Diff of the two buildlogs: -- --- b1/build.log 2021-12-07 13:45:14.564270794 +0000 +++ b2/build.log 2021-12-07 13:47:10.636323931 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Tue Dec 7 01:43:52 -12 2021 -I: pbuilder-time-stamp: 1638884632 +I: Current time: Tue Jan 10 10:08:20 +14 2023 +I: pbuilder-time-stamp: 1673294900 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/buster-reproducible-base.tgz] I: copying local configuration @@ -18,7 +18,7 @@ I: Extracting source gpgv: unknown type of key resource 'trustedkeys.kbx' gpgv: keyblock resource '/root/.gnupg/trustedkeys.kbx': General error -gpgv: Signature made Mon Jul 6 09:40:39 2020 -12 +gpgv: Signature made Tue Jul 7 11:40:39 2020 +14 gpgv: using RSA key 3AFA757FAC6EA11D2FF45DF088D24287A2D898B1 gpgv: Can't check signature: No public key dpkg-source: warning: failed to verify signature on ./mod-gnutls_0.9.0-1.1~deb10u1.dsc @@ -33,136 +33,170 @@ dpkg-source: info: applying disable-test16.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/846497/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/1174565/tmp/hooks/D01_modify_environment starting +debug: Running on ionos5-amd64. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +Removing 'diversion of /bin/sh to /bin/sh.distrib by dash' +Adding 'diversion of /bin/sh to /bin/sh.distrib by bash' +Removing 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by dash' +Adding 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by bash' +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/1174565/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/1174565/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='amd64' - DEBIAN_FRONTEND='noninteractive' - DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=15' - DISTRIBUTION='' - HOME='/root' - HOST_ARCH='amd64' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="0" [2]="3" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") + BASH_VERSION='5.0.3(1)-release' + BUILDDIR=/build + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=amd64 + DEBIAN_FRONTEND=noninteractive + DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=16' + DIRSTACK=() + DISTRIBUTION= + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=x86_64 + HOST_ARCH=amd64 IFS=' ' - INVOCATION_ID='afdf9675fd4d4e0cab5e7656a216361f' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='846497' - PS1='# ' - PS2='> ' + INVOCATION_ID=a90673f5426543a4b07f32c7adef0a2a + LANG=C + LANGUAGE=et_EE:et + LC_ALL=C + MACHTYPE=x86_64-pc-linux-gnu + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnu + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=1174565 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/tmp.IPK12NXPWE/pbuilderrc_PaWN --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/buster-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/tmp.IPK12NXPWE/b1 --logfile b1/build.log mod-gnutls_0.9.0-1.1~deb10u1.dsc' - SUDO_GID='111' - SUDO_UID='106' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' - http_proxy='http://78.137.99.97:3128' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/tmp.IPK12NXPWE/pbuilderrc_bHNa --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/buster-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/tmp.IPK12NXPWE/b2 --logfile b2/build.log mod-gnutls_0.9.0-1.1~deb10u1.dsc' + SUDO_GID=110 + SUDO_UID=105 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' + http_proxy=http://85.184.249.68:3128 I: uname -a - Linux ionos11-amd64 5.10.0-9-amd64 #1 SMP Debian 5.10.70-1 (2021-09-30) x86_64 GNU/Linux + Linux i-capture-the-hostname 5.14.0-0.bpo.2-amd64 #1 SMP Debian 5.14.9-2~bpo11+1 (2021-10-10) x86_64 GNU/Linux I: ls -l /bin total 5116 - -rwxr-xr-x 1 root root 1168776 Apr 17 2019 bash - -rwxr-xr-x 3 root root 38984 Jul 10 2019 bunzip2 - -rwxr-xr-x 3 root root 38984 Jul 10 2019 bzcat - lrwxrwxrwx 1 root root 6 Jul 10 2019 bzcmp -> bzdiff - -rwxr-xr-x 1 root root 2227 Jul 10 2019 bzdiff - lrwxrwxrwx 1 root root 6 Jul 10 2019 bzegrep -> bzgrep - -rwxr-xr-x 1 root root 4877 Jun 24 2019 bzexe - lrwxrwxrwx 1 root root 6 Jul 10 2019 bzfgrep -> bzgrep - -rwxr-xr-x 1 root root 3641 Jul 10 2019 bzgrep - -rwxr-xr-x 3 root root 38984 Jul 10 2019 bzip2 - -rwxr-xr-x 1 root root 14328 Jul 10 2019 bzip2recover - lrwxrwxrwx 1 root root 6 Jul 10 2019 bzless -> bzmore - -rwxr-xr-x 1 root root 1297 Jul 10 2019 bzmore - -rwxr-xr-x 1 root root 43744 Feb 28 2019 cat - -rwxr-xr-x 1 root root 64320 Feb 28 2019 chgrp - -rwxr-xr-x 1 root root 64288 Feb 28 2019 chmod - -rwxr-xr-x 1 root root 72512 Feb 28 2019 chown - -rwxr-xr-x 1 root root 146880 Feb 28 2019 cp - -rwxr-xr-x 1 root root 121464 Jan 17 2019 dash - -rwxr-xr-x 1 root root 109408 Feb 28 2019 date - -rwxr-xr-x 1 root root 76712 Feb 28 2019 dd - -rwxr-xr-x 1 root root 93744 Feb 28 2019 df - -rwxr-xr-x 1 root root 138856 Feb 28 2019 dir - -rwxr-xr-x 1 root root 84288 Jan 9 2019 dmesg - lrwxrwxrwx 1 root root 8 Sep 26 2018 dnsdomainname -> hostname - lrwxrwxrwx 1 root root 8 Sep 26 2018 domainname -> hostname - -rwxr-xr-x 1 root root 39520 Feb 28 2019 echo - -rwxr-xr-x 1 root root 28 Jan 7 2019 egrep - -rwxr-xr-x 1 root root 35424 Feb 28 2019 false - -rwxr-xr-x 1 root root 28 Jan 7 2019 fgrep - -rwxr-xr-x 1 root root 68880 Jan 9 2019 findmnt - -rwsr-xr-x 1 root root 34896 Apr 22 2020 fusermount - -rwxr-xr-x 1 root root 198976 Jan 7 2019 grep - -rwxr-xr-x 2 root root 2345 Jan 5 2019 gunzip - -rwxr-xr-x 1 root root 6375 Jan 5 2019 gzexe - -rwxr-xr-x 1 root root 98048 Jan 5 2019 gzip - -rwxr-xr-x 1 root root 26696 Sep 26 2018 hostname - -rwxr-xr-x 1 root root 68552 Feb 28 2019 ln - -rwxr-xr-x 1 root root 56760 Jul 26 2018 login - -rwxr-xr-x 1 root root 138856 Feb 28 2019 ls - -rwxr-xr-x 1 root root 108624 Jan 9 2019 lsblk - -rwxr-xr-x 1 root root 89088 Feb 28 2019 mkdir - -rwxr-xr-x 1 root root 68544 Feb 28 2019 mknod - -rwxr-xr-x 1 root root 43808 Feb 28 2019 mktemp - -rwxr-xr-x 1 root root 43008 Jan 9 2019 more - -rwsr-xr-x 1 root root 51280 Jan 9 2019 mount - -rwxr-xr-x 1 root root 14408 Jan 9 2019 mountpoint - -rwxr-xr-x 1 root root 138728 Feb 28 2019 mv - lrwxrwxrwx 1 root root 8 Sep 26 2018 nisdomainname -> hostname - lrwxrwxrwx 1 root root 14 Feb 14 2019 pidof -> /sbin/killall5 - -rwxr-xr-x 1 root root 39616 Feb 28 2019 pwd - lrwxrwxrwx 1 root root 4 Apr 17 2019 rbash -> bash - -rwxr-xr-x 1 root root 47776 Feb 28 2019 readlink - -rwxr-xr-x 1 root root 68416 Feb 28 2019 rm - -rwxr-xr-x 1 root root 47776 Feb 28 2019 rmdir - -rwxr-xr-x 1 root root 23312 Jan 21 2019 run-parts - -rwxr-xr-x 