 278s Get:49 http://ftpmaster.internal/ubuntu resolute/main armhf libsss-certmap-dev armhf 2.10.1-2ubuntu7 [5736 B] 278s Get:50 http://ftpmaster.internal/ubuntu resolute/main armhf libsss-idmap-dev armhf 2.10.1-2ubuntu7 [8386 B] 278s Get:51 http://ftpmaster.internal/ubuntu resolute/main armhf libsss-nss-idmap-dev armhf 2.10.1-2ubuntu7 [6720 B] 278s Get:52 http://ftpmaster.internal/ubuntu resolute/universe armhf libsss-sudo armhf 2.10.1-2ubuntu7 [20.6 kB] 278s Get:53 http://ftpmaster.internal/ubuntu resolute/universe armhf python3-libipa-hbac armhf 2.10.1-2ubuntu7 [14.8 kB] 278s Get:54 http://ftpmaster.internal/ubuntu resolute/universe armhf python3-libsss-nss-idmap armhf 2.10.1-2ubuntu7 [8472 B] 278s Get:55 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-ad-common armhf 2.10.1-2ubuntu7 [67.8 kB] 278s Get:56 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-krb5-common armhf 2.10.1-2ubuntu7 [82.4 kB] 278s Get:57 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-ad armhf 2.10.1-2ubuntu7 [130 kB] 278s Get:58 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-ipa armhf 2.10.1-2ubuntu7 [214 kB] 278s Get:59 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-krb5 armhf 2.10.1-2ubuntu7 [14.0 kB] 278s Get:60 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-ldap armhf 2.10.1-2ubuntu7 [31.2 kB] 278s Get:61 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-proxy armhf 2.10.1-2ubuntu7 [43.3 kB] 278s Get:62 http://ftpmaster.internal/ubuntu resolute/main armhf sssd armhf 2.10.1-2ubuntu7 [4122 B] 278s Get:63 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-dbus armhf 2.10.1-2ubuntu7 [92.6 kB] 278s Get:64 http://ftpmaster.internal/ubuntu resolute/universe armhf sssd-kcm armhf 2.10.1-2ubuntu7 [128 kB] 278s Get:65 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-tools armhf 2.10.1-2ubuntu7 [95.4 kB] 278s Preconfiguring packages ... 279s Fetched 12.6 MB in 2s (8359 kB/s) 279s Selecting previously unselected package libargon2-1:armhf. 279s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 66479 files and directories currently installed.) 279s Preparing to unpack .../00-libargon2-1_0~20190702+dfsg-5_armhf.deb ... 279s Unpacking libargon2-1:armhf (0~20190702+dfsg-5) ... 279s Selecting previously unselected package libltdl7:armhf. 279s Preparing to unpack .../01-libltdl7_2.5.4-9_armhf.deb ... 279s Unpacking libltdl7:armhf (2.5.4-9) ... 279s Selecting previously unselected package libodbc2:armhf. 279s Preparing to unpack .../02-libodbc2_2.3.14-1_armhf.deb ... 279s Unpacking libodbc2:armhf (2.3.14-1) ... 279s Selecting previously unselected package slapd. 279s Preparing to unpack .../03-slapd_2.6.10+dfsg-1ubuntu5_armhf.deb ... 279s Unpacking slapd (2.6.10+dfsg-1ubuntu5) ... 279s Selecting previously unselected package libtcl8.6:armhf. 279s Preparing to unpack .../04-libtcl8.6_8.6.17+dfsg-1_armhf.deb ... 279s Unpacking libtcl8.6:armhf (8.6.17+dfsg-1) ... 279s Selecting previously unselected package tcl8.6. 279s Preparing to unpack .../05-tcl8.6_8.6.17+dfsg-1_armhf.deb ... 279s Unpacking tcl8.6 (8.6.17+dfsg-1) ... 279s Selecting previously unselected package tcl-expect:armhf. 279s Preparing to unpack .../06-tcl-expect_5.45.4-4_armhf.deb ... 279s Unpacking tcl-expect:armhf (5.45.4-4) ... 279s Selecting previously unselected package expect. 279s Preparing to unpack .../07-expect_5.45.4-4_armhf.deb ... 279s Unpacking expect (5.45.4-4) ... 279s Selecting previously unselected package ldap-utils. 279s Preparing to unpack .../08-ldap-utils_2.6.10+dfsg-1ubuntu5_armhf.deb ... 279s Unpacking ldap-utils (2.6.10+dfsg-1ubuntu5) ... 280s Selecting previously unselected package libavahi-common-data:armhf. 280s Preparing to unpack .../09-libavahi-common-data_0.8-17ubuntu1_armhf.deb ... 280s Unpacking libavahi-common-data:armhf (0.8-17ubuntu1) ... 280s Selecting previously unselected package libavahi-common3:armhf. 280s Preparing to unpack .../10-libavahi-common3_0.8-17ubuntu1_armhf.deb ... 280s Unpacking libavahi-common3:armhf (0.8-17ubuntu1) ... 280s Selecting previously unselected package libavahi-client3:armhf. 280s Preparing to unpack .../11-libavahi-client3_0.8-17ubuntu1_armhf.deb ... 280s Unpacking libavahi-client3:armhf (0.8-17ubuntu1) ... 280s Selecting previously unselected package libbasicobjects0t64:armhf. 280s Preparing to unpack .../12-libbasicobjects0t64_0.6.2-3build1_armhf.deb ... 280s Unpacking libbasicobjects0t64:armhf (0.6.2-3build1) ... 280s Selecting previously unselected package libcares2:armhf. 280s Preparing to unpack .../13-libcares2_1.34.6-1_armhf.deb ... 280s Unpacking libcares2:armhf (1.34.6-1) ... 280s Selecting previously unselected package libcollection4t64:armhf. 280s Preparing to unpack .../14-libcollection4t64_0.6.2-3build1_armhf.deb ... 280s Unpacking libcollection4t64:armhf (0.6.2-3build1) ... 280s Selecting previously unselected package libcrack2:armhf. 280s Preparing to unpack .../15-libcrack2_2.9.6-5.2build2_armhf.deb ... 280s Unpacking libcrack2:armhf (2.9.6-5.2build2) ... 280s Selecting previously unselected package libdhash1t64:armhf. 280s Preparing to unpack .../16-libdhash1t64_0.6.2-3build1_armhf.deb ... 280s Unpacking libdhash1t64:armhf (0.6.2-3build1) ... 280s Selecting previously unselected package libevent-2.1-7t64:armhf. 280s Preparing to unpack .../17-libevent-2.1-7t64_2.1.12-stable-10build1_armhf.deb ... 280s Unpacking libevent-2.1-7t64:armhf (2.1.12-stable-10build1) ... 280s Selecting previously unselected package libpath-utils1t64:armhf. 280s Preparing to unpack .../18-libpath-utils1t64_0.6.2-3build1_armhf.deb ... 280s Unpacking libpath-utils1t64:armhf (0.6.2-3build1) ... 280s Selecting previously unselected package libref-array1t64:armhf. 280s Preparing to unpack .../19-libref-array1t64_0.6.2-3build1_armhf.deb ... 280s Unpacking libref-array1t64:armhf (0.6.2-3build1) ... 280s Selecting previously unselected package libini-config5t64:armhf. 280s Preparing to unpack .../20-libini-config5t64_0.6.2-3build1_armhf.deb ... 280s Unpacking libini-config5t64:armhf (0.6.2-3build1) ... 280s Selecting previously unselected package libipa-hbac0t64. 280s Preparing to unpack .../21-libipa-hbac0t64_2.10.1-2ubuntu7_armhf.deb ... 280s Unpacking libipa-hbac0t64 (2.10.1-2ubuntu7) ... 280s Selecting previously unselected package libjose0:armhf. 280s Preparing to unpack .../22-libjose0_14-2build1_armhf.deb ... 280s Unpacking libjose0:armhf (14-2build1) ... 280s Selecting previously unselected package libverto-libevent1t64:armhf. 280s Preparing to unpack .../23-libverto-libevent1t64_0.3.1-1.2ubuntu4_armhf.deb ... 280s Unpacking libverto-libevent1t64:armhf (0.3.1-1.2ubuntu4) ... 280s Selecting previously unselected package libverto1t64:armhf. 280s Preparing to unpack .../24-libverto1t64_0.3.1-1.2ubuntu4_armhf.deb ... 280s Unpacking libverto1t64:armhf (0.3.1-1.2ubuntu4) ... 280s Selecting previously unselected package libkrad0:armhf. 280s Preparing to unpack .../25-libkrad0_1.22.1-2_armhf.deb ... 280s Unpacking libkrad0:armhf (1.22.1-2) ... 280s Selecting previously unselected package libtalloc2:armhf. 280s Preparing to unpack .../26-libtalloc2_2%3a2.4.3+samba4.23.4+dfsg-1ubuntu1_armhf.deb ... 280s Unpacking libtalloc2:armhf (2:2.4.3+samba4.23.4+dfsg-1ubuntu1) ... 280s Selecting previously unselected package libtdb1:armhf. 280s Preparing to unpack .../27-libtdb1_2%3a1.4.14+samba4.23.4+dfsg-1ubuntu1_armhf.deb ... 280s Unpacking libtdb1:armhf (2:1.4.14+samba4.23.4+dfsg-1ubuntu1) ... 281s Selecting previously unselected package libtevent0t64:armhf. 281s Preparing to unpack .../28-libtevent0t64_2%3a0.17.1+samba4.23.4+dfsg-1ubuntu1_armhf.deb ... 281s Unpacking libtevent0t64:armhf (2:0.17.1+samba4.23.4+dfsg-1ubuntu1) ... 281s Selecting previously unselected package libldb2:armhf. 281s Preparing to unpack .../29-libldb2_2%3a2.11.0+samba4.23.4+dfsg-1ubuntu1_armhf.deb ... 281s Unpacking libldb2:armhf (2:2.11.0+samba4.23.4+dfsg-1ubuntu1) ... 281s Selecting previously unselected package libnfsidmap1:armhf. 281s Preparing to unpack .../30-libnfsidmap1_1%3a2.8.4-1ubuntu1_armhf.deb ... 281s Unpacking libnfsidmap1:armhf (1:2.8.4-1ubuntu1) ... 281s Selecting previously unselected package libnss-sudo. 281s Preparing to unpack .../31-libnss-sudo_1.9.17p2-1ubuntu1_all.deb ... 281s Unpacking libnss-sudo (1.9.17p2-1ubuntu1) ... 281s Selecting previously unselected package libpwquality-common. 281s Preparing to unpack .../32-libpwquality-common_1.4.5-5_all.deb ... 281s Unpacking libpwquality-common (1.4.5-5) ... 281s Selecting previously unselected package libpwquality1:armhf. 281s Preparing to unpack .../33-libpwquality1_1.4.5-5_armhf.deb ... 281s Unpacking libpwquality1:armhf (1.4.5-5) ... 281s Selecting previously unselected package libpam-pwquality:armhf. 281s Preparing to unpack .../34-libpam-pwquality_1.4.5-5_armhf.deb ... 281s Unpacking libpam-pwquality:armhf (1.4.5-5) ... 281s Selecting previously unselected package libwbclient0:armhf. 281s Preparing to unpack .../35-libwbclient0_2%3a4.23.4+dfsg-1ubuntu1_armhf.deb ... 281s Unpacking libwbclient0:armhf (2:4.23.4+dfsg-1ubuntu1) ... 281s Selecting previously unselected package samba-libs:armhf. 281s Preparing to unpack .../36-samba-libs_2%3a4.23.4+dfsg-1ubuntu1_armhf.deb ... 281s Unpacking samba-libs:armhf (2:4.23.4+dfsg-1ubuntu1) ... 281s Selecting previously unselected package libsmbclient0:armhf. 281s Preparing to unpack .../37-libsmbclient0_2%3a4.23.4+dfsg-1ubuntu1_armhf.deb ... 281s Unpacking libsmbclient0:armhf (2:4.23.4+dfsg-1ubuntu1) ... 281s Selecting previously unselected package libnss-sss:armhf. 281s Preparing to unpack .../38-libnss-sss_2.10.1-2ubuntu7_armhf.deb ... 281s Unpacking libnss-sss:armhf (2.10.1-2ubuntu7) ... 281s Selecting previously unselected package libpam-sss:armhf. 281s Preparing to unpack .../39-libpam-sss_2.10.1-2ubuntu7_armhf.deb ... 281s Unpacking libpam-sss:armhf (2.10.1-2ubuntu7) ... 281s Selecting previously unselected package python3-sss. 281s Preparing to unpack .../40-python3-sss_2.10.1-2ubuntu7_armhf.deb ... 281s Unpacking python3-sss (2.10.1-2ubuntu7) ... 281s Selecting previously unselected package libsss-certmap0. 281s Preparing to unpack .../41-libsss-certmap0_2.10.1-2ubuntu7_armhf.deb ... 281s Unpacking libsss-certmap0 (2.10.1-2ubuntu7) ... 281s Selecting previously unselected package libsss-idmap0. 282s Preparing to unpack .../42-libsss-idmap0_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking libsss-idmap0 (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package libsss-nss-idmap0. 282s Preparing to unpack .../43-libsss-nss-idmap0_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking libsss-nss-idmap0 (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package sssd-common. 282s Preparing to unpack .../44-sssd-common_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking sssd-common (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package sssd-idp. 282s Preparing to unpack .../45-sssd-idp_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking sssd-idp (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package sssd-passkey. 282s Preparing to unpack .../46-sssd-passkey_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking sssd-passkey (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package libipa-hbac-dev. 282s Preparing to unpack .../47-libipa-hbac-dev_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking libipa-hbac-dev (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package libsss-certmap-dev. 282s Preparing to unpack .../48-libsss-certmap-dev_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking libsss-certmap-dev (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package libsss-idmap-dev. 282s Preparing to unpack .../49-libsss-idmap-dev_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking libsss-idmap-dev (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package libsss-nss-idmap-dev. 282s Preparing to unpack .../50-libsss-nss-idmap-dev_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking libsss-nss-idmap-dev (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package libsss-sudo. 282s Preparing to unpack .../51-libsss-sudo_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking libsss-sudo (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package python3-libipa-hbac. 282s Preparing to unpack .../52-python3-libipa-hbac_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking python3-libipa-hbac (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package python3-libsss-nss-idmap. 282s Preparing to unpack .../53-python3-libsss-nss-idmap_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking python3-libsss-nss-idmap (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package sssd-ad-common. 282s Preparing to unpack .../54-sssd-ad-common_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking sssd-ad-common (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package sssd-krb5-common. 282s Preparing to unpack .../55-sssd-krb5-common_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking sssd-krb5-common (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package sssd-ad. 282s Preparing to unpack .../56-sssd-ad_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking sssd-ad (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package sssd-ipa. 282s Preparing to unpack .../57-sssd-ipa_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking sssd-ipa (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package sssd-krb5. 282s Preparing to unpack .../58-sssd-krb5_2.10.1-2ubuntu7_armhf.deb ... 282s Unpacking sssd-krb5 (2.10.1-2ubuntu7) ... 282s Selecting previously unselected package sssd-ldap. 283s Preparing to unpack .../59-sssd-ldap_2.10.1-2ubuntu7_armhf.deb ... 283s Unpacking sssd-ldap (2.10.1-2ubuntu7) ... 283s Selecting previously unselected package sssd-proxy. 283s Preparing to unpack .../60-sssd-proxy_2.10.1-2ubuntu7_armhf.deb ... 283s Unpacking sssd-proxy (2.10.1-2ubuntu7) ... 283s Selecting previously unselected package sssd. 283s Preparing to unpack .../61-sssd_2.10.1-2ubuntu7_armhf.deb ... 283s Unpacking sssd (2.10.1-2ubuntu7) ... 283s Selecting previously unselected package sssd-dbus. 283s Preparing to unpack .../62-sssd-dbus_2.10.1-2ubuntu7_armhf.deb ... 283s Unpacking sssd-dbus (2.10.1-2ubuntu7) ... 283s Selecting previously unselected package sssd-kcm. 283s Preparing to unpack .../63-sssd-kcm_2.10.1-2ubuntu7_armhf.deb ... 283s Unpacking sssd-kcm (2.10.1-2ubuntu7) ... 283s Selecting previously unselected package sssd-tools. 283s Preparing to unpack .../64-sssd-tools_2.10.1-2ubuntu7_armhf.deb ... 283s Unpacking sssd-tools (2.10.1-2ubuntu7) ... 283s Setting up libpwquality-common (1.4.5-5) ... 283s Setting up libnfsidmap1:armhf (1:2.8.4-1ubuntu1) ... 283s Setting up libsss-idmap0 (2.10.1-2ubuntu7) ... 283s Setting up libbasicobjects0t64:armhf (0.6.2-3build1) ... 283s Setting up libipa-hbac0t64 (2.10.1-2ubuntu7) ... 283s Setting up libsss-idmap-dev (2.10.1-2ubuntu7) ... 283s Setting up libref-array1t64:armhf (0.6.2-3build1) ... 283s Setting up libipa-hbac-dev (2.10.1-2ubuntu7) ... 283s Setting up libtdb1:armhf (2:1.4.14+samba4.23.4+dfsg-1ubuntu1) ... 283s Setting up libargon2-1:armhf (0~20190702+dfsg-5) ... 283s Setting up libcollection4t64:armhf (0.6.2-3build1) ... 283s Setting up libevent-2.1-7t64:armhf (2.1.12-stable-10build1) ... 283s Setting up ldap-utils (2.6.10+dfsg-1ubuntu5) ... 283s Setting up libjose0:armhf (14-2build1) ... 283s Setting up libwbclient0:armhf (2:4.23.4+dfsg-1ubuntu1) ... 283s Setting up libtalloc2:armhf (2:2.4.3+samba4.23.4+dfsg-1ubuntu1) ... 283s Setting up libpath-utils1t64:armhf (0.6.2-3build1) ... 283s Setting up libavahi-common-data:armhf (0.8-17ubuntu1) ... 283s Setting up libcares2:armhf (1.34.6-1) ... 283s Setting up libdhash1t64:armhf (0.6.2-3build1) ... 283s Setting up libtcl8.6:armhf (8.6.17+dfsg-1) ... 283s Setting up libltdl7:armhf (2.5.4-9) ... 283s Setting up libcrack2:armhf (2.9.6-5.2build2) ... 283s Setting up libodbc2:armhf (2.3.14-1) ... 283s Setting up python3-libipa-hbac (2.10.1-2ubuntu7) ... 283s Setting up libnss-sudo (1.9.17p2-1ubuntu1) ... 283s Setting up libsss-nss-idmap0 (2.10.1-2ubuntu7) ... 283s Setting up libini-config5t64:armhf (0.6.2-3build1) ... 283s Setting up libtevent0t64:armhf (2:0.17.1+samba4.23.4+dfsg-1ubuntu1) ... 283s Setting up libnss-sss:armhf (2.10.1-2ubuntu7) ... 283s Setting up slapd (2.6.10+dfsg-1ubuntu5) ... 283s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 283s Can't find configuration db, was SSSD configured and run? 283s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 283s Can't find configuration db, was SSSD configured and run? 283s Creating new user openldap... [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 283s Can't find configuration db, was SSSD configured and run? 283s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 283s Can't find configuration db, was SSSD configured and run? 283s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 283s Can't find configuration db, was SSSD configured and run? 283s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 283s Can't find configuration db, was SSSD configured and run? 283s done. 284s Creating initial configuration... done. 284s Creating LDAP directory... done. 284s apparmor_parser: Unable to replace "/usr/sbin/slapd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 284s 284s Created symlink '/etc/systemd/system/multi-user.target.wants/slapd.service' → '/usr/lib/systemd/system/slapd.service'. 285s Setting up tcl8.6 (8.6.17+dfsg-1) ... 285s Setting up libsss-sudo (2.10.1-2ubuntu7) ... 285s Setting up libsss-nss-idmap-dev (2.10.1-2ubuntu7) ... 285s Setting up libavahi-common3:armhf (0.8-17ubuntu1) ... 285s Setting up tcl-expect:armhf (5.45.4-4) ... 285s Setting up libsss-certmap0 (2.10.1-2ubuntu7) ... 285s Setting up libpwquality1:armhf (1.4.5-5) ... 285s Setting up python3-libsss-nss-idmap (2.10.1-2ubuntu7) ... 285s Setting up libldb2:armhf (2:2.11.0+samba4.23.4+dfsg-1ubuntu1) ... 285s Setting up libavahi-client3:armhf (0.8-17ubuntu1) ... 285s Setting up expect (5.45.4-4) ... 285s Setting up libpam-pwquality:armhf (1.4.5-5) ... 285s Setting up samba-libs:armhf (2:4.23.4+dfsg-1ubuntu1) ... 285s Setting up libsss-certmap-dev (2.10.1-2ubuntu7) ... 285s Setting up python3-sss (2.10.1-2ubuntu7) ... 285s Setting up libsmbclient0:armhf (2:4.23.4+dfsg-1ubuntu1) ... 285s Setting up libpam-sss:armhf (2.10.1-2ubuntu7) ... 285s Setting up sssd-common (2.10.1-2ubuntu7) ... 285s Creating SSSD system user & group... 286s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 286s Can't find configuration db, was SSSD configured and run? 286s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 286s Can't find configuration db, was SSSD configured and run? 286s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 286s Can't find configuration db, was SSSD configured and run? 286s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 286s Can't find configuration db, was SSSD configured and run? 286s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 286s Can't find configuration db, was SSSD configured and run? 286s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 286s Can't find configuration db, was SSSD configured and run? 286s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 286s apparmor_parser: Unable to replace "/usr/sbin/sssd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 286s 286s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 287s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 287s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 287s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 288s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 288s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 289s sssd-autofs.service is a disabled or a static unit, not starting it. 289s sssd-nss.service is a disabled or a static unit, not starting it. 289s sssd-pam.service is a disabled or a static unit, not starting it. 289s sssd-ssh.service is a disabled or a static unit, not starting it. 289s sssd-sudo.service is a disabled or a static unit, not starting it. 289s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 289s Setting up sssd-proxy (2.10.1-2ubuntu7) ... 289s Setting up sssd-kcm (2.10.1-2ubuntu7) ... 289s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 290s sssd-kcm.service is a disabled or a static unit, not starting it. 290s Setting up sssd-dbus (2.10.1-2ubuntu7) ... 290s sssd-ifp.service is a disabled or a static unit, not starting it. 290s Setting up sssd-ad-common (2.10.1-2ubuntu7) ... 291s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 291s sssd-pac.service is a disabled or a static unit, not starting it. 291s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 291s Setting up sssd-krb5-common (2.10.1-2ubuntu7) ... 291s Setting up sssd-krb5 (2.10.1-2ubuntu7) ... 291s Setting up sssd-ldap (2.10.1-2ubuntu7) ... 291s Setting up sssd-ad (2.10.1-2ubuntu7) ... 291s Setting up sssd-tools (2.10.1-2ubuntu7) ... 291s Setting up sssd-ipa (2.10.1-2ubuntu7) ... 291s Setting up sssd (2.10.1-2ubuntu7) ... 291s Setting up libverto1t64:armhf (0.3.1-1.2ubuntu4) ... 291s Setting up libkrad0:armhf (1.22.1-2) ... 291s Setting up libverto-libevent1t64:armhf (0.3.1-1.2ubuntu4) ... 291s Setting up sssd-passkey (2.10.1-2ubuntu7) ... 291s Setting up sssd-idp (2.10.1-2ubuntu7) ... 291s Processing triggers for libc-bin (2.42-2ubuntu4) ... 291s Processing triggers for man-db (2.13.1-1) ... 292s Processing triggers for dbus (1.16.2-2ubuntu2) ... 352s autopkgtest [22:01:32]: test ldap-user-group-ldap-auth: [----------------------- 354s + . debian/tests/util 354s + . debian/tests/common-tests 354s + trap cleanup EXIT 354s + mydomain=example.com 354s + myhostname=ldap.example.com 354s + mysuffix=dc=example,dc=com 354s + admin_dn=cn=admin,dc=example,dc=com 354s + admin_pw=secret 354s + ldap_user=testuser1 354s + ldap_user_pw=testuser1secret 354s + ldap_group=ldapusers 354s + adjust_hostname ldap.example.com 354s + local myhostname=ldap.example.com 354s + echo ldap.example.com 354s + hostname ldap.example.com 354s + grep -qE ldap.example.com /etc/hosts 354s + echo 127.0.1.10 ldap.example.com 354s + reconfigure_slapd 354s + debconf-set-selections 355s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 355s + dpkg-reconfigure -fnoninteractive -pcritical slapd 355s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.10+dfsg-1ubuntu5... done. 355s Moving old database directory to /var/backups: 355s - directory unknown... done. 355s Creating initial configuration... done. 355s Creating LDAP directory... done. 355s apparmor_parser: Unable to replace "/usr/sbin/slapd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 355s 357s + generate_certs ldap.example.com 357s + local cn=ldap.example.com 357s + local cert=/etc/ldap/server.pem 357s + local key=/etc/ldap/server.key 357s + local cnf=/etc/ldap/openssl.cnf 357s + cat 357s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 357s ...+...+++++++++++++++++++++++++++++++++++++++*.....+..+.......+++++++++++++++++++++++++++++++++++++++*.........+....+..+.............+..+..................+.+...............+.....+.......+...+.........+.....+.+...........+.+..+............+...+...+...+......+.+...+..............+...+.......+......+......+........+...+...+......+................+..+.......+...+...........+.+......+...+..+...+.......+...+..+.........+...+......+....+...+.....+....+.....+...+.+......+...........+.......+..+......+....+...+...........+....+...+..+...............+.+..+...+..........+..+....+.........+.....+.+......+..+..........+..+........................+.......+..+.+.........+........+....+...+.....+......+....+............+.....+......+....+........+...+....+...+..+......+..........+...+.........+........+.......+...+..+.+.........+..++++++ 357s ..........+....+...+.....+...+....+......+.........+..+.............+.....+.+..+.......+++++++++++++++++++++++++++++++++++++++*..+......+...+......+.+.....+++++++++++++++++++++++++++++++++++++++*...+...........+.........+....+..+......+...+.......+.........+........+..........+.....+.+..+...+.+......+..+.....................+.+......+............+...+..............+.+.........+.........+.........+......+..+.......+...........+.+......+.....+.........+......+....+....................++++++ 357s ----- 357s + chmod 0640 /etc/ldap/server.key 357s + chgrp openldap /etc/ldap/server.key 357s + [ ! -f /etc/ldap/server.pem ] 357s + [ ! -f /etc/ldap/server.key ] 357s + enable_ldap_ssl 357s + cat 357s + cat 357s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 357s modifying entry "cn=config" 357s 357s + populate_ldap_rfc2307 357s + cat 357s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 357s adding new entry "ou=People,dc=example,dc=com" 357s 357s adding new entry "ou=Group,dc=example,dc=com" 357s 357s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 357s 357s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 357s 357s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 357s 357s + configure_sssd_ldap_rfc2307 357s + cat 357s + chmod 0600 /etc/sssd/sssd.conf 357s + systemctl restart sssd 358s + enable_pam_mkhomedir 358s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 358s Assert local user databases do not have our LDAP test data 358s + echo session optional pam_mkhomedir.so 358s + run_common_tests 358s + echo Assert local user databases do not have our LDAP test data 358s + check_local_user testuser1 358s + local local_user=testuser1 358s + grep -q ^testuser1 /etc/passwd 358s + check_local_group testuser1 358s + local local_group=testuser1 358s + grep -q ^testuser1 /etc/group 358s + check_local_group ldapusers 358s + local local_group=ldapusers 358s + grep -q ^ldapusers /etc/group 358s + echo The LDAP user is known to the system via getent 358s + check_getent_user testuser1 358s + local getent_user=testuser1 358s + local output 358s The LDAP user is known to the system via getent 358s + getent passwd testuser1 358s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 358s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 358s + echo The LDAP user's private group is known to the system via getent 358s + check_getent_group testuser1 358s + local getent_group=testuser1 358s + local output 358s + getent group testuser1 358s The LDAP user's private group is known to the system via getent 358s The LDAP group ldapusers is known to the system via getent 358s + output=testuser1:*:10001:testuser1 358s + [ -z testuser1:*:10001:testuser1 ] 358s + echo The LDAP group ldapusers is known to the system via getent 358s + check_getent_group ldapusers 358s + local getent_group=ldapusers 358s + local output 358s + getent group ldapusers 358s The id(1) command can resolve the group membership of the LDAP user 358s + output=ldapusers:*:10100:testuser1 358s + [ -z ldapusers:*:10100:testuser1 ] 358s + echo The id(1) command can resolve the group membership of the LDAP user 358s + id -Gn testuser1 358s The LDAP user can login via ssh 358s + output=testuser1 ldapusers 358s + [ testuser1 ldapusers != testuser1 ldapusers ] 358s + echo The LDAP user can login via ssh 358s + setup_sshd_password_auth 358s + cat 358s + systemctl restart ssh 358s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 358s spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no testuser1@localhost 358s Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. 358s testuser1@localhost's password: 359s Creating directory '/home/testuser1'. 359s Welcome to Ubuntu Resolute Raccoon (development branch) (GNU/Linux 6.8.0-87-generic armv7l) 359s 359s * Documentation: https://docs.ubuntu.com 359s * Management: https://landscape.canonical.com 359s * Support: https://ubuntu.com/pro 359s 359s The programs included with the Ubuntu system are free software; 359s the exact distribution terms for each program are described in the 359s individual files in /usr/share/doc/*/copyright. 359s 359s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 359s applicable law. 359s 359s testuser1@ldap:~$ id -un 359s testuser1 359s testuser1@ldap:~$ ## All tests passed, phew 359s + cleanup 359s + result=0 359s + set +e 359s + [ 0 -ne 0 ] 359s + echo ## All tests passed, phew 359s + cleanup_sshd_config 359s + rm -f /etc/ssh/sshd_config.d/00-dep8.conf 359s + systemctl restart ssh 359s autopkgtest [22:01:39]: test ldap-user-group-ldap-auth: -----------------------] 363s autopkgtest [22:01:43]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 363s ldap-user-group-ldap-auth PASS 367s autopkgtest [22:01:47]: test ldap-user-group-krb5-auth: preparing testbed 368s Reading package lists... 369s Building dependency tree... 369s Reading state information... 369s Solving dependencies... 370s The following NEW packages will be installed: 370s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 370s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 370s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 370s Need to get 571 kB of archives. 370s After this operation, 2574 kB of additional disk space will be used. 370s Get:1 http://ftpmaster.internal/ubuntu resolute/main armhf krb5-config all 2.7build1 [19.6 kB] 370s Get:2 http://ftpmaster.internal/ubuntu resolute/main armhf libgssrpc4t64 armhf 1.22.1-2 [51.8 kB] 371s Get:3 http://ftpmaster.internal/ubuntu resolute/main armhf libkadm5clnt-mit12 armhf 1.22.1-2 [35.7 kB] 371s Get:4 http://ftpmaster.internal/ubuntu resolute/main armhf libkdb5-10t64 armhf 1.22.1-2 [36.0 kB] 371s Get:5 http://ftpmaster.internal/ubuntu resolute/main armhf libkadm5srv-mit12 armhf 1.22.1-2 [46.7 kB] 371s Get:6 http://ftpmaster.internal/ubuntu resolute/universe armhf krb5-user armhf 1.22.1-2 [111 kB] 371s Get:7 http://ftpmaster.internal/ubuntu resolute/universe armhf krb5-kdc armhf 1.22.1-2 [177 kB] 371s Get:8 http://ftpmaster.internal/ubuntu resolute/universe armhf krb5-admin-server armhf 1.22.1-2 [92.8 kB] 371s Preconfiguring packages ... 372s Fetched 571 kB in 1s (927 kB/s) 372s Selecting previously unselected package krb5-config. 372s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 67770 files and directories currently installed.) 372s Preparing to unpack .../0-krb5-config_2.7build1_all.deb ... 372s Unpacking krb5-config (2.7build1) ... 372s Selecting previously unselected package libgssrpc4t64:armhf. 372s Preparing to unpack .../1-libgssrpc4t64_1.22.1-2_armhf.deb ... 372s Unpacking libgssrpc4t64:armhf (1.22.1-2) ... 372s Selecting previously unselected package libkadm5clnt-mit12:armhf. 372s Preparing to unpack .../2-libkadm5clnt-mit12_1.22.1-2_armhf.deb ... 372s Unpacking libkadm5clnt-mit12:armhf (1.22.1-2) ... 372s Selecting previously unselected package libkdb5-10t64:armhf. 372s Preparing to unpack .../3-libkdb5-10t64_1.22.1-2_armhf.deb ... 372s Unpacking libkdb5-10t64:armhf (1.22.1-2) ... 372s Selecting previously unselected package libkadm5srv-mit12:armhf. 372s Preparing to unpack .../4-libkadm5srv-mit12_1.22.1-2_armhf.deb ... 372s Unpacking libkadm5srv-mit12:armhf (1.22.1-2) ... 372s Selecting previously unselected package krb5-user. 372s Preparing to unpack .../5-krb5-user_1.22.1-2_armhf.deb ... 372s Unpacking krb5-user (1.22.1-2) ... 373s Selecting previously unselected package krb5-kdc. 373s Preparing to unpack .../6-krb5-kdc_1.22.1-2_armhf.deb ... 373s Unpacking krb5-kdc (1.22.1-2) ... 373s Selecting previously unselected package krb5-admin-server. 373s Preparing to unpack .../7-krb5-admin-server_1.22.1-2_armhf.deb ... 373s Unpacking krb5-admin-server (1.22.1-2) ... 373s Setting up libgssrpc4t64:armhf (1.22.1-2) ... 373s Setting up krb5-config (2.7build1) ... 373s Setting up libkadm5clnt-mit12:armhf (1.22.1-2) ... 373s Setting up libkdb5-10t64:armhf (1.22.1-2) ... 373s Setting up libkadm5srv-mit12:armhf (1.22.1-2) ... 373s Setting up krb5-user (1.22.1-2) ... 373s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 373s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 373s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 373s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 373s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 373s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 373s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 373s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 373s Setting up krb5-kdc (1.22.1-2) ... 374s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 374s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 374s Setting up krb5-admin-server (1.22.1-2) ... 375s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 376s Processing triggers for man-db (2.13.1-1) ... 376s Processing triggers for libc-bin (2.42-2ubuntu4) ... 415s ldap-user-group-krb5-auth FAIL badpkg 415s blame: sssd 415s badpkg: Failed to run dpkg-query: cannot confirm that parent process is alive: Operation not permitted 415s unexpected eof from helper process 415s (exit code 1) 415s autopkgtest [22:02:35]: test sssd-softhism2-certificates-tests.sh: preparing testbed 439s autopkgtest [22:02:59]: testbed dpkg architecture: armhf 441s autopkgtest [22:03:01]: testbed apt version: 3.1.13 445s autopkgtest [22:03:05]: @@@@@@@@@@@@@@@@@@@@ test bed setup 447s autopkgtest [22:03:07]: testbed release detected to be: resolute 455s autopkgtest [22:03:15]: updating testbed package index (apt update) 457s Get:1 http://ftpmaster.internal/ubuntu resolute-proposed InRelease [124 kB] 457s Get:2 http://ftpmaster.internal/ubuntu resolute InRelease [124 kB] 457s Get:3 http://ftpmaster.internal/ubuntu resolute-updates InRelease [124 kB] 457s Get:4 http://ftpmaster.internal/ubuntu resolute-security InRelease [124 kB] 457s Get:5 http://ftpmaster.internal/ubuntu resolute-proposed/restricted Sources [2820 B] 457s Get:6 http://ftpmaster.internal/ubuntu resolute-proposed/universe Sources [1021 kB] 457s Get:7 http://ftpmaster.internal/ubuntu resolute-proposed/main Sources [97.3 kB] 457s Get:8 http://ftpmaster.internal/ubuntu resolute-proposed/multiverse Sources [24.3 kB] 457s Get:9 http://ftpmaster.internal/ubuntu resolute-proposed/main armhf Packages [109 kB] 457s Get:10 http://ftpmaster.internal/ubuntu resolute-proposed/universe armhf Packages [827 kB] 458s Get:11 http://ftpmaster.internal/ubuntu resolute-proposed/multiverse armhf Packages [8712 B] 458s Get:12 http://ftpmaster.internal/ubuntu resolute/universe Sources [21.4 MB] 460s Get:13 http://ftpmaster.internal/ubuntu resolute/main Sources [1399 kB] 460s Get:14 http://ftpmaster.internal/ubuntu resolute/multiverse Sources [310 kB] 460s Get:15 http://ftpmaster.internal/ubuntu resolute/main armhf Packages [1371 kB] 460s Get:16 http://ftpmaster.internal/ubuntu resolute/universe armhf Packages [15.3 MB] 461s Get:17 http://ftpmaster.internal/ubuntu resolute/multiverse armhf Packages [175 kB] 464s Fetched 42.5 MB in 8s (5596 kB/s) 465s Reading package lists... 471s autopkgtest [22:03:31]: upgrading testbed (apt dist-upgrade and autopurge) 473s Reading package lists... 474s Building dependency tree... 474s Reading state information... 474s Calculating upgrade... 475s The following packages will be upgraded: 475s dhcpcd-base libplymouth5 libssl3t64 libtasn1-6 openssl 475s openssl-provider-legacy plymouth plymouth-theme-ubuntu-text 475s python3-jaraco.context 476s 9 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 476s Need to get 3689 kB of archives. 476s After this operation, 19.5 kB disk space will be freed. 476s Get:1 http://ftpmaster.internal/ubuntu resolute-proposed/main armhf openssl-provider-legacy armhf 3.5.4-1ubuntu1 [30.7 kB] 476s Get:2 http://ftpmaster.internal/ubuntu resolute-proposed/main armhf libssl3t64 armhf 3.5.4-1ubuntu1 [1902 kB] 476s Get:3 http://ftpmaster.internal/ubuntu resolute/main armhf dhcpcd-base armhf 1:10.3.0-7 [194 kB] 476s Get:4 http://ftpmaster.internal/ubuntu resolute/main armhf libtasn1-6 armhf 4.21.0-2 [38.5 kB] 476s Get:5 http://ftpmaster.internal/ubuntu resolute-proposed/main armhf openssl armhf 3.5.4-1ubuntu1 [1214 kB] 476s Get:6 http://ftpmaster.internal/ubuntu resolute/main armhf libplymouth5 armhf 24.004.60+git20250831.4a3c171d-0ubuntu5 [147 kB] 476s Get:7 http://ftpmaster.internal/ubuntu resolute/main armhf plymouth-theme-ubuntu-text armhf 24.004.60+git20250831.4a3c171d-0ubuntu5 [9996 B] 476s Get:8 http://ftpmaster.internal/ubuntu resolute/main armhf plymouth armhf 24.004.60+git20250831.4a3c171d-0ubuntu5 [146 kB] 476s Get:9 http://ftpmaster.internal/ubuntu resolute/main armhf python3-jaraco.context all 6.0.1-2 [8198 B] 477s Fetched 3689 kB in 1s (4979 kB/s) 477s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 66485 files and directories currently installed.) 477s Preparing to unpack .../openssl-provider-legacy_3.5.4-1ubuntu1_armhf.deb ... 477s Unpacking openssl-provider-legacy (3.5.4-1ubuntu1) over (3.5.3-1ubuntu2) ... 477s Setting up openssl-provider-legacy (3.5.4-1ubuntu1) ... 477s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 66485 files and directories currently installed.) 477s Preparing to unpack .../libssl3t64_3.5.4-1ubuntu1_armhf.deb ... 477s Unpacking libssl3t64:armhf (3.5.4-1ubuntu1) over (3.5.3-1ubuntu2) ... 477s Setting up libssl3t64:armhf (3.5.4-1ubuntu1) ... 477s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 66485 files and directories currently installed.) 477s Preparing to unpack .../0-dhcpcd-base_1%3a10.3.0-7_armhf.deb ... 477s Unpacking dhcpcd-base (1:10.3.0-7) over (1:10.3.0-3) ... 477s Preparing to unpack .../1-libtasn1-6_4.21.0-2_armhf.deb ... 477s Unpacking libtasn1-6:armhf (4.21.0-2) over (4.20.0-2ubuntu1) ... 477s Preparing to unpack .../2-openssl_3.5.4-1ubuntu1_armhf.deb ... 477s Unpacking openssl (3.5.4-1ubuntu1) over (3.5.3-1ubuntu2) ... 477s Preparing to unpack .../3-libplymouth5_24.004.60+git20250831.4a3c171d-0ubuntu5_armhf.deb ... 477s Unpacking libplymouth5:armhf (24.004.60+git20250831.4a3c171d-0ubuntu5) over (24.004.60+git20250831.4a3c171d-0ubuntu4) ... 478s Preparing to unpack .../4-plymouth-theme-ubuntu-text_24.004.60+git20250831.4a3c171d-0ubuntu5_armhf.deb ... 478s Unpacking plymouth-theme-ubuntu-text (24.004.60+git20250831.4a3c171d-0ubuntu5) over (24.004.60+git20250831.4a3c171d-0ubuntu4) ... 478s Preparing to unpack .../5-plymouth_24.004.60+git20250831.4a3c171d-0ubuntu5_armhf.deb ... 478s Unpacking plymouth (24.004.60+git20250831.4a3c171d-0ubuntu5) over (24.004.60+git20250831.4a3c171d-0ubuntu4) ... 478s Preparing to unpack .../6-python3-jaraco.context_6.0.1-2_all.deb ... 478s Unpacking python3-jaraco.context (6.0.1-2) over (6.0.1-1build1) ... 478s Setting up python3-jaraco.context (6.0.1-2) ... 478s Setting up dhcpcd-base (1:10.3.0-7) ... 478s Setting up libplymouth5:armhf (24.004.60+git20250831.4a3c171d-0ubuntu5) ... 478s Setting up libtasn1-6:armhf (4.21.0-2) ... 478s Setting up openssl (3.5.4-1ubuntu1) ... 478s Setting up plymouth (24.004.60+git20250831.4a3c171d-0ubuntu5) ... 478s update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults 479s update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults 479s Processing triggers for libc-bin (2.42-2ubuntu4) ... 479s Processing triggers for man-db (2.13.1-1) ... 