1 root root 122224 Dec 22 2018 sed - lrwxrwxrwx 1 root root 4 Nov 7 09:58 sh -> dash - -rwxr-xr-x 1 root root 39552 Feb 28 2019 sleep - -rwxr-xr-x 1 root root 80672 Feb 28 2019 stty - -rwsr-xr-x 1 root root 63568 Jan 9 2019 su - -rwxr-xr-x 1 root root 35488 Feb 28 2019 sync - -rwxr-xr-x 1 root root 445560 Apr 23 2019 tar - -rwxr-xr-x 1 root root 14440 Jan 21 2019 tempfile - -rwxr-xr-x 1 root root 97152 Feb 28 2019 touch - -rwxr-xr-x 1 root root 35424 Feb 28 2019 true - -rwxr-xr-x 1 root root 14328 Apr 22 2020 ulockmgr_server - -rwsr-xr-x 1 root root 34888 Jan 9 2019 umount - -rwxr-xr-x 1 root root 39584 Feb 28 2019 uname - -rwxr-xr-x 2 root root 2345 Jan 5 2019 uncompress - -rwxr-xr-x 1 root root 138856 Feb 28 2019 vdir - -rwxr-xr-x 1 root root 34896 Jan 9 2019 wdctl - -rwxr-xr-x 1 root root 946 Jan 21 2019 which - lrwxrwxrwx 1 root root 8 Sep 26 2018 ypdomainname -> hostname - -rwxr-xr-x 1 root root 1983 Jan 5 2019 zcat - -rwxr-xr-x 1 root root 1677 Jan 5 2019 zcmp - -rwxr-xr-x 1 root root 5879 Jan 5 2019 zdiff - -rwxr-xr-x 1 root root 29 Jan 5 2019 zegrep - -rwxr-xr-x 1 root root 29 Jan 5 2019 zfgrep - -rwxr-xr-x 1 root root 2080 Jan 5 2019 zforce - -rwxr-xr-x 1 root root 7584 Jan 5 2019 zgrep - -rwxr-xr-x 1 root root 2205 Jan 5 2019 zless - -rwxr-xr-x 1 root root 1841 Jan 5 2019 zmore - -rwxr-xr-x 1 root root 4552 Jan 5 2019 znew -I: user script /srv/workspace/pbuilder/846497/tmp/hooks/D02_print_environment finished + -rwxr-xr-x 1 root root 1168776 Apr 18 2019 bash + -rwxr-xr-x 3 root root 38984 Jul 11 2019 bunzip2 + -rwxr-xr-x 3 root root 38984 Jul 11 2019 bzcat + lrwxrwxrwx 1 root root 6 Jul 11 2019 bzcmp -> bzdiff + -rwxr-xr-x 1 root root 2227 Jul 11 2019 bzdiff + lrwxrwxrwx 1 root root 6 Jul 11 2019 bzegrep -> bzgrep + -rwxr-xr-x 1 root root 4877 Jun 25 2019 bzexe + lrwxrwxrwx 1 root root 6 Jul 11 2019 bzfgrep -> bzgrep + -rwxr-xr-x 1 root root 3641 Jul 11 2019 bzgrep + -rwxr-xr-x 3 root root 38984 Jul 11 2019 bzip2 + -rwxr-xr-x 1 root root 14328 Jul 11 2019 bzip2recover + lrwxrwxrwx 1 root root 6 Jul 11 2019 bzless -> bzmore + -rwxr-xr-x 1 root root 1297 Jul 11 2019 bzmore + -rwxr-xr-x 1 root root 43744 Mar 1 2019 cat + -rwxr-xr-x 1 root root 64320 Mar 1 2019 chgrp + -rwxr-xr-x 1 root root 64288 Mar 1 2019 chmod + -rwxr-xr-x 1 root root 72512 Mar 1 2019 chown + -rwxr-xr-x 1 root root 146880 Mar 1 2019 cp + -rwxr-xr-x 1 root root 121464 Jan 18 2019 dash + -rwxr-xr-x 1 root root 109408 Mar 1 2019 date + -rwxr-xr-x 1 root root 76712 Mar 1 2019 dd + -rwxr-xr-x 1 root root 93744 Mar 1 2019 df + -rwxr-xr-x 1 root root 138856 Mar 1 2019 dir + -rwxr-xr-x 1 root root 84288 Jan 10 2019 dmesg + lrwxrwxrwx 1 root root 8 Sep 27 2018 dnsdomainname -> hostname + lrwxrwxrwx 1 root root 8 Sep 27 2018 domainname -> hostname + -rwxr-xr-x 1 root root 39520 Mar 1 2019 echo + -rwxr-xr-x 1 root root 28 Jan 8 2019 egrep + -rwxr-xr-x 1 root root 35424 Mar 1 2019 false + -rwxr-xr-x 1 root root 28 Jan 8 2019 fgrep + -rwxr-xr-x 1 root root 68880 Jan 10 2019 findmnt + -rwsr-xr-x 1 root root 34896 Apr 23 2020 fusermount + -rwxr-xr-x 1 root root 198976 Jan 8 2019 grep + -rwxr-xr-x 2 root root 2345 Jan 6 2019 gunzip + -rwxr-xr-x 1 root root 6375 Jan 6 2019 gzexe + -rwxr-xr-x 1 root root 98048 Jan 6 2019 gzip + -rwxr-xr-x 1 root root 26696 Sep 27 2018 hostname + -rwxr-xr-x 1 root root 68552 Mar 1 2019 ln + -rwxr-xr-x 1 root root 56760 Jul 27 2018 login + -rwxr-xr-x 1 root root 138856 Mar 1 2019 ls + -rwxr-xr-x 1 root root 108624 Jan 10 2019 lsblk + -rwxr-xr-x 1 root root 89088 Mar 1 2019 mkdir + -rwxr-xr-x 1 root root 68544 Mar 1 2019 mknod + -rwxr-xr-x 1 root root 43808 Mar 1 2019 mktemp + -rwxr-xr-x 1 root root 43008 Jan 10 2019 more + -rwsr-xr-x 1 root root 51280 Jan 10 2019 mount + -rwxr-xr-x 1 root root 14408 Jan 10 2019 mountpoint + -rwxr-xr-x 1 root root 138728 Mar 1 2019 mv + lrwxrwxrwx 1 root root 8 Sep 27 2018 nisdomainname -> hostname + lrwxrwxrwx 1 root root 14 Feb 15 2019 pidof -> /sbin/killall5 + -rwxr-xr-x 1 root root 39616 Mar 1 2019 pwd + lrwxrwxrwx 1 root root 4 Apr 18 2019 rbash -> bash + -rwxr-xr-x 1 root root 47776 Mar 1 2019 readlink + -rwxr-xr-x 1 root root 68416 Mar 1 2019 rm + -rwxr-xr-x 1 root root 47776 Mar 1 2019 rmdir + -rwxr-xr-x 1 root root 23312 Jan 22 2019 run-parts + -rwxr-xr-x 1 root root 122224 Dec 23 2018 sed + lrwxrwxrwx 1 root root 4 Jan 10 10:08 sh -> bash + lrwxrwxrwx 1 root root 4 Dec 11 18:21 sh.distrib -> dash + -rwxr-xr-x 1 root root 39552 Mar 1 2019 sleep + -rwxr-xr-x 1 root root 80672 Mar 1 2019 stty + -rwsr-xr-x 1 root root 63568 Jan 10 2019 su + -rwxr-xr-x 1 root root 35488 Mar 1 2019 sync + -rwxr-xr-x 1 root root 445560 Apr 24 2019 tar + -rwxr-xr-x 1 root root 14440 Jan 22 2019 tempfile + -rwxr-xr-x 1 root root 97152 Mar 1 2019 touch + -rwxr-xr-x 1 root root 35424 Mar 1 2019 true + -rwxr-xr-x 1 root root 14328 Apr 23 2020 ulockmgr_server + -rwsr-xr-x 1 root root 34888 Jan 10 2019 umount + -rwxr-xr-x 1 root root 39584 Mar 1 2019 uname + -rwxr-xr-x 2 root root 2345 Jan 6 2019 uncompress + -rwxr-xr-x 1 root root 138856 Mar 1 2019 vdir + -rwxr-xr-x 1 root root 34896 Jan 10 2019 wdctl + -rwxr-xr-x 1 root root 946 Jan 22 2019 which + lrwxrwxrwx 1 root root 8 Sep 27 2018 ypdomainname -> hostname + -rwxr-xr-x 1 root root 1983 Jan 6 2019 zcat + -rwxr-xr-x 1 root root 1677 Jan 6 2019 zcmp + -rwxr-xr-x 1 root root 5879 Jan 6 2019 zdiff + -rwxr-xr-x 1 root root 29 Jan 6 2019 zegrep + -rwxr-xr-x 1 root root 29 Jan 6 2019 zfgrep + -rwxr-xr-x 1 root root 2080 Jan 6 2019 zforce + -rwxr-xr-x 1 root root 7584 Jan 6 2019 zgrep + -rwxr-xr-x 1 root root 2205 Jan 6 2019 zless + -rwxr-xr-x 1 root root 1841 Jan 6 2019 zmore + -rwxr-xr-x 1 root root 4552 Jan 6 2019 znew +I: user script /srv/workspace/pbuilder/1174565/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -414,7 +448,7 @@ Get: 179 http://deb.debian.org/debian buster/main amd64 pandoc amd64 2.2.1-3+b2 [14.7 MB] Get: 180 http://deb.debian.org/debian buster/main amd64 pkg-config amd64 0.29-6 [63.5 kB] Get: 181 http://deb.debian.org/debian buster/main amd64 softhsm2 amd64 2.4.0-0.1 [150 kB] -Fetched 62.3 MB in 1s (62.1 MB/s) +Fetched 62.3 MB in 2s (25.6 MB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package libbsd0:amd64. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19195 files and directories currently installed.) @@ -1170,7 +1204,8 @@ Building tag database... -> Finished parsing the build-deps I: Building the package -I: Running cd /build/mod-gnutls-0.9.