480s Processing triggers for initramfs-tools (0.150ubuntu7) ... 480s Setting up plymouth-theme-ubuntu-text (24.004.60+git20250831.4a3c171d-0ubuntu5) ... 481s Processing triggers for initramfs-tools (0.150ubuntu7) ... 483s Reading package lists... 483s Building dependency tree... 483s Reading state information... 484s Solving dependencies... 485s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 487s autopkgtest [22:03:47]: rebooting testbed after setup commands that affected boot 552s Reading package lists... 552s Building dependency tree... 552s Reading state information... 552s Solving dependencies... 554s The following NEW packages will be installed: 554s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 554s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 554s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 554s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 554s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 554s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 554s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 554s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 554s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 554s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 554s Need to get 10.3 MB of archives. 554s After this operation, 40.2 MB of additional disk space will be used. 554s Get:1 http://ftpmaster.internal/ubuntu resolute/main armhf libevent-2.1-7t64 armhf 2.1.12-stable-10build1 [130 kB] 554s Get:2 http://ftpmaster.internal/ubuntu resolute/main armhf libunbound8 armhf 1.24.2-1ubuntu1 [433 kB] 554s Get:3 http://ftpmaster.internal/ubuntu resolute/main armhf libgnutls-dane0t64 armhf 3.8.10-3ubuntu1 [32.6 kB] 554s Get:4 http://ftpmaster.internal/ubuntu resolute/universe armhf gnutls-bin armhf 3.8.10-3ubuntu1 [277 kB] 554s Get:5 http://ftpmaster.internal/ubuntu resolute/main armhf libavahi-common-data armhf 0.8-17ubuntu1 [31.3 kB] 554s Get:6 http://ftpmaster.internal/ubuntu resolute/main armhf libavahi-common3 armhf 0.8-17ubuntu1 [20.4 kB] 554s Get:7 http://ftpmaster.internal/ubuntu resolute/main armhf libavahi-client3 armhf 0.8-17ubuntu1 [24.3 kB] 554s Get:8 http://ftpmaster.internal/ubuntu resolute/main armhf libbasicobjects0t64 armhf 0.6.2-3build1 [5610 B] 554s Get:9 http://ftpmaster.internal/ubuntu resolute/main armhf libcares2 armhf 1.34.6-1 [86.9 kB] 554s Get:10 http://ftpmaster.internal/ubuntu resolute/main armhf libcollection4t64 armhf 0.6.2-3build1 [19.2 kB] 554s Get:11 http://ftpmaster.internal/ubuntu resolute/main armhf libcrack2 armhf 2.9.6-5.2build2 [27.0 kB] 554s Get:12 http://ftpmaster.internal/ubuntu resolute/main armhf libdhash1t64 armhf 0.6.2-3build1 [8064 B] 554s Get:13 http://ftpmaster.internal/ubuntu resolute/main armhf libpath-utils1t64 armhf 0.6.2-3build1 [8020 B] 554s Get:14 http://ftpmaster.internal/ubuntu resolute/main armhf libref-array1t64 armhf 0.6.2-3build1 [6566 B] 554s Get:15 http://ftpmaster.internal/ubuntu resolute/main armhf libini-config5t64 armhf 0.6.2-3build1 [37.4 kB] 554s Get:16 http://ftpmaster.internal/ubuntu resolute/main armhf libipa-hbac0t64 armhf 2.10.1-2ubuntu7 [18.4 kB] 554s Get:17 http://ftpmaster.internal/ubuntu resolute/main armhf libtalloc2 armhf 2:2.4.3+samba4.23.4+dfsg-1ubuntu1 [75.3 kB] 554s Get:18 http://ftpmaster.internal/ubuntu resolute/main armhf libtdb1 armhf 2:1.4.14+samba4.23.4+dfsg-1ubuntu1 [93.2 kB] 554s Get:19 http://ftpmaster.internal/ubuntu resolute/main armhf libtevent0t64 armhf 2:0.17.1+samba4.23.4+dfsg-1ubuntu1 [37.1 kB] 554s Get:20 http://ftpmaster.internal/ubuntu resolute/main armhf libldb2 armhf 2:2.11.0+samba4.23.4+dfsg-1ubuntu1 [127 kB] 554s Get:21 http://ftpmaster.internal/ubuntu resolute/main armhf libnfsidmap1 armhf 1:2.8.4-1ubuntu1 [57.1 kB] 554s Get:22 http://ftpmaster.internal/ubuntu resolute/main armhf libpwquality-common all 1.4.5-5 [7752 B] 554s Get:23 http://ftpmaster.internal/ubuntu resolute/main armhf libpwquality1 armhf 1.4.5-5 [12.3 kB] 554s Get:24 http://ftpmaster.internal/ubuntu resolute/main armhf libpam-pwquality armhf 1.4.5-5 [11.4 kB] 554s Get:25 http://ftpmaster.internal/ubuntu resolute/main armhf libwbclient0 armhf 2:4.23.4+dfsg-1ubuntu1 [81.8 kB] 554s Get:26 http://ftpmaster.internal/ubuntu resolute/main armhf samba-libs armhf 2:4.23.4+dfsg-1ubuntu1 [6285 kB] 555s Get:27 http://ftpmaster.internal/ubuntu resolute/main armhf libsmbclient0 armhf 2:4.23.4+dfsg-1ubuntu1 [59.2 kB] 555s Get:28 http://ftpmaster.internal/ubuntu resolute/main armhf libnss-sss armhf 2.10.1-2ubuntu7 [30.4 kB] 555s Get:29 http://ftpmaster.internal/ubuntu resolute/main armhf libpam-sss armhf 2.10.1-2ubuntu7 [46.8 kB] 555s Get:30 http://ftpmaster.internal/ubuntu resolute/universe armhf softhsm2-common armhf 2.6.1-3 [5868 B] 555s Get:31 http://ftpmaster.internal/ubuntu resolute/universe armhf libsofthsm2 armhf 2.6.1-3 [231 kB] 555s Get:32 http://ftpmaster.internal/ubuntu resolute/main armhf libsss-certmap0 armhf 2.10.1-2ubuntu7 [44.6 kB] 555s Get:33 http://ftpmaster.internal/ubuntu resolute/main armhf libsss-idmap0 armhf 2.10.1-2ubuntu7 [21.6 kB] 555s Get:34 http://ftpmaster.internal/ubuntu resolute/main armhf libsss-nss-idmap0 armhf 2.10.1-2ubuntu7 [28.9 kB] 555s Get:35 http://ftpmaster.internal/ubuntu resolute/main armhf python3-sss armhf 2.10.1-2ubuntu7 [45.6 kB] 555s Get:36 http://ftpmaster.internal/ubuntu resolute/universe armhf softhsm2 armhf 2.6.1-3 [154 kB] 555s Get:37 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-common armhf 2.10.1-2ubuntu7 [1054 kB] 555s Get:38 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-ad-common armhf 2.10.1-2ubuntu7 [67.8 kB] 555s Get:39 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-krb5-common armhf 2.10.1-2ubuntu7 [82.4 kB] 555s Get:40 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-ad armhf 2.10.1-2ubuntu7 [130 kB] 555s Get:41 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-ipa armhf 2.10.1-2ubuntu7 [214 kB] 555s Get:42 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-krb5 armhf 2.10.1-2ubuntu7 [14.0 kB] 555s Get:43 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-ldap armhf 2.10.1-2ubuntu7 [31.2 kB] 555s Get:44 http://ftpmaster.internal/ubuntu resolute/main armhf sssd-proxy armhf 2.10.1-2ubuntu7 [43.3 kB] 555s Get:45 http://ftpmaster.internal/ubuntu resolute/main armhf sssd armhf 2.10.1-2ubuntu7 [4122 B] 556s Fetched 10.3 MB in 1s (8220 kB/s) 556s Selecting previously unselected package libevent-2.1-7t64:armhf. 556s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 66479 files and directories currently installed.) 556s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10build1_armhf.deb ... 556s Unpacking libevent-2.1-7t64:armhf (2.1.12-stable-10build1) ... 556s Selecting previously unselected package libunbound8:armhf. 556s Preparing to unpack .../01-libunbound8_1.24.2-1ubuntu1_armhf.deb ... 556s Unpacking libunbound8:armhf (1.24.2-1ubuntu1) ... 556s Selecting previously unselected package libgnutls-dane0t64:armhf. 556s Preparing to unpack .../02-libgnutls-dane0t64_3.8.10-3ubuntu1_armhf.deb ... 556s Unpacking libgnutls-dane0t64:armhf (3.8.10-3ubuntu1) ... 556s Selecting previously unselected package gnutls-bin. 556s Preparing to unpack .../03-gnutls-bin_3.8.10-3ubuntu1_armhf.deb ... 556s Unpacking gnutls-bin (3.8.10-3ubuntu1) ... 556s Selecting previously unselected package libavahi-common-data:armhf. 556s Preparing to unpack .../04-libavahi-common-data_0.8-17ubuntu1_armhf.deb ... 556s Unpacking libavahi-common-data:armhf (0.8-17ubuntu1) ... 556s Selecting previously unselected package libavahi-common3:armhf. 556s Preparing to unpack .../05-libavahi-common3_0.8-17ubuntu1_armhf.deb ... 556s Unpacking libavahi-common3:armhf (0.8-17ubuntu1) ... 556s Selecting previously unselected package libavahi-client3:armhf. 556s Preparing to unpack .../06-libavahi-client3_0.8-17ubuntu1_armhf.deb ... 556s Unpacking libavahi-client3:armhf (0.8-17ubuntu1) ... 556s Selecting previously unselected package libbasicobjects0t64:armhf. 556s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-3build1_armhf.deb ... 556s Unpacking libbasicobjects0t64:armhf (0.6.2-3build1) ... 556s Selecting previously unselected package libcares2:armhf. 556s Preparing to unpack .../08-libcares2_1.34.6-1_armhf.deb ... 556s Unpacking libcares2:armhf (1.34.6-1) ... 556s Selecting previously unselected package libcollection4t64:armhf. 556s Preparing to unpack .../09-libcollection4t64_0.6.2-3build1_armhf.deb ... 556s Unpacking libcollection4t64:armhf (0.6.2-3build1) ... 556s Selecting previously unselected package libcrack2:armhf. 556s Preparing to unpack .../10-libcrack2_2.9.6-5.2build2_armhf.deb ... 556s Unpacking libcrack2:armhf (2.9.6-5.2build2) ... 556s Selecting previously unselected package libdhash1t64:armhf. 556s Preparing to unpack .../11-libdhash1t64_0.6.2-3build1_armhf.deb ... 556s Unpacking libdhash1t64:armhf (0.6.2-3build1) ... 556s Selecting previously unselected package libpath-utils1t64:armhf. 556s Preparing to unpack .../12-libpath-utils1t64_0.6.2-3build1_armhf.deb ... 556s Unpacking libpath-utils1t64:armhf (0.6.2-3build1) ... 556s Selecting previously unselected package libref-array1t64:armhf. 556s Preparing to unpack .../13-libref-array1t64_0.6.2-3build1_armhf.deb ... 556s Unpacking libref-array1t64:armhf (0.6.2-3build1) ... 556s Selecting previously unselected package libini-config5t64:armhf. 556s Preparing to unpack .../14-libini-config5t64_0.6.2-3build1_armhf.deb ... 556s Unpacking libini-config5t64:armhf (0.6.2-3build1) ... 556s Selecting previously unselected package libipa-hbac0t64. 556s Preparing to unpack .../15-libipa-hbac0t64_2.10.1-2ubuntu7_armhf.deb ... 556s Unpacking libipa-hbac0t64 (2.10.1-2ubuntu7) ... 556s Selecting previously unselected package libtalloc2:armhf. 556s Preparing to unpack .../16-libtalloc2_2%3a2.4.3+samba4.23.4+dfsg-1ubuntu1_armhf.deb ... 556s Unpacking libtalloc2:armhf (2:2.4.3+samba4.23.4+dfsg-1ubuntu1) ... 557s Selecting previously unselected package libtdb1:armhf. 557s Preparing to unpack .../17-libtdb1_2%3a1.4.14+samba4.23.4+dfsg-1ubuntu1_armhf.deb ... 557s Unpacking libtdb1:armhf (2:1.4.14+samba4.23.4+dfsg-1ubuntu1) ... 557s Selecting previously unselected package libtevent0t64:armhf. 557s Preparing to unpack .../18-libtevent0t64_2%3a0.17.1+samba4.23.4+dfsg-1ubuntu1_armhf.deb ... 557s Unpacking libtevent0t64:armhf (2:0.17.1+samba4.23.4+dfsg-1ubuntu1) ... 557s Selecting previously unselected package libldb2:armhf. 557s Preparing to unpack .../19-libldb2_2%3a2.11.0+samba4.23.4+dfsg-1ubuntu1_armhf.deb ... 557s Unpacking libldb2:armhf (2:2.11.0+samba4.23.4+dfsg-1ubuntu1) ... 557s Selecting previously unselected package libnfsidmap1:armhf. 557s Preparing to unpack .../20-libnfsidmap1_1%3a2.8.4-1ubuntu1_armhf.deb ... 557s Unpacking libnfsidmap1:armhf (1:2.8.4-1ubuntu1) ... 557s Selecting previously unselected package libpwquality-common. 557s Preparing to unpack .../21-libpwquality-common_1.4.5-5_all.deb ... 557s Unpacking libpwquality-common (1.4.5-5) ... 557s Selecting previously unselected package libpwquality1:armhf. 557s Preparing to unpack .../22-libpwquality1_1.4.5-5_armhf.deb ... 557s Unpacking libpwquality1:armhf (1.4.5-5) ... 557s Selecting previously unselected package libpam-pwquality:armhf. 557s Preparing to unpack .../23-libpam-pwquality_1.4.5-5_armhf.deb ... 557s Unpacking libpam-pwquality:armhf (1.4.5-5) ... 557s Selecting previously unselected package libwbclient0:armhf. 557s Preparing to unpack .../24-libwbclient0_2%3a4.23.4+dfsg-1ubuntu1_armhf.deb ... 557s Unpacking libwbclient0:armhf (2:4.23.4+dfsg-1ubuntu1) ... 557s Selecting previously unselected package samba-libs:armhf. 557s Preparing to unpack .../25-samba-libs_2%3a4.23.4+dfsg-1ubuntu1_armhf.deb ... 557s Unpacking samba-libs:armhf (2:4.23.4+dfsg-1ubuntu1) ... 557s Selecting previously unselected package libsmbclient0:armhf. 557s Preparing to unpack .../26-libsmbclient0_2%3a4.23.4+dfsg-1ubuntu1_armhf.deb ... 557s Unpacking libsmbclient0:armhf (2:4.23.4+dfsg-1ubuntu1) ... 557s Selecting previously unselected package libnss-sss:armhf. 557s Preparing to unpack .../27-libnss-sss_2.10.1-2ubuntu7_armhf.deb ... 557s Unpacking libnss-sss:armhf (2.10.1-2ubuntu7) ... 557s Selecting previously unselected package libpam-sss:armhf. 557s Preparing to unpack .../28-libpam-sss_2.10.1-2ubuntu7_armhf.deb ... 557s Unpacking libpam-sss:armhf (2.10.1-2ubuntu7) ... 557s Selecting previously unselected package softhsm2-common. 557s Preparing to unpack .../29-softhsm2-common_2.6.1-3_armhf.deb ... 557s Unpacking softhsm2-common (2.6.1-3) ... 557s Selecting previously unselected package libsofthsm2. 557s Preparing to unpack .../30-libsofthsm2_2.6.1-3_armhf.deb ... 557s Unpacking libsofthsm2 (2.6.1-3) ... 558s Selecting previously unselected package libsss-certmap0. 558s Preparing to unpack .../31-libsss-certmap0_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking libsss-certmap0 (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package libsss-idmap0. 558s Preparing to unpack .../32-libsss-idmap0_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking libsss-idmap0 (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package libsss-nss-idmap0. 558s Preparing to unpack .../33-libsss-nss-idmap0_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking libsss-nss-idmap0 (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package python3-sss. 558s Preparing to unpack .../34-python3-sss_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking python3-sss (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package softhsm2. 558s Preparing to unpack .../35-softhsm2_2.6.1-3_armhf.deb ... 558s Unpacking softhsm2 (2.6.1-3) ... 558s Selecting previously unselected package sssd-common. 558s Preparing to unpack .../36-sssd-common_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking sssd-common (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package sssd-ad-common. 558s Preparing to unpack .../37-sssd-ad-common_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking sssd-ad-common (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package sssd-krb5-common. 558s Preparing to unpack .../38-sssd-krb5-common_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking sssd-krb5-common (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package sssd-ad. 558s Preparing to unpack .../39-sssd-ad_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking sssd-ad (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package sssd-ipa. 558s Preparing to unpack .../40-sssd-ipa_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking sssd-ipa (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package sssd-krb5. 558s Preparing to unpack .../41-sssd-krb5_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking sssd-krb5 (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package sssd-ldap. 558s Preparing to unpack .../42-sssd-ldap_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking sssd-ldap (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package sssd-proxy. 558s Preparing to unpack .../43-sssd-proxy_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking sssd-proxy (2.10.1-2ubuntu7) ... 558s Selecting previously unselected package sssd. 558s Preparing to unpack .../44-sssd_2.10.1-2ubuntu7_armhf.deb ... 558s Unpacking sssd (2.10.1-2ubuntu7) ... 558s Setting up libpwquality-common (1.4.5-5) ... 558s Setting up softhsm2-common (2.6.1-3) ... 559s Creating config file /etc/softhsm/softhsm2.conf with new version 559s Setting up libnfsidmap1:armhf (1:2.8.4-1ubuntu1) ... 559s Setting up libsss-idmap0 (2.10.1-2ubuntu7) ... 559s Setting up libbasicobjects0t64:armhf (0.6.2-3build1) ... 559s Setting up libipa-hbac0t64 (2.10.1-2ubuntu7) ... 559s Setting up libref-array1t64:armhf (0.6.2-3build1) ... 559s Setting up libtdb1:armhf (2:1.4.14+samba4.23.4+dfsg-1ubuntu1) ... 559s Setting up libcollection4t64:armhf (0.6.2-3build1) ... 559s Setting up libevent-2.1-7t64:armhf (2.1.12-stable-10build1) ... 559s Setting up libwbclient0:armhf (2:4.23.4+dfsg-1ubuntu1) ... 559s Setting up libtalloc2:armhf (2:2.4.3+samba4.23.4+dfsg-1ubuntu1) ... 559s Setting up libpath-utils1t64:armhf (0.6.2-3build1) ... 559s Setting up libunbound8:armhf (1.24.2-1ubuntu1) ... 559s Setting up libgnutls-dane0t64:armhf (3.8.10-3ubuntu1) ... 559s Setting up libavahi-common-data:armhf (0.8-17ubuntu1) ... 559s Setting up libcares2:armhf (1.34.6-1) ... 559s Setting up libdhash1t64:armhf (0.6.2-3build1) ... 559s Setting up libcrack2:armhf (2.9.6-5.2build2) ... 559s Setting up libsss-nss-idmap0 (2.10.1-2ubuntu7) ... 559s Setting up libini-config5t64:armhf (0.6.2-3build1) ... 559s Setting up libtevent0t64:armhf (2:0.17.1+samba4.23.4+dfsg-1ubuntu1) ... 559s Setting up libnss-sss:armhf (2.10.1-2ubuntu7) ... 559s Setting up gnutls-bin (3.8.10-3ubuntu1) ... 559s Setting up libsofthsm2 (2.6.1-3) ... 559s Setting up softhsm2 (2.6.1-3) ... 559s Setting up libavahi-common3:armhf (0.8-17ubuntu1) ... 559s Setting up libsss-certmap0 (2.10.1-2ubuntu7) ... 559s Setting up libpwquality1:armhf (1.4.5-5) ... 559s Setting up libldb2:armhf (2:2.11.0+samba4.23.4+dfsg-1ubuntu1) ... 559s Setting up libavahi-client3:armhf (0.8-17ubuntu1) ... 559s Setting up libpam-pwquality:armhf (1.4.5-5) ... 559s Setting up samba-libs:armhf (2:4.23.4+dfsg-1ubuntu1) ... 559s Setting up python3-sss (2.10.1-2ubuntu7) ... 559s Setting up libsmbclient0:armhf (2:4.23.4+dfsg-1ubuntu1) ... 559s Setting up libpam-sss:armhf (2.10.1-2ubuntu7) ... 560s Setting up sssd-common (2.10.1-2ubuntu7) ... 560s Creating SSSD system user & group... 560s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 560s apparmor_parser: Unable to replace "/usr/sbin/sssd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 560s 560s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 561s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 561s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 561s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 562s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 562s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 562s sssd-autofs.service is a disabled or a static unit, not starting it. 562s sssd-nss.service is a disabled or a static unit, not starting it. 562s sssd-pam.service is a disabled or a static unit, not starting it. 563s sssd-ssh.service is a disabled or a static unit, not starting it. 563s sssd-sudo.service is a disabled or a static unit, not starting it. 563s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 563s Setting up sssd-proxy (2.10.1-2ubuntu7) ... 563s Setting up sssd-ad-common (2.10.1-2ubuntu7) ... 563s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 563s sssd-pac.service is a disabled or a static unit, not starting it. 563s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 563s Setting up sssd-krb5-common (2.10.1-2ubuntu7) ... 563s Setting up sssd-krb5 (2.10.1-2ubuntu7) ... 563s Setting up sssd-ldap (2.10.1-2ubuntu7) ... 563s Setting up sssd-ad (2.10.1-2ubuntu7) ... 563s Setting up sssd-ipa (2.10.1-2ubuntu7) ... 563s Setting up sssd (2.10.1-2ubuntu7) ... 563s Processing triggers for man-db (2.13.1-1) ... 564s Processing triggers for libc-bin (2.42-2ubuntu4) ... 580s autopkgtest [22:05:20]: test sssd-softhism2-certificates-tests.sh: [----------------------- 582s + '[' -z ubuntu ']' 582s + required_tools=(p11tool openssl softhsm2-util) 582s + for cmd in "${required_tools[@]}" 582s + command -v p11tool 582s + for cmd in "${required_tools[@]}" 582s + command -v openssl 582s + for cmd in "${required_tools[@]}" 582s + command -v softhsm2-util 582s + PIN=053350 582s +++ find /usr/lib/softhsm/libsofthsm2.so 582s +++ head -n 1 582s ++ realpath /usr/lib/softhsm/libsofthsm2.so 582s + SOFTHSM2_MODULE=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 582s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 582s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 582s + '[' '!' -v NO_SSSD_TESTS ']' 582s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 582s + ca_db_arg=ca_db 582s ++ /usr/libexec/sssd/p11_child --help 582s + p11_child_help=$'Usage: p11_child [OPTION...]\n -d, --debug-level=INT Debug level\n --debug-timestamps=INT Add debug timestamps\n --debug-microseconds=INT Show timestamps with microseconds\n --dumpable=INT Allow core dumps\n --backtrace=INT Enable debug backtrace\n --debug-fd=INT An open file descriptor for the debug\n logs\n --logger=stderr|files|journald Set logger\n --auth Run in auth mode\n --pre Run in pre-auth mode\n --wait_for_card Wait until card is available\n --verification Run in verification mode\n --pin Expect PIN on stdin\n --keypad Expect PIN on keypad\n --verify=STRING Tune validation\n --ca_db=STRING CA DB to use\n --module_name=STRING Module name for authentication\n --token_name=STRING Token name for authentication\n --key_id=STRING Key ID for authentication\n --label=STRING Label for authentication\n --certificate=STRING certificate to verify, base64 encoded\n --uri=STRING PKCS#11 URI to restrict selection\n --chain-id=LONG Tevent chain ID used for logging\n purposes\n\nHelp options:\n -?, --help Show this help message\n --usage Display brief usage message' 582s + echo $'Usage: p11_child [OPTION...]\n -d, --debug-level=INT Debug level\n --debug-timestamps=INT Add debug timestamps\n --debug-microseconds=INT Show timestamps with microseconds\n --dumpable=INT Allow core dumps\n --backtrace=INT Enable debug backtrace\n --debug-fd=INT An open file descriptor for the debug\n logs\n --logger=stderr|files|journald Set logger\n --auth Run in auth mode\n --pre Run in pre-auth mode\n --wait_for_card Wait until card is available\n --verification Run in verification mode\n --pin Expect PIN on stdin\n --keypad Expect PIN on keypad\n --verify=STRING Tune validation\n --ca_db=STRING CA DB to use\n --module_name=STRING Module name for authentication\n --token_name=STRING Token name for authentication\n --key_id=STRING Key ID for authentication\n --label=STRING Label for authentication\n --certificate=STRING certificate to verify, base64 encoded\n --uri=STRING PKCS#11 URI to restrict selection\n --chain-id=LONG Tevent chain ID used for logging\n purposes\n\nHelp options:\n -?, --help Show this help message\n --usage Display brief usage message' 582s + grep nssdb -qs 582s + echo $'Usage: p11_child [OPTION...]\n -d, --debug-level=INT Debug level\n --debug-timestamps=INT Add debug timestamps\n --debug-microseconds=INT Show timestamps with microseconds\n --dumpable=INT Allow core dumps\n --backtrace=INT Enable debug backtrace\n --debug-fd=INT An open file descriptor for the debug\n logs\n --logger=stderr|files|journald Set logger\n --auth Run in auth mode\n --pre Run in pre-auth mode\n --wait_for_card Wait until card is available\n --verification Run in verification mode\n --pin Expect PIN on stdin\n --keypad Expect PIN on keypad\n --verify=STRING Tune validation\n --ca_db=STRING CA DB to use\n --module_name=STRING Module name for authentication\n --token_name=STRING Token name for authentication\n --key_id=STRING Key ID for authentication\n --label=STRING Label for authentication\n --certificate=STRING certificate to verify, base64 encoded\n --uri=STRING PKCS#11 URI to restrict selection\n --chain-id=LONG Tevent chain ID used for logging\n purposes\n\nHelp options:\n -?, --help Show this help message\n --usage Display brief usage message' 582s + grep -qs -- --ca_db 582s + '[' '!' -e /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so ']' 582s ++ mktemp -d -t sssd-softhsm2-XXXXXX 582s + tmpdir=/tmp/sssd-softhsm2-mOYOpU 582s + keys_size=1024 582s + [[ ! -v KEEP_TEMPORARY_FILES ]] 582s + trap 'rm -rf "$tmpdir"' EXIT 582s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 582s + echo -n 01 582s + touch /tmp/sssd-softhsm2-mOYOpU/index.txt 582s + mkdir -p /tmp/sssd-softhsm2-mOYOpU/new_certs 582s + cat 582s + root_ca_key_pass=pass:random-root-CA-password-18573 582s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-mOYOpU/test-root-CA-key.pem -passout pass:random-root-CA-password-18573 1024 582s + openssl req -passin pass:random-root-CA-password-18573 -batch -config /tmp/sssd-softhsm2-mOYOpU/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-mOYOpU/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 582s + openssl x509 -noout -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 582s + cat 582s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-11040 582s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-11040 1024 582s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-11040 -config /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.config -key /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-18573 -sha256 -out /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-certificate-request.pem 582s + openssl req -text -noout -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-certificate-request.pem 582s Certificate Request: 582s Data: 582s Version: 1 (0x0) 582s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 582s Subject Public Key Info: 582s Public Key Algorithm: rsaEncryption 582s Public-Key: (1024 bit) 582s Modulus: 582s 00:ad:48:9d:54:39:a5:a8:00:c1:d2:01:80:cf:0e: 582s 13:43:12:4e:b8:c7:0a:1b:bd:2f:7f:f2:07:eb:be: 582s 10:4d:09:06:ca:62:f4:6e:49:11:2b:ec:09:af:75: 582s ba:af:a1:11:16:a3:21:6b:6e:f6:15:01:25:c6:3c: 582s bc:e3:1b:80:b6:c1:59:37:2d:37:9c:30:36:7f:44: 582s 33:fb:7b:85:51:b6:54:3c:03:e8:73:c1:e6:a8:22: 582s 89:71:90:26:21:5e:fa:08:92:5a:3e:18:b6:b5:26: 582s 79:61:9f:d2:86:f7:e3:5f:c5:50:94:24:2a:7b:3f: 582s 57:96:56:27:4b:fa:97:07:8d 582s Exponent: 65537 (0x10001) 582s Attributes: 582s (none) 582s Requested Extensions: 582s Signature Algorithm: sha256WithRSAEncryption 582s Signature Value: 582s 89:11:1e:61:67:a4:91:18:24:cf:50:ab:df:c0:a2:01:4c:68: 582s 97:5b:b3:03:34:a3:5e:11:37:f0:d6:a4:9a:59:88:3f:b8:93: 582s 16:7b:65:a3:a8:bc:c1:7d:ce:56:0e:cb:80:a1:fe:34:11:a1: 582s fb:40:09:fe:a1:82:39:e7:3f:2f:86:a8:06:f9:0b:23:c0:8e: 582s b1:5c:0b:5b:6f:b6:ad:4f:4a:d4:88:be:44:bf:ed:cd:f2:0a: 582s 9b:2a:a4:3a:15:69:af:a7:6c:58:98:40:8c:bd:93:22:31:97: 582s 77:6d:7b:99:a7:7b:67:e9:df:a1:fe:64:dc:e3:9c:0b:64:42: 582s a7:80 582s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-mOYOpU/test-root-CA.config -passin pass:random-root-CA-password-18573 -keyfile /tmp/sssd-softhsm2-mOYOpU/test-root-CA-key.pem -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 582s Using configuration from /tmp/sssd-softhsm2-mOYOpU/test-root-CA.config 582s Check that the request matches the signature 582s Signature ok 582s Certificate Details: 582s Serial Number: 1 (0x1) 582s Validity 582s Not Before: Jan 23 22:05:22 2026 GMT 582s Not After : Jan 23 22:05:22 2027 GMT 582s Subject: 582s organizationName = Test Organization 582s organizationalUnitName = Test Organization Unit 582s commonName = Test Organization Intermediate CA 582s X509v3 extensions: 582s X509v3 Subject Key Identifier: 582s 20:44:86:AE:C0:6A:D4:5C:B1:9F:8A:CE:CE:39:42:D7:70:12:10:9A 582s X509v3 Authority Key Identifier: 582s keyid:C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 582s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 582s serial:00 582s X509v3 Basic Constraints: 582s CA:TRUE 582s X509v3 Key Usage: critical 582s Digital Signature, Certificate Sign, CRL Sign 582s Certificate is to be certified until Jan 23 22:05:22 2027 GMT (365 days) 582s 582s Write out database with 1 new entries 582s Database updated 582s + openssl x509 -noout -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 582s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 582s /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem: OK 582s + cat 582s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-23250 582s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-23250 1024 582s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-23250 -config /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-11040 -sha256 -out /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-certificate-request.pem 582s + openssl req -text -noout -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-certificate-request.pem 582s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-11040 -keyfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 582s Certificate Request: 582s Data: 582s Version: 1 (0x0) 582s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 582s Subject Public Key Info: 582s Public Key Algorithm: rsaEncryption 582s Public-Key: (1024 bit) 582s Modulus: 582s 00:d1:3e:46:6c:97:0c:37:ea:26:74:b5:d0:fa:43: 582s 96:48:86:39:c2:0a:57:4c:c6:d8:c1:2d:a0:e0:1e: 582s 31:ac:71:99:1b:8a:76:2c:5b:4d:07:f1:68:26:01: 582s 95:bf:c0:ed:6f:ff:30:27:cd:98:b1:91:f4:19:76: 582s 67:7b:74:f7:4b:84:02:4f:d8:a5:b6:e9:27:a1:eb: 582s 60:c2:7e:7e:11:8e:d8:32:d8:31:4b:c5:a9:fc:37: 582s fd:ee:2d:9c:c1:20:69:ad:22:48:87:e7:56:40:09: 582s 43:5b:2d:88:7c:ef:20:f2:a2:a7:a5:3c:13:5c:76: 582s 53:92:9a:50:9a:87:a3:bf:4f 582s Exponent: 65537 (0x10001) 582s Attributes: 582s (none) 582s Requested Extensions: 582s Signature Algorithm: sha256WithRSAEncryption 582s Signature Value: 582s 05:aa:f2:82:92:54:e9:a9:1c:85:9f:12:33:df:87:87:c2:b3: 582s 2b:98:13:d8:68:2d:f4:bb:f7:c9:a3:28:53:22:3c:32:f6:ab: 582s d1:1d:12:ac:b6:53:2d:8b:c8:62:8a:65:09:e8:f8:17:52:58: 582s dd:4d:78:86:6a:0f:ed:29:47:bb:4b:e4:f5:2c:52:de:60:99: 582s 88:7c:cf:01:04:d9:49:54:de:ab:16:9c:86:66:dc:6f:3a:96: 582s 98:3f:94:be:0c:83:ad:7a:b1:3a:79:dc:0e:58:97:d7:b4:b8: 582s db:3d:21:b0:0b:d0:e7:07:29:b4:83:75:be:97:30:5c:79:d5: 582s f3:a9 582s Using configuration from /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.config 582s Check that the request matches the signature 582s Signature ok 582s Certificate Details: 582s Serial Number: 2 (0x2) 582s Validity 582s Not Before: Jan 23 22:05:22 2026 GMT 582s Not After : Jan 23 22:05:22 2027 GMT 582s Subject: 582s organizationName = Test Organization 582s organizationalUnitName = Test Organization Unit 582s commonName = Test Organization Sub Intermediate CA 582s X509v3 extensions: 582s X509v3 Subject Key Identifier: 582s BD:E4:7A:4B:9B:A6:C8:78:38:B6:94:D0:5E:B9:62:0F:7F:09:F2:0E 582s X509v3 Authority Key Identifier: 582s keyid:20:44:86:AE:C0:6A:D4:5C:B1:9F:8A:CE:CE:39:42:D7:70:12:10:9A 582s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 582s serial:01 582s X509v3 Basic Constraints: 582s CA:TRUE 582s X509v3 Key Usage: critical 582s Digital Signature, Certificate Sign, CRL Sign 582s Certificate is to be certified until Jan 23 22:05:22 2027 GMT (365 days) 582s 582s Write out database with 1 new entries 582s Database updated 582s + openssl x509 -noout -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 582s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 582s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 582s + local cmd=openssl 582s + shift 582s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 582s /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem: OK 582s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 582s error 20 at 0 depth lookup: unable to get local issuer certificate 582s error /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem: verification failed 582s + cat 582s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-20635 582s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-20635 1024 582s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-20635 -key /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001-request.pem 582s + openssl req -text -noout -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001-request.pem 582s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-mOYOpU/test-root-CA.config -passin pass:random-root-CA-password-18573 -keyfile /tmp/sssd-softhsm2-mOYOpU/test-root-CA-key.pem -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 582s Certificate Request: 582s Data: 582s Version: 1 (0x0) 582s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 582s Subject Public Key Info: 582s Public Key Algorithm: rsaEncryption 582s Public-Key: (1024 bit) 582s Modulus: 582s 00:ad:bb:e6:c8:15:2d:24:50:dc:f4:f4:fe:73:8a: 582s d2:b1:28:15:ad:a2:50:57:df:8b:cb:10:ab:ce:49: 582s 72:51:cc:17:d6:29:87:e5:bb:f9:92:80:67:50:2b: 582s 48:f4:64:77:d4:a0:bf:25:a4:26:9d:7e:aa:5e:ba: 582s 5a:29:3a:9c:9c:6f:26:72:50:49:52:6b:ae:f4:13: 582s 03:5c:a0:6e:ce:a4:79:62:ab:03:f4:0d:42:27:73: 582s c6:0e:e9:bb:8f:ba:8d:18:34:f2:8c:62:e9:81:e3: 582s b2:b6:e5:05:24:f9:0a:c4:a8:00:b4:c5:15:25:16: 582s a2:07:7c:1c:1f:6f:77:b4:87 582s Exponent: 65537 (0x10001) 582s Attributes: 582s Requested Extensions: 582s X509v3 Basic Constraints: 582s CA:FALSE 582s Netscape Cert Type: 582s SSL Client, S/MIME 582s Netscape Comment: 582s Test Organization Root CA trusted Certificate 582s X509v3 Subject Key Identifier: 582s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 582s X509v3 Key Usage: critical 582s Digital Signature, Non Repudiation, Key Encipherment 582s X509v3 Extended Key Usage: 582s TLS Web Client Authentication, E-mail Protection 582s X509v3 Subject Alternative Name: 582s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 582s Signature Algorithm: sha256WithRSAEncryption 582s Signature Value: 582s a1:17:77:30:a5:35:df:e2:38:c5:0f:27:ba:03:ca:23:92:d2: 582s 32:da:cf:eb:67:5d:a6:ca:a9:3b:33:01:a8:cc:c5:94:42:d3: 582s ec:4f:eb:0c:82:34:56:0f:40:bf:1a:d5:3d:2c:b9:fb:18:25: 582s a2:e3:d4:6a:26:7c:6a:e7:e3:2f:0c:59:b3:17:fa:fa:44:95: 582s 9c:db:0c:0f:6c:08:49:22:53:95:6c:d5:a6:a5:8b:46:bb:b8: 582s 29:7e:4b:5a:2d:46:7a:03:74:8c:db:c7:09:29:e3:76:c0:6d: 582s b9:0f:b7:60:9c:e1:87:cb:28:be:dd:f9:eb:9e:28:07:e4:7c: 582s 34:f3 582s Using configuration from /tmp/sssd-softhsm2-mOYOpU/test-root-CA.config 582s Check that the request matches the signature 582s Signature ok 582s Certificate Details: 582s Serial Number: 3 (0x3) 582s Validity 582s Not Before: Jan 23 22:05:22 2026 GMT 582s Not After : Jan 23 22:05:22 2027 GMT 582s Subject: 582s organizationName = Test Organization 582s organizationalUnitName = Test Organization Unit 582s commonName = Test Organization Root Trusted Certificate 0001 582s X509v3 extensions: 582s X509v3 Authority Key Identifier: 582s C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 582s X509v3 Basic Constraints: 582s CA:FALSE 582s Netscape Cert Type: 582s SSL Client, S/MIME 582s Netscape Comment: 582s Test Organization Root CA trusted Certificate 582s X509v3 Subject Key Identifier: 582s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 582s X509v3 Key Usage: critical 582s Digital Signature, Non Repudiation, Key Encipherment 582s X509v3 Extended Key Usage: 582s TLS Web Client Authentication, E-mail Protection 582s X509v3 Subject Alternative Name: 582s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 582s Certificate is to be certified until Jan 23 22:05:22 2027 GMT (365 days) 582s 582s Write out database with 1 new entries 582s Database updated 582s + openssl x509 -noout -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 582s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 582s /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem: OK 582s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 582s + local cmd=openssl 582s + shift 582s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 582s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 582s error 20 at 0 depth lookup: unable to get local issuer certificate 582s error /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem: verification failed 582s + cat 582s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 582s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-8291 1024 582s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-8291 -key /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001-request.pem 582s + openssl req -text -noout -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001-request.pem 582s Certificate Request: 582s Data: 582s Version: 1 (0x0) 582s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 582s Subject Public Key Info: 582s Public Key Algorithm: rsaEncryption 582s Public-Key: (1024 bit) 582s Modulus: 582s 00:f5:d7:19:31:08:eb:90:fb:12:96:5f:7c:24:63: 582s f0:1b:d0:ea:51:c6:71:4d:47:44:d0:46:cc:b9:77: 582s 12:d9:ed:a9:c7:41:62:1e:14:9c:54:b3:d3:7a:ef: 582s b9:3c:e0:68:1a:3c:32:c9:c9:43:80:c6:41:79:bb: 582s 69:df:c1:82:67:09:68:68:c2:11:6f:d9:60:e8:66: 582s 3d:25:ef:fd:0e:13:85:93:27:75:8a:3a:be:db:30: 582s 53:5e:51:fc:4b:90:a3:8f:0a:aa:ee:39:89:85:41: 582s b0:c0:08:a0:35:7a:86:b9:77:54:01:7d:73:a0:78: 582s 3d:f7:8e:01:7f:2c:f4:98:9d 582s Exponent: 65537 (0x10001) 582s Attributes: 582s Requested Extensions: 582s X509v3 Basic Constraints: 582s CA:FALSE 582s Netscape Cert Type: 582s SSL Client, S/MIME 582s Netscape Comment: 582s Test Organization Intermediate CA trusted Certificate 582s X509v3 Subject Key Identifier: 582s A9:4D:63:82:4C:29:12:6C:71:67:E3:AE:EF:D5:DA:5C:D7:5F:F2:B2 582s X509v3 Key Usage: critical 582s Digital Signature, Non Repudiation, Key Encipherment 582s X509v3 Extended Key Usage: 582s TLS Web Client Authentication, E-mail Protection 582s X509v3 Subject Alternative Name: 582s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 582s Signature Algorithm: sha256WithRSAEncryption 582s Signature Value: 582s 6d:c5:44:e7:29:7d:03:db:10:72:1a:91:79:8d:f6:7c:a4:19: 582s 08:ac:f5:a6:29:86:23:ba:e2:d9:e6:8c:39:b6:d2:4d:09:f5: 582s 7d:db:21:a6:9d:5c:55:ce:ba:ca:ab:ce:e1:27:01:6a:7f:1f: 582s 82:27:99:9d:bd:41:86:f3:33:27:61:41:b9:5e:28:13:e2:92: 582s ab:72:ce:6e:ff:44:e9:13:2b:05:20:28:86:31:75:47:f9:3e: 582s 76:16:bd:95:8d:44:c7:c0:01:f1:7e:51:d4:25:b0:0c:61:68: 582s 7c:79:be:86:50:35:e6:2c:85:03:6a:97:0e:8b:df:3e:98:fd: 582s 2e:1b 582s + openssl ca -passin pass:random-intermediate-CA-password-11040 -config /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 582s Using configuration from /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.config 582s Check that the request matches the signature 582s Signature ok 582s Certificate Details: 582s Serial Number: 4 (0x4) 582s Validity 582s Not Before: Jan 23 22:05:22 2026 GMT 582s Not After : Jan 23 22:05:22 2027 GMT 582s Subject: 582s organizationName = Test Organization 582s organizationalUnitName = Test Organization Unit 582s commonName = Test Organization Intermediate Trusted Certificate 0001 582s X509v3 extensions: 582s X509v3 Authority Key Identifier: 582s 20:44:86:AE:C0:6A:D4:5C:B1:9F:8A:CE:CE:39:42:D7:70:12:10:9A 582s X509v3 Basic Constraints: 582s CA:FALSE 582s Netscape Cert Type: 582s SSL Client, S/MIME 582s Netscape Comment: 582s Test Organization Intermediate CA trusted Certificate 582s X509v3 Subject Key Identifier: 582s A9:4D:63:82:4C:29:12:6C:71:67:E3:AE:EF:D5:DA:5C:D7:5F:F2:B2 582s X509v3 Key Usage: critical 582s Digital Signature, Non Repudiation, Key Encipherment 582s X509v3 Extended Key Usage: 582s TLS Web Client Authentication, E-mail Protection 582s X509v3 Subject Alternative Name: 582s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 582s Certificate is to be certified until Jan 23 22:05:22 2027 GMT (365 days) 582s 582s Write out database with 1 new entries 582s Database updated 582s + openssl x509 -noout -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 582s + echo 'This