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../mod-gnutls_0.9.0-1.1~deb10u1_source.changes +hostname: Name or service not known +I: Running cd /build/mod-gnutls-0.9.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../mod-gnutls_0.9.0-1.1~deb10u1_source.changes dpkg-buildpackage: info: source package mod-gnutls dpkg-buildpackage: info: source version 0.9.0-1.1~deb10u1 dpkg-buildpackage: info: source distribution buster @@ -1353,31 +1388,31 @@ --- make[1]: Leaving directory '/build/mod-gnutls-0.9.0' dh_auto_build - make -j15 + make -j16 make[1]: Entering directory '/build/mod-gnutls-0.9.0' Making all in src make[2]: Entering directory '/build/mod-gnutls-0.9.0/src' -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-mod_gnutls.lo `test -f 'mod_gnutls.c' || echo './'`mod_gnutls.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_io.lo `test -f 'gnutls_io.c' || echo './'`gnutls_io.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_cache.lo `test -f 'gnutls_cache.c' || echo './'`gnutls_cache.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo './'`gnutls_config.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo './'`gnutls_hooks.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_ocsp.lo `test -f 'gnutls_ocsp.c' || echo './'`gnutls_ocsp.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_proxy.lo `test -f 'gnutls_proxy.c' || echo './'`gnutls_proxy.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_sni.lo `test -f 'gnutls_sni.c' || echo './'`gnutls_sni.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_util.lo `test -f 'gnutls_util.c' || echo './'`gnutls_util.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_watchdog.lo `test -f 'gnutls_watchdog.c' || echo './'`gnutls_watchdog.c -libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_io.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_io.o +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-mod_gnutls.lo `test -f 'mod_gnutls.c' || echo './'`mod_gnutls.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_io.lo `test -f 'gnutls_io.c' || echo './'`gnutls_io.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_cache.lo `test -f 'gnutls_cache.c' || echo './'`gnutls_cache.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo './'`gnutls_config.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo './'`gnutls_hooks.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_ocsp.lo `test -f 'gnutls_ocsp.c' || echo './'`gnutls_ocsp.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_proxy.lo `test -f 'gnutls_proxy.c' || echo './'`gnutls_proxy.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_sni.lo `test -f 'gnutls_sni.c' || echo './'`gnutls_sni.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_util.lo `test -f 'gnutls_util.c' || echo './'`gnutls_util.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_watchdog.lo `test -f 'gnutls_watchdog.c' || echo './'`gnutls_watchdog.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_sni.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_sni.o -libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_proxy.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_proxy.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_hooks.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_hooks.o -libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_config.