certificate should not be trusted fully' 582s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 582s + local cmd=openssl 582s + shift 582s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 582s This certificate should not be trusted fully 582s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 582s error 2 at 1 depth lookup: unable to get issuer certificate 582s error /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 582s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 582s /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem: OK 582s + cat 582s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 582s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-30545 1024 583s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-30545 -key /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 583s + openssl req -text -noout -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 583s Certificate Request: 583s Data: 583s Version: 1 (0x0) 583s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 583s Subject Public Key Info: 583s Public Key Algorithm: rsaEncryption 583s Public-Key: (1024 bit) 583s Modulus: 583s 00:ac:c8:46:25:e6:99:05:1b:4a:ac:40:d8:72:a3: 583s 7c:d6:80:4a:ee:84:fa:3c:0a:07:9d:f7:fb:74:b1: 583s b6:42:ec:ba:86:eb:b9:fe:a7:f8:40:19:62:db:f4: 583s 1d:9c:7c:c5:5b:63:8e:a5:3c:b6:95:fc:6b:42:8e: 583s a0:f8:92:0d:da:14:55:6b:16:1e:bf:4a:da:25:43: 583s 4b:7a:14:7c:47:66:f1:4c:b6:c1:e5:e7:40:1c:e7: 583s 50:b5:22:6f:0c:b8:e5:5d:f3:66:27:86:02:aa:2f: 583s f3:81:c6:b9:2f:77:68:cd:1f:4d:67:ab:39:fd:08: 583s 20:ef:15:9e:5c:8c:38:5a:33 583s Exponent: 65537 (0x10001) 583s Attributes: 583s Requested Extensions: 583s X509v3 Basic Constraints: 583s CA:FALSE 583s Netscape Cert Type: 583s SSL Client, S/MIME 583s Netscape Comment: 583s Test Organization Sub Intermediate CA trusted Certificate 583s X509v3 Subject Key Identifier: 583s A6:3D:4D:E3:27:8E:55:91:A3:78:65:5F:8E:65:F3:59:63:E8:4C:A5 583s X509v3 Key Usage: critical 583s Digital Signature, Non Repudiation, Key Encipherment 583s X509v3 Extended Key Usage: 583s TLS Web Client Authentication, E-mail Protection 583s X509v3 Subject Alternative Name: 583s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 583s Signature Algorithm: sha256WithRSAEncryption 583s Signature Value: 583s 5b:6f:e0:92:a2:cd:5e:4d:67:9f:aa:2a:b4:56:1e:06:1f:60: 583s bd:2e:03:cb:fc:f5:bf:7a:2a:e3:91:28:17:5f:b7:25:05:7b: 583s df:ab:37:36:cc:de:19:f3:45:93:30:40:f9:63:06:02:38:87: 583s 33:2f:6f:44:18:48:1c:64:3b:f8:21:39:83:f8:05:c7:b5:9a: 583s 8a:e2:65:9b:26:3b:c3:2c:79:d5:ef:a6:33:54:5a:ea:9c:a5: 583s c1:45:c3:5e:bf:2d:12:99:f3:ef:53:fc:08:b1:79:cf:21:94: 583s 1f:7b:23:9a:eb:b6:33:02:46:8d:bc:a4:02:53:45:51:4f:56: 583s e7:16 583s + openssl ca -passin pass:random-sub-intermediate-CA-password-23250 -config /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 583s Using configuration from /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.config 583s Check that the request matches the signature 583s Signature ok 583s Certificate Details: 583s Serial Number: 5 (0x5) 583s Validity 583s Not Before: Jan 23 22:05:23 2026 GMT 583s Not After : Jan 23 22:05:23 2027 GMT 583s Subject: 583s organizationName = Test Organization 583s organizationalUnitName = Test Organization Unit 583s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 583s X509v3 extensions: 583s X509v3 Authority Key Identifier: 583s BD:E4:7A:4B:9B:A6:C8:78:38:B6:94:D0:5E:B9:62:0F:7F:09:F2:0E 583s X509v3 Basic Constraints: 583s CA:FALSE 583s Netscape Cert Type: 583s SSL Client, S/MIME 583s Netscape Comment: 583s Test Organization Sub Intermediate CA trusted Certificate 583s X509v3 Subject Key Identifier: 583s A6:3D:4D:E3:27:8E:55:91:A3:78:65:5F:8E:65:F3:59:63:E8:4C:A5 583s X509v3 Key Usage: critical 583s Digital Signature, Non Repudiation, Key Encipherment 583s X509v3 Extended Key Usage: 583s TLS Web Client Authentication, E-mail Protection 583s X509v3 Subject Alternative Name: 583s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 583s Certificate is to be certified until Jan 23 22:05:23 2027 GMT (365 days) 583s 583s Write out database with 1 new entries 583s Database updated 583s + openssl x509 -noout -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 583s This certificate should not be trusted fully 583s + echo 'This certificate should not be trusted fully' 583s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 583s + local cmd=openssl 583s + shift 583s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 583s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 583s error 2 at 1 depth lookup: unable to get issuer certificate 583s error /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 583s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 583s + local cmd=openssl 583s + shift 583s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 583s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 583s error 20 at 0 depth lookup: unable to get local issuer certificate 583s error /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 583s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 583s /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 583s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 583s + local cmd=openssl 583s + shift 583s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 583s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 583s error 20 at 0 depth lookup: unable to get local issuer certificate 583s error /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 583s + echo 'Building a the full-chain CA file...' 583s + cat /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 583s Building a the full-chain CA file... 583s + cat /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 583s + cat /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 583s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 583s + openssl pkcs7 -print_certs -noout 583s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 583s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 583s 583s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 583s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 583s 583s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 583s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 583s 583s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 583s /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem: OK 583s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem: OK 583s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 583s /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem: OK 583s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-root-intermediate-chain-CA.pem 583s /tmp/sssd-softhsm2-mOYOpU/test-root-intermediate-chain-CA.pem: OK 583s + openssl verify -CAfile /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 583s /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 583s + echo 'Certificates generation completed!' 583s Certificates generation completed! 583s + [[ -v NO_SSSD_TESTS ]] 583s + invalid_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /dev/null 583s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /dev/null 583s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 583s + local key_ring=/dev/null 583s + local verify_option= 583s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 583s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 583s + local key_cn 583s + local key_name 583s + local tokens_dir 583s + local output_cert_file 583s + token_name= 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem .pem 583s + key_name=test-root-CA-trusted-certificate-0001 583s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s ++ sed -n 's/ *commonName *= //p' 583s + key_cn='Test Organization Root Trusted Certificate 0001' 583s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 583s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 583s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 583s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 583s + token_name='Test Organization Root Tr Token' 583s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 583s + local key_file 583s + local decrypted_key 583s + mkdir -p /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 583s + key_file=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001-key.pem 583s + decrypted_key=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001-key-decrypted.pem 583s + cat 583s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 583s Slot 0 has a free/uninitialized token. 583s The token has been initialized and is reassigned to slot 176558825 583s + softhsm2-util --show-slots 583s Available slots: 583s Slot 176558825 583s Slot info: 583s Description: SoftHSM slot ID 0xa8612e9 583s Manufacturer ID: SoftHSM project 583s Hardware version: 2.6 583s Firmware version: 2.6 583s Token present: yes 583s Token info: 583s Manufacturer ID: SoftHSM project 583s Model: SoftHSM v2 583s Hardware version: 2.6 583s Firmware version: 2.6 583s Serial number: ce78b53e8a8612e9 583s Initialized: yes 583s User PIN init.: yes 583s Label: Test Organization Root Tr Token 583s Slot 1 583s Slot info: 583s Description: SoftHSM slot ID 0x1 583s Manufacturer ID: SoftHSM project 583s Hardware version: 2.6 583s Firmware version: 2.6 583s Token present: yes 583s Token info: 583s Manufacturer ID: SoftHSM project 583s Model: SoftHSM v2 583s Hardware version: 2.6 583s Firmware version: 2.6 583s Serial number: 583s Initialized: no 583s User PIN init.: no 583s Label: 583s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 583s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-20635 -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001-key-decrypted.pem 583s writing RSA key 583s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 583s + rm /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001-key-decrypted.pem 583s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 583s Object 0: 583s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce78b53e8a8612e9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 583s Type: X.509 Certificate (RSA-1024) 583s Expires: Sat Jan 23 22:05:22 2027 583s Label: Test Organization Root Trusted Certificate 0001 583s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 583s 583s + echo 'Test Organization Root Tr Token' 583s + '[' -n '' ']' 583s + local output_base_name=SSSD-child-32604 583s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-32604.output 583s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-32604.pem 583s Test Organization Root Tr Token 583s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/dev/null 583s [p11_child[1709]] [main] (0x0400): p11_child started. 583s [p11_child[1709]] [main] (0x2000): Running in [pre-auth] mode. 583s [p11_child[1709]] [main] (0x2000): Running with effective IDs: [0][0]. 583s [p11_child[1709]] [main] (0x2000): Running with real IDs [0][0]. 583s [p11_child[1709]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 583s [p11_child[1709]] [do_work] (0x0040): init_verification failed. 583s [p11_child[1709]] [main] (0x0020): p11_child failed (5) 583s + return 2 583s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /dev/null no_verification 583s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /dev/null no_verification 583s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 583s + local key_ring=/dev/null 583s + local verify_option=no_verification 583s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 583s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 583s + local key_cn 583s + local key_name 583s + local tokens_dir 583s + local output_cert_file 583s + token_name= 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem .pem 583s + key_name=test-root-CA-trusted-certificate-0001 583s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s ++ sed -n 's/ *commonName *= //p' 583s + key_cn='Test Organization Root Trusted Certificate 0001' 583s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 583s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 583s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 583s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 583s + token_name='Test Organization Root Tr Token' 583s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 583s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 ']' 583s + echo 'Test Organization Root Tr Token' 583s + '[' -n no_verification ']' 583s + local verify_arg=--verify=no_verification 583s + local output_base_name=SSSD-child-23299 583s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299.output 583s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299.pem 583s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 583s Test Organization Root Tr Token 583s [p11_child[1715]] [main] (0x0400): p11_child started. 583s [p11_child[1715]] [main] (0x2000): Running in [pre-auth] mode. 583s [p11_child[1715]] [main] (0x2000): Running with effective IDs: [0][0]. 583s [p11_child[1715]] [main] (0x2000): Running with real IDs [0][0]. 583s [p11_child[1715]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 583s [p11_child[1715]] [do_card] (0x4000): Module List: 583s [p11_child[1715]] [do_card] (0x4000): common name: [softhsm2]. 583s [p11_child[1715]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1715]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 583s [p11_child[1715]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 583s [p11_child[1715]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1715]] [do_card] (0x4000): Login NOT required. 583s [p11_child[1715]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 583s [p11_child[1715]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 583s [p11_child[1715]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xa8612e9;slot-manufacturer=SoftHSM%20project;slot-id=176558825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce78b53e8a8612e9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 583s [p11_child[1715]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 583s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299.output 583s + echo '-----BEGIN CERTIFICATE-----' 583s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299.output 583s + echo '-----END CERTIFICATE-----' 583s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299.pem 583s Certificate: 583s Data: 583s Version: 3 (0x2) 583s Serial Number: 3 (0x3) 583s Signature Algorithm: sha256WithRSAEncryption 583s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 583s Validity 583s Not Before: Jan 23 22:05:22 2026 GMT 583s Not After : Jan 23 22:05:22 2027 GMT 583s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 583s Subject Public Key Info: 583s Public Key Algorithm: rsaEncryption 583s Public-Key: (1024 bit) 583s Modulus: 583s 00:ad:bb:e6:c8:15:2d:24:50:dc:f4:f4:fe:73:8a: 583s d2:b1:28:15:ad:a2:50:57:df:8b:cb:10:ab:ce:49: 583s 72:51:cc:17:d6:29:87:e5:bb:f9:92:80:67:50:2b: 583s 48:f4:64:77:d4:a0:bf:25:a4:26:9d:7e:aa:5e:ba: 583s 5a:29:3a:9c:9c:6f:26:72:50:49:52:6b:ae:f4:13: 583s 03:5c:a0:6e:ce:a4:79:62:ab:03:f4:0d:42:27:73: 583s c6:0e:e9:bb:8f:ba:8d:18:34:f2:8c:62:e9:81:e3: 583s b2:b6:e5:05:24:f9:0a:c4:a8:00:b4:c5:15:25:16: 583s a2:07:7c:1c:1f:6f:77:b4:87 583s Exponent: 65537 (0x10001) 583s X509v3 extensions: 583s X509v3 Authority Key Identifier: 583s C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 583s X509v3 Basic Constraints: 583s CA:FALSE 583s Netscape Cert Type: 583s SSL Client, S/MIME 583s Netscape Comment: 583s Test Organization Root CA trusted Certificate 583s X509v3 Subject Key Identifier: 583s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 583s X509v3 Key Usage: critical 583s Digital Signature, Non Repudiation, Key Encipherment 583s X509v3 Extended Key Usage: 583s TLS Web Client Authentication, E-mail Protection 583s X509v3 Subject Alternative Name: 583s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 583s Signature Algorithm: sha256WithRSAEncryption 583s Signature Value: 583s 16:da:df:1c:e1:4f:37:a0:84:7c:93:95:dd:50:d8:ce:35:cf: 583s bc:c9:d7:b5:db:53:2e:93:cf:1b:3c:ab:77:70:02:3d:31:f3: 583s 16:7d:3b:d7:01:e6:29:29:3d:d3:2f:27:ac:95:ff:b8:89:7f: 583s ca:35:53:5b:5d:34:b4:80:5e:98:61:bf:43:0f:1a:7f:ea:33: 583s cf:28:f0:ec:5a:02:0a:cd:b5:68:5c:cf:db:f1:00:03:11:cc: 583s 69:98:5e:21:a6:a5:fe:dd:e3:29:55:e9:be:88:2e:f2:03:5c: 583s 3f:2e:1c:a5:30:be:2e:81:7a:47:5e:2a:ef:ab:b9:57:64:10: 583s 77:50 583s + local found_md5 expected_md5 583s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + expected_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 583s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299.pem 583s + found_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 583s + '[' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 '!=' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 ']' 583s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299-auth.output 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299-auth.output .output 583s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299-auth.pem 583s + echo -n 053350 583s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 583s [p11_child[1723]] [main] (0x0400): p11_child started. 583s [p11_child[1723]] [main] (0x2000): Running in [auth] mode. 583s [p11_child[1723]] [main] (0x2000): Running with effective IDs: [0][0]. 583s [p11_child[1723]] [main] (0x2000): Running with real IDs [0][0]. 583s [p11_child[1723]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 583s [p11_child[1723]] [do_card] (0x4000): Module List: 583s [p11_child[1723]] [do_card] (0x4000): common name: [softhsm2]. 583s [p11_child[1723]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1723]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 583s [p11_child[1723]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 583s [p11_child[1723]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1723]] [do_card] (0x4000): Login required. 583s [p11_child[1723]] [do_card] (0x4000): Token flags [1069]. 583s [p11_child[1723]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 583s [p11_child[1723]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 583s [p11_child[1723]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xa8612e9;slot-manufacturer=SoftHSM%20project;slot-id=176558825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce78b53e8a8612e9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 583s [p11_child[1723]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 583s [p11_child[1723]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 583s [p11_child[1723]] [do_card] (0x4000): Certificate verified and validated. 583s [p11_child[1723]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 583s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299-auth.output 583s + echo '-----BEGIN CERTIFICATE-----' 583s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299-auth.output 583s + echo '-----END CERTIFICATE-----' 583s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299-auth.pem 583s Certificate: 583s Data: 583s Version: 3 (0x2) 583s Serial Number: 3 (0x3) 583s Signature Algorithm: sha256WithRSAEncryption 583s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 583s Validity 583s Not Before: Jan 23 22:05:22 2026 GMT 583s Not After : Jan 23 22:05:22 2027 GMT 583s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 583s Subject Public Key Info: 583s Public Key Algorithm: rsaEncryption 583s Public-Key: (1024 bit) 583s Modulus: 583s 00:ad:bb:e6:c8:15:2d:24:50:dc:f4:f4:fe:73:8a: 583s d2:b1:28:15:ad:a2:50:57:df:8b:cb:10:ab:ce:49: 583s 72:51:cc:17:d6:29:87:e5:bb:f9:92:80:67:50:2b: 583s 48:f4:64:77:d4:a0:bf:25:a4:26:9d:7e:aa:5e:ba: 583s 5a:29:3a:9c:9c:6f:26:72:50:49:52:6b:ae:f4:13: 583s 03:5c:a0:6e:ce:a4:79:62:ab:03:f4:0d:42:27:73: 583s c6:0e:e9:bb:8f:ba:8d:18:34:f2:8c:62:e9:81:e3: 583s b2:b6:e5:05:24:f9:0a:c4:a8:00:b4:c5:15:25:16: 583s a2:07:7c:1c:1f:6f:77:b4:87 583s Exponent: 65537 (0x10001) 583s X509v3 extensions: 583s X509v3 Authority Key Identifier: 583s C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 583s X509v3 Basic Constraints: 583s CA:FALSE 583s Netscape Cert Type: 583s SSL Client, S/MIME 583s Netscape Comment: 583s Test Organization Root CA trusted Certificate 583s X509v3 Subject Key Identifier: 583s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 583s X509v3 Key Usage: critical 583s Digital Signature, Non Repudiation, Key Encipherment 583s X509v3 Extended Key Usage: 583s TLS Web Client Authentication, E-mail Protection 583s X509v3 Subject Alternative Name: 583s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 583s Signature Algorithm: sha256WithRSAEncryption 583s Signature Value: 583s 16:da:df:1c:e1:4f:37:a0:84:7c:93:95:dd:50:d8:ce:35:cf: 583s bc:c9:d7:b5:db:53:2e:93:cf:1b:3c:ab:77:70:02:3d:31:f3: 583s 16:7d:3b:d7:01:e6:29:29:3d:d3:2f:27:ac:95:ff:b8:89:7f: 583s ca:35:53:5b:5d:34:b4:80:5e:98:61:bf:43:0f:1a:7f:ea:33: 583s cf:28:f0:ec:5a:02:0a:cd:b5:68:5c:cf:db:f1:00:03:11:cc: 583s 69:98:5e:21:a6:a5:fe:dd:e3:29:55:e9:be:88:2e:f2:03:5c: 583s 3f:2e:1c:a5:30:be:2e:81:7a:47:5e:2a:ef:ab:b9:57:64:10: 583s 77:50 583s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-23299-auth.pem 583s + found_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 583s + '[' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 '!=' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 ']' 583s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 583s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 583s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 583s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 583s + local verify_option= 583s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 583s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 583s + local key_cn 583s + local key_name 583s + local tokens_dir 583s + local output_cert_file 583s + token_name= 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem .pem 583s + key_name=test-root-CA-trusted-certificate-0001 583s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s ++ sed -n 's/ *commonName *= //p' 583s Test Organization Root Tr Token 583s + key_cn='Test Organization Root Trusted Certificate 0001' 583s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 583s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 583s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 583s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 583s + token_name='Test Organization Root Tr Token' 583s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 583s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 ']' 583s + echo 'Test Organization Root Tr Token' 583s + '[' -n '' ']' 583s + local output_base_name=SSSD-child-7871 583s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871.output 583s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871.pem 583s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 583s [p11_child[1733]] [main] (0x0400): p11_child started. 583s [p11_child[1733]] [main] (0x2000): Running in [pre-auth] mode. 583s [p11_child[1733]] [main] (0x2000): Running with effective IDs: [0][0]. 583s [p11_child[1733]] [main] (0x2000): Running with real IDs [0][0]. 583s [p11_child[1733]] [do_card] (0x4000): Module List: 583s [p11_child[1733]] [do_card] (0x4000): common name: [softhsm2]. 583s [p11_child[1733]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1733]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 583s [p11_child[1733]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 583s [p11_child[1733]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1733]] [do_card] (0x4000): Login NOT required. 583s [p11_child[1733]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 583s [p11_child[1733]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 583s [p11_child[1733]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 583s [p11_child[1733]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xa8612e9;slot-manufacturer=SoftHSM%20project;slot-id=176558825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce78b53e8a8612e9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 583s [p11_child[1733]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 583s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871.output 583s + echo '-----BEGIN CERTIFICATE-----' 583s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871.output 583s + echo '-----END CERTIFICATE-----' 583s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871.pem 583s + local found_md5 expected_md5 583s Certificate: 583s Data: 583s Version: 3 (0x2) 583s Serial Number: 3 (0x3) 583s Signature Algorithm: sha256WithRSAEncryption 583s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 583s Validity 583s Not Before: Jan 23 22:05:22 2026 GMT 583s Not After : Jan 23 22:05:22 2027 GMT 583s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 583s Subject Public Key Info: 583s Public Key Algorithm: rsaEncryption 583s Public-Key: (1024 bit) 583s Modulus: 583s 00:ad:bb:e6:c8:15:2d:24:50:dc:f4:f4:fe:73:8a: 583s d2:b1:28:15:ad:a2:50:57:df:8b:cb:10:ab:ce:49: 583s 72:51:cc:17:d6:29:87:e5:bb:f9:92:80:67:50:2b: 583s 48:f4:64:77:d4:a0:bf:25:a4:26:9d:7e:aa:5e:ba: 583s 5a:29:3a:9c:9c:6f:26:72:50:49:52:6b:ae:f4:13: 583s 03:5c:a0:6e:ce:a4:79:62:ab:03:f4:0d:42:27:73: 583s c6:0e:e9:bb:8f:ba:8d:18:34:f2:8c:62:e9:81:e3: 583s b2:b6:e5:05:24:f9:0a:c4:a8:00:b4:c5:15:25:16: 583s a2:07:7c:1c:1f:6f:77:b4:87 583s Exponent: 65537 (0x10001) 583s X509v3 extensions: 583s X509v3 Authority Key Identifier: 583s C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 583s X509v3 Basic Constraints: 583s CA:FALSE 583s Netscape Cert Type: 583s SSL Client, S/MIME 583s Netscape Comment: 583s Test Organization Root CA trusted Certificate 583s X509v3 Subject Key Identifier: 583s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 583s X509v3 Key Usage: critical 583s Digital Signature, Non Repudiation, Key Encipherment 583s X509v3 Extended Key Usage: 583s TLS Web Client Authentication, E-mail Protection 583s X509v3 Subject Alternative Name: 583s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 583s Signature Algorithm: sha256WithRSAEncryption 583s Signature Value: 583s 16:da:df:1c:e1:4f:37:a0:84:7c:93:95:dd:50:d8:ce:35:cf: 583s bc:c9:d7:b5:db:53:2e:93:cf:1b:3c:ab:77:70:02:3d:31:f3: 583s 16:7d:3b:d7:01:e6:29:29:3d:d3:2f:27:ac:95:ff:b8:89:7f: 583s ca:35:53:5b:5d:34:b4:80:5e:98:61:bf:43:0f:1a:7f:ea:33: 583s cf:28:f0:ec:5a:02:0a:cd:b5:68:5c:cf:db:f1:00:03:11:cc: 583s 69:98:5e:21:a6:a5:fe:dd:e3:29:55:e9:be:88:2e:f2:03:5c: 583s 3f:2e:1c:a5:30:be:2e:81:7a:47:5e:2a:ef:ab:b9:57:64:10: 583s 77:50 583s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + expected_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 583s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871.pem 583s + found_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 583s + '[' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 '!=' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 ']' 583s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871-auth.output 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871-auth.output .output 583s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871-auth.pem 583s + echo -n 053350 583s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 583s [p11_child[1741]] [main] (0x0400): p11_child started. 583s [p11_child[1741]] [main] (0x2000): Running in [auth] mode. 583s [p11_child[1741]] [main] (0x2000): Running with effective IDs: [0][0]. 583s [p11_child[1741]] [main] (0x2000): Running with real IDs [0][0]. 583s [p11_child[1741]] [do_card] (0x4000): Module List: 583s [p11_child[1741]] [do_card] (0x4000): common name: [softhsm2]. 583s [p11_child[1741]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1741]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 583s [p11_child[1741]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 583s [p11_child[1741]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1741]] [do_card] (0x4000): Login required. 583s [p11_child[1741]] [do_card] (0x4000): Token flags [1069]. 583s [p11_child[1741]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 583s [p11_child[1741]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 583s [p11_child[1741]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 583s [p11_child[1741]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xa8612e9;slot-manufacturer=SoftHSM%20project;slot-id=176558825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce78b53e8a8612e9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 583s [p11_child[1741]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 583s [p11_child[1741]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 583s [p11_child[1741]] [do_card] (0x4000): Certificate verified and validated. 583s [p11_child[1741]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 583s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871-auth.output 583s + echo '-----BEGIN CERTIFICATE-----' 583s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871-auth.output 583s + echo '-----END CERTIFICATE-----' 583s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871-auth.pem 583s Certificate: 583s Data: 583s Version: 3 (0x2) 583s Serial Number: 3 (0x3) 583s Signature Algorithm: sha256WithRSAEncryption 583s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 583s Validity 583s Not Before: Jan 23 22:05:22 2026 GMT 583s Not After : Jan 23 22:05:22 2027 GMT 583s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 583s Subject Public Key Info: 583s Public Key Algorithm: rsaEncryption 583s Public-Key: (1024 bit) 583s Modulus: 583s 00:ad:bb:e6:c8:15:2d:24:50:dc:f4:f4:fe:73:8a: 583s d2:b1:28:15:ad:a2:50:57:df:8b:cb:10:ab:ce:49: 583s 72:51:cc:17:d6:29:87:e5:bb:f9:92:80:67:50:2b: 583s 48:f4:64:77:d4:a0:bf:25:a4:26:9d:7e:aa:5e:ba: 583s 5a:29:3a:9c:9c:6f:26:72:50:49:52:6b:ae:f4:13: 583s 03:5c:a0:6e:ce:a4:79:62:ab:03:f4:0d:42:27:73: 583s c6:0e:e9:bb:8f:ba:8d:18:34:f2:8c:62:e9:81:e3: 583s b2:b6:e5:05:24:f9:0a:c4:a8:00:b4:c5:15:25:16: 583s a2:07:7c:1c:1f:6f:77:b4:87 583s Exponent: 65537 (0x10001) 583s X509v3 extensions: 583s X509v3 Authority Key Identifier: 583s C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 583s X509v3 Basic Constraints: 583s CA:FALSE 583s Netscape Cert Type: 583s SSL Client, S/MIME 583s Netscape Comment: 583s Test Organization Root CA trusted Certificate 583s X509v3 Subject Key Identifier: 583s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 583s X509v3 Key Usage: critical 583s Digital Signature, Non Repudiation, Key Encipherment 583s X509v3 Extended Key Usage: 583s TLS Web Client Authentication, E-mail Protection 583s X509v3 Subject Alternative Name: 583s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 583s Signature Algorithm: sha256WithRSAEncryption 583s Signature Value: 583s 16:da:df:1c:e1:4f:37:a0:84:7c:93:95:dd:50:d8:ce:35:cf: 583s bc:c9:d7:b5:db:53:2e:93:cf:1b:3c:ab:77:70:02:3d:31:f3: 583s 16:7d:3b:d7:01:e6:29:29:3d:d3:2f:27:ac:95:ff:b8:89:7f: 583s ca:35:53:5b:5d:34:b4:80:5e:98:61:bf:43:0f:1a:7f:ea:33: 583s cf:28:f0:ec:5a:02:0a:cd:b5:68:5c:cf:db:f1:00:03:11:cc: 583s 69:98:5e:21:a6:a5:fe:dd:e3:29:55:e9:be:88:2e:f2:03:5c: 583s 3f:2e:1c:a5:30:be:2e:81:7a:47:5e:2a:ef:ab:b9:57:64:10: 583s 77:50 583s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7871-auth.pem 583s + found_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 583s + '[' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 '!=' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 ']' 583s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem partial_chain 583s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem partial_chain 583s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 583s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 583s + local verify_option=partial_chain 583s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 583s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 583s + local key_cn 583s + local key_name 583s + local tokens_dir 583s + local output_cert_file 583s + token_name= 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem .pem 583s + key_name=test-root-CA-trusted-certificate-0001 583s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s ++ sed -n 's/ *commonName *= //p' 583s + key_cn='Test Organization Root Trusted Certificate 0001' 583s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 583s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 583s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 583s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 583s + token_name='Test Organization Root Tr Token' 583s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 583s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 ']' 583s Test Organization Root Tr Token 583s + echo 'Test Organization Root Tr Token' 583s + '[' -n partial_chain ']' 583s + local verify_arg=--verify=partial_chain 583s + local output_base_name=SSSD-child-3422 583s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422.output 583s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422.pem 583s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 583s [p11_child[1751]] [main] (0x0400): p11_child started. 583s [p11_child[1751]] [main] (0x2000): Running in [pre-auth] mode. 583s [p11_child[1751]] [main] (0x2000): Running with effective IDs: [0][0]. 583s [p11_child[1751]] [main] (0x2000): Running with real IDs [0][0]. 583s [p11_child[1751]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 583s [p11_child[1751]] [do_card] (0x4000): Module List: 583s [p11_child[1751]] [do_card] (0x4000): common name: [softhsm2]. 583s [p11_child[1751]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1751]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 583s [p11_child[1751]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 583s [p11_child[1751]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1751]] [do_card] (0x4000): Login NOT required. 583s [p11_child[1751]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 583s [p11_child[1751]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 583s [p11_child[1751]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 583s [p11_child[1751]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xa8612e9;slot-manufacturer=SoftHSM%20project;slot-id=176558825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce78b53e8a8612e9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 583s [p11_child[1751]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 583s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422.output 583s + echo '-----BEGIN CERTIFICATE-----' 583s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422.output 583s + echo '-----END CERTIFICATE-----' 583s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422.pem 583s Certificate: 583s Data: 583s Version: 3 (0x2) 583s Serial Number: 3 (0x3) 583s Signature Algorithm: sha256WithRSAEncryption 583s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 583s Validity 583s Not Before: Jan 23 22:05:22 2026 GMT 583s Not After : Jan 23 22:05:22 2027 GMT 583s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 583s Subject Public Key Info: 583s Public Key Algorithm: rsaEncryption 583s Public-Key: (1024 bit) 583s Modulus: 583s 00:ad:bb:e6:c8:15:2d:24:50:dc:f4:f4:fe:73:8a: 583s d2:b1:28:15:ad:a2:50:57:df:8b:cb:10:ab:ce:49: 583s 72:51:cc:17:d6:29:87:e5:bb:f9:92:80:67:50:2b: 583s 48:f4:64:77:d4:a0:bf:25:a4:26:9d:7e:aa:5e:ba: 583s 5a:29:3a:9c:9c:6f:26:72:50:49:52:6b:ae:f4:13: 583s 03:5c:a0:6e:ce:a4:79:62:ab:03:f4:0d:42:27:73: 583s c6:0e:e9:bb:8f:ba:8d:18:34:f2:8c:62:e9:81:e3: 583s b2:b6:e5:05:24:f9:0a:c4:a8:00:b4:c5:15:25:16: 583s a2:07:7c:1c:1f:6f:77:b4:87 583s Exponent: 65537 (0x10001) 583s X509v3 extensions: 583s X509v3 Authority Key Identifier: 583s C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 583s X509v3 Basic Constraints: 583s CA:FALSE 583s Netscape Cert Type: 583s SSL Client, S/MIME 583s Netscape Comment: 583s Test Organization Root CA trusted Certificate 583s X509v3 Subject Key Identifier: 583s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 583s X509v3 Key Usage: critical 583s Digital Signature, Non Repudiation, Key Encipherment 583s X509v3 Extended Key Usage: 583s TLS Web Client Authentication, E-mail Protection 583s X509v3 Subject Alternative Name: 583s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 583s Signature Algorithm: sha256WithRSAEncryption 583s Signature Value: 583s 16:da:df:1c:e1:4f:37:a0:84:7c:93:95:dd:50:d8:ce:35:cf: 583s bc:c9:d7:b5:db:53:2e:93:cf:1b:3c:ab:77:70:02:3d:31:f3: 583s 16:7d:3b:d7:01:e6:29:29:3d:d3:2f:27:ac:95:ff:b8:89:7f: 583s ca:35:53:5b:5d:34:b4:80:5e:98:61:bf:43:0f:1a:7f:ea:33: 583s cf:28:f0:ec:5a:02:0a:cd:b5:68:5c:cf:db:f1:00:03:11:cc: 583s 69:98:5e:21:a6:a5:fe:dd:e3:29:55:e9:be:88:2e:f2:03:5c: 583s 3f:2e:1c:a5:30:be:2e:81:7a:47:5e:2a:ef:ab:b9:57:64:10: 583s 77:50 583s + local found_md5 expected_md5 583s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + expected_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 583s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422.pem 583s + found_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 583s + '[' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 '!=' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 ']' 583s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422-auth.output 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422-auth.output .output 583s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422-auth.pem 583s + echo -n 053350 583s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 583s [p11_child[1759]] [main] (0x0400): p11_child started. 583s [p11_child[1759]] [main] (0x2000): Running in [auth] mode. 583s [p11_child[1759]] [main] (0x2000): Running with effective IDs: [0][0]. 583s [p11_child[1759]] [main] (0x2000): Running with real IDs [0][0]. 583s [p11_child[1759]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 583s [p11_child[1759]] [do_card] (0x4000): Module List: 583s [p11_child[1759]] [do_card] (0x4000): common name: [softhsm2]. 583s [p11_child[1759]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1759]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 583s [p11_child[1759]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 583s [p11_child[1759]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 583s [p11_child[1759]] [do_card] (0x4000): Login required. 583s [p11_child[1759]] [do_card] (0x4000): Token flags [1069]. 583s [p11_child[1759]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 583s [p11_child[1759]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 583s [p11_child[1759]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 583s [p11_child[1759]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xa8612e9;slot-manufacturer=SoftHSM%20project;slot-id=176558825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce78b53e8a8612e9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 583s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 583s [p11_child[1759]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 583s [p11_child[1759]] [do_card] (0x4000): Certificate verified and validated. 583s [p11_child[1759]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 583s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422-auth.output 583s + echo '-----BEGIN CERTIFICATE-----' 583s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422-auth.output 583s + echo '-----END CERTIFICATE-----' 583s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422-auth.pem 583s Certificate: 583s Data: 583s Version: 3 (0x2) 583s Serial Number: 3 (0x3) 583s Signature Algorithm: sha256WithRSAEncryption 583s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 583s Validity 583s Not Before: Jan 23 22:05:22 2026 GMT 583s Not After : Jan 23 22:05:22 2027 GMT 583s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 583s Subject Public Key Info: 583s Public Key Algorithm: rsaEncryption 583s Public-Key: (1024 bit) 583s Modulus: 583s 00:ad:bb:e6:c8:15:2d:24:50:dc:f4:f4:fe:73:8a: 583s d2:b1:28:15:ad:a2:50:57:df:8b:cb:10:ab:ce:49: 583s 72:51:cc:17:d6:29:87:e5:bb:f9:92:80:67:50:2b: 583s 48:f4:64:77:d4:a0:bf:25:a4:26:9d:7e:aa:5e:ba: 583s 5a:29:3a:9c:9c:6f:26:72:50:49:52:6b:ae:f4:13: 583s 03:5c:a0:6e:ce:a4:79:62:ab:03:f4:0d:42:27:73: 583s c6:0e:e9:bb:8f:ba:8d:18:34:f2:8c:62:e9:81:e3: 583s b2:b6:e5:05:24:f9:0a:c4:a8:00:b4:c5:15:25:16: 583s a2:07:7c:1c:1f:6f:77:b4:87 583s Exponent: 65537 (0x10001) 583s X509v3 extensions: 583s X509v3 Authority Key Identifier: 583s C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 583s X509v3 Basic Constraints: 583s CA:FALSE 583s Netscape Cert Type: 583s SSL Client, S/MIME 583s Netscape Comment: 583s Test Organization Root CA trusted Certificate 583s X509v3 Subject Key Identifier: 583s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 583s X509v3 Key Usage: critical 583s Digital Signature, Non Repudiation, Key Encipherment 583s X509v3 Extended Key Usage: 583s TLS Web Client Authentication, E-mail Protection 583s X509v3 Subject Alternative Name: 583s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 583s Signature Algorithm: sha256WithRSAEncryption 583s Signature Value: 583s 16:da:df:1c:e1:4f:37:a0:84:7c:93:95:dd:50:d8:ce:35:cf: 583s bc:c9:d7:b5:db:53:2e:93:cf:1b:3c:ab:77:70:02:3d:31:f3: 583s 16:7d:3b:d7:01:e6:29:29:3d:d3:2f:27:ac:95:ff:b8:89:7f: 583s ca:35:53:5b:5d:34:b4:80:5e:98:61:bf:43:0f:1a:7f:ea:33: 583s cf:28:f0:ec:5a:02:0a:cd:b5:68:5c:cf:db:f1:00:03:11:cc: 583s 69:98:5e:21:a6:a5:fe:dd:e3:29:55:e9:be:88:2e:f2:03:5c: 583s 3f:2e:1c:a5:30:be:2e:81:7a:47:5e:2a:ef:ab:b9:57:64:10: 583s 77:50 583s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-3422-auth.pem 583s + found_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 583s + '[' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 '!=' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 ']' 583s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 583s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 583s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 583s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 583s + local verify_option= 583s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 583s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 583s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 583s + local key_cn 583s + local key_name 583s + local tokens_dir 583s + local output_cert_file 583s + token_name= 583s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem .pem 584s + key_name=test-root-CA-trusted-certificate-0001 584s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s ++ sed -n 's/ *commonName *= //p' 584s + key_cn='Test Organization Root Trusted Certificate 0001' 584s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 584s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 584s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 584s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 584s + token_name='Test Organization Root Tr Token' 584s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 584s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 ']' 584s + echo 'Test Organization Root Tr Token' 584s + '[' -n '' ']' 584s + local output_base_name=SSSD-child-29669 584s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669.output 584s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669.pem 584s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 584s Test Organization Root Tr Token 584s [p11_child[1769]] [main] (0x0400): p11_child started. 584s [p11_child[1769]] [main] (0x2000): Running in [pre-auth] mode. 584s [p11_child[1769]] [main] (0x2000): Running with effective IDs: [0][0]. 584s [p11_child[1769]] [main] (0x2000): Running with real IDs [0][0]. 584s [p11_child[1769]] [do_card] (0x4000): Module List: 584s [p11_child[1769]] [do_card] (0x4000): common name: [softhsm2]. 584s [p11_child[1769]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1769]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 584s [p11_child[1769]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 584s [p11_child[1769]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1769]] [do_card] (0x4000): Login NOT required. 584s [p11_child[1769]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 584s [p11_child[1769]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 584s [p11_child[1769]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 584s [p11_child[1769]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xa8612e9;slot-manufacturer=SoftHSM%20project;slot-id=176558825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce78b53e8a8612e9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 584s [p11_child[1769]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 584s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669.output 584s + echo '-----BEGIN CERTIFICATE-----' 584s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669.output 584s + echo '-----END CERTIFICATE-----' 584s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669.pem 584s Certificate: 584s Data: 584s Version: 3 (0x2) 584s Serial Number: 3 (0x3) 584s Signature Algorithm: sha256WithRSAEncryption 584s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 584s Validity 584s Not Before: Jan 23 22:05:22 2026 GMT 584s Not After : Jan 23 22:05:22 2027 GMT 584s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 584s Subject Public Key Info: 584s Public Key Algorithm: rsaEncryption 584s Public-Key: (1024 bit) 584s Modulus: 584s 00:ad:bb:e6:c8:15:2d:24:50:dc:f4:f4:fe:73:8a: 584s d2:b1:28:15:ad:a2:50:57:df:8b:cb:10:ab:ce:49: 584s 72:51:cc:17:d6:29:87:e5:bb:f9:92:80:67:50:2b: 584s 48:f4:64:77:d4:a0:bf:25:a4:26:9d:7e:aa:5e:ba: 584s 5a:29:3a:9c:9c:6f:26:72:50:49:52:6b:ae:f4:13: 584s 03:5c:a0:6e:ce:a4:79:62:ab:03:f4:0d:42:27:73: 584s c6:0e:e9:bb:8f:ba:8d:18:34:f2:8c:62:e9:81:e3: 584s b2:b6:e5:05:24:f9:0a:c4:a8:00:b4:c5:15:25:16: 584s a2:07:7c:1c:1f:6f:77:b4:87 584s Exponent: 65537 (0x10001) 584s X509v3 extensions: 584s X509v3 Authority Key Identifier: 584s C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 584s X509v3 Basic Constraints: 584s CA:FALSE 584s Netscape Cert Type: 584s SSL Client, S/MIME 584s Netscape Comment: 584s Test Organization Root CA trusted Certificate 584s X509v3 Subject Key Identifier: 584s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 584s X509v3 Key Usage: critical 584s Digital Signature, Non Repudiation, Key Encipherment 584s X509v3 Extended Key Usage: 584s TLS Web Client Authentication, E-mail Protection 584s X509v3 Subject Alternative Name: 584s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 584s Signature Algorithm: sha256WithRSAEncryption 584s Signature Value: 584s 16:da:df:1c:e1:4f:37:a0:84:7c:93:95:dd:50:d8:ce:35:cf: 584s bc:c9:d7:b5:db:53:2e:93:cf:1b:3c:ab:77:70:02:3d:31:f3: 584s 16:7d:3b:d7:01:e6:29:29:3d:d3:2f:27:ac:95:ff:b8:89:7f: 584s ca:35:53:5b:5d:34:b4:80:5e:98:61:bf:43:0f:1a:7f:ea:33: 584s cf:28:f0:ec:5a:02:0a:cd:b5:68:5c:cf:db:f1:00:03:11:cc: 584s 69:98:5e:21:a6:a5:fe:dd:e3:29:55:e9:be:88:2e:f2:03:5c: 584s 3f:2e:1c:a5:30:be:2e:81:7a:47:5e:2a:ef:ab:b9:57:64:10: 584s 77:50 584s + local found_md5 expected_md5 584s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s + expected_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 584s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669.pem 584s + found_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 584s + '[' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 '!=' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 ']' 584s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669-auth.output 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669-auth.output .output 584s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669-auth.pem 584s + echo -n 053350 584s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 584s [p11_child[1777]] [main] (0x0400): p11_child started. 584s [p11_child[1777]] [main] (0x2000): Running in [auth] mode. 584s [p11_child[1777]] [main] (0x2000): Running with effective IDs: [0][0]. 584s [p11_child[1777]] [main] (0x2000): Running with real IDs [0][0]. 584s [p11_child[1777]] [do_card] (0x4000): Module List: 584s [p11_child[1777]] [do_card] (0x4000): common name: [softhsm2]. 584s [p11_child[1777]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1777]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 584s [p11_child[1777]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 584s [p11_child[1777]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1777]] [do_card] (0x4000): Login required. 584s [p11_child[1777]] [do_card] (0x4000): Token flags [1069]. 584s [p11_child[1777]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 584s [p11_child[1777]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 584s [p11_child[1777]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 584s [p11_child[1777]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xa8612e9;slot-manufacturer=SoftHSM%20project;slot-id=176558825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce78b53e8a8612e9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 584s [p11_child[1777]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 584s [p11_child[1777]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 584s [p11_child[1777]] [do_card] (0x4000): Certificate verified and validated. 584s [p11_child[1777]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 584s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669-auth.output 584s + echo '-----BEGIN CERTIFICATE-----' 584s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669-auth.output 584s + echo '-----END CERTIFICATE-----' 584s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669-auth.pem 584s Certificate: 584s Data: 584s Version: 3 (0x2) 584s Serial Number: 3 (0x3) 584s Signature Algorithm: sha256WithRSAEncryption 584s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 584s Validity 584s Not Before: Jan 23 22:05:22 2026 GMT 584s Not After : Jan 23 22:05:22 2027 GMT 584s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 584s Subject Public Key Info: 584s Public Key Algorithm: rsaEncryption 584s Public-Key: (1024 bit) 584s Modulus: 584s 00:ad:bb:e6:c8:15:2d:24:50:dc:f4:f4:fe:73:8a: 584s d2:b1:28:15:ad:a2:50:57:df:8b:cb:10:ab:ce:49: 584s 72:51:cc:17:d6:29:87:e5:bb:f9:92:80:67:50:2b: 584s 48:f4:64:77:d4:a0:bf:25:a4:26:9d:7e:aa:5e:ba: 584s 5a:29:3a:9c:9c:6f:26:72:50:49:52:6b:ae:f4:13: 584s 03:5c:a0:6e:ce:a4:79:62:ab:03:f4:0d:42:27:73: 584s c6:0e:e9:bb:8f:ba:8d:18:34:f2:8c:62:e9:81:e3: 584s b2:b6:e5:05:24:f9:0a:c4:a8:00:b4:c5:15:25:16: 584s a2:07:7c:1c:1f:6f:77:b4:87 584s Exponent: 65537 (0x10001) 584s X509v3 extensions: 584s X509v3 Authority Key Identifier: 584s C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 584s X509v3 Basic Constraints: 584s CA:FALSE 584s Netscape Cert Type: 584s SSL Client, S/MIME 584s Netscape Comment: 584s Test Organization Root CA trusted Certificate 584s X509v3 Subject Key Identifier: 584s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 584s X509v3 Key Usage: critical 584s Digital Signature, Non Repudiation, Key Encipherment 584s X509v3 Extended Key Usage: 584s TLS Web Client Authentication, E-mail Protection 584s X509v3 Subject Alternative Name: 584s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 584s Signature Algorithm: sha256WithRSAEncryption 584s Signature Value: 584s 16:da:df:1c:e1:4f:37:a0:84:7c:93:95:dd:50:d8:ce:35:cf: 584s bc:c9:d7:b5:db:53:2e:93:cf:1b:3c:ab:77:70:02:3d:31:f3: 584s 16:7d:3b:d7:01:e6:29:29:3d:d3:2f:27:ac:95:ff:b8:89:7f: 584s ca:35:53:5b:5d:34:b4:80:5e:98:61:bf:43:0f:1a:7f:ea:33: 584s cf:28:f0:ec:5a:02:0a:cd:b5:68:5c:cf:db:f1:00:03:11:cc: 584s 69:98:5e:21:a6:a5:fe:dd:e3:29:55:e9:be:88:2e:f2:03:5c: 584s 3f:2e:1c:a5:30:be:2e:81:7a:47:5e:2a:ef:ab:b9:57:64:10: 584s 77:50 584s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-29669-auth.pem 584s + found_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 584s + '[' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 '!=' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 ']' 584s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem partial_chain 584s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem partial_chain 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 584s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 584s + local verify_option=partial_chain 584s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 584s + local key_cn 584s + local key_name 584s + local tokens_dir 584s + local output_cert_file 584s + token_name= 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem .pem 584s + key_name=test-root-CA-trusted-certificate-0001 584s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s ++ sed -n 's/ *commonName *= //p' 584s + key_cn='Test Organization Root Trusted Certificate 0001' 584s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 584s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 584s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 584s Test Organization Root Tr Token 584s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 584s + token_name='Test Organization Root Tr Token' 584s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 584s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 ']' 584s + echo 'Test Organization Root Tr Token' 584s + '[' -n partial_chain ']' 584s + local verify_arg=--verify=partial_chain 584s + local output_base_name=SSSD-child-19247 584s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247.output 584s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247.pem 584s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 584s [p11_child[1787]] [main] (0x0400): p11_child started. 584s [p11_child[1787]] [main] (0x2000): Running in [pre-auth] mode. 584s [p11_child[1787]] [main] (0x2000): Running with effective IDs: [0][0]. 584s [p11_child[1787]] [main] (0x2000): Running with real IDs [0][0]. 584s [p11_child[1787]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 584s [p11_child[1787]] [do_card] (0x4000): Module List: 584s [p11_child[1787]] [do_card] (0x4000): common name: [softhsm2]. 584s [p11_child[1787]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1787]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 584s [p11_child[1787]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 584s [p11_child[1787]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1787]] [do_card] (0x4000): Login NOT required. 584s [p11_child[1787]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 584s [p11_child[1787]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 584s [p11_child[1787]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 584s [p11_child[1787]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xa8612e9;slot-manufacturer=SoftHSM%20project;slot-id=176558825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce78b53e8a8612e9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 584s [p11_child[1787]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 584s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247.output 584s + echo '-----BEGIN CERTIFICATE-----' 584s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247.output 584s + echo '-----END CERTIFICATE-----' 584s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247.pem 584s Certificate: 584s Data: 584s Version: 3 (0x2) 584s Serial Number: 3 (0x3) 584s Signature Algorithm: sha256WithRSAEncryption 584s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 584s Validity 584s Not Before: Jan 23 22:05:22 2026 GMT 584s Not After : Jan 23 22:05:22 2027 GMT 584s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 584s Subject Public Key Info: 584s Public Key Algorithm: rsaEncryption 584s Public-Key: (1024 bit) 584s Modulus: 584s 00:ad:bb:e6:c8:15:2d:24:50:dc:f4:f4:fe:73:8a: 584s d2:b1:28:15:ad:a2:50:57:df:8b:cb:10:ab:ce:49: 584s 72:51:cc:17:d6:29:87:e5:bb:f9:92:80:67:50:2b: 584s 48:f4:64:77:d4:a0:bf:25:a4:26:9d:7e:aa:5e:ba: 584s 5a:29:3a:9c:9c:6f:26:72:50:49:52:6b:ae:f4:13: 584s 03:5c:a0:6e:ce:a4:79:62:ab:03:f4:0d:42:27:73: 584s c6:0e:e9:bb:8f:ba:8d:18:34:f2:8c:62:e9:81:e3: 584s b2:b6:e5:05:24:f9:0a:c4:a8:00:b4:c5:15:25:16: 584s a2:07:7c:1c:1f:6f:77:b4:87 584s Exponent: 65537 (0x10001) 584s X509v3 extensions: 584s X509v3 Authority Key Identifier: 584s C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 584s X509v3 Basic Constraints: 584s CA:FALSE 584s Netscape Cert Type: 584s SSL Client, S/MIME 584s Netscape Comment: 584s Test Organization Root CA trusted Certificate 584s X509v3 Subject Key Identifier: 584s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 584s X509v3 Key Usage: critical 584s Digital Signature, Non Repudiation, Key Encipherment 584s X509v3 Extended Key Usage: 584s TLS Web Client Authentication, E-mail Protection 584s X509v3 Subject Alternative Name: 584s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 584s Signature Algorithm: sha256WithRSAEncryption 584s Signature Value: 584s 16:da:df:1c:e1:4f:37:a0:84:7c:93:95:dd:50:d8:ce:35:cf: 584s bc:c9:d7:b5:db:53:2e:93:cf:1b:3c:ab:77:70:02:3d:31:f3: 584s 16:7d:3b:d7:01:e6:29:29:3d:d3:2f:27:ac:95:ff:b8:89:7f: 584s ca:35:53:5b:5d:34:b4:80:5e:98:61:bf:43:0f:1a:7f:ea:33: 584s cf:28:f0:ec:5a:02:0a:cd:b5:68:5c:cf:db:f1:00:03:11:cc: 584s 69:98:5e:21:a6:a5:fe:dd:e3:29:55:e9:be:88:2e:f2:03:5c: 584s 3f:2e:1c:a5:30:be:2e:81:7a:47:5e:2a:ef:ab:b9:57:64:10: 584s 77:50 584s + local found_md5 expected_md5 584s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s + expected_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 584s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247.pem 584s + found_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 584s + '[' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 '!=' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 ']' 584s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247-auth.output 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247-auth.output .output 584s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247-auth.pem 584s + echo -n 053350 584s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 584s [p11_child[1795]] [main] (0x0400): p11_child started. 584s [p11_child[1795]] [main] (0x2000): Running in [auth] mode. 584s [p11_child[1795]] [main] (0x2000): Running with effective IDs: [0][0]. 584s [p11_child[1795]] [main] (0x2000): Running with real IDs [0][0]. 584s [p11_child[1795]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 584s [p11_child[1795]] [do_card] (0x4000): Module List: 584s [p11_child[1795]] [do_card] (0x4000): common name: [softhsm2]. 584s [p11_child[1795]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1795]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 584s [p11_child[1795]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 584s [p11_child[1795]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1795]] [do_card] (0x4000): Login required. 584s [p11_child[1795]] [do_card] (0x4000): Token flags [1069]. 584s [p11_child[1795]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 584s [p11_child[1795]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 584s [p11_child[1795]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 584s [p11_child[1795]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200xa8612e9;slot-manufacturer=SoftHSM%20project;slot-id=176558825;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ce78b53e8a8612e9;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 584s [p11_child[1795]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 584s [p11_child[1795]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 584s [p11_child[1795]] [do_card] (0x4000): Certificate verified and validated. 584s [p11_child[1795]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 584s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247-auth.output 584s + echo '-----BEGIN CERTIFICATE-----' 584s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247-auth.output 584s + echo '-----END CERTIFICATE-----' 584s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247-auth.pem 584s Certificate: 584s Data: 584s Version: 3 (0x2) 584s Serial Number: 3 (0x3) 584s Signature Algorithm: sha256WithRSAEncryption 584s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 584s Validity 584s Not Before: Jan 23 22:05:22 2026 GMT 584s Not After : Jan 23 22:05:22 2027 GMT 584s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 584s Subject Public Key Info: 584s Public Key Algorithm: rsaEncryption 584s Public-Key: (1024 bit) 584s Modulus: 584s 00:ad:bb:e6:c8:15:2d:24:50:dc:f4:f4:fe:73:8a: 584s d2:b1:28:15:ad:a2:50:57:df:8b:cb:10:ab:ce:49: 584s 72:51:cc:17:d6:29:87:e5:bb:f9:92:80:67:50:2b: 584s 48:f4:64:77:d4:a0:bf:25:a4:26:9d:7e:aa:5e:ba: 584s 5a:29:3a:9c:9c:6f:26:72:50:49:52:6b:ae:f4:13: 584s 03:5c:a0:6e:ce:a4:79:62:ab:03:f4:0d:42:27:73: 584s c6:0e:e9:bb:8f:ba:8d:18:34:f2:8c:62:e9:81:e3: 584s b2:b6:e5:05:24:f9:0a:c4:a8:00:b4:c5:15:25:16: 584s a2:07:7c:1c:1f:6f:77:b4:87 584s Exponent: 65537 (0x10001) 584s X509v3 extensions: 584s X509v3 Authority Key Identifier: 584s C7:5D:E3:14:72:0B:57:2A:34:70:7D:A0:57:E6:FD:A1:45:73:D0:52 584s X509v3 Basic Constraints: 584s CA:FALSE 584s Netscape Cert Type: 584s SSL Client, S/MIME 584s Netscape Comment: 584s Test Organization Root CA trusted Certificate 584s X509v3 Subject Key Identifier: 584s A4:8D:49:EB:0E:88:EE:D3:B1:8F:EA:9F:1C:15:07:2B:26:58:A3:08 584s X509v3 Key Usage: critical 584s Digital Signature, Non Repudiation, Key Encipherment 584s X509v3 Extended Key Usage: 584s TLS Web Client Authentication, E-mail Protection 584s X509v3 Subject Alternative Name: 584s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 584s Signature Algorithm: sha256WithRSAEncryption 584s Signature Value: 584s 16:da:df:1c:e1:4f:37:a0:84:7c:93:95:dd:50:d8:ce:35:cf: 584s bc:c9:d7:b5:db:53:2e:93:cf:1b:3c:ab:77:70:02:3d:31:f3: 584s 16:7d:3b:d7:01:e6:29:29:3d:d3:2f:27:ac:95:ff:b8:89:7f: 584s ca:35:53:5b:5d:34:b4:80:5e:98:61:bf:43:0f:1a:7f:ea:33: 584s cf:28:f0:ec:5a:02:0a:cd:b5:68:5c:cf:db:f1:00:03:11:cc: 584s 69:98:5e:21:a6:a5:fe:dd:e3:29:55:e9:be:88:2e:f2:03:5c: 584s 3f:2e:1c:a5:30:be:2e:81:7a:47:5e:2a:ef:ab:b9:57:64:10: 584s 77:50 584s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-19247-auth.pem 584s + found_md5=Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 584s + '[' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 '!=' Modulus=ADBBE6C8152D2450DCF4F4FE738AD2B12815ADA25057DF8BCB10ABCE497251CC17D62987E5BBF9928067502B48F46477D4A0BF25A4269D7EAA5EBA5A293A9C9C6F26725049526BAEF413035CA06ECEA47962AB03F40D422773C60EE9BB8FBA8D1834F28C62E981E3B2B6E50524F90AC4A800B4C5152516A2077C1C1F6F77B487 ']' 584s + invalid_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 584s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 584s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 584s + local verify_option= 584s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 584s + local key_cn 584s + local key_name 584s + local tokens_dir 584s + local output_cert_file 584s + token_name= 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem .pem 584s + key_name=test-root-CA-trusted-certificate-0001 584s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s ++ sed -n 's/ *commonName *= //p' 584s + key_cn='Test Organization Root Trusted Certificate 0001' 584s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 584s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 584s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 584s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 584s + token_name='Test Organization Root Tr Token' 584s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 584s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 ']' 584s + echo 'Test Organization Root Tr Token' 584s + '[' -n '' ']' 584s + local output_base_name=SSSD-child-16105 584s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-16105.output 584s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-16105.pem 584s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 584s Test Organization Root Tr Token 584s [p11_child[1805]] [main] (0x0400): p11_child started. 584s [p11_child[1805]] [main] (0x2000): Running in [pre-auth] mode. 584s [p11_child[1805]] [main] (0x2000): Running with effective IDs: [0][0]. 584s [p11_child[1805]] [main] (0x2000): Running with real IDs [0][0]. 584s [p11_child[1805]] [do_card] (0x4000): Module List: 584s [p11_child[1805]] [do_card] (0x4000): common name: [softhsm2]. 584s [p11_child[1805]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1805]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 584s [p11_child[1805]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 584s [p11_child[1805]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1805]] [do_card] (0x4000): Login NOT required. 584s [p11_child[1805]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 584s [p11_child[1805]] [do_verification] (0x0040): X509_verify_cert failed [0]. 584s [p11_child[1805]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 584s [p11_child[1805]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 584s [p11_child[1805]] [do_card] (0x4000): No certificate found. 584s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-16105.output 584s + return 2 584s + invalid_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem partial_chain 584s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem partial_chain 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 584s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 584s + local verify_option=partial_chain 584s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-20635 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-root-ca-trusted-cert-0001-20635 584s + local key_cn 584s + local key_name 584s + local tokens_dir 584s + local output_cert_file 584s + token_name= 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem .pem 584s + key_name=test-root-CA-trusted-certificate-0001 584s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-root-CA-trusted-certificate-0001.pem 584s ++ sed -n 's/ *commonName *= //p' 584s + key_cn='Test Organization Root Trusted Certificate 0001' 584s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 584s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 584s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 584s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 584s + token_name='Test Organization Root Tr Token' 584s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 584s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-root-CA-trusted-certificate-0001 ']' 584s + echo 'Test Organization Root Tr Token' 584s + '[' -n partial_chain ']' 584s + local verify_arg=--verify=partial_chain 584s + local output_base_name=SSSD-child-3942 584s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-3942.output 584s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-3942.pem 584s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 584s Test Organization Root Tr Token 584s [p11_child[1812]] [main] (0x0400): p11_child started. 584s [p11_child[1812]] [main] (0x2000): Running in [pre-auth] mode. 584s [p11_child[1812]] [main] (0x2000): Running with effective IDs: [0][0]. 584s [p11_child[1812]] [main] (0x2000): Running with real IDs [0][0]. 584s [p11_child[1812]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 584s [p11_child[1812]] [do_card] (0x4000): Module List: 584s [p11_child[1812]] [do_card] (0x4000): common name: [softhsm2]. 584s [p11_child[1812]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1812]] [do_card] (0x4000): Description [SoftHSM slot ID 0xa8612e9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 584s [p11_child[1812]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 584s [p11_child[1812]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0xa8612e9][176558825] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1812]] [do_card] (0x4000): Login NOT required. 584s [p11_child[1812]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 584s [p11_child[1812]] [do_verification] (0x0040): X509_verify_cert failed [0]. 584s [p11_child[1812]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 584s [p11_child[1812]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 584s [p11_child[1812]] [do_card] (0x4000): No certificate found. 584s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-3942.output 584s + return 2 584s + invalid_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /dev/null 584s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /dev/null 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local key_ring=/dev/null 584s + local verify_option= 584s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local key_cn 584s + local key_name 584s + local tokens_dir 584s + local output_cert_file 584s + token_name= 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem .pem 584s + key_name=test-intermediate-CA-trusted-certificate-0001 584s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s ++ sed -n 's/ *commonName *= //p' 584s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 584s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 584s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 584s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 584s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 584s + token_name='Test Organization Interme Token' 584s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 584s + local key_file 584s + local decrypted_key 584s + mkdir -p /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 584s + key_file=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001-key.pem 584s + decrypted_key=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 584s + cat 584s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 584s Slot 0 has a free/uninitialized token. 584s The token has been initialized and is reassigned to slot 802579986 584s + softhsm2-util --show-slots 584s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 584s Available slots: 584s Slot 802579986 584s Slot info: 584s Description: SoftHSM slot ID 0x2fd66612 584s Manufacturer ID: SoftHSM project 584s Hardware version: 2.6 584s Firmware version: 2.6 584s Token present: yes 584s Token info: 584s Manufacturer ID: SoftHSM project 584s Model: SoftHSM v2 584s Hardware version: 2.6 584s Firmware version: 2.6 584s Serial number: a2b0e7132fd66612 584s Initialized: yes 584s User PIN init.: yes 584s Label: Test Organization Interme Token 584s Slot 1 584s Slot info: 584s Description: SoftHSM slot ID 0x1 584s Manufacturer ID: SoftHSM project 584s Hardware version: 2.6 584s Firmware version: 2.6 584s Token present: yes 584s Token info: 584s Manufacturer ID: SoftHSM project 584s Model: SoftHSM v2 584s Hardware version: 2.6 584s Firmware version: 2.6 584s Serial number: 584s Initialized: no 584s User PIN init.: no 584s Label: 584s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-8291 -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 584s writing RSA key 584s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 584s + rm /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 584s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 584s Object 0: 584s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a2b0e7132fd66612;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 584s Type: X.509 Certificate (RSA-1024) 584s Expires: Sat Jan 23 22:05:22 2027 584s Label: Test Organization Intermediate Trusted Certificate 0001 584s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 584s 584s + echo 'Test Organization Interme Token' 584s + '[' -n '' ']' 584s + local output_base_name=SSSD-child-13466 584s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-13466.output 584s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-13466.pem 584s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/dev/null 584s Test Organization Interme Token 584s [p11_child[1828]] [main] (0x0400): p11_child started. 584s [p11_child[1828]] [main] (0x2000): Running in [pre-auth] mode. 584s [p11_child[1828]] [main] (0x2000): Running with effective IDs: [0][0]. 584s [p11_child[1828]] [main] (0x2000): Running with real IDs [0][0]. 584s [p11_child[1828]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 584s [p11_child[1828]] [do_work] (0x0040): init_verification failed. 584s [p11_child[1828]] [main] (0x0020): p11_child failed (5) 584s + return 2 584s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /dev/null no_verification 584s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /dev/null no_verification 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local key_ring=/dev/null 584s + local verify_option=no_verification 584s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local key_cn 584s + local key_name 584s + local tokens_dir 584s + local output_cert_file 584s + token_name= 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem .pem 584s + key_name=test-intermediate-CA-trusted-certificate-0001 584s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s ++ sed -n 's/ *commonName *= //p' 584s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 584s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 584s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 584s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 584s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 584s + token_name='Test Organization Interme Token' 584s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 584s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 584s + echo 'Test Organization Interme Token' 584s + '[' -n no_verification ']' 584s + local verify_arg=--verify=no_verification 584s + local output_base_name=SSSD-child-7872 584s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872.output 584s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872.pem 584s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 584s Test Organization Interme Token 584s [p11_child[1834]] [main] (0x0400): p11_child started. 584s [p11_child[1834]] [main] (0x2000): Running in [pre-auth] mode. 584s [p11_child[1834]] [main] (0x2000): Running with effective IDs: [0][0]. 584s [p11_child[1834]] [main] (0x2000): Running with real IDs [0][0]. 584s [p11_child[1834]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 584s [p11_child[1834]] [do_card] (0x4000): Module List: 584s [p11_child[1834]] [do_card] (0x4000): common name: [softhsm2]. 584s [p11_child[1834]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1834]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fd66612] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 584s [p11_child[1834]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 584s [p11_child[1834]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2fd66612][802579986] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1834]] [do_card] (0x4000): Login NOT required. 584s [p11_child[1834]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 584s [p11_child[1834]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 584s [p11_child[1834]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fd66612;slot-manufacturer=SoftHSM%20project;slot-id=802579986;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a2b0e7132fd66612;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 584s [p11_child[1834]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 584s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872.output 584s + echo '-----BEGIN CERTIFICATE-----' 584s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872.output 584s + echo '-----END CERTIFICATE-----' 584s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872.pem 584s Certificate: 584s Data: 584s Version: 3 (0x2) 584s Serial Number: 4 (0x4) 584s Signature Algorithm: sha256WithRSAEncryption 584s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 584s Validity 584s Not Before: Jan 23 22:05:22 2026 GMT 584s Not After : Jan 23 22:05:22 2027 GMT 584s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 584s Subject Public Key Info: 584s Public Key Algorithm: rsaEncryption 584s Public-Key: (1024 bit) 584s Modulus: 584s 00:f5:d7:19:31:08:eb:90:fb:12:96:5f:7c:24:63: 584s f0:1b:d0:ea:51:c6:71:4d:47:44:d0:46:cc:b9:77: 584s 12:d9:ed:a9:c7:41:62:1e:14:9c:54:b3:d3:7a:ef: 584s b9:3c:e0:68:1a:3c:32:c9:c9:43:80:c6:41:79:bb: 584s 69:df:c1:82:67:09:68:68:c2:11:6f:d9:60:e8:66: 584s 3d:25:ef:fd:0e:13:85:93:27:75:8a:3a:be:db:30: 584s 53:5e:51:fc:4b:90:a3:8f:0a:aa:ee:39:89:85:41: 584s b0:c0:08:a0:35:7a:86:b9:77:54:01:7d:73:a0:78: 584s 3d:f7:8e:01:7f:2c:f4:98:9d 584s Exponent: 65537 (0x10001) 584s X509v3 extensions: 584s X509v3 Authority Key Identifier: 584s 20:44:86:AE:C0:6A:D4:5C:B1:9F:8A:CE:CE:39:42:D7:70:12:10:9A 584s X509v3 Basic Constraints: 584s CA:FALSE 584s Netscape Cert Type: 584s SSL Client, S/MIME 584s Netscape Comment: 584s Test Organization Intermediate CA trusted Certificate 584s X509v3 Subject Key Identifier: 584s A9:4D:63:82:4C:29:12:6C:71:67:E3:AE:EF:D5:DA:5C:D7:5F:F2:B2 584s X509v3 Key Usage: critical 584s Digital Signature, Non Repudiation, Key Encipherment 584s X509v3 Extended Key Usage: 584s TLS Web Client Authentication, E-mail Protection 584s X509v3 Subject Alternative Name: 584s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 584s Signature Algorithm: sha256WithRSAEncryption 584s Signature Value: 584s 7b:d4:95:0d:67:d5:6d:03:d2:22:c1:ee:57:f8:f1:06:6f:ca: 584s d6:64:33:17:e5:74:23:08:81:8f:14:98:64:61:38:69:c0:d8: 584s 8a:6c:60:af:c6:e7:96:fb:50:7f:3d:e7:d9:28:df:66:6d:79: 584s 3a:c2:10:56:3a:b6:c7:5d:0d:d1:2c:89:26:c3:df:3a:60:6c: 584s 00:c5:4e:f9:d0:33:74:54:94:ad:76:01:2e:30:c4:ea:4c:4e: 584s da:08:85:d9:30:80:a6:ef:da:8c:84:2e:69:11:9f:0b:03:f8: 584s 8e:af:ad:10:83:f8:2e:96:6c:9c:af:07:3c:07:5c:db:e6:9a: 584s 85:02 584s + local found_md5 expected_md5 584s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s + expected_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 584s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872.pem 584s + found_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 584s + '[' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D '!=' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D ']' 584s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872-auth.output 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872-auth.output .output 584s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872-auth.pem 584s + echo -n 053350 584s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 584s [p11_child[1842]] [main] (0x0400): p11_child started. 