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_config.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_watchdog.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_watchdog.o +libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_io.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_io.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c mod_gnutls.c -fPIC -DPIC -o .libs/mod_gnutls_la-mod_gnutls.o -libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_util.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_util.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_ocsp.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_ocsp.o +libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_util.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_util.o +libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_proxy.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_proxy.o +libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_config.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_config.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_cache.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_cache.o -/bin/bash ../libtool --tag=CC --mode=link gcc -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -module -avoid-version -lgnutls -Wl,-z,relro -Wl,-z,now -o mod_gnutls.la -rpath /usr/lib/apache2/modules mod_gnutls_la-mod_gnutls.lo mod_gnutls_la-gnutls_io.lo mod_gnutls_la-gnutls_cache.lo mod_gnutls_la-gnutls_config.lo mod_gnutls_la-gnutls_hooks.lo mod_gnutls_la-gnutls_ocsp.lo mod_gnutls_la-gnutls_proxy.lo mod_gnutls_la-gnutls_sni.lo mod_gnutls_la-gnutls_util.lo mod_gnutls_la-gnutls_watchdog.lo -lmsv -lgnutls +/bin/sh ../libtool --tag=CC --mode=link gcc -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -module -avoid-version -lgnutls -Wl,-z,relro -Wl,-z,now -o mod_gnutls.la -rpath /usr/lib/apache2/modules mod_gnutls_la-mod_gnutls.lo mod_gnutls_la-gnutls_io.lo mod_gnutls_la-gnutls_cache.lo mod_gnutls_la-gnutls_config.lo mod_gnutls_la-gnutls_hooks.lo mod_gnutls_la-gnutls_ocsp.lo mod_gnutls_la-gnutls_proxy.lo mod_gnutls_la-gnutls_sni.lo mod_gnutls_la-gnutls_util.lo mod_gnutls_la-gnutls_watchdog.lo -lmsv -lgnutls libtool: link: gcc -shared -fPIC -DPIC .libs/mod_gnutls_la-mod_gnutls.o .libs/mod_gnutls_la-gnutls_io.o .libs/mod_gnutls_la-gnutls_cache.o .libs/mod_gnutls_la-gnutls_config.o .libs/mod_gnutls_la-gnutls_hooks.o .libs/mod_gnutls_la-gnutls_ocsp.o .libs/mod_gnutls_la-gnutls_proxy.o .libs/mod_gnutls_la-gnutls_sni.o .libs/mod_gnutls_la-gnutls_util.o .libs/mod_gnutls_la-gnutls_watchdog.o -lmsv -lgnutls -g -O2 -fstack-protector-strong -pthread -g -O2 -fstack-protector-strong -Wl,-z -Wl,relro -Wl,-z -Wl,now -pthread -Wl,-soname -Wl,mod_gnutls.so -o .libs/mod_gnutls.so libtool: link: ( cd ".libs" && rm -f "mod_gnutls.la" && ln -s "../mod_gnutls.la" "mod_gnutls.la" ) make[2]: Leaving directory '/build/mod-gnutls-0.9.0/src' @@ -1409,7 +1444,7 @@ echo $i; cat $i; echo ======= ; \ done; false; \ fi - make -j15 check VERBOSE=1 + make -j16 check VERBOSE=1 make[2]: Entering directory '/build/mod-gnutls-0.9.0' Making check in src make[3]: Entering directory '/build/mod-gnutls-0.9.0/src' @@ -1467,20 +1502,21 @@ mkdir -p client/ sed s/__HOSTNAME__/localhost/ < client.template.in > client.template mkdir -p server/ -sed s/__HOSTNAME__/localhost/ < server.template.in > server.template chmod 0700 authority/ -sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," authority.template chmod 0700 client/ +sed s/__HOSTNAME__/localhost/ < server.template.in > server.template +certtool --outfile authority/secret.key --generate-privkey +sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," authority.template sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," client.template +Generating a 3072 bit RSA private key... chmod 0700 server/ -certtool --outfile authority/secret.key --generate-privkey +certtool --outfile client/secret.key --generate-privkey sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," server.template -mkdir -p rogueca/ +Generating a 3072 bit RSA private key... for i in ::1 127.0.0.1; do \ IP_ADDRS="${IP_ADDRS}\nip_address = ${i}"; \ done; \ sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," authority.template -certtool --outfile client/secret.key --generate-privkey for i in ::1 127.0.0.1; do \ IP_ADDRS="${IP_ADDRS}\nip_address = ${i}"; \ done; \ @@ -1490,52 +1526,42 @@ IP_ADDRS="${IP_ADDRS}\nip_address = ${i}"; \ done; \ sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," server.template -Generating a 3072 bit RSA private key... -Generating a 3072 bit RSA private key... -chmod 0700 rogueca/ -Generating a 3072 bit RSA private key... -certtool --outfile rogueca/secret.key --generate-privkey +mkdir -p rogueca/ mkdir -p imposter/ -Generating a 3072 bit RSA private key... -chmod 0700 imposter/ -certtool --outfile imposter/secret.key --generate-privkey sed s/__HOSTNAME__/localhost/ < imposter.template.in > imposter.template +chmod 0700 rogueca/ mkdir -p rogueclient/ +chmod 0700 imposter/ Generating a 3072 bit RSA private key... -sed s/__HOSTNAME__/localhost/ < rogueclient.template.in > rogueclient.template -mkdir -p ocsp-responder/ +certtool --outfile rogueca/secret.key --generate-privkey sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," imposter.template +Generating a 3072 bit RSA private key... chmod 0700 rogueclient/ -chmod 0700 ocsp-responder/ -sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," rogueclient.template +certtool --outfile imposter/secret.key --generate-privkey for i in ::1 127.0.0.1; do \ IP_ADDRS="${IP_ADDRS}\nip_address = ${i}"; \ done; \ sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," imposter.template certtool --outfile rogueclient/secret.key --generate-privkey +sed s/__HOSTNAME__/localhost/ < rogueclient.template.in > rogueclient.template +mkdir -p ocsp-responder/ +sed s/__HOSTNAME__/localhost/ < authority.uid.in > authority.uid +chmod 0700 ocsp-responder/ +Generating a 3072 bit RSA private key... +sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," rogueclient.template certtool --outfile ocsp-responder/secret.key --generate-privkey +sed s/__HOSTNAME__/localhost/ < client.uid.in > client.uid +Generating a 3072 bit RSA private key... +Generating a 3072 bit RSA private key... for i in ::1 127.0.0.1; do \ IP_ADDRS="${IP_ADDRS}\nip_address = ${i}"; \ done; \ sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," rogueclient.template -sed s/__HOSTNAME__