584s [p11_child[1842]] [main] (0x2000): Running in [auth] mode. 584s [p11_child[1842]] [main] (0x2000): Running with effective IDs: [0][0]. 584s [p11_child[1842]] [main] (0x2000): Running with real IDs [0][0]. 584s [p11_child[1842]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 584s [p11_child[1842]] [do_card] (0x4000): Module List: 584s [p11_child[1842]] [do_card] (0x4000): common name: [softhsm2]. 584s [p11_child[1842]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1842]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fd66612] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 584s [p11_child[1842]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 584s [p11_child[1842]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2fd66612][802579986] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1842]] [do_card] (0x4000): Login required. 584s [p11_child[1842]] [do_card] (0x4000): Token flags [1069]. 584s [p11_child[1842]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 584s [p11_child[1842]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 584s [p11_child[1842]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fd66612;slot-manufacturer=SoftHSM%20project;slot-id=802579986;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a2b0e7132fd66612;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 584s [p11_child[1842]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 584s [p11_child[1842]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 584s [p11_child[1842]] [do_card] (0x4000): Certificate verified and validated. 584s [p11_child[1842]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 584s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872-auth.output 584s + echo '-----BEGIN CERTIFICATE-----' 584s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872-auth.output 584s + echo '-----END CERTIFICATE-----' 584s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872-auth.pem 584s Certificate: 584s Data: 584s Version: 3 (0x2) 584s Serial Number: 4 (0x4) 584s Signature Algorithm: sha256WithRSAEncryption 584s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 584s Validity 584s Not Before: Jan 23 22:05:22 2026 GMT 584s Not After : Jan 23 22:05:22 2027 GMT 584s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 584s Subject Public Key Info: 584s Public Key Algorithm: rsaEncryption 584s Public-Key: (1024 bit) 584s Modulus: 584s 00:f5:d7:19:31:08:eb:90:fb:12:96:5f:7c:24:63: 584s f0:1b:d0:ea:51:c6:71:4d:47:44:d0:46:cc:b9:77: 584s 12:d9:ed:a9:c7:41:62:1e:14:9c:54:b3:d3:7a:ef: 584s b9:3c:e0:68:1a:3c:32:c9:c9:43:80:c6:41:79:bb: 584s 69:df:c1:82:67:09:68:68:c2:11:6f:d9:60:e8:66: 584s 3d:25:ef:fd:0e:13:85:93:27:75:8a:3a:be:db:30: 584s 53:5e:51:fc:4b:90:a3:8f:0a:aa:ee:39:89:85:41: 584s b0:c0:08:a0:35:7a:86:b9:77:54:01:7d:73:a0:78: 584s 3d:f7:8e:01:7f:2c:f4:98:9d 584s Exponent: 65537 (0x10001) 584s X509v3 extensions: 584s X509v3 Authority Key Identifier: 584s 20:44:86:AE:C0:6A:D4:5C:B1:9F:8A:CE:CE:39:42:D7:70:12:10:9A 584s X509v3 Basic Constraints: 584s CA:FALSE 584s Netscape Cert Type: 584s SSL Client, S/MIME 584s Netscape Comment: 584s Test Organization Intermediate CA trusted Certificate 584s X509v3 Subject Key Identifier: 584s A9:4D:63:82:4C:29:12:6C:71:67:E3:AE:EF:D5:DA:5C:D7:5F:F2:B2 584s X509v3 Key Usage: critical 584s Digital Signature, Non Repudiation, Key Encipherment 584s X509v3 Extended Key Usage: 584s TLS Web Client Authentication, E-mail Protection 584s X509v3 Subject Alternative Name: 584s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 584s Signature Algorithm: sha256WithRSAEncryption 584s Signature Value: 584s 7b:d4:95:0d:67:d5:6d:03:d2:22:c1:ee:57:f8:f1:06:6f:ca: 584s d6:64:33:17:e5:74:23:08:81:8f:14:98:64:61:38:69:c0:d8: 584s 8a:6c:60:af:c6:e7:96:fb:50:7f:3d:e7:d9:28:df:66:6d:79: 584s 3a:c2:10:56:3a:b6:c7:5d:0d:d1:2c:89:26:c3:df:3a:60:6c: 584s 00:c5:4e:f9:d0:33:74:54:94:ad:76:01:2e:30:c4:ea:4c:4e: 584s da:08:85:d9:30:80:a6:ef:da:8c:84:2e:69:11:9f:0b:03:f8: 584s 8e:af:ad:10:83:f8:2e:96:6c:9c:af:07:3c:07:5c:db:e6:9a: 584s 85:02 584s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7872-auth.pem 584s + found_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 584s + '[' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D '!=' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D ']' 584s + invalid_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 584s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 584s + local verify_option= 584s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local key_cn 584s + local key_name 584s + local tokens_dir 584s + local output_cert_file 584s + token_name= 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem .pem 584s + key_name=test-intermediate-CA-trusted-certificate-0001 584s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s ++ sed -n 's/ *commonName *= //p' 584s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 584s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 584s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 584s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 584s Test Organization Interme Token 584s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 584s + token_name='Test Organization Interme Token' 584s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 584s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 584s + echo 'Test Organization Interme Token' 584s + '[' -n '' ']' 584s + local output_base_name=SSSD-child-26935 584s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-26935.output 584s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-26935.pem 584s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 584s [p11_child[1852]] [main] (0x0400): p11_child started. 584s [p11_child[1852]] [main] (0x2000): Running in [pre-auth] mode. 584s [p11_child[1852]] [main] (0x2000): Running with effective IDs: [0][0]. 584s [p11_child[1852]] [main] (0x2000): Running with real IDs [0][0]. 584s [p11_child[1852]] [do_card] (0x4000): Module List: 584s [p11_child[1852]] [do_card] (0x4000): common name: [softhsm2]. 584s [p11_child[1852]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1852]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fd66612] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 584s [p11_child[1852]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 584s [p11_child[1852]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2fd66612][802579986] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1852]] [do_card] (0x4000): Login NOT required. 584s [p11_child[1852]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 584s [p11_child[1852]] [do_verification] (0x0040): X509_verify_cert failed [0]. 584s [p11_child[1852]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 584s [p11_child[1852]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 584s [p11_child[1852]] [do_card] (0x4000): No certificate found. 584s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-26935.output 584s + return 2 584s + invalid_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem partial_chain 584s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem partial_chain 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 584s + local verify_option=partial_chain 584s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 584s + local key_cn 584s + local key_name 584s + local tokens_dir 584s + local output_cert_file 584s + token_name= 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem .pem 584s + key_name=test-intermediate-CA-trusted-certificate-0001 584s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 584s ++ sed -n 's/ *commonName *= //p' 584s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 584s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 584s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 584s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 584s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 584s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 584s + token_name='Test Organization Interme Token' 584s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 584s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 584s + echo 'Test Organization Interme Token' 584s + '[' -n partial_chain ']' 584s + local verify_arg=--verify=partial_chain 584s + local output_base_name=SSSD-child-22448 584s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-22448.output 584s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-22448.pem 584s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 584s Test Organization Interme Token 584s [p11_child[1859]] [main] (0x0400): p11_child started. 584s [p11_child[1859]] [main] (0x2000): Running in [pre-auth] mode. 584s [p11_child[1859]] [main] (0x2000): Running with effective IDs: [0][0]. 584s [p11_child[1859]] [main] (0x2000): Running with real IDs [0][0]. 584s [p11_child[1859]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 584s [p11_child[1859]] [do_card] (0x4000): Module List: 584s [p11_child[1859]] [do_card] (0x4000): common name: [softhsm2]. 584s [p11_child[1859]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1859]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fd66612] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 584s [p11_child[1859]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 584s [p11_child[1859]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2fd66612][802579986] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 584s [p11_child[1859]] [do_card] (0x4000): Login NOT required. 584s [p11_child[1859]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 584s [p11_child[1859]] [do_verification] (0x0040): X509_verify_cert failed [0]. 584s [p11_child[1859]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 584s [p11_child[1859]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 584s [p11_child[1859]] [do_card] (0x4000): No certificate found. 584s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-22448.output 585s + return 2 585s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 585s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 585s + local verify_option= 585s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local key_cn 585s + local key_name 585s + local tokens_dir 585s + local output_cert_file 585s + token_name= 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem .pem 585s + key_name=test-intermediate-CA-trusted-certificate-0001 585s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s ++ sed -n 's/ *commonName *= //p' 585s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 585s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 585s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 585s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 585s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 585s + token_name='Test Organization Interme Token' 585s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 585s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 585s + echo 'Test Organization Interme Token' 585s + '[' -n '' ']' 585s Test Organization Interme Token 585s + local output_base_name=SSSD-child-18791 585s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791.output 585s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791.pem 585s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 585s [p11_child[1866]] [main] (0x0400): p11_child started. 585s [p11_child[1866]] [main] (0x2000): Running in [pre-auth] mode. 585s [p11_child[1866]] [main] (0x2000): Running with effective IDs: [0][0]. 585s [p11_child[1866]] [main] (0x2000): Running with real IDs [0][0]. 585s [p11_child[1866]] [do_card] (0x4000): Module List: 585s [p11_child[1866]] [do_card] (0x4000): common name: [softhsm2]. 585s [p11_child[1866]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1866]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fd66612] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 585s [p11_child[1866]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 585s [p11_child[1866]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2fd66612][802579986] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1866]] [do_card] (0x4000): Login NOT required. 585s [p11_child[1866]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 585s [p11_child[1866]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 585s [p11_child[1866]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 585s [p11_child[1866]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fd66612;slot-manufacturer=SoftHSM%20project;slot-id=802579986;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a2b0e7132fd66612;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 585s [p11_child[1866]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 585s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791.output 585s + echo '-----BEGIN CERTIFICATE-----' 585s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791.output 585s + echo '-----END CERTIFICATE-----' 585s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791.pem 585s Certificate: 585s Data: 585s Version: 3 (0x2) 585s Serial Number: 4 (0x4) 585s Signature Algorithm: sha256WithRSAEncryption 585s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 585s Validity 585s Not Before: Jan 23 22:05:22 2026 GMT 585s Not After : Jan 23 22:05:22 2027 GMT 585s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 585s Subject Public Key Info: 585s Public Key Algorithm: rsaEncryption 585s Public-Key: (1024 bit) 585s Modulus: 585s 00:f5:d7:19:31:08:eb:90:fb:12:96:5f:7c:24:63: 585s f0:1b:d0:ea:51:c6:71:4d:47:44:d0:46:cc:b9:77: 585s 12:d9:ed:a9:c7:41:62:1e:14:9c:54:b3:d3:7a:ef: 585s b9:3c:e0:68:1a:3c:32:c9:c9:43:80:c6:41:79:bb: 585s 69:df:c1:82:67:09:68:68:c2:11:6f:d9:60:e8:66: 585s 3d:25:ef:fd:0e:13:85:93:27:75:8a:3a:be:db:30: 585s 53:5e:51:fc:4b:90:a3:8f:0a:aa:ee:39:89:85:41: 585s b0:c0:08:a0:35:7a:86:b9:77:54:01:7d:73:a0:78: 585s 3d:f7:8e:01:7f:2c:f4:98:9d 585s Exponent: 65537 (0x10001) 585s X509v3 extensions: 585s X509v3 Authority Key Identifier: 585s 20:44:86:AE:C0:6A:D4:5C:B1:9F:8A:CE:CE:39:42:D7:70:12:10:9A 585s X509v3 Basic Constraints: 585s CA:FALSE 585s Netscape Cert Type: 585s SSL Client, S/MIME 585s Netscape Comment: 585s Test Organization Intermediate CA trusted Certificate 585s X509v3 Subject Key Identifier: 585s A9:4D:63:82:4C:29:12:6C:71:67:E3:AE:EF:D5:DA:5C:D7:5F:F2:B2 585s X509v3 Key Usage: critical 585s Digital Signature, Non Repudiation, Key Encipherment 585s X509v3 Extended Key Usage: 585s TLS Web Client Authentication, E-mail Protection 585s X509v3 Subject Alternative Name: 585s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 585s Signature Algorithm: sha256WithRSAEncryption 585s Signature Value: 585s 7b:d4:95:0d:67:d5:6d:03:d2:22:c1:ee:57:f8:f1:06:6f:ca: 585s d6:64:33:17:e5:74:23:08:81:8f:14:98:64:61:38:69:c0:d8: 585s 8a:6c:60:af:c6:e7:96:fb:50:7f:3d:e7:d9:28:df:66:6d:79: 585s 3a:c2:10:56:3a:b6:c7:5d:0d:d1:2c:89:26:c3:df:3a:60:6c: 585s 00:c5:4e:f9:d0:33:74:54:94:ad:76:01:2e:30:c4:ea:4c:4e: 585s da:08:85:d9:30:80:a6:ef:da:8c:84:2e:69:11:9f:0b:03:f8: 585s 8e:af:ad:10:83:f8:2e:96:6c:9c:af:07:3c:07:5c:db:e6:9a: 585s 85:02 585s + local found_md5 expected_md5 585s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s + expected_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 585s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791.pem 585s + found_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 585s + '[' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D '!=' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D ']' 585s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791-auth.output 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791-auth.output .output 585s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791-auth.pem 585s + echo -n 053350 585s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 585s [p11_child[1874]] [main] (0x0400): p11_child started. 585s [p11_child[1874]] [main] (0x2000): Running in [auth] mode. 585s [p11_child[1874]] [main] (0x2000): Running with effective IDs: [0][0]. 585s [p11_child[1874]] [main] (0x2000): Running with real IDs [0][0]. 585s [p11_child[1874]] [do_card] (0x4000): Module List: 585s [p11_child[1874]] [do_card] (0x4000): common name: [softhsm2]. 585s [p11_child[1874]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1874]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fd66612] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 585s [p11_child[1874]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 585s [p11_child[1874]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2fd66612][802579986] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1874]] [do_card] (0x4000): Login required. 585s [p11_child[1874]] [do_card] (0x4000): Token flags [1069]. 585s [p11_child[1874]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 585s [p11_child[1874]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 585s [p11_child[1874]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 585s [p11_child[1874]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fd66612;slot-manufacturer=SoftHSM%20project;slot-id=802579986;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a2b0e7132fd66612;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 585s [p11_child[1874]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 585s [p11_child[1874]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 585s [p11_child[1874]] [do_card] (0x4000): Certificate verified and validated. 585s [p11_child[1874]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 585s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791-auth.output 585s + echo '-----BEGIN CERTIFICATE-----' 585s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791-auth.output 585s + echo '-----END CERTIFICATE-----' 585s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791-auth.pem 585s Certificate: 585s Data: 585s Version: 3 (0x2) 585s Serial Number: 4 (0x4) 585s Signature Algorithm: sha256WithRSAEncryption 585s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 585s Validity 585s Not Before: Jan 23 22:05:22 2026 GMT 585s Not After : Jan 23 22:05:22 2027 GMT 585s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 585s Subject Public Key Info: 585s Public Key Algorithm: rsaEncryption 585s Public-Key: (1024 bit) 585s Modulus: 585s 00:f5:d7:19:31:08:eb:90:fb:12:96:5f:7c:24:63: 585s f0:1b:d0:ea:51:c6:71:4d:47:44:d0:46:cc:b9:77: 585s 12:d9:ed:a9:c7:41:62:1e:14:9c:54:b3:d3:7a:ef: 585s b9:3c:e0:68:1a:3c:32:c9:c9:43:80:c6:41:79:bb: 585s 69:df:c1:82:67:09:68:68:c2:11:6f:d9:60:e8:66: 585s 3d:25:ef:fd:0e:13:85:93:27:75:8a:3a:be:db:30: 585s 53:5e:51:fc:4b:90:a3:8f:0a:aa:ee:39:89:85:41: 585s b0:c0:08:a0:35:7a:86:b9:77:54:01:7d:73:a0:78: 585s 3d:f7:8e:01:7f:2c:f4:98:9d 585s Exponent: 65537 (0x10001) 585s X509v3 extensions: 585s X509v3 Authority Key Identifier: 585s 20:44:86:AE:C0:6A:D4:5C:B1:9F:8A:CE:CE:39:42:D7:70:12:10:9A 585s X509v3 Basic Constraints: 585s CA:FALSE 585s Netscape Cert Type: 585s SSL Client, S/MIME 585s Netscape Comment: 585s Test Organization Intermediate CA trusted Certificate 585s X509v3 Subject Key Identifier: 585s A9:4D:63:82:4C:29:12:6C:71:67:E3:AE:EF:D5:DA:5C:D7:5F:F2:B2 585s X509v3 Key Usage: critical 585s Digital Signature, Non Repudiation, Key Encipherment 585s X509v3 Extended Key Usage: 585s TLS Web Client Authentication, E-mail Protection 585s X509v3 Subject Alternative Name: 585s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 585s Signature Algorithm: sha256WithRSAEncryption 585s Signature Value: 585s 7b:d4:95:0d:67:d5:6d:03:d2:22:c1:ee:57:f8:f1:06:6f:ca: 585s d6:64:33:17:e5:74:23:08:81:8f:14:98:64:61:38:69:c0:d8: 585s 8a:6c:60:af:c6:e7:96:fb:50:7f:3d:e7:d9:28:df:66:6d:79: 585s 3a:c2:10:56:3a:b6:c7:5d:0d:d1:2c:89:26:c3:df:3a:60:6c: 585s 00:c5:4e:f9:d0:33:74:54:94:ad:76:01:2e:30:c4:ea:4c:4e: 585s da:08:85:d9:30:80:a6:ef:da:8c:84:2e:69:11:9f:0b:03:f8: 585s 8e:af:ad:10:83:f8:2e:96:6c:9c:af:07:3c:07:5c:db:e6:9a: 585s 85:02 585s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-18791-auth.pem 585s + found_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 585s + '[' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D '!=' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D ']' 585s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem partial_chain 585s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem partial_chain 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 585s + local verify_option=partial_chain 585s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local key_cn 585s + local key_name 585s + local tokens_dir 585s + local output_cert_file 585s + token_name= 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem .pem 585s + key_name=test-intermediate-CA-trusted-certificate-0001 585s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s ++ sed -n 's/ *commonName *= //p' 585s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 585s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 585s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 585s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 585s Test Organization Interme Token 585s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 585s + token_name='Test Organization Interme Token' 585s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 585s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 585s + echo 'Test Organization Interme Token' 585s + '[' -n partial_chain ']' 585s + local verify_arg=--verify=partial_chain 585s + local output_base_name=SSSD-child-8246 585s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246.output 585s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246.pem 585s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 585s [p11_child[1884]] [main] (0x0400): p11_child started. 585s [p11_child[1884]] [main] (0x2000): Running in [pre-auth] mode. 585s [p11_child[1884]] [main] (0x2000): Running with effective IDs: [0][0]. 585s [p11_child[1884]] [main] (0x2000): Running with real IDs [0][0]. 585s [p11_child[1884]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 585s [p11_child[1884]] [do_card] (0x4000): Module List: 585s [p11_child[1884]] [do_card] (0x4000): common name: [softhsm2]. 585s [p11_child[1884]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1884]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fd66612] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 585s [p11_child[1884]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 585s [p11_child[1884]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2fd66612][802579986] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1884]] [do_card] (0x4000): Login NOT required. 585s [p11_child[1884]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 585s [p11_child[1884]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 585s [p11_child[1884]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 585s [p11_child[1884]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fd66612;slot-manufacturer=SoftHSM%20project;slot-id=802579986;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a2b0e7132fd66612;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 585s [p11_child[1884]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 585s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246.output 585s + echo '-----BEGIN CERTIFICATE-----' 585s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246.output 585s + echo '-----END CERTIFICATE-----' 585s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246.pem 585s Certificate: 585s Data: 585s Version: 3 (0x2) 585s Serial Number: 4 (0x4) 585s Signature Algorithm: sha256WithRSAEncryption 585s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 585s Validity 585s Not Before: Jan 23 22:05:22 2026 GMT 585s Not After : Jan 23 22:05:22 2027 GMT 585s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 585s Subject Public Key Info: 585s Public Key Algorithm: rsaEncryption 585s Public-Key: (1024 bit) 585s Modulus: 585s 00:f5:d7:19:31:08:eb:90:fb:12:96:5f:7c:24:63: 585s f0:1b:d0:ea:51:c6:71:4d:47:44:d0:46:cc:b9:77: 585s 12:d9:ed:a9:c7:41:62:1e:14:9c:54:b3:d3:7a:ef: 585s b9:3c:e0:68:1a:3c:32:c9:c9:43:80:c6:41:79:bb: 585s 69:df:c1:82:67:09:68:68:c2:11:6f:d9:60:e8:66: 585s 3d:25:ef:fd:0e:13:85:93:27:75:8a:3a:be:db:30: 585s 53:5e:51:fc:4b:90:a3:8f:0a:aa:ee:39:89:85:41: 585s b0:c0:08:a0:35:7a:86:b9:77:54:01:7d:73:a0:78: 585s 3d:f7:8e:01:7f:2c:f4:98:9d 585s Exponent: 65537 (0x10001) 585s X509v3 extensions: 585s X509v3 Authority Key Identifier: 585s 20:44:86:AE:C0:6A:D4:5C:B1:9F:8A:CE:CE:39:42:D7:70:12:10:9A 585s X509v3 Basic Constraints: 585s CA:FALSE 585s Netscape Cert Type: 585s SSL Client, S/MIME 585s Netscape Comment: 585s Test Organization Intermediate CA trusted Certificate 585s X509v3 Subject Key Identifier: 585s A9:4D:63:82:4C:29:12:6C:71:67:E3:AE:EF:D5:DA:5C:D7:5F:F2:B2 585s X509v3 Key Usage: critical 585s Digital Signature, Non Repudiation, Key Encipherment 585s X509v3 Extended Key Usage: 585s TLS Web Client Authentication, E-mail Protection 585s X509v3 Subject Alternative Name: 585s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 585s Signature Algorithm: sha256WithRSAEncryption 585s Signature Value: 585s 7b:d4:95:0d:67:d5:6d:03:d2:22:c1:ee:57:f8:f1:06:6f:ca: 585s d6:64:33:17:e5:74:23:08:81:8f:14:98:64:61:38:69:c0:d8: 585s 8a:6c:60:af:c6:e7:96:fb:50:7f:3d:e7:d9:28:df:66:6d:79: 585s 3a:c2:10:56:3a:b6:c7:5d:0d:d1:2c:89:26:c3:df:3a:60:6c: 585s 00:c5:4e:f9:d0:33:74:54:94:ad:76:01:2e:30:c4:ea:4c:4e: 585s da:08:85:d9:30:80:a6:ef:da:8c:84:2e:69:11:9f:0b:03:f8: 585s 8e:af:ad:10:83:f8:2e:96:6c:9c:af:07:3c:07:5c:db:e6:9a: 585s 85:02 585s + local found_md5 expected_md5 585s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s + expected_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 585s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246.pem 585s + found_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 585s + '[' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D '!=' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D ']' 585s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246-auth.output 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246-auth.output .output 585s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246-auth.pem 585s + echo -n 053350 585s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 585s [p11_child[1892]] [main] (0x0400): p11_child started. 585s [p11_child[1892]] [main] (0x2000): Running in [auth] mode. 585s [p11_child[1892]] [main] (0x2000): Running with effective IDs: [0][0]. 585s [p11_child[1892]] [main] (0x2000): Running with real IDs [0][0]. 585s [p11_child[1892]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 585s [p11_child[1892]] [do_card] (0x4000): Module List: 585s [p11_child[1892]] [do_card] (0x4000): common name: [softhsm2]. 585s [p11_child[1892]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1892]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fd66612] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 585s [p11_child[1892]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 585s [p11_child[1892]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2fd66612][802579986] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1892]] [do_card] (0x4000): Login required. 585s [p11_child[1892]] [do_card] (0x4000): Token flags [1069]. 585s [p11_child[1892]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 585s [p11_child[1892]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 585s [p11_child[1892]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 585s [p11_child[1892]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fd66612;slot-manufacturer=SoftHSM%20project;slot-id=802579986;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a2b0e7132fd66612;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 585s [p11_child[1892]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 585s [p11_child[1892]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 585s [p11_child[1892]] [do_card] (0x4000): Certificate verified and validated. 585s [p11_child[1892]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 585s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246-auth.output 585s + echo '-----BEGIN CERTIFICATE-----' 585s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246-auth.output 585s + echo '-----END CERTIFICATE-----' 585s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246-auth.pem 585s Certificate: 585s Data: 585s Version: 3 (0x2) 585s Serial Number: 4 (0x4) 585s Signature Algorithm: sha256WithRSAEncryption 585s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 585s Validity 585s Not Before: Jan 23 22:05:22 2026 GMT 585s Not After : Jan 23 22:05:22 2027 GMT 585s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 585s Subject Public Key Info: 585s Public Key Algorithm: rsaEncryption 585s Public-Key: (1024 bit) 585s Modulus: 585s 00:f5:d7:19:31:08:eb:90:fb:12:96:5f:7c:24:63: 585s f0:1b:d0:ea:51:c6:71:4d:47:44:d0:46:cc:b9:77: 585s 12:d9:ed:a9:c7:41:62:1e:14:9c:54:b3:d3:7a:ef: 585s b9:3c:e0:68:1a:3c:32:c9:c9:43:80:c6:41:79:bb: 585s 69:df:c1:82:67:09:68:68:c2:11:6f:d9:60:e8:66: 585s 3d:25:ef:fd:0e:13:85:93:27:75:8a:3a:be:db:30: 585s 53:5e:51:fc:4b:90:a3:8f:0a:aa:ee:39:89:85:41: 585s b0:c0:08:a0:35:7a:86:b9:77:54:01:7d:73:a0:78: 585s 3d:f7:8e:01:7f:2c:f4:98:9d 585s Exponent: 65537 (0x10001) 585s X509v3 extensions: 585s X509v3 Authority Key Identifier: 585s 20:44:86:AE:C0:6A:D4:5C:B1:9F:8A:CE:CE:39:42:D7:70:12:10:9A 585s X509v3 Basic Constraints: 585s CA:FALSE 585s Netscape Cert Type: 585s SSL Client, S/MIME 585s Netscape Comment: 585s Test Organization Intermediate CA trusted Certificate 585s X509v3 Subject Key Identifier: 585s A9:4D:63:82:4C:29:12:6C:71:67:E3:AE:EF:D5:DA:5C:D7:5F:F2:B2 585s X509v3 Key Usage: critical 585s Digital Signature, Non Repudiation, Key Encipherment 585s X509v3 Extended Key Usage: 585s TLS Web Client Authentication, E-mail Protection 585s X509v3 Subject Alternative Name: 585s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 585s Signature Algorithm: sha256WithRSAEncryption 585s Signature Value: 585s 7b:d4:95:0d:67:d5:6d:03:d2:22:c1:ee:57:f8:f1:06:6f:ca: 585s d6:64:33:17:e5:74:23:08:81:8f:14:98:64:61:38:69:c0:d8: 585s 8a:6c:60:af:c6:e7:96:fb:50:7f:3d:e7:d9:28:df:66:6d:79: 585s 3a:c2:10:56:3a:b6:c7:5d:0d:d1:2c:89:26:c3:df:3a:60:6c: 585s 00:c5:4e:f9:d0:33:74:54:94:ad:76:01:2e:30:c4:ea:4c:4e: 585s da:08:85:d9:30:80:a6:ef:da:8c:84:2e:69:11:9f:0b:03:f8: 585s 8e:af:ad:10:83:f8:2e:96:6c:9c:af:07:3c:07:5c:db:e6:9a: 585s 85:02 585s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-8246-auth.pem 585s + found_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 585s + '[' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D '!=' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D ']' 585s + invalid_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 585s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 585s + local verify_option= 585s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local key_cn 585s + local key_name 585s + local tokens_dir 585s + local output_cert_file 585s + token_name= 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem .pem 585s + key_name=test-intermediate-CA-trusted-certificate-0001 585s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s ++ sed -n 's/ *commonName *= //p' 585s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 585s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 585s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 585s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 585s Test Organization Interme Token 585s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 585s + token_name='Test Organization Interme Token' 585s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 585s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 585s + echo 'Test Organization Interme Token' 585s + '[' -n '' ']' 585s + local output_base_name=SSSD-child-21378 585s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-21378.output 585s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-21378.pem 585s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 585s [p11_child[1902]] [main] (0x0400): p11_child started. 585s [p11_child[1902]] [main] (0x2000): Running in [pre-auth] mode. 585s [p11_child[1902]] [main] (0x2000): Running with effective IDs: [0][0]. 585s [p11_child[1902]] [main] (0x2000): Running with real IDs [0][0]. 585s [p11_child[1902]] [do_card] (0x4000): Module List: 585s [p11_child[1902]] [do_card] (0x4000): common name: [softhsm2]. 585s [p11_child[1902]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1902]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fd66612] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 585s [p11_child[1902]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 585s [p11_child[1902]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2fd66612][802579986] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1902]] [do_card] (0x4000): Login NOT required. 585s [p11_child[1902]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 585s [p11_child[1902]] [do_verification] (0x0040): X509_verify_cert failed [0]. 585s [p11_child[1902]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 585s [p11_child[1902]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 585s [p11_child[1902]] [do_card] (0x4000): No certificate found. 585s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-21378.output 585s + return 2 585s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem partial_chain 585s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem partial_chain 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 585s + local verify_option=partial_chain 585s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8291 585s + local key_cn 585s + local key_name 585s + local tokens_dir 585s + local output_cert_file 585s + token_name= 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem .pem 585s + key_name=test-intermediate-CA-trusted-certificate-0001 585s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s ++ sed -n 's/ *commonName *= //p' 585s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 585s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 585s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 585s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 585s Test Organization Interme Token 585s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 585s + token_name='Test Organization Interme Token' 585s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 585s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 585s + echo 'Test Organization Interme Token' 585s + '[' -n partial_chain ']' 585s + local verify_arg=--verify=partial_chain 585s + local output_base_name=SSSD-child-5654 585s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654.output 585s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654.pem 585s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem 585s [p11_child[1909]] [main] (0x0400): p11_child started. 585s [p11_child[1909]] [main] (0x2000): Running in [pre-auth] mode. 585s [p11_child[1909]] [main] (0x2000): Running with effective IDs: [0][0]. 585s [p11_child[1909]] [main] (0x2000): Running with real IDs [0][0]. 585s [p11_child[1909]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 585s [p11_child[1909]] [do_card] (0x4000): Module List: 585s [p11_child[1909]] [do_card] (0x4000): common name: [softhsm2]. 585s [p11_child[1909]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1909]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fd66612] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 585s [p11_child[1909]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 585s [p11_child[1909]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2fd66612][802579986] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1909]] [do_card] (0x4000): Login NOT required. 585s [p11_child[1909]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 585s [p11_child[1909]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 585s [p11_child[1909]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 585s [p11_child[1909]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fd66612;slot-manufacturer=SoftHSM%20project;slot-id=802579986;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a2b0e7132fd66612;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 585s [p11_child[1909]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 585s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654.output 585s + echo '-----BEGIN CERTIFICATE-----' 585s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654.output 585s + echo '-----END CERTIFICATE-----' 585s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654.pem 585s Certificate: 585s Data: 585s Version: 3 (0x2) 585s Serial Number: 4 (0x4) 585s Signature Algorithm: sha256WithRSAEncryption 585s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 585s Validity 585s Not Before: Jan 23 22:05:22 2026 GMT 585s Not After : Jan 23 22:05:22 2027 GMT 585s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 585s Subject Public Key Info: 585s Public Key Algorithm: rsaEncryption 585s Public-Key: (1024 bit) 585s Modulus: 585s 00:f5:d7:19:31:08:eb:90:fb:12:96:5f:7c:24:63: 585s f0:1b:d0:ea:51:c6:71:4d:47:44:d0:46:cc:b9:77: 585s 12:d9:ed:a9:c7:41:62:1e:14:9c:54:b3:d3:7a:ef: 585s b9:3c:e0:68:1a:3c:32:c9:c9:43:80:c6:41:79:bb: 585s 69:df:c1:82:67:09:68:68:c2:11:6f:d9:60:e8:66: 585s 3d:25:ef:fd:0e:13:85:93:27:75:8a:3a:be:db:30: 585s 53:5e:51:fc:4b:90:a3:8f:0a:aa:ee:39:89:85:41: 585s b0:c0:08:a0:35:7a:86:b9:77:54:01:7d:73:a0:78: 585s 3d:f7:8e:01:7f:2c:f4:98:9d 585s Exponent: 65537 (0x10001) 585s X509v3 extensions: 585s X509v3 Authority Key Identifier: 585s 20:44:86:AE:C0:6A:D4:5C:B1:9F:8A:CE:CE:39:42:D7:70:12:10:9A 585s X509v3 Basic Constraints: 585s CA:FALSE 585s Netscape Cert Type: 585s SSL Client, S/MIME 585s Netscape Comment: 585s Test Organization Intermediate CA trusted Certificate 585s X509v3 Subject Key Identifier: 585s A9:4D:63:82:4C:29:12:6C:71:67:E3:AE:EF:D5:DA:5C:D7:5F:F2:B2 585s X509v3 Key Usage: critical 585s Digital Signature, Non Repudiation, Key Encipherment 585s X509v3 Extended Key Usage: 585s TLS Web Client Authentication, E-mail Protection 585s X509v3 Subject Alternative Name: 585s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 585s Signature Algorithm: sha256WithRSAEncryption 585s Signature Value: 585s 7b:d4:95:0d:67:d5:6d:03:d2:22:c1:ee:57:f8:f1:06:6f:ca: 585s d6:64:33:17:e5:74:23:08:81:8f:14:98:64:61:38:69:c0:d8: 585s 8a:6c:60:af:c6:e7:96:fb:50:7f:3d:e7:d9:28:df:66:6d:79: 585s 3a:c2:10:56:3a:b6:c7:5d:0d:d1:2c:89:26:c3:df:3a:60:6c: 585s 00:c5:4e:f9:d0:33:74:54:94:ad:76:01:2e:30:c4:ea:4c:4e: 585s da:08:85:d9:30:80:a6:ef:da:8c:84:2e:69:11:9f:0b:03:f8: 585s 8e:af:ad:10:83:f8:2e:96:6c:9c:af:07:3c:07:5c:db:e6:9a: 585s 85:02 585s + local found_md5 expected_md5 585s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA-trusted-certificate-0001.pem 585s + expected_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 585s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654.pem 585s + found_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 585s + '[' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D '!=' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D ']' 585s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654-auth.output 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654-auth.output .output 585s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654-auth.pem 585s + echo -n 053350 585s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 585s [p11_child[1917]] [main] (0x0400): p11_child started. 585s [p11_child[1917]] [main] (0x2000): Running in [auth] mode. 585s [p11_child[1917]] [main] (0x2000): Running with effective IDs: [0][0]. 585s [p11_child[1917]] [main] (0x2000): Running with real IDs [0][0]. 585s [p11_child[1917]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 585s [p11_child[1917]] [do_card] (0x4000): Module List: 585s [p11_child[1917]] [do_card] (0x4000): common name: [softhsm2]. 585s [p11_child[1917]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1917]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2fd66612] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 585s [p11_child[1917]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 585s [p11_child[1917]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2fd66612][802579986] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1917]] [do_card] (0x4000): Login required. 585s [p11_child[1917]] [do_card] (0x4000): Token flags [1069]. 585s [p11_child[1917]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 585s [p11_child[1917]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 585s [p11_child[1917]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 585s [p11_child[1917]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2fd66612;slot-manufacturer=SoftHSM%20project;slot-id=802579986;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a2b0e7132fd66612;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 585s [p11_child[1917]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 585s [p11_child[1917]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 585s [p11_child[1917]] [do_card] (0x4000): Certificate verified and validated. 585s [p11_child[1917]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 585s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654-auth.output 585s + echo '-----BEGIN CERTIFICATE-----' 585s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654-auth.output 585s + echo '-----END CERTIFICATE-----' 585s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654-auth.pem 585s Certificate: 585s Data: 585s Version: 3 (0x2) 585s Serial Number: 4 (0x4) 585s Signature Algorithm: sha256WithRSAEncryption 585s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 585s Validity 585s Not Before: Jan 23 22:05:22 2026 GMT 585s Not After : Jan 23 22:05:22 2027 GMT 585s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 585s Subject Public Key Info: 585s Public Key Algorithm: rsaEncryption 585s Public-Key: (1024 bit) 585s Modulus: 585s 00:f5:d7:19:31:08:eb:90:fb:12:96:5f:7c:24:63: 585s f0:1b:d0:ea:51:c6:71:4d:47:44:d0:46:cc:b9:77: 585s 12:d9:ed:a9:c7:41:62:1e:14:9c:54:b3:d3:7a:ef: 585s b9:3c:e0:68:1a:3c:32:c9:c9:43:80:c6:41:79:bb: 585s 69:df:c1:82:67:09:68:68:c2:11:6f:d9:60:e8:66: 585s 3d:25:ef:fd:0e:13:85:93:27:75:8a:3a:be:db:30: 585s 53:5e:51:fc:4b:90:a3:8f:0a:aa:ee:39:89:85:41: 585s b0:c0:08:a0:35:7a:86:b9:77:54:01:7d:73:a0:78: 585s 3d:f7:8e:01:7f:2c:f4:98:9d 585s Exponent: 65537 (0x10001) 585s X509v3 extensions: 585s X509v3 Authority Key Identifier: 585s 20:44:86:AE:C0:6A:D4:5C:B1:9F:8A:CE:CE:39:42:D7:70:12:10:9A 585s X509v3 Basic Constraints: 585s CA:FALSE 585s Netscape Cert Type: 585s SSL Client, S/MIME 585s Netscape Comment: 585s Test Organization Intermediate CA trusted Certificate 585s X509v3 Subject Key Identifier: 585s A9:4D:63:82:4C:29:12:6C:71:67:E3:AE:EF:D5:DA:5C:D7:5F:F2:B2 585s X509v3 Key Usage: critical 585s Digital Signature, Non Repudiation, Key Encipherment 585s X509v3 Extended Key Usage: 585s TLS Web Client Authentication, E-mail Protection 585s X509v3 Subject Alternative Name: 585s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 585s Signature Algorithm: sha256WithRSAEncryption 585s Signature Value: 585s 7b:d4:95:0d:67:d5:6d:03:d2:22:c1:ee:57:f8:f1:06:6f:ca: 585s d6:64:33:17:e5:74:23:08:81:8f:14:98:64:61:38:69:c0:d8: 585s 8a:6c:60:af:c6:e7:96:fb:50:7f:3d:e7:d9:28:df:66:6d:79: 585s 3a:c2:10:56:3a:b6:c7:5d:0d:d1:2c:89:26:c3:df:3a:60:6c: 585s 00:c5:4e:f9:d0:33:74:54:94:ad:76:01:2e:30:c4:ea:4c:4e: 585s da:08:85:d9:30:80:a6:ef:da:8c:84:2e:69:11:9f:0b:03:f8: 585s 8e:af:ad:10:83:f8:2e:96:6c:9c:af:07:3c:07:5c:db:e6:9a: 585s 85:02 585s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-5654-auth.pem 585s + found_md5=Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D 585s + '[' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D '!=' Modulus=F5D7193108EB90FB12965F7C2463F01BD0EA51C6714D4744D046CCB97712D9EDA9C741621E149C54B3D37AEFB93CE0681A3C32C9C94380C64179BB69DFC18267096868C2116FD960E8663D25EFFD0E13859327758A3ABEDB30535E51FC4B90A38F0AAAEE39898541B0C008A0357A86B97754017D73A0783DF78E017F2CF4989D ']' 585s + invalid_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 585s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 585s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 585s + local verify_option= 585s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 585s + local key_cn 585s + local key_name 585s + local tokens_dir 585s + local output_cert_file 585s + token_name= 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 585s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 585s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 585s ++ sed -n 's/ *commonName *= //p' 585s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 585s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 585s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 585s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 585s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 585s + token_name='Test Organization Sub Int Token' 585s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 585s + local key_file 585s + local decrypted_key 585s + mkdir -p /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 585s + key_file=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 585s + decrypted_key=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 585s + cat 585s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 585s + softhsm2-util --show-slots 585s Slot 0 has a free/uninitialized token. 585s The token has been initialized and is reassigned to slot 1732845454 585s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 585s Available slots: 585s Slot 1732845454 585s Slot info: 585s Description: SoftHSM slot ID 0x67491f8e 585s Manufacturer ID: SoftHSM project 585s Hardware version: 2.6 585s Firmware version: 2.6 585s Token present: yes 585s Token info: 585s Manufacturer ID: SoftHSM project 585s Model: SoftHSM v2 585s Hardware version: 2.6 585s Firmware version: 2.6 585s Serial number: 5d89495767491f8e 585s Initialized: yes 585s User PIN init.: yes 585s Label: Test Organization Sub Int Token 585s Slot 1 585s Slot info: 585s Description: SoftHSM slot ID 0x1 585s Manufacturer ID: SoftHSM project 585s Hardware version: 2.6 585s Firmware version: 2.6 585s Token present: yes 585s Token info: 585s Manufacturer ID: SoftHSM project 585s Model: SoftHSM v2 585s Hardware version: 2.6 585s Firmware version: 2.6 585s Serial number: 585s Initialized: no 585s User PIN init.: no 585s Label: 585s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-30545 -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 585s writing RSA key 585s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 585s + rm /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 585s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 585s Object 0: 585s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5d89495767491f8e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 585s Type: X.509 Certificate (RSA-1024) 585s Expires: Sat Jan 23 22:05:23 2027 585s Label: Test Organization Sub Intermediate Trusted Certificate 0001 585s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 585s 585s Test Organization Sub Int Token 585s + echo 'Test Organization Sub Int Token' 585s + '[' -n '' ']' 585s + local output_base_name=SSSD-child-14602 585s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-14602.output 585s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-14602.pem 585s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 585s [p11_child[1936]] [main] (0x0400): p11_child started. 585s [p11_child[1936]] [main] (0x2000): Running in [pre-auth] mode. 585s [p11_child[1936]] [main] (0x2000): Running with effective IDs: [0][0]. 585s [p11_child[1936]] [main] (0x2000): Running with real IDs [0][0]. 585s [p11_child[1936]] [do_card] (0x4000): Module List: 585s [p11_child[1936]] [do_card] (0x4000): common name: [softhsm2]. 585s [p11_child[1936]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1936]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 585s [p11_child[1936]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 585s [p11_child[1936]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1936]] [do_card] (0x4000): Login NOT required. 585s [p11_child[1936]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 585s [p11_child[1936]] [do_verification] (0x0040): X509_verify_cert failed [0]. 585s [p11_child[1936]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 585s [p11_child[1936]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 585s [p11_child[1936]] [do_card] (0x4000): No certificate found. 585s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-14602.output 585s + return 2 585s + invalid_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem partial_chain 585s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem partial_chain 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 585s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 585s + local verify_option=partial_chain 585s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 585s + local key_cn 585s + local key_name 585s + local tokens_dir 585s + local output_cert_file 585s + token_name= 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 585s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 585s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 585s ++ sed -n 's/ *commonName *= //p' 585s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 585s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 585s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 585s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 585s Test Organization Sub Int Token 585s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 585s + token_name='Test Organization Sub Int Token' 585s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 585s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 585s + echo 'Test Organization Sub Int Token' 585s + '[' -n partial_chain ']' 585s + local verify_arg=--verify=partial_chain 585s + local output_base_name=SSSD-child-2045 585s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-2045.output 585s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-2045.pem 585s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-root-CA.pem 585s [p11_child[1943]] [main] (0x0400): p11_child started. 585s [p11_child[1943]] [main] (0x2000): Running in [pre-auth] mode. 585s [p11_child[1943]] [main] (0x2000): Running with effective IDs: [0][0]. 585s [p11_child[1943]] [main] (0x2000): Running with real IDs [0][0]. 585s [p11_child[1943]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 585s [p11_child[1943]] [do_card] (0x4000): Module List: 585s [p11_child[1943]] [do_card] (0x4000): common name: [softhsm2]. 585s [p11_child[1943]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1943]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 585s [p11_child[1943]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 585s [p11_child[1943]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1943]] [do_card] (0x4000): Login NOT required. 585s [p11_child[1943]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 585s [p11_child[1943]] [do_verification] (0x0040): X509_verify_cert failed [0]. 585s [p11_child[1943]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 585s [p11_child[1943]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 585s [p11_child[1943]] [do_card] (0x4000): No certificate found. 585s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-2045.output 585s + return 2 585s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 585s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 585s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 585s + local verify_option= 585s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 585s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 585s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 585s + local key_cn 585s + local key_name 585s + local tokens_dir 585s + local output_cert_file 585s + token_name= 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 585s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 585s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 585s ++ sed -n 's/ *commonName *= //p' 585s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 585s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 585s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 585s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 585s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 585s Test Organization Sub Int Token 585s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 585s + token_name='Test Organization Sub Int Token' 585s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 585s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 585s + echo 'Test Organization Sub Int Token' 585s + '[' -n '' ']' 585s + local output_base_name=SSSD-child-1530 585s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530.output 585s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530.pem 585s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 585s [p11_child[1950]] [main] (0x0400): p11_child started. 585s [p11_child[1950]] [main] (0x2000): Running in [pre-auth] mode. 585s [p11_child[1950]] [main] (0x2000): Running with effective IDs: [0][0]. 585s [p11_child[1950]] [main] (0x2000): Running with real IDs [0][0]. 585s [p11_child[1950]] [do_card] (0x4000): Module List: 585s [p11_child[1950]] [do_card] (0x4000): common name: [softhsm2]. 585s [p11_child[1950]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1950]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 585s [p11_child[1950]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 585s [p11_child[1950]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 585s [p11_child[1950]] [do_card] (0x4000): Login NOT required. 585s [p11_child[1950]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 585s [p11_child[1950]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 585s [p11_child[1950]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 585s [p11_child[1950]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67491f8e;slot-manufacturer=SoftHSM%20project;slot-id=1732845454;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5d89495767491f8e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 585s [p11_child[1950]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 585s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530.output 585s + echo '-----BEGIN CERTIFICATE-----' 585s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530.output 585s + echo '-----END CERTIFICATE-----' 585s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530.pem 586s Certificate: 586s Data: 586s Version: 3 (0x2) 586s Serial Number: 5 (0x5) 586s Signature Algorithm: sha256WithRSAEncryption 586s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 586s Validity 586s Not Before: Jan 23 22:05:23 2026 GMT 586s Not After : Jan 23 22:05:23 2027 GMT 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:ac:c8:46:25:e6:99:05:1b:4a:ac:40:d8:72:a3: 586s 7c:d6:80:4a:ee:84:fa:3c:0a:07:9d:f7:fb:74:b1: 586s b6:42:ec:ba:86:eb:b9:fe:a7:f8:40:19:62:db:f4: 586s 1d:9c:7c:c5:5b:63:8e:a5:3c:b6:95:fc:6b:42:8e: 586s a0:f8:92:0d:da:14:55:6b:16:1e:bf:4a:da:25:43: 586s 4b:7a:14:7c:47:66:f1:4c:b6:c1:e5:e7:40:1c:e7: 586s 50:b5:22:6f:0c:b8:e5:5d:f3:66:27:86:02:aa:2f: 586s f3:81:c6:b9:2f:77:68:cd:1f:4d:67:ab:39:fd:08: 586s 20:ef:15:9e:5c:8c:38:5a:33 586s Exponent: 65537 (0x10001) 586s X509v3 extensions: 586s X509v3 Authority Key Identifier: 586s BD:E4:7A:4B:9B:A6:C8:78:38:B6:94:D0:5E:B9:62:0F:7F:09:F2:0E 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Sub Intermediate CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s A6:3D:4D:E3:27:8E:55:91:A3:78:65:5F:8E:65:F3:59:63:E8:4C:A5 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s a6:ad:1a:b1:2a:f9:c9:f0:8c:4c:7e:ee:85:16:cb:91:9e:ac: 586s 62:e4:3f:26:16:da:52:97:e8:c6:59:f1:e8:9d:57:e3:ca:d4: 586s 8e:5e:97:d1:1f:bd:ca:9e:57:25:a9:8a:15:db:51:36:a9:0b: 586s d7:59:e8:47:14:b0:63:59:19:3f:78:7c:f1:94:67:59:fb:81: 586s c0:6d:d3:d9:a2:88:19:4a:07:8e:ce:4f:14:a3:6c:40:7d:b5: 586s 24:f4:c0:c4:70:31:0f:20:79:7e:dc:dc:c1:3b:f3:98:5e:5e: 586s c8:ca:02:5a:7e:26:c3:f1:01:42:31:73:42:e6:71:dd:19:67: 586s 57:36 586s + local found_md5 expected_md5 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + expected_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530.pem 586s + found_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s + '[' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 '!=' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 ']' 586s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530-auth.output 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530-auth.output .output 586s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530-auth.pem 586s + echo -n 053350 586s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 586s [p11_child[1958]] [main] (0x0400): p11_child started. 586s [p11_child[1958]] [main] (0x2000): Running in [auth] mode. 586s [p11_child[1958]] [main] (0x2000): Running with effective IDs: [0][0]. 586s [p11_child[1958]] [main] (0x2000): Running with real IDs [0][0]. 586s [p11_child[1958]] [do_card] (0x4000): Module List: 586s [p11_child[1958]] [do_card] (0x4000): common name: [softhsm2]. 586s [p11_child[1958]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[1958]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 586s [p11_child[1958]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 586s [p11_child[1958]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[1958]] [do_card] (0x4000): Login required. 586s [p11_child[1958]] [do_card] (0x4000): Token flags [1069]. 586s [p11_child[1958]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 586s [p11_child[1958]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 586s [p11_child[1958]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 586s [p11_child[1958]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67491f8e;slot-manufacturer=SoftHSM%20project;slot-id=1732845454;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5d89495767491f8e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 586s [p11_child[1958]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 586s [p11_child[1958]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 586s [p11_child[1958]] [do_card] (0x4000): Certificate verified and validated. 586s [p11_child[1958]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 586s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530-auth.output 586s + echo '-----BEGIN CERTIFICATE-----' 586s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530-auth.output 586s + echo '-----END CERTIFICATE-----' 586s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530-auth.pem 586s Certificate: 586s Data: 586s Version: 3 (0x2) 586s Serial Number: 5 (0x5) 586s Signature Algorithm: sha256WithRSAEncryption 586s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 586s Validity 586s Not Before: Jan 23 22:05:23 2026 GMT 586s Not After : Jan 23 22:05:23 2027 GMT 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:ac:c8:46:25:e6:99:05:1b:4a:ac:40:d8:72:a3: 586s 7c:d6:80:4a:ee:84:fa:3c:0a:07:9d:f7:fb:74:b1: 586s b6:42:ec:ba:86:eb:b9:fe:a7:f8:40:19:62:db:f4: 586s 1d:9c:7c:c5:5b:63:8e:a5:3c:b6:95:fc:6b:42:8e: 586s a0:f8:92:0d:da:14:55:6b:16:1e:bf:4a:da:25:43: 586s 4b:7a:14:7c:47:66:f1:4c:b6:c1:e5:e7:40:1c:e7: 586s 50:b5:22:6f:0c:b8:e5:5d:f3:66:27:86:02:aa:2f: 586s f3:81:c6:b9:2f:77:68:cd:1f:4d:67:ab:39:fd:08: 586s 20:ef:15:9e:5c:8c:38:5a:33 586s Exponent: 65537 (0x10001) 586s X509v3 extensions: 586s X509v3 Authority Key Identifier: 586s BD:E4:7A:4B:9B:A6:C8:78:38:B6:94:D0:5E:B9:62:0F:7F:09:F2:0E 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Sub Intermediate CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s A6:3D:4D:E3:27:8E:55:91:A3:78:65:5F:8E:65:F3:59:63:E8:4C:A5 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s a6:ad:1a:b1:2a:f9:c9:f0:8c:4c:7e:ee:85:16:cb:91:9e:ac: 586s 62:e4:3f:26:16:da:52:97:e8:c6:59:f1:e8:9d:57:e3:ca:d4: 586s 8e:5e:97:d1:1f:bd:ca:9e:57:25:a9:8a:15:db:51:36:a9:0b: 586s d7:59:e8:47:14:b0:63:59:19:3f:78:7c:f1:94:67:59:fb:81: 586s c0:6d:d3:d9:a2:88:19:4a:07:8e:ce:4f:14:a3:6c:40:7d:b5: 586s 24:f4:c0:c4:70:31:0f:20:79:7e:dc:dc:c1:3b:f3:98:5e:5e: 586s c8:ca:02:5a:7e:26:c3:f1:01:42:31:73:42:e6:71:dd:19:67: 586s 57:36 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-1530-auth.pem 586s + found_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s + '[' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 '!=' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 ']' 586s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem partial_chain 586s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem partial_chain 586s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 586s + local verify_option=partial_chain 586s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local key_cn 586s + local key_name 586s + local tokens_dir 586s + local output_cert_file 586s + token_name= 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 586s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 586s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s ++ sed -n 's/ *commonName *= //p' 586s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 586s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 586s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 586s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 586s Test Organization Sub Int Token 586s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 586s + token_name='Test Organization Sub Int Token' 586s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 586s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 586s + echo 'Test Organization Sub Int Token' 586s + '[' -n partial_chain ']' 586s + local verify_arg=--verify=partial_chain 586s + local output_base_name=SSSD-child-16035 586s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035.output 586s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035.pem 586s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem 586s [p11_child[1968]] [main] (0x0400): p11_child started. 586s [p11_child[1968]] [main] (0x2000): Running in [pre-auth] mode. 586s [p11_child[1968]] [main] (0x2000): Running with effective IDs: [0][0]. 586s [p11_child[1968]] [main] (0x2000): Running with real IDs [0][0]. 586s [p11_child[1968]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 586s [p11_child[1968]] [do_card] (0x4000): Module List: 586s [p11_child[1968]] [do_card] (0x4000): common name: [softhsm2]. 586s [p11_child[1968]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[1968]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 586s [p11_child[1968]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 586s [p11_child[1968]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[1968]] [do_card] (0x4000): Login NOT required. 586s [p11_child[1968]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 586s [p11_child[1968]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 586s [p11_child[1968]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 586s [p11_child[1968]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67491f8e;slot-manufacturer=SoftHSM%20project;slot-id=1732845454;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5d89495767491f8e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 586s [p11_child[1968]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 586s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035.output 586s + echo '-----BEGIN CERTIFICATE-----' 586s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035.output 586s + echo '-----END CERTIFICATE-----' 586s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035.pem 586s Certificate: 586s Data: 586s Version: 3 (0x2) 586s Serial Number: 5 (0x5) 586s Signature Algorithm: sha256WithRSAEncryption 586s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 586s Validity 586s Not Before: Jan 23 22:05:23 2026 GMT 586s Not After : Jan 23 22:05:23 2027 GMT 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:ac:c8:46:25:e6:99:05:1b:4a:ac:40:d8:72:a3: 586s 7c:d6:80:4a:ee:84:fa:3c:0a:07:9d:f7:fb:74:b1: 586s b6:42:ec:ba:86:eb:b9:fe:a7:f8:40:19:62:db:f4: 586s 1d:9c:7c:c5:5b:63:8e:a5:3c:b6:95:fc:6b:42:8e: 586s a0:f8:92:0d:da:14:55:6b:16:1e:bf:4a:da:25:43: 586s 4b:7a:14:7c:47:66:f1:4c:b6:c1:e5:e7:40:1c:e7: 586s 50:b5:22:6f:0c:b8:e5:5d:f3:66:27:86:02:aa:2f: 586s f3:81:c6:b9:2f:77:68:cd:1f:4d:67:ab:39:fd:08: 586s 20:ef:15:9e:5c:8c:38:5a:33 586s Exponent: 65537 (0x10001) 586s X509v3 extensions: 586s X509v3 Authority Key Identifier: 586s BD:E4:7A:4B:9B:A6:C8:78:38:B6:94:D0:5E:B9:62:0F:7F:09:F2:0E 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Sub Intermediate CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s A6:3D:4D:E3:27:8E:55:91:A3:78:65:5F:8E:65:F3:59:63:E8:4C:A5 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s a6:ad:1a:b1:2a:f9:c9:f0:8c:4c:7e:ee:85:16:cb:91:9e:ac: 586s 62:e4:3f:26:16:da:52:97:e8:c6:59:f1:e8:9d:57:e3:ca:d4: 586s 8e:5e:97:d1:1f:bd:ca:9e:57:25:a9:8a:15:db:51:36:a9:0b: 586s d7:59:e8:47:14:b0:63:59:19:3f:78:7c:f1:94:67:59:fb:81: 586s c0:6d:d3:d9:a2:88:19:4a:07:8e:ce:4f:14:a3:6c:40:7d:b5: 586s 24:f4:c0:c4:70:31:0f:20:79:7e:dc:dc:c1:3b:f3:98:5e:5e: 586s c8:ca:02:5a:7e:26:c3:f1:01:42:31:73:42:e6:71:dd:19:67: 586s 57:36 586s + local found_md5 expected_md5 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + expected_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035.pem 586s + found_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s + '[' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 '!=' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 ']' 586s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035-auth.output 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035-auth.output .output 586s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035-auth.pem 586s + echo -n 053350 586s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 586s [p11_child[1976]] [main] (0x0400): p11_child started. 586s [p11_child[1976]] [main] (0x2000): Running in [auth] mode. 586s [p11_child[1976]] [main] (0x2000): Running with effective IDs: [0][0]. 586s [p11_child[1976]] [main] (0x2000): Running with real IDs [0][0]. 586s [p11_child[1976]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 586s [p11_child[1976]] [do_card] (0x4000): Module List: 586s [p11_child[1976]] [do_card] (0x4000): common name: [softhsm2]. 586s [p11_child[1976]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[1976]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 586s [p11_child[1976]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 586s [p11_child[1976]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[1976]] [do_card] (0x4000): Login required. 586s [p11_child[1976]] [do_card] (0x4000): Token flags [1069]. 586s [p11_child[1976]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 586s [p11_child[1976]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 586s [p11_child[1976]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 586s [p11_child[1976]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67491f8e;slot-manufacturer=SoftHSM%20project;slot-id=1732845454;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5d89495767491f8e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 586s [p11_child[1976]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 586s [p11_child[1976]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 586s [p11_child[1976]] [do_card] (0x4000): Certificate verified and validated. 586s [p11_child[1976]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 586s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035-auth.output 586s + echo '-----BEGIN CERTIFICATE-----' 586s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035-auth.output 586s + echo '-----END CERTIFICATE-----' 586s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035-auth.pem 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-16035-auth.pem 586s Certificate: 586s Data: 586s Version: 3 (0x2) 586s Serial Number: 5 (0x5) 586s Signature Algorithm: sha256WithRSAEncryption 586s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 586s Validity 586s Not Before: Jan 23 22:05:23 2026 GMT 586s Not After : Jan 23 22:05:23 2027 GMT 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:ac:c8:46:25:e6:99:05:1b:4a:ac:40:d8:72:a3: 586s 7c:d6:80:4a:ee:84:fa:3c:0a:07:9d:f7:fb:74:b1: 586s b6:42:ec:ba:86:eb:b9:fe:a7:f8:40:19:62:db:f4: 586s 1d:9c:7c:c5:5b:63:8e:a5:3c:b6:95:fc:6b:42:8e: 586s a0:f8:92:0d:da:14:55:6b:16:1e:bf:4a:da:25:43: 586s 4b:7a:14:7c:47:66:f1:4c:b6:c1:e5:e7:40:1c:e7: 586s 50:b5:22:6f:0c:b8:e5:5d:f3:66:27:86:02:aa:2f: 586s f3:81:c6:b9:2f:77:68:cd:1f:4d:67:ab:39:fd:08: 586s 20:ef:15:9e:5c:8c:38:5a:33 586s Exponent: 65537 (0x10001) 586s X509v3 extensions: 586s X509v3 Authority Key Identifier: 586s BD:E4:7A:4B:9B:A6:C8:78:38:B6:94:D0:5E:B9:62:0F:7F:09:F2:0E 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Sub Intermediate CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s A6:3D:4D:E3:27:8E:55:91:A3:78:65:5F:8E:65:F3:59:63:E8:4C:A5 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s a6:ad:1a:b1:2a:f9:c9:f0:8c:4c:7e:ee:85:16:cb:91:9e:ac: 586s 62:e4:3f:26:16:da:52:97:e8:c6:59:f1:e8:9d:57:e3:ca:d4: 586s 8e:5e:97:d1:1f:bd:ca:9e:57:25:a9:8a:15:db:51:36:a9:0b: 586s d7:59:e8:47:14:b0:63:59:19:3f:78:7c:f1:94:67:59:fb:81: 586s c0:6d:d3:d9:a2:88:19:4a:07:8e:ce:4f:14:a3:6c:40:7d:b5: 586s 24:f4:c0:c4:70:31:0f:20:79:7e:dc:dc:c1:3b:f3:98:5e:5e: 586s c8:ca:02:5a:7e:26:c3:f1:01:42:31:73:42:e6:71:dd:19:67: 586s 57:36 586s + found_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s + '[' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 '!=' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 ']' 586s + invalid_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 586s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 586s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 586s + local verify_option= 586s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local key_cn 586s + local key_name 586s + local tokens_dir 586s + local output_cert_file 586s + token_name= 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 586s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 586s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s ++ sed -n 's/ *commonName *= //p' 586s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 586s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 586s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 586s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 586s Test Organization Sub Int Token 586s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 586s + token_name='Test Organization Sub Int Token' 586s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 586s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 586s + echo 'Test Organization Sub Int Token' 586s + '[' -n '' ']' 586s + local output_base_name=SSSD-child-7953 586s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-7953.output 586s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-7953.pem 586s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 586s [p11_child[1986]] [main] (0x0400): p11_child started. 586s [p11_child[1986]] [main] (0x2000): Running in [pre-auth] mode. 586s [p11_child[1986]] [main] (0x2000): Running with effective IDs: [0][0]. 586s [p11_child[1986]] [main] (0x2000): Running with real IDs [0][0]. 586s [p11_child[1986]] [do_card] (0x4000): Module List: 586s [p11_child[1986]] [do_card] (0x4000): common name: [softhsm2]. 586s [p11_child[1986]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[1986]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 586s [p11_child[1986]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 586s [p11_child[1986]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[1986]] [do_card] (0x4000): Login NOT required. 586s [p11_child[1986]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 586s [p11_child[1986]] [do_verification] (0x0040): X509_verify_cert failed [0]. 586s [p11_child[1986]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 586s [p11_child[1986]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 586s [p11_child[1986]] [do_card] (0x4000): No certificate found. 586s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-7953.output 586s + return 2 586s + invalid_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-root-intermediate-chain-CA.pem partial_chain 586s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-root-intermediate-chain-CA.pem partial_chain 586s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-root-intermediate-chain-CA.pem 586s + local verify_option=partial_chain 586s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local key_cn 586s + local key_name 586s + local tokens_dir 586s + local output_cert_file 586s + token_name= 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 586s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 586s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s ++ sed -n 's/ *commonName *= //p' 586s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 586s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 586s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 586s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 586s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 586s + token_name='Test Organization Sub Int Token' 586s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 586s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 586s + echo 'Test Organization Sub Int Token' 586s + '[' -n partial_chain ']' 586s + local verify_arg=--verify=partial_chain 586s + local output_base_name=SSSD-child-17518 586s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-17518.output 586s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-17518.pem 586s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-root-intermediate-chain-CA.pem 586s Test Organization Sub Int Token 586s [p11_child[1993]] [main] (0x0400): p11_child started. 586s [p11_child[1993]] [main] (0x2000): Running in [pre-auth] mode. 586s [p11_child[1993]] [main] (0x2000): Running with effective IDs: [0][0]. 586s [p11_child[1993]] [main] (0x2000): Running with real IDs [0][0]. 586s [p11_child[1993]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 586s [p11_child[1993]] [do_card] (0x4000): Module List: 586s [p11_child[1993]] [do_card] (0x4000): common name: [softhsm2]. 586s [p11_child[1993]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[1993]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 586s [p11_child[1993]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 586s [p11_child[1993]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[1993]] [do_card] (0x4000): Login NOT required. 586s [p11_child[1993]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 586s [p11_child[1993]] [do_verification] (0x0040): X509_verify_cert failed [0]. 586s [p11_child[1993]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 586s [p11_child[1993]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 586s [p11_child[1993]] [do_card] (0x4000): No certificate found. 586s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-17518.output 586s + return 2 586s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem partial_chain 586s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem partial_chain 586s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 586s + local verify_option=partial_chain 586s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local key_cn 586s + local key_name 586s + local tokens_dir 586s + local output_cert_file 586s + token_name= 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 586s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 586s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s ++ sed -n 's/ *commonName *= //p' 586s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 586s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 586s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 586s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 586s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 586s + token_name='Test Organization Sub Int Token' 586s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 586s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 586s + echo 'Test Organization Sub Int Token' 586s + '[' -n partial_chain ']' 586s + local verify_arg=--verify=partial_chain 586s + local output_base_name=SSSD-child-14496 586s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496.output 586s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496.pem 586s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem 586s Test Organization Sub Int Token 586s [p11_child[2000]] [main] (0x0400): p11_child started. 586s [p11_child[2000]] [main] (0x2000): Running in [pre-auth] mode. 586s [p11_child[2000]] [main] (0x2000): Running with effective IDs: [0][0]. 586s [p11_child[2000]] [main] (0x2000): Running with real IDs [0][0]. 586s [p11_child[2000]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 586s [p11_child[2000]] [do_card] (0x4000): Module List: 586s [p11_child[2000]] [do_card] (0x4000): common name: [softhsm2]. 586s [p11_child[2000]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[2000]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 586s [p11_child[2000]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 586s [p11_child[2000]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[2000]] [do_card] (0x4000): Login NOT required. 586s [p11_child[2000]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 586s [p11_child[2000]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 586s [p11_child[2000]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 586s [p11_child[2000]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67491f8e;slot-manufacturer=SoftHSM%20project;slot-id=1732845454;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5d89495767491f8e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 586s [p11_child[2000]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 586s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496.output 586s + echo '-----BEGIN CERTIFICATE-----' 586s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496.output 586s + echo '-----END CERTIFICATE-----' 586s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496.pem 586s + local found_md5 expected_md5 586s Certificate: 586s Data: 586s Version: 3 (0x2) 586s Serial Number: 5 (0x5) 586s Signature Algorithm: sha256WithRSAEncryption 586s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 586s Validity 586s Not Before: Jan 23 22:05:23 2026 GMT 586s Not After : Jan 23 22:05:23 2027 GMT 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:ac:c8:46:25:e6:99:05:1b:4a:ac:40:d8:72:a3: 586s 7c:d6:80:4a:ee:84:fa:3c:0a:07:9d:f7:fb:74:b1: 586s b6:42:ec:ba:86:eb:b9:fe:a7:f8:40:19:62:db:f4: 586s 1d:9c:7c:c5:5b:63:8e:a5:3c:b6:95:fc:6b:42:8e: 586s a0:f8:92:0d:da:14:55:6b:16:1e:bf:4a:da:25:43: 586s 4b:7a:14:7c:47:66:f1:4c:b6:c1:e5:e7:40:1c:e7: 586s 50:b5:22:6f:0c:b8:e5:5d:f3:66:27:86:02:aa:2f: 586s f3:81:c6:b9:2f:77:68:cd:1f:4d:67:ab:39:fd:08: 586s 20:ef:15:9e:5c:8c:38:5a:33 586s Exponent: 65537 (0x10001) 586s X509v3 extensions: 586s X509v3 Authority Key Identifier: 586s BD:E4:7A:4B:9B:A6:C8:78:38:B6:94:D0:5E:B9:62:0F:7F:09:F2:0E 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Sub Intermediate CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s A6:3D:4D:E3:27:8E:55:91:A3:78:65:5F:8E:65:F3:59:63:E8:4C:A5 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s a6:ad:1a:b1:2a:f9:c9:f0:8c:4c:7e:ee:85:16:cb:91:9e:ac: 586s 62:e4:3f:26:16:da:52:97:e8:c6:59:f1:e8:9d:57:e3:ca:d4: 586s 8e:5e:97:d1:1f:bd:ca:9e:57:25:a9:8a:15:db:51:36:a9:0b: 586s d7:59:e8:47:14:b0:63:59:19:3f:78:7c:f1:94:67:59:fb:81: 586s c0:6d:d3:d9:a2:88:19:4a:07:8e:ce:4f:14:a3:6c:40:7d:b5: 586s 24:f4:c0:c4:70:31:0f:20:79:7e:dc:dc:c1:3b:f3:98:5e:5e: 586s c8:ca:02:5a:7e:26:c3:f1:01:42:31:73:42:e6:71:dd:19:67: 586s 57:36 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + expected_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496.pem 586s + found_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s + '[' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 '!=' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 ']' 586s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496-auth.output 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496-auth.output .output 586s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496-auth.pem 586s + echo -n 053350 586s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 586s [p11_child[2008]] [main] (0x0400): p11_child started. 586s [p11_child[2008]] [main] (0x2000): Running in [auth] mode. 586s [p11_child[2008]] [main] (0x2000): Running with effective IDs: [0][0]. 586s [p11_child[2008]] [main] (0x2000): Running with real IDs [0][0]. 586s [p11_child[2008]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 586s [p11_child[2008]] [do_card] (0x4000): Module List: 586s [p11_child[2008]] [do_card] (0x4000): common name: [softhsm2]. 586s [p11_child[2008]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[2008]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 586s [p11_child[2008]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 586s [p11_child[2008]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[2008]] [do_card] (0x4000): Login required. 586s [p11_child[2008]] [do_card] (0x4000): Token flags [1069]. 586s [p11_child[2008]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 586s [p11_child[2008]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 586s [p11_child[2008]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 586s [p11_child[2008]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67491f8e;slot-manufacturer=SoftHSM%20project;slot-id=1732845454;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5d89495767491f8e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 586s [p11_child[2008]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 586s [p11_child[2008]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 586s [p11_child[2008]] [do_card] (0x4000): Certificate verified and validated. 586s [p11_child[2008]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 586s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496-auth.output 586s + echo '-----BEGIN CERTIFICATE-----' 586s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496-auth.output 586s + echo '-----END CERTIFICATE-----' 586s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496-auth.pem 586s Certificate: 586s Data: 586s Version: 3 (0x2) 586s Serial Number: 5 (0x5) 586s Signature Algorithm: sha256WithRSAEncryption 586s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 586s Validity 586s Not Before: Jan 23 22:05:23 2026 GMT 586s Not After : Jan 23 22:05:23 2027 GMT 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:ac:c8:46:25:e6:99:05:1b:4a:ac:40:d8:72:a3: 586s 7c:d6:80:4a:ee:84:fa:3c:0a:07:9d:f7:fb:74:b1: 586s b6:42:ec:ba:86:eb:b9:fe:a7:f8:40:19:62:db:f4: 586s 1d:9c:7c:c5:5b:63:8e:a5:3c:b6:95:fc:6b:42:8e: 586s a0:f8:92:0d:da:14:55:6b:16:1e:bf:4a:da:25:43: 586s 4b:7a:14:7c:47:66:f1:4c:b6:c1:e5:e7:40:1c:e7: 586s 50:b5:22:6f:0c:b8:e5:5d:f3:66:27:86:02:aa:2f: 586s f3:81:c6:b9:2f:77:68:cd:1f:4d:67:ab:39:fd:08: 586s 20:ef:15:9e:5c:8c:38:5a:33 586s Exponent: 65537 (0x10001) 586s X509v3 extensions: 586s X509v3 Authority Key Identifier: 586s BD:E4:7A:4B:9B:A6:C8:78:38:B6:94:D0:5E:B9:62:0F:7F:09:F2:0E 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Sub Intermediate CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s A6:3D:4D:E3:27:8E:55:91:A3:78:65:5F:8E:65:F3:59:63:E8:4C:A5 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s a6:ad:1a:b1:2a:f9:c9:f0:8c:4c:7e:ee:85:16:cb:91:9e:ac: 586s 62:e4:3f:26:16:da:52:97:e8:c6:59:f1:e8:9d:57:e3:ca:d4: 586s 8e:5e:97:d1:1f:bd:ca:9e:57:25:a9:8a:15:db:51:36:a9:0b: 586s d7:59:e8:47:14:b0:63:59:19:3f:78:7c:f1:94:67:59:fb:81: 586s c0:6d:d3:d9:a2:88:19:4a:07:8e:ce:4f:14:a3:6c:40:7d:b5: 586s 24:f4:c0:c4:70:31:0f:20:79:7e:dc:dc:c1:3b:f3:98:5e:5e: 586s c8:ca:02:5a:7e:26:c3:f1:01:42:31:73:42:e6:71:dd:19:67: 586s 57:36 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-14496-auth.pem 586s + found_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s + '[' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 '!=' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 ']' 586s + valid_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-intermediate-sub-chain-CA.pem partial_chain 586s + check_certificate /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 /tmp/sssd-softhsm2-mOYOpU/test-intermediate-sub-chain-CA.pem partial_chain 586s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local key_ring=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-sub-chain-CA.pem 586s + local verify_option=partial_chain 586s + prepare_softhsm2_card /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local certificate=/tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-30545 586s + local key_cn 586s + local key_name 586s + local tokens_dir 586s + local output_cert_file 586s + token_name= 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 586s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 586s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s ++ sed -n 's/ *commonName *= //p' 586s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 586s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 586s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 586s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 586s Test Organization Sub Int Token 586s + tokens_dir=/tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 586s + token_name='Test Organization Sub Int Token' 586s + '[' '!' -e /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 586s + '[' '!' -d /tmp/sssd-softhsm2-mOYOpU/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 586s + echo 'Test Organization Sub Int Token' 586s + '[' -n partial_chain ']' 586s + local verify_arg=--verify=partial_chain 586s + local output_base_name=SSSD-child-11022 586s + local output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022.output 586s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022.pem 586s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-sub-chain-CA.pem 586s [p11_child[2018]] [main] (0x0400): p11_child started. 586s [p11_child[2018]] [main] (0x2000): Running in [pre-auth] mode. 586s [p11_child[2018]] [main] (0x2000): Running with effective IDs: [0][0]. 586s [p11_child[2018]] [main] (0x2000): Running with real IDs [0][0]. 586s [p11_child[2018]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 586s [p11_child[2018]] [do_card] (0x4000): Module List: 586s [p11_child[2018]] [do_card] (0x4000): common name: [softhsm2]. 586s [p11_child[2018]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[2018]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 586s [p11_child[2018]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 586s [p11_child[2018]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[2018]] [do_card] (0x4000): Login NOT required. 586s [p11_child[2018]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 586s [p11_child[2018]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 586s [p11_child[2018]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 586s [p11_child[2018]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67491f8e;slot-manufacturer=SoftHSM%20project;slot-id=1732845454;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5d89495767491f8e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 586s [p11_child[2018]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 586s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022.output 586s + echo '-----BEGIN CERTIFICATE-----' 586s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022.output 586s + echo '-----END CERTIFICATE-----' 586s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022.pem 586s Certificate: 586s Data: 586s Version: 3 (0x2) 586s Serial Number: 5 (0x5) 586s Signature Algorithm: sha256WithRSAEncryption 586s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 586s Validity 586s Not Before: Jan 23 22:05:23 2026 GMT 586s Not After : Jan 23 22:05:23 2027 GMT 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:ac:c8:46:25:e6:99:05:1b:4a:ac:40:d8:72:a3: 586s 7c:d6:80:4a:ee:84:fa:3c:0a:07:9d:f7:fb:74:b1: 586s b6:42:ec:ba:86:eb:b9:fe:a7:f8:40:19:62:db:f4: 586s 1d:9c:7c:c5:5b:63:8e:a5:3c:b6:95:fc:6b:42:8e: 586s a0:f8:92:0d:da:14:55:6b:16:1e:bf:4a:da:25:43: 586s 4b:7a:14:7c:47:66:f1:4c:b6:c1:e5:e7:40:1c:e7: 586s 50:b5:22:6f:0c:b8:e5:5d:f3:66:27:86:02:aa:2f: 586s f3:81:c6:b9:2f:77:68:cd:1f:4d:67:ab:39:fd:08: 586s 20:ef:15:9e:5c:8c:38:5a:33 586s Exponent: 65537 (0x10001) 586s X509v3 extensions: 586s X509v3 Authority Key Identifier: 586s BD:E4:7A:4B:9B:A6:C8:78:38:B6:94:D0:5E:B9:62:0F:7F:09:F2:0E 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Sub Intermediate CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s A6:3D:4D:E3:27:8E:55:91:A3:78:65:5F:8E:65:F3:59:63:E8:4C:A5 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s a6:ad:1a:b1:2a:f9:c9:f0:8c:4c:7e:ee:85:16:cb:91:9e:ac: 586s 62:e4:3f:26:16:da:52:97:e8:c6:59:f1:e8:9d:57:e3:ca:d4: 586s 8e:5e:97:d1:1f:bd:ca:9e:57:25:a9:8a:15:db:51:36:a9:0b: 586s d7:59:e8:47:14:b0:63:59:19:3f:78:7c:f1:94:67:59:fb:81: 586s c0:6d:d3:d9:a2:88:19:4a:07:8e:ce:4f:14:a3:6c:40:7d:b5: 586s 24:f4:c0:c4:70:31:0f:20:79:7e:dc:dc:c1:3b:f3:98:5e:5e: 586s c8:ca:02:5a:7e:26:c3:f1:01:42:31:73:42:e6:71:dd:19:67: 586s 57:36 586s + local found_md5 expected_md5 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/test-sub-intermediate-CA-trusted-certificate-0001.pem 586s + expected_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022.pem 586s + found_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s + '[' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 '!=' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 ']' 586s + output_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022-auth.output 586s ++ basename /tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022-auth.output .output 586s + output_cert_file=/tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022-auth.pem 586s + echo -n 053350 586s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-mOYOpU/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 586s [p11_child[2026]] [main] (0x0400): p11_child started. 586s [p11_child[2026]] [main] (0x2000): Running in [auth] mode. 586s [p11_child[2026]] [main] (0x2000): Running with effective IDs: [0][0]. 586s [p11_child[2026]] [main] (0x2000): Running with real IDs [0][0]. 586s [p11_child[2026]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 586s [p11_child[2026]] [do_card] (0x4000): Module List: 586s [p11_child[2026]] [do_card] (0x4000): common name: [softhsm2]. 586s [p11_child[2026]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[2026]] [do_card] (0x4000): Description [SoftHSM slot ID 0x67491f8e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 586s [p11_child[2026]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 586s [p11_child[2026]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x67491f8e][1732845454] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 586s [p11_child[2026]] [do_card] (0x4000): Login required. 586s [p11_child[2026]] [do_card] (0x4000): Token flags [1069]. 586s [p11_child[2026]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 586s [p11_child[2026]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 586s [p11_child[2026]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 586s [p11_child[2026]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x67491f8e;slot-manufacturer=SoftHSM%20project;slot-id=1732845454;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5d89495767491f8e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 586s [p11_child[2026]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 586s [p11_child[2026]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 586s [p11_child[2026]] [do_card] (0x4000): Certificate verified and validated. 586s [p11_child[2026]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 586s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022-auth.output 586s + echo '-----BEGIN CERTIFICATE-----' 586s + tail -n1 /tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022-auth.output 586s + echo '-----END CERTIFICATE-----' 586s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022-auth.pem 586s Certificate: 586s Data: 586s Version: 3 (0x2) 586s Serial Number: 5 (0x5) 586s Signature Algorithm: sha256WithRSAEncryption 586s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 586s Validity 586s Not Before: Jan 23 22:05:23 2026 GMT 586s Not After : Jan 23 22:05:23 2027 GMT 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:ac:c8:46:25:e6:99:05:1b:4a:ac:40:d8:72:a3: 586s 7c:d6:80:4a:ee:84:fa:3c:0a:07:9d:f7:fb:74:b1: 586s b6:42:ec:ba:86:eb:b9:fe:a7:f8:40:19:62:db:f4: 586s 1d:9c:7c:c5:5b:63:8e:a5:3c:b6:95:fc:6b:42:8e: 586s a0:f8:92:0d:da:14:55:6b:16:1e:bf:4a:da:25:43: 586s 4b:7a:14:7c:47:66:f1:4c:b6:c1:e5:e7:40:1c:e7: 586s 50:b5:22:6f:0c:b8:e5:5d:f3:66:27:86:02:aa:2f: 586s f3:81:c6:b9:2f:77:68:cd:1f:4d:67:ab:39:fd:08: 586s 20:ef:15:9e:5c:8c:38:5a:33 586s Exponent: 65537 (0x10001) 586s X509v3 extensions: 586s X509v3 Authority Key Identifier: 586s BD:E4:7A:4B:9B:A6:C8:78:38:B6:94:D0:5E:B9:62:0F:7F:09:F2:0E 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Sub Intermediate CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s A6:3D:4D:E3:27:8E:55:91:A3:78:65:5F:8E:65:F3:59:63:E8:4C:A5 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s a6:ad:1a:b1:2a:f9:c9:f0:8c:4c:7e:ee:85:16:cb:91:9e:ac: 586s 62:e4:3f:26:16:da:52:97:e8:c6:59:f1:e8:9d:57:e3:ca:d4: 586s 8e:5e:97:d1:1f:bd:ca:9e:57:25:a9:8a:15:db:51:36:a9:0b: 586s d7:59:e8:47:14:b0:63:59:19:3f:78:7c:f1:94:67:59:fb:81: 586s c0:6d:d3:d9:a2:88:19:4a:07:8e:ce:4f:14:a3:6c:40:7d:b5: 586s 24:f4:c0:c4:70:31:0f:20:79:7e:dc:dc:c1:3b:f3:98:5e:5e: 586s c8:ca:02:5a:7e:26:c3:f1:01:42:31:73:42:e6:71:dd:19:67: 586s 57:36 586s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-mOYOpU/SSSD-child-11022-auth.pem 586s + found_md5=Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 586s + '[' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 '!=' Modulus=ACC84625E699051B4AAC40D872A37CD6804AEE84FA3C0A079DF7FB74B1B642ECBA86EBB9FEA7F8401962DBF41D9C7CC55B638EA53CB695FC6B428EA0F8920DDA14556B161EBF4ADA25434B7A147C4766F14CB6C1E5E7401CE750B5226F0CB8E55DF366278602AA2FF381C6B92F7768CD1F4D67AB39FD0820EF159E5C8C385A33 ']' 586s + set +x 586s 586s Test completed, Root CA and intermediate issued certificates verified! 587s autopkgtest [22:05:27]: test sssd-softhism2-certificates-tests.sh: -----------------------] 591s autopkgtest [22:05:31]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 591s sssd-softhism2-certificates-tests.sh PASS 594s autopkgtest [22:05:34]: test sssd-smart-card-pam-auth-configs: preparing testbed 596s Reading package lists... 597s Building dependency tree... 597s Reading state information... 597s Solving dependencies... 598s The following NEW packages will be installed: 598s pamtester 598s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 598s Need to get 12.2 kB of archives. 598s After this operation, 85.0 kB of additional disk space will be used. 598s Get:1 http://ftpmaster.internal/ubuntu resolute/universe armhf pamtester armhf 0.1.2-4build1 [12.2 kB] 599s Fetched 12.2 kB in 0s (52.5 kB/s) 599s Selecting previously unselected package pamtester. 599s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 67066 files and directories currently installed.) 599s Preparing to unpack .../pamtester_0.1.2-4build1_armhf.deb ... 599s Unpacking pamtester (0.1.2-4build1) ... 599s Setting up pamtester (0.1.2-4build1) ... 599s Processing triggers for man-db (2.13.1-1) ... 609s autopkgtest [22:05:49]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 609s autopkgtest [22:05:49]: test sssd-smart-card-pam-auth-configs: [----------------------- 611s + '[' -z ubuntu ']' 611s + export DEBIAN_FRONTEND=noninteractive 611s + DEBIAN_FRONTEND=noninteractive 611s + required_tools=(pamtester softhsm2-util sssd) 611s + [[ ! -v OFFLINE_MODE ]] 611s + for cmd in "${required_tools[@]}" 611s + command -v pamtester 611s + for cmd in "${required_tools[@]}" 611s + command -v softhsm2-util 611s + for cmd in "${required_tools[@]}" 611s + command -v sssd 611s + PIN=123456 611s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 611s + tmpdir=/tmp/sssd-softhsm2-certs-4an2Fb 611s + backupsdir= 611s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 611s + declare -a restore_paths 611s + declare -a delete_paths 611s + trap handle_exit EXIT 611s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 611s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 611s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 611s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 611s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-4an2Fb GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 611s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-4an2Fb 611s + GENERATE_SMART_CARDS=1 611s + KEEP_TEMPORARY_FILES=1 611s + NO_SSSD_TESTS=1 611s + bash debian/tests/sssd-softhism2-certificates-tests.sh 611s + '[' -z ubuntu ']' 611s + required_tools=(p11tool openssl softhsm2-util) 611s + for cmd in "${required_tools[@]}" 611s + command -v p11tool 611s + for cmd in "${required_tools[@]}" 611s + command -v openssl 611s + for cmd in "${required_tools[@]}" 611s + command -v softhsm2-util 611s + PIN=123456 611s +++ find /usr/lib/softhsm/libsofthsm2.so 611s +++ head -n 1 611s ++ realpath /usr/lib/softhsm/libsofthsm2.so 611s + SOFTHSM2_MODULE=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 611s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 611s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 611s + '[' '!' -v NO_SSSD_TESTS ']' 611s + '[' '!' -e /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so ']' 611s + tmpdir=/tmp/sssd-softhsm2-certs-4an2Fb 611s + keys_size=1024 611s + [[ ! -v KEEP_TEMPORARY_FILES ]] 611s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 611s + echo -n 01 611s + touch /tmp/sssd-softhsm2-certs-4an2Fb/index.txt 611s + mkdir -p /tmp/sssd-softhsm2-certs-4an2Fb/new_certs 611s + cat 611s + root_ca_key_pass=pass:random-root-CA-password-31101 611s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-key.pem -passout pass:random-root-CA-password-31101 1024 611s + openssl req -passin pass:random-root-CA-password-31101 -batch -config /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.pem 611s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.pem 611s + cat 611s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-11378 611s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-11378 1024 611s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-11378 -config /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-31101 -sha256 -out /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-certificate-request.pem 611s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-certificate-request.pem 611s Certificate Request: 611s Data: 611s Version: 1 (0x0) 611s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 611s Subject Public Key Info: 611s Public Key Algorithm: rsaEncryption 611s Public-Key: (1024 bit) 611s Modulus: 611s 00:c2:a9:dd:bb:28:7f:e2:c2:2e:ef:15:a5:72:49: 611s 5c:dd:de:c2:25:e4:4d:bf:a4:90:6b:3f:2d:b3:13: 611s 1e:fa:3a:e3:f5:29:6a:65:ca:ec:b8:e2:5d:73:32: 611s 35:d5:83:cc:ca:17:a9:3e:cf:fd:94:ea:c3:5f:c9: 611s e2:cb:68:f5:dd:8d:3d:95:3c:0b:c0:b5:76:14:d5: 611s e1:67:5e:5c:b0:1d:19:88:d7:0b:53:de:9e:df:09: 611s fc:9b:1c:cd:35:89:fc:77:f7:18:83:a4:c4:3e:d1: 611s 1f:01:fb:5d:74:e6:bf:1e:03:09:94:ab:a0:8c:79: 611s f7:da:f7:59:b3:d5:d7:5e:47 611s Exponent: 65537 (0x10001) 611s Attributes: 611s (none) 611s Requested Extensions: 611s Signature Algorithm: sha256WithRSAEncryption 611s Signature Value: 611s 3f:1e:56:c3:39:f1:2f:cc:d0:36:d6:23:58:cd:1b:7f:9a:6d: 611s f3:a4:13:97:8e:97:01:26:b5:c8:67:32:15:88:da:e0:6b:66: 611s 39:59:dc:38:b8:ed:b0:5b:e4:a2:98:1d:31:e8:2b:b2:88:58: 611s 15:57:74:f3:ec:4b:d6:57:1d:79:91:54:21:1c:3e:a5:b9:c0: 611s 43:41:8a:2a:81:8d:98:67:4e:05:b0:33:ed:ba:b4:0c:9e:8a: 611s 35:26:9f:72:bb:a1:fe:cd:eb:9a:78:8a:54:7d:7d:9f:56:31: 611s 6f:ca:2b:8c:1a:9a:a4:67:e0:03:0e:57:da:c5:ed:b4:d3:55: 611s 1b:47 611s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.config -passin pass:random-root-CA-password-31101 -keyfile /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem 611s Using configuration from /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.config 611s Check that the request matches the signature 611s Signature ok 611s Certificate Details: 611s Serial Number: 1 (0x1) 611s Validity 611s Not Before: Jan 23 22:05:51 2026 GMT 611s Not After : Jan 23 22:05:51 2027 GMT 611s Subject: 611s organizationName = Test Organization 611s organizationalUnitName = Test Organization Unit 611s commonName = Test Organization Intermediate CA 611s X509v3 extensions: 611s X509v3 Subject Key Identifier: 611s 4F:2D:18:7B:BA:F7:93:06:96:C0:CD:DB:0F:75:F5:0B:FC:3D:54:5A 611s X509v3 Authority Key Identifier: 611s keyid:12:7A:0F:D4:83:7D:6C:22:6B:D0:F7:14:FF:F7:75:E7:F3:16:81:54 611s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 611s serial:00 611s X509v3 Basic Constraints: 611s CA:TRUE 611s X509v3 Key Usage: critical 611s Digital Signature, Certificate Sign, CRL Sign 611s Certificate is to be certified until Jan 23 22:05:51 2027 GMT (365 days) 611s 611s Write out database with 1 new entries 611s Database updated 611s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem 611s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem 611s /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem: OK 611s + cat 611s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-12909 611s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-12909 1024 611s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-12909 -config /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-11378 -sha256 -out /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-certificate-request.pem 611s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-certificate-request.pem 611s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-11378 -keyfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem 611s Certificate Request: 611s Data: 611s Version: 1 (0x0) 611s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 611s Subject Public Key Info: 611s Public Key Algorithm: rsaEncryption 611s Public-Key: (1024 bit) 611s Modulus: 611s 00:e8:ef:b5:40:01:5c:79:2e:da:3a:0d:da:3e:f4: 611s 7e:a9:a0:bc:40:a7:60:c2:0d:c7:38:26:43:1a:11: 611s e0:c1:6b:82:0a:55:94:0c:0f:15:be:5c:95:14:9e: 611s 02:81:4c:e1:06:f3:96:d0:e7:7f:f9:4c:6b:d7:b8: 611s 3f:6a:19:55:c5:e5:1b:d9:e3:a5:92:82:c9:64:98: 611s 23:ee:1e:10:de:8b:c9:61:fd:be:b1:f6:39:bd:77: 611s f5:ca:32:40:98:3e:a0:6d:5b:e5:4e:96:3b:d0:ca: 611s b1:5a:15:2f:b1:d1:49:da:c2:8d:01:44:d8:2e:d5: 611s 28:4f:53:dd:16:f9:df:d3:31 611s Exponent: 65537 (0x10001) 611s Attributes: 611s (none) 611s Requested Extensions: 611s Signature Algorithm: sha256WithRSAEncryption 611s Signature Value: 611s 1f:16:d3:9c:fb:bc:72:b5:da:ca:59:2e:8a:3d:92:02:f4:7d: 611s 49:b9:a5:1f:e8:7f:26:96:cb:15:3c:63:f5:74:51:f0:d9:de: 611s bf:e1:9e:2d:ba:0e:02:f5:ad:bc:55:6c:65:9e:65:11:d9:e0: 611s db:be:49:f9:82:62:dd:c4:d3:42:48:8e:48:fc:15:eb:d0:c2: 611s 7a:4c:00:12:41:00:4d:c4:cd:81:85:41:31:5b:50:1d:8f:df: 611s 0b:b5:23:5d:e0:86:23:0c:41:ed:2b:5b:62:da:07:15:f6:48: 611s e2:82:b9:01:1b:a7:d2:3f:88:8a:9e:06:67:6d:6e:83:98:1e: 611s b8:0e 611s Using configuration from /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.config 611s Check that the request matches the signature 611s Signature ok 611s Certificate Details: 611s Serial Number: 2 (0x2) 611s Validity 611s Not Before: Jan 23 22:05:51 2026 GMT 611s Not After : Jan 23 22:05:51 2027 GMT 611s Subject: 611s organizationName = Test Organization 611s organizationalUnitName = Test Organization Unit 611s commonName = Test Organization Sub Intermediate CA 611s X509v3 extensions: 611s X509v3 Subject Key Identifier: 611s 58:FC:FE:E9:DA:05:5A:50:E4:02:BD:CE:89:56:76:B4:15:87:F4:44 611s X509v3 Authority Key Identifier: 611s keyid:4F:2D:18:7B:BA:F7:93:06:96:C0:CD:DB:0F:75:F5:0B:FC:3D:54:5A 611s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 611s serial:01 611s X509v3 Basic Constraints: 611s CA:TRUE 611s X509v3 Key Usage: critical 611s Digital Signature, Certificate Sign, CRL Sign 611s Certificate is to be certified until Jan 23 22:05:51 2027 GMT (365 days) 611s 611s Write out database with 1 new entries 611s Database updated 611s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem 611s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem 612s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem 612s + local cmd=openssl 612s + shift 612s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem 612s /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem: OK 612s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 612s error 20 at 0 depth lookup: unable to get local issuer certificate 612s error /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem: verification failed 612s + cat 612s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-21499 612s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-21499 1024 612s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-21499 -key /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001-request.pem 612s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001-request.pem 612s Certificate Request: 612s Data: 612s Version: 1 (0x0) 612s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 612s Subject Public Key Info: 612s Public Key Algorithm: rsaEncryption 612s Public-Key: (1024 bit) 612s Modulus: 612s 00:b8:b1:d4:b8:fa:8b:ae:b1:2e:59:04:57:e3:f0: 612s f5:ef:c7:4f:b3:21:0f:4f:bb:8a:db:18:f0:eb:02: 612s 03:79:22:51:60:c5:68:0c:93:75:6b:4e:8b:92:d4: 612s 76:be:b1:29:33:96:14:eb:c4:95:5d:18:5f:e3:1b: 612s d1:cb:91:88:c1:ba:3e:0a:cd:a4:21:44:18:e6:69: 612s b2:77:5d:23:97:e6:17:99:ed:33:b3:80:44:99:ca: 612s 42:74:80:e2:d4:27:88:c9:40:92:05:71:95:c3:fa: 612s f0:64:ae:40:08:e2:aa:f8:0e:9e:ad:18:25:71:bf: 612s 83:ce:2b:1f:67:85:6f:de:9d 612s Exponent: 65537 (0x10001) 612s Attributes: 612s Requested Extensions: 612s X509v3 Basic Constraints: 612s CA:FALSE 612s Netscape Cert Type: 612s SSL Client, S/MIME 612s Netscape Comment: 612s Test Organization Root CA trusted Certificate 612s X509v3 Subject Key Identifier: 612s A0:69:1A:99:27:CE:8D:61:37:0C:34:76:E1:D5:9A:0F:27:51:4C:10 612s X509v3 Key Usage: critical 612s Digital Signature, Non Repudiation, Key Encipherment 612s X509v3 Extended Key Usage: 612s TLS Web Client Authentication, E-mail Protection 612s X509v3 Subject Alternative Name: 612s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 612s Signature Algorithm: sha256WithRSAEncryption 612s Signature Value: 612s a1:76:f8:ce:15:cc:82:a7:04:3a:3b:9f:33:cb:f4:14:04:f0: 612s ed:2e:66:36:2d:88:8e:92:4e:b6:e3:8d:20:14:ee:54:6a:bb: 612s 98:a3:50:06:a6:ff:c5:bb:70:c6:fb:4a:75:48:9c:ba:dd:ba: 612s de:bb:64:bb:86:95:0d:d6:fa:3e:47:68:ac:86:c8:5c:73:0d: 612s df:91:98:98:f5:46:58:fa:db:e9:c8:1a:29:12:a4:70:a5:78: 612s a4:c3:d0:4f:00:6c:67:2b:7e:bf:b9:09:82:13:05:aa:fe:01: 612s 0a:59:ea:88:5c:5e:e3:15:66:b8:d0:3c:2f:b5:0a:b1:74:6c: 612s 51:ab 612s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.config -passin pass:random-root-CA-password-31101 -keyfile /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem 612s Using configuration from /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.config 612s Check that the request matches the signature 612s Signature ok 612s Certificate Details: 612s Serial Number: 3 (0x3) 612s Validity 612s Not Before: Jan 23 22:05:52 2026 GMT 612s Not After : Jan 23 22:05:52 2027 GMT 612s Subject: 612s organizationName = Test Organization 612s organizationalUnitName = Test Organization Unit 612s commonName = Test Organization Root Trusted Certificate 0001 612s X509v3 extensions: 612s X509v3 Authority Key Identifier: 612s 12:7A:0F:D4:83:7D:6C:22:6B:D0:F7:14:FF:F7:75:E7:F3:16:81:54 612s X509v3 Basic Constraints: 612s CA:FALSE 612s Netscape Cert Type: 612s SSL Client, S/MIME 612s Netscape Comment: 612s Test Organization Root CA trusted Certificate 612s X509v3 Subject Key Identifier: 612s A0:69:1A:99:27:CE:8D:61:37:0C:34:76:E1:D5:9A:0F:27:51:4C:10 612s X509v3 Key Usage: critical 612s Digital Signature, Non Repudiation, Key Encipherment 612s X509v3 Extended Key Usage: 612s TLS Web Client Authentication, E-mail Protection 612s X509v3 Subject Alternative Name: 612s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 612s Certificate is to be certified until Jan 23 22:05:52 2027 GMT (365 days) 612s 612s Write out database with 1 new entries 612s Database updated 612s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem 612s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem 612s /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem: OK 612s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem 612s + local cmd=openssl 612s + shift 612s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem 612s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 612s error 20 at 0 depth lookup: unable to get local issuer certificate 612s error /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem: verification failed 612s + cat 612s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-5831 612s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-5831 1024 612s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-5831 -key /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001-request.pem 612s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001-request.pem 612s Certificate Request: 612s Data: 612s Version: 1 (0x0) 612s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 612s Subject Public Key Info: 612s Public Key Algorithm: rsaEncryption 612s Public-Key: (1024 bit) 612s Modulus: 612s 00:c2:77:f9:96:69:8d:8e:f8:11:fc:b4:3d:e4:6e: 612s b5:01:41:67:3c:60:97:a3:37:f7:29:4f:0b:de:dd: 612s a7:a6:63:d6:44:61:6e:a4:dd:e2:fe:64:84:f3:78: 612s 70:9b:f7:5f:8b:a3:07:a2:a0:91:fc:b2:e1:95:57: 612s 20:50:c9:d0:e7:c2:6b:fc:45:5a:3f:fa:18:b9:f5: 612s 5c:80:fa:a3:3f:a8:f6:e9:9c:e7:8b:68:41:8c:8d: 612s 63:fb:0f:65:bd:b6:4a:47:3e:3a:fd:bc:46:d9:d9: 612s 73:d0:56:66:4c:7d:6b:3c:80:44:aa:8b:80:80:6d: 612s c4:8e:b0:00:be:ee:e6:ac:e3 612s Exponent: 65537 (0x10001) 612s Attributes: 612s Requested Extensions: 612s X509v3 Basic Constraints: 612s CA:FALSE 612s Netscape Cert Type: 612s SSL Client, S/MIME 612s Netscape Comment: 612s Test Organization Intermediate CA trusted Certificate 612s X509v3 Subject Key Identifier: 612s 1F:71:0C:4B:2B:EC:50:48:16:5D:AD:B0:E0:E9:1C:24:8C:FA:9B:50 612s X509v3 Key Usage: critical 612s Digital Signature, Non Repudiation, Key Encipherment 612s X509v3 Extended Key Usage: 612s TLS Web Client Authentication, E-mail Protection 612s X509v3 Subject Alternative Name: 612s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 612s Signature Algorithm: sha256WithRSAEncryption 612s Signature Value: 612s 8d:31:d1:61:25:65:d4:49:ce:d3:15:f5:21:a9:80:41:0b:ff: 612s 97:5e:2f:3a:6b:a9:6e:00:93:a5:9b:eb:55:f7:b5:e8:3e:bc: 612s 8b:56:58:a2:74:5d:aa:9a:39:69:ac:44:94:3e:ce:7c:b1:6e: 612s 9c:e0:ed:7a:d1:c3:9f:23:5c:6a:3d:6e:09:bf:85:c1:41:16: 612s fd:ae:7d:02:5f:87:d8:c9:0b:b8:b4:71:63:ee:cd:d0:37:16: 612s 00:40:3c:6a:1f:8a:92:d8:7f:52:e9:9d:bb:40:55:64:ed:9e: 612s 95:e4:dd:fc:5c:cc:d2:a5:32:42:90:64:5a:2f:39:fb:ae:5e: 612s 98:aa 612s + openssl ca -passin pass:random-intermediate-CA-password-11378 -config /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem 612s Using configuration from /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.config 612s Check that the request matches the signature 612s Signature ok 612s Certificate Details: 612s Serial Number: 4 (0x4) 612s Validity 612s Not Before: Jan 23 22:05:52 2026 GMT 612s Not After : Jan 23 22:05:52 2027 GMT 612s Subject: 612s organizationName = Test Organization 612s organizationalUnitName = Test Organization Unit 612s commonName = Test Organization Intermediate Trusted Certificate 0001 612s X509v3 extensions: 612s X509v3 Authority Key Identifier: 612s 4F:2D:18:7B:BA:F7:93:06:96:C0:CD:DB:0F:75:F5:0B:FC:3D:54:5A 612s X509v3 Basic Constraints: 612s CA:FALSE 612s Netscape Cert Type: 612s SSL Client, S/MIME 612s Netscape Comment: 612s Test Organization Intermediate CA trusted Certificate 612s X509v3 Subject Key Identifier: 612s 1F:71:0C:4B:2B:EC:50:48:16:5D:AD:B0:E0:E9:1C:24:8C:FA:9B:50 612s X509v3 Key Usage: critical 612s Digital Signature, Non Repudiation, Key Encipherment 612s X509v3 Extended Key Usage: 612s TLS Web Client Authentication, E-mail Protection 612s X509v3 Subject Alternative Name: 612s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 612s Certificate is to be certified until Jan 23 22:05:52 2027 GMT (365 days) 612s 612s Write out database with 1 new entries 612s Database updated 612s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem 612s + echo 'This certificate should not be trusted fully' 612s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem 612s + local cmd=openssl 612s + shift 612s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem 612s This certificate should not be trusted fully 612s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 612s error 2 at 1 depth lookup: unable to get issuer certificate 612s error /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 612s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem 612s /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem: OK 612s + cat 612s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1602 612s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-1602 1024 612s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-1602 -key /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 612s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 612s Certificate Request: 612s Data: 612s Version: 1 (0x0) 612s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 612s Subject Public Key Info: 612s Public Key Algorithm: rsaEncryption 612s Public-Key: (1024 bit) 612s Modulus: 612s 00:b9:8a:7b:05:fe:25:67:45:bd:c1:80:69:40:b3: 612s 03:16:ed:76:63:39:ac:72:8f:c4:78:28:7a:ba:ca: 612s e5:a1:5a:86:fe:4b:a4:24:49:8b:59:57:2e:33:eb: 612s cd:7c:a1:dd:e3:64:02:fd:b3:47:45:f7:bc:70:bd: 612s 18:f2:29:62:8f:90:48:3b:6d:92:5a:2e:49:eb:af: 612s d0:60:93:61:67:53:08:4a:bc:21:40:4e:3b:e4:17: 612s 01:f5:89:99:d1:33:ec:80:3b:f6:b4:3d:53:49:10: 612s a9:a1:c9:a3:8e:43:0e:a7:ed:7b:8f:fe:47:3f:3f: 612s ef:b9:c4:f7:8a:08:26:c9:3f 612s Exponent: 65537 (0x10001) 612s Attributes: 612s Requested Extensions: 612s X509v3 Basic Constraints: 612s CA:FALSE 612s Netscape Cert Type: 612s SSL Client, S/MIME 612s Netscape Comment: 612s Test Organization Sub Intermediate CA trusted Certificate 612s X509v3 Subject Key Identifier: 612s 83:B8:F0:F0:DB:6C:DA:A1:01:1F:89:33:B9:B2:B5:F9:74:0F:4D:7B 612s X509v3 Key Usage: critical 612s Digital Signature, Non Repudiation, Key Encipherment 612s X509v3 Extended Key Usage: 612s TLS Web Client Authentication, E-mail Protection 612s X509v3 Subject Alternative Name: 612s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 612s Signature Algorithm: sha256WithRSAEncryption 612s Signature Value: 612s 5e:6c:fd:22:b7:0b:b8:42:49:35:c5:43:a2:fb:20:05:ff:4b: 612s 02:b5:6f:52:e9:57:b3:2d:8f:9d:ad:ff:bf:15:e2:08:ca:f6: 612s 40:48:ff:b8:ee:7c:b6:a0:a4:81:c1:0f:fd:7c:a6:a0:e4:39: 612s 13:f6:4f:04:81:0d:a9:46:0a:ec:1d:e8:a9:95:45:0c:48:ed: 612s 80:1c:d1:d2:ed:5f:5b:ac:26:60:40:ad:4c:25:32:a6:ea:19: 612s 19:33:02:b8:e6:70:7e:92:52:e9:5b:c6:63:aa:eb:75:ac:96: 612s a9:69:d9:48:04:f7:91:ee:37:8b:62:a0:9d:c7:e1:ac:26:5e: 612s a5:d4 612s + openssl ca -passin pass:random-sub-intermediate-CA-password-12909 -config /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s Using configuration from /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.config 612s Check that the request matches the signature 612s Signature ok 612s Certificate Details: 612s Serial Number: 5 (0x5) 612s Validity 612s Not Before: Jan 23 22:05:52 2026 GMT 612s Not After : Jan 23 22:05:52 2027 GMT 612s Subject: 612s organizationName = Test Organization 612s organizationalUnitName = Test Organization Unit 612s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 612s X509v3 extensions: 612s X509v3 Authority Key Identifier: 612s 58:FC:FE:E9:DA:05:5A:50:E4:02:BD:CE:89:56:76:B4:15:87:F4:44 612s X509v3 Basic Constraints: 612s CA:FALSE 612s Netscape Cert Type: 612s SSL Client, S/MIME 612s Netscape Comment: 612s Test Organization Sub Intermediate CA trusted Certificate 612s X509v3 Subject Key Identifier: 612s 83:B8:F0:F0:DB:6C:DA:A1:01:1F:89:33:B9:B2:B5:F9:74:0F:4D:7B 612s X509v3 Key Usage: critical 612s Digital Signature, Non Repudiation, Key Encipherment 612s X509v3 Extended Key Usage: 612s TLS Web Client Authentication, E-mail Protection 612s X509v3 Subject Alternative Name: 612s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 612s Certificate is to be certified until Jan 23 22:05:52 2027 GMT (365 days) 612s 612s Write out database with 1 new entries 612s Database updated 612s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s This certificate should not be trusted fully 612s + echo 'This certificate should not be trusted fully' 612s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s + local cmd=openssl 612s + shift 612s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 612s error 2 at 1 depth lookup: unable to get issuer certificate 612s error /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 612s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s + local cmd=openssl 612s + shift 612s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 612s error 20 at 0 depth lookup: unable to get local issuer certificate 612s error /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 612s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 612s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s + local cmd=openssl 612s + shift 612s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 612s error 20 at 0 depth lookup: unable to get local issuer certificate 612s error /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 612s Building a the full-chain CA file... 612s + echo 'Building a the full-chain CA file...' 612s + cat /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem 612s + cat /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem 612s + cat /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem 612s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem 612s + openssl pkcs7 -print_certs -noout 612s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 612s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 612s 612s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 612s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 612s 612s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 612s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 612s 612s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem 612s /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA.pem: OK 612s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem 612s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem 612s /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem: OK 612s /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem: OK 612s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-root-intermediate-chain-CA.pem 612s /tmp/sssd-softhsm2-certs-4an2Fb/test-root-intermediate-chain-CA.pem: OK 612s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 612s Certificates generation completed! 612s + echo 'Certificates generation completed!' 612s + [[ -v NO_SSSD_TESTS ]] 612s + [[ -v GENERATE_SMART_CARDS ]] 612s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-21499 612s + local certificate=/tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem 612s + local key_pass=pass:random-root-ca-trusted-cert-0001-21499 612s + local key_cn 612s + local key_name 612s + local tokens_dir 612s + local output_cert_file 612s + token_name= 612s ++ basename /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem .pem 612s + key_name=test-root-CA-trusted-certificate-0001 612s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem 612s ++ sed -n 's/ *commonName *= //p' 612s + key_cn='Test Organization Root Trusted Certificate 0001' 612s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 612s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-root-CA-trusted-certificate-0001.conf 612s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-root-CA-trusted-certificate-0001.conf 612s ++ basename /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 612s + tokens_dir=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-root-CA-trusted-certificate-0001 612s + token_name='Test Organization Root Tr Token' 612s + '[' '!' -e /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 612s + local key_file 612s + local decrypted_key 612s + mkdir -p /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-root-CA-trusted-certificate-0001 612s Slot 0 has a free/uninitialized token. 612s The token has been initialized and is reassigned to slot 2134485916 612s Available slots: 612s Slot 2134485916 612s Slot info: 612s Description: SoftHSM slot ID 0x7f39ab9c 612s Manufacturer ID: SoftHSM project 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Token present: yes 612s Token info: 612s Manufacturer ID: SoftHSM project 612s Model: SoftHSM v2 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Serial number: 8901c2e87f39ab9c 612s Initialized: yes 612s User PIN init.: yes 612s Label: Test Organization Root Tr Token 612s Slot 1 612s Slot info: 612s Description: SoftHSM slot ID 0x1 612s Manufacturer ID: SoftHSM project 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Token present: yes 612s Token info: 612s Manufacturer ID: SoftHSM project 612s Model: SoftHSM v2 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Serial number: 612s Initialized: no 612s User PIN init.: no 612s Label: 612s + key_file=/tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001-key.pem 612s + decrypted_key=/tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001-key-decrypted.pem 612s + cat 612s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 612s + softhsm2-util --show-slots 612s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 612s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-21499 -in /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001-key-decrypted.pem 612s writing RSA key 612s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 612s + rm /tmp/sssd-softhsm2-certs-4an2Fb/test-root-CA-trusted-certificate-0001-key-decrypted.pem 612s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 612s + echo 'Test Organization Root Tr Token' 612s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5831 612s + local certificate=/tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem 612s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5831 612s + local key_cn 612s + local key_name 612s + local tokens_dir 612s + local output_cert_file 612s + token_name= 612s ++ basename /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem .pem 612s Object 0: 612s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8901c2e87f39ab9c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 612s Type: X.509 Certificate (RSA-1024) 612s Expires: Sat Jan 23 22:05:52 2027 612s Label: Test Organization Root Trusted Certificate 0001 612s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 612s 612s Test Organization Root Tr Token 612s + key_name=test-intermediate-CA-trusted-certificate-0001 612s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem 612s ++ sed -n 's/ *commonName *= //p' 612s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 612s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 612s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 612s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 612s ++ basename /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 612s + tokens_dir=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-intermediate-CA-trusted-certificate-0001 612s + token_name='Test Organization Interme Token' 612s + '[' '!' -e /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 612s + local key_file 612s + local decrypted_key 612s + mkdir -p /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-intermediate-CA-trusted-certificate-0001 612s + key_file=/tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001-key.pem 612s + decrypted_key=/tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 612s + cat 612s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 612s Slot 0 has a free/uninitialized token. 612s The token has been initialized and is reassigned to slot 592888565 612s + softhsm2-util --show-slots 612s Available slots: 612s Slot 592888565 612s Slot info: 612s Description: SoftHSM slot ID 0x2356c2f5 612s Manufacturer ID: SoftHSM project 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Token present: yes 612s Token info: 612s Manufacturer ID: SoftHSM project 612s Model: SoftHSM v2 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Serial number: 98703c172356c2f5 612s Initialized: yes 612s User PIN init.: yes 612s Label: Test Organization Interme Token 612s Slot 1 612s Slot info: 612s Description: SoftHSM slot ID 0x1 612s Manufacturer ID: SoftHSM project 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Token present: yes 612s Token info: 612s Manufacturer ID: SoftHSM project 612s Model: SoftHSM v2 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Serial number: 612s Initialized: no 612s User PIN init.: no 612s Label: 612s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 612s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-5831 -in /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 612s writing RSA key 612s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 612s + rm /tmp/sssd-softhsm2-certs-4an2Fb/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 612s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 612s Object 0: 612s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=98703c172356c2f5;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 612s Type: X.509 Certificate (RSA-1024) 612s Expires: Sat Jan 23 22:05:52 2027 612s Label: Test Organization Intermediate Trusted Certificate 0001 612s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 612s 612s + echo 'Test Organization Interme Token' 612s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1602 612s + local certificate=/tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1602 612s + local key_cn 612s + local key_name 612s + local tokens_dir 612s + local output_cert_file 612s + token_name= 612s Test Organization Interme Token 612s ++ basename /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 612s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 612s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem 612s ++ sed -n 's/ *commonName *= //p' 612s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 612s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 612s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 612s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 612s ++ basename /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 612s + tokens_dir=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 612s + token_name='Test Organization Sub Int Token' 612s + '[' '!' -e /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 612s + local key_file 612s + local decrypted_key 612s + mkdir -p /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 612s + key_file=/tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 612s + decrypted_key=/tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 612s + cat 612s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 612s Slot 0 has a free/uninitialized token. 612s The token has been initialized and is reassigned to slot 141990930 612s + softhsm2-util --show-slots 612s Available slots: 612s Slot 141990930 612s Slot info: 612s Description: SoftHSM slot ID 0x8769c12 612s Manufacturer ID: SoftHSM project 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Token present: yes 612s Token info: 612s Manufacturer ID: SoftHSM project 612s Model: SoftHSM v2 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Serial number: 2071c12b88769c12 612s Initialized: yes 612s User PIN init.: yes 612s Label: Test Organization Sub Int Token 612s Slot 1 612s Slot info: 612s Description: SoftHSM slot ID 0x1 612s Manufacturer ID: SoftHSM project 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Token present: yes 612s Token info: 612s Manufacturer ID: SoftHSM project 612s Model: SoftHSM v2 612s Hardware version: 2.6 612s Firmware version: 2.6 612s Serial number: 612s Initialized: no 612s User PIN init.: no 612s Label: 612s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 612s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-1602 -in /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 612s writing RSA key 612s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 612s + rm /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 612s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 612s Object 0: 612s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2071c12b88769c12;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 612s Type: X.509 Certificate (RSA-1024) 612s Expires: Sat Jan 23 22:05:52 2027 612s Label: Test Organization Sub Intermediate Trusted Certificate 0001 612s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 612s 612s + echo 'Test Organization Sub Int Token' 612s + echo 'Certificates generation completed!' 612s + exit 0 612s + find /tmp/sssd-softhsm2-certs-4an2Fb -type d -exec chmod 777 '{}' ';' 612s Test Organization Sub Int Token 612s Certificates generation completed! 613s + find /tmp/sssd-softhsm2-certs-4an2Fb -type f -exec chmod 666 '{}' ';' 613s + backup_file /etc/sssd/sssd.conf 613s + '[' -z '' ']' 613s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 613s + backupsdir=/tmp/sssd-softhsm2-backups-pwn3Ta 613s + '[' -e /etc/sssd/sssd.conf ']' 613s + delete_paths+=("$1") 613s + rm -f /etc/sssd/sssd.conf 613s ++ runuser -u ubuntu -- sh -c 'echo ~' 613s + user_home=/home/ubuntu 613s + mkdir -p /home/ubuntu 613s + chown ubuntu:ubuntu /home/ubuntu 613s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 613s + user_config=/home/ubuntu/.config 613s + system_config=/etc 613s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 613s + for path_pair in "${softhsm2_conf_paths[@]}" 613s + IFS=: 613s + read -r -a path 613s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 613s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 613s + '[' -z /tmp/sssd-softhsm2-backups-pwn3Ta ']' 613s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 613s + delete_paths+=("$1") 613s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 613s + for path_pair in "${softhsm2_conf_paths[@]}" 613s + IFS=: 613s + read -r -a path 613s + path=/etc/softhsm/softhsm2.conf 613s + backup_file /etc/softhsm/softhsm2.conf 613s + '[' -z /tmp/sssd-softhsm2-backups-pwn3Ta ']' 613s + '[' -e /etc/softhsm/softhsm2.conf ']' 613s ++ dirname /etc/softhsm/softhsm2.conf 613s + local back_dir=/tmp/sssd-softhsm2-backups-pwn3Ta//etc/softhsm 613s ++ basename /etc/softhsm/softhsm2.conf 613s + local back_path=/tmp/sssd-softhsm2-backups-pwn3Ta//etc/softhsm/softhsm2.conf 613s + '[' '!' -e /tmp/sssd-softhsm2-backups-pwn3Ta//etc/softhsm/softhsm2.conf ']' 613s + mkdir -p /tmp/sssd-softhsm2-backups-pwn3Ta//etc/softhsm 613s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-pwn3Ta//etc/softhsm/softhsm2.conf 613s + restore_paths+=("$back_path") 613s + rm -f /etc/softhsm/softhsm2.conf 613s + test_authentication login /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem 613s + pam_service=login 613s + certificate_config=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-root-CA-trusted-certificate-0001.conf 613s + ca_db=/tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem 613s + verification_options= 613s + mkdir -p -m 700 /etc/sssd 613s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 613s + cat 613s Using CA DB '/tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem' with verification options: '' 613s + chmod 600 /etc/sssd/sssd.conf 613s + for path_pair in "${softhsm2_conf_paths[@]}" 613s + IFS=: 613s + read -r -a path 613s + user=ubuntu 613s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 613s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 613s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 613s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 613s + runuser -u ubuntu -- softhsm2-util --show-slots 613s + grep 'Test Organization' 613s + for path_pair in "${softhsm2_conf_paths[@]}" 613s + IFS=: 613s + read -r -a path 613s + user=root 613s + path=/etc/softhsm/softhsm2.conf 613s Label: Test Organization Root Tr Token 613s ++ dirname /etc/softhsm/softhsm2.conf 613s + runuser -u root -- mkdir -p /etc/softhsm 613s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 613s + runuser -u root -- softhsm2-util --show-slots 613s + grep 'Test Organization' 613s Label: Test Organization Root Tr Token 613s + systemctl restart sssd 613s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 614s + for alternative in "${alternative_pam_configs[@]}" 614s + pam-auth-update --enable sss-smart-card-optional 614s + cat /etc/pam.d/common-auth 614s # 614s # /etc/pam.d/common-auth - authentication settings common to all services 614s # 614s # This file is included from other service-specific PAM config files, 614s # and should contain a list of the authentication modules that define 614s # the central authentication scheme for use on the system 614s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 614s # traditional Unix authentication mechanisms. 614s # 614s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 614s # To take advantage of this, it is recommended that you configure any 614s # local modules either before or after the default block, and use 614s # pam-auth-update to manage selection of other modules. See 614s # pam-auth-update(8) for details. 614s 614s # here are the per-package modules (the "Primary" block) 614s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 614s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 614s auth [success=1 default=ignore] pam_sss.so use_first_pass 614s # here's the fallback if no module succeeds 614s auth requisite pam_deny.so 614s # prime the stack with a positive return value if there isn't one already; 614s # this avoids us returning an error just because nothing sets a success code 614s # since the modules above will each just jump around 614s auth required pam_permit.so 614s # and here are more per-package modules (the "Additional" block) 614s auth optional pam_cap.so 614s # end of pam-auth-update config 614s + echo -n -e 123456 614s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 614s pamtester: invoking pam_start(login, ubuntu, ...) 614s pamtester: performing operation - authenticate 614s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 614s + echo -n -e 123456 614s + runuser -u ubuntu -- pamtester -v login '' authenticate 614s pamtester: invoking pam_start(login, , ...) 614s pamtester: performing operation - authenticate 614s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 614s + echo -n -e wrong123456 614s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 614s pamtester: invoking pam_start(login, ubuntu, ...) 614s pamtester: performing operation - authenticate 617s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 617s + echo -n -e wrong123456 617s + runuser -u ubuntu -- pamtester -v login '' authenticate 617s pamtester: invoking pam_start(login, , ...) 617s pamtester: performing operation - authenticate 620s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 620s + echo -n -e 123456 620s + pamtester -v login root authenticate 620s pamtester: invoking pam_start(login, root, ...) 620s pamtester: performing operation - authenticate 624s Password: pamtester: Authentication failure 624s + for alternative in "${alternative_pam_configs[@]}" 624s + pam-auth-update --enable sss-smart-card-required 624s PAM configuration 624s ----------------- 624s 624s Incompatible PAM profiles selected. 624s 624s The following PAM profiles cannot be used together: 624s 624s SSS required smart card authentication, SSS optional smart card 624s authentication 624s 624s Please select a different set of modules to enable. 624s 624s + cat /etc/pam.d/common-auth 624s # 624s # /etc/pam.d/common-auth - authentication settings common to all services 624s # 624s # This file is included from other service-specific PAM config files, 624s # and should contain a list of the authentication modules that define 624s # the central authentication scheme for use on the system 624s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 624s # traditional Unix authentication mechanisms. 624s # 624s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 624s # To take advantage of this, it is recommended that you configure any 624s # local modules either before or after the default block, and use 624s # pam-auth-update to manage selection of other modules. See 624s # pam-auth-update(8) for details. 624s 624s # here are the per-package modules (the "Primary" block) 624s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 624s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 624s auth [success=1 default=ignore] pam_sss.so use_first_pass 624s # here's the fallback if no module succeeds 624s auth requisite pam_deny.so 624s # prime the stack with a positive return value if there isn't one already; 624s # this avoids us returning an error just because nothing sets a success code 624s # since the modules above will each just jump around 624s auth required pam_permit.so 624s # and here are more per-package modules (the "Additional" block) 624s auth optional pam_cap.so 624s # end of pam-auth-update config 624s + echo -n -e 123456 624s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 624s pamtester: invoking pam_start(login, ubuntu, ...) 624s pamtester: performing operation - authenticate 624s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 624s + echo -n -e 123456 624s + runuser -u ubuntu -- pamtester -v login '' authenticate 624s pamtester: invoking pam_start(login, , ...) 624s pamtester: performing operation - authenticate 624s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 624s + echo -n -e wrong123456 624s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 624s pamtester: invoking pam_start(login, ubuntu, ...) 624s pamtester: performing operation - authenticate 627s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 627s + echo -n -e wrong123456 627s + runuser -u ubuntu -- pamtester -v login '' authenticate 627s pamtester: invoking pam_start(login, , ...) 627s pamtester: performing operation - authenticate 630s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 630s + echo -n -e 123456 630s + pamtester -v login root authenticate 630s pamtester: invoking pam_start(login, root, ...) 630s pamtester: performing operation - authenticate 634s pamtester: Authentication service cannot retrieve authentication info 634s + test_authentication login /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem 634s + pam_service=login 634s + certificate_config=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 634s + ca_db=/tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem 634s + verification_options= 634s + mkdir -p -m 700 /etc/sssd 634s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 634s + cat 634s Using CA DB '/tmp/sssd-softhsm2-certs-4an2Fb/test-full-chain-CA.pem' with verification options: '' 634s + chmod 600 /etc/sssd/sssd.conf 634s + for path_pair in "${softhsm2_conf_paths[@]}" 634s + IFS=: 634s + read -r -a path 634s + user=ubuntu 634s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 634s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 634s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 634s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 634s + runuser -u ubuntu -- softhsm2-util --show-slots 634s + grep 'Test Organization' 634s + for path_pair in "${softhsm2_conf_paths[@]}" 634s + IFS=: 634s + read -r -a path 634s + user=root 634s + path=/etc/softhsm/softhsm2.conf 634s ++ dirname /etc/softhsm/softhsm2.conf 634s + runuser -u root -- mkdir -p /etc/softhsm 634s Label: Test Organization Sub Int Token 634s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 634s + runuser -u root -- softhsm2-util --show-slots 634s + grep 'Test Organization' 634s Label: Test Organization Sub Int Token 634s + systemctl restart sssd 634s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 634s + for alternative in "${alternative_pam_configs[@]}" 634s + pam-auth-update --enable sss-smart-card-optional 634s + cat /etc/pam.d/common-auth 634s # 634s # /etc/pam.d/common-auth - authentication settings common to all services 634s # 634s # This file is included from other service-specific PAM config files, 634s # and should contain a list of the authentication modules that define 634s # the central authentication scheme for use on the system 634s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 634s # traditional Unix authentication mechanisms. 634s # 634s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 634s # To take advantage of this, it is recommended that you configure any 634s # local modules either before or after the default block, and use 634s # pam-auth-update to manage selection of other modules. See 634s # pam-auth-update(8) for details. 634s 634s # here are the per-package modules (the "Primary" block) 634s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 634s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 634s auth [success=1 default=ignore] pam_sss.so use_first_pass 634s # here's the fallback if no module succeeds 634s auth requisite pam_deny.so 634s # prime the stack with a positive return value if there isn't one already; 634s # this avoids us returning an error just because nothing sets a success code 634s # since the modules above will each just jump around 634s auth required pam_permit.so 634s # and here are more per-package modules (the "Additional" block) 634s auth optional pam_cap.so 634s # end of pam-auth-update config 635s + echo -n -e 123456 635s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 635s pamtester: invoking pam_start(login, ubuntu, ...) 635s pamtester: performing operation - authenticate 635s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 635s + echo -n -e 123456 635s + runuser -u ubuntu -- pamtester -v login '' authenticate 635s pamtester: invoking pam_start(login, , ...) 635s pamtester: performing operation - authenticate 635s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 635s + echo -n -e wrong123456 635s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 635s pamtester: invoking pam_start(login, ubuntu, ...) 635s pamtester: performing operation - authenticate 637s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 637s + echo -n -e wrong123456 637s + runuser -u ubuntu -- pamtester -v login '' authenticate 637s pamtester: invoking pam_start(login, , ...) 637s pamtester: performing operation - authenticate 640s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 640s + echo -n -e 123456 640s + pamtester -v login root authenticate 640s pamtester: invoking pam_start(login, root, ...) 640s pamtester: performing operation - authenticate 643s Password: pamtester: Authentication failure 643s + for alternative in "${alternative_pam_configs[@]}" 643s + pam-auth-update --enable sss-smart-card-required 643s PAM configuration 643s ----------------- 643s 643s Incompatible PAM profiles selected. 643s 643s The following PAM profiles cannot be used together: 643s 643s SSS required smart card authentication, SSS optional smart card 643s authentication 643s 643s Please select a different set of modules to enable. 643s 643s + cat /etc/pam.d/common-auth 643s # 643s # /etc/pam.d/common-auth - authentication settings common to all services 643s # 643s # This file is included from other service-specific PAM config files, 643s # and should contain a list of the authentication modules that define 643s # the central authentication scheme for use on the system 643s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 643s # traditional Unix authentication mechanisms. 643s # 643s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 643s # To take advantage of this, it is recommended that you configure any 643s # local modules either before or after the default block, and use 643s # pam-auth-update to manage selection of other modules. See 643s # pam-auth-update(8) for details. 643s 643s # here are the per-package modules (the "Primary" block) 643s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 643s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 643s auth [success=1 default=ignore] pam_sss.so use_first_pass 643s # here's the fallback if no module succeeds 643s auth requisite pam_deny.so 643s # prime the stack with a positive return value if there isn't one already; 643s # this avoids us returning an error just because nothing sets a success code 643s # since the modules above will each just jump around 643s auth required pam_permit.so 643s # and here are more per-package modules (the "Additional" block) 643s auth optional pam_cap.so 643s # end of pam-auth-update config 643s + echo -n -e 123456 643s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 643s pamtester: invoking pam_start(login, ubuntu, ...) 643s pamtester: performing operation - authenticate 643s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 643s + echo -n -e 123456 643s + runuser -u ubuntu -- pamtester -v login '' authenticate 643s pamtester: invoking pam_start(login, , ...) 643s pamtester: performing operation - authenticate 643s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 643s + echo -n -e wrong123456 643s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 643s pamtester: invoking pam_start(login, ubuntu, ...) 643s pamtester: performing operation - authenticate 646s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 646s + echo -n -e wrong123456 646s + runuser -u ubuntu -- pamtester -v login '' authenticate 646s pamtester: invoking pam_start(login, , ...) 646s pamtester: performing operation - authenticate 649s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 649s + echo -n -e 123456 649s + pamtester -v login root authenticate 649s pamtester: invoking pam_start(login, root, ...) 649s pamtester: performing operation - authenticate 652s pamtester: Authentication service cannot retrieve authentication info 652s + test_authentication login /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem partial_chain 652s + pam_service=login 652s + certificate_config=/tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 652s + ca_db=/tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem 652s + verification_options=partial_chain 652s + mkdir -p -m 700 /etc/sssd 652s Using CA DB '/tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 652s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-4an2Fb/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 652s + cat 652s + chmod 600 /etc/sssd/sssd.conf 652s + for path_pair in "${softhsm2_conf_paths[@]}" 652s + IFS=: 652s + read -r -a path 652s + user=ubuntu 652s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 652s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 652s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 652s Label: Test Organization Sub Int Token 652s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 652s + runuser -u ubuntu -- softhsm2-util --show-slots 652s + grep 'Test Organization' 652s + for path_pair in "${softhsm2_conf_paths[@]}" 652s + IFS=: 652s + read -r -a path 652s + user=root 652s + path=/etc/softhsm/softhsm2.conf 652s ++ dirname /etc/softhsm/softhsm2.conf 652s + runuser -u root -- mkdir -p /etc/softhsm 652s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-4an2Fb/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 652s + runuser -u root -- softhsm2-util --show-slots 652s + grep 'Test Organization' 652s Label: Test Organization Sub Int Token 652s + systemctl restart sssd 653s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 653s + for alternative in "${alternative_pam_configs[@]}" 653s + pam-auth-update --enable sss-smart-card-optional 653s + cat /etc/pam.d/common-auth 653s # 653s # /etc/pam.d/common-auth - authentication settings common to all services 653s # 653s # This file is included from other service-specific PAM config files, 653s # and should contain a list of the authentication modules that define 653s # the central authentication scheme for use on the system 653s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 653s # traditional Unix authentication mechanisms. 653s # 653s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 653s # To take advantage of this, it is recommended that you configure any 653s # local modules either before or after the default block, and use 653s # pam-auth-update to manage selection of other modules. See 653s # pam-auth-update(8) for details. 653s 653s # here are the per-package modules (the "Primary" block) 653s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 653s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 653s auth [success=1 default=ignore] pam_sss.so use_first_pass 653s # here's the fallback if no module succeeds 653s auth requisite pam_deny.so 653s # prime the stack with a positive return value if there isn't one already; 653s # this avoids us returning an error just because nothing sets a success code 653s # since the modules above will each just jump around 653s auth required pam_permit.so 653s # and here are more per-package modules (the "Additional" block) 653s auth optional pam_cap.so 653s # end of pam-auth-update config 653s + echo -n -e 123456 653s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 653s pamtester: invoking pam_start(login, ubuntu, ...) 653s pamtester: performing operation - authenticate 653s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 653s + echo -n -e 123456 653s + runuser -u ubuntu -- pamtester -v login '' authenticate 653s pamtester: invoking pam_start(login, , ...) 653s pamtester: performing operation - authenticate 653s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 653s + echo -n -e wrong123456 653s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 653s pamtester: invoking pam_start(login, ubuntu, ...) 653s pamtester: performing operation - authenticate 657s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 657s + echo -n -e wrong123456 657s + runuser -u ubuntu -- pamtester -v login '' authenticate 657s pamtester: invoking pam_start(login, , ...) 657s pamtester: performing operation - authenticate 661s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 661s + echo -n -e 123456 661s + pamtester -v login root authenticate 661s pamtester: invoking pam_start(login, root, ...) 661s pamtester: performing operation - authenticate 664s Password: pamtester: Authentication failure 664s + for alternative in "${alternative_pam_configs[@]}" 664s + pam-auth-update --enable sss-smart-card-required 664s PAM configuration 664s ----------------- 664s 664s Incompatible PAM profiles selected. 664s 664s The following PAM profiles cannot be used together: 664s 664s SSS required smart card authentication, SSS optional smart card 664s authentication 664s 664s Please select a different set of modules to enable. 664s 664s + cat /etc/pam.d/common-auth 664s # 664s # /etc/pam.d/common-auth - authentication settings common to all services 664s # 664s # This file is included from other service-specific PAM config files, 664s # and should contain a list of the authentication modules that define 664s # the central authentication scheme for use on the system 664s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 664s # traditional Unix authentication mechanisms. 664s # 664s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 664s # To take advantage of this, it is recommended that you configure any 664s # local modules either before or after the default block, and use 664s # pam-auth-update to manage selection of other modules. See 664s # pam-auth-update(8) for details. 664s 664s # here are the per-package modules (the "Primary" block) 664s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 664s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 664s auth [success=1 default=ignore] pam_sss.so use_first_pass 664s # here's the fallback if no module succeeds 664s auth requisite pam_deny.so 664s # prime the stack with a positive return value if there isn't one already; 664s # this avoids us returning an error just because nothing sets a success code 664s # since the modules above will each just jump around 664s auth required pam_permit.so 664s # and here are more per-package modules (the "Additional" block) 664s auth optional pam_cap.so 664s # end of pam-auth-update config 664s + echo -n -e 123456 664s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 664s pamtester: invoking pam_start(login, ubuntu, ...) 664s pamtester: performing operation - authenticate 664s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 664s + echo -n -e 123456 664s + runuser -u ubuntu -- pamtester -v login '' authenticate 664s pamtester: invoking pam_start(login, , ...) 664s pamtester: performing operation - authenticate 664s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 664s + echo -n -e wrong123456 664s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 664s pamtester: invoking pam_start(login, ubuntu, ...) 664s pamtester: performing operation - authenticate 667s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 667s + echo -n -e wrong123456 667s + runuser -u ubuntu -- pamtester -v login '' authenticate 667s pamtester: invoking pam_start(login, , ...) 667s pamtester: performing operation - authenticate 670s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 670s + echo -n -e 123456 670s + pamtester -v login root authenticate 670s pamtester: invoking pam_start(login, root, ...) 671s pamtester: performing operation - authenticate 674s pamtester: Authentication service cannot retrieve authentication info 674s + handle_exit 674s + exit_code=0 674s + restore_changes 674s + for path in "${restore_paths[@]}" 674s + local original_path 674s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-pwn3Ta /tmp/sssd-softhsm2-backups-pwn3Ta//etc/softhsm/softhsm2.conf 674s + original_path=/etc/softhsm/softhsm2.conf 674s + rm /etc/softhsm/softhsm2.conf 674s + mv /tmp/sssd-softhsm2-backups-pwn3Ta//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 674s + for path in "${delete_paths[@]}" 674s + rm -f /etc/sssd/sssd.conf 674s + for path in "${delete_paths[@]}" 674s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 674s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 675s + '[' -e /etc/sssd/sssd.conf ']' 675s + systemctl stop sssd 675s + '[' -e /etc/softhsm/softhsm2.conf ']' 675s + chmod 600 /etc/softhsm/softhsm2.conf 675s + rm -rf /tmp/sssd-softhsm2-certs-4an2Fb 675s + '[' 0 = 0 ']' 675s + rm -rf /tmp/sssd-softhsm2-backups-pwn3Ta 675s + set +x 675s Script completed successfully! 675s autopkgtest [22:06:55]: test sssd-smart-card-pam-auth-configs: -----------------------] 679s autopkgtest [22:06:59]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 679s sssd-smart-card-pam-auth-configs PASS 683s autopkgtest [22:07:03]: @@@@@@@@@@@@@@@@@@@@ summary 683s ldap-user-group-ldap-auth PASS 683s ldap-user-group-krb5-auth FAIL badpkg 683s blame: sssd 683s badpkg: Failed to run dpkg-query: cannot confirm that parent process is alive: Operation not permitted 683s unexpected eof from helper process 683s (exit code 1) 683s sssd-softhism2-certificates-tests.sh PASS 683s sssd-smart-card-pam-auth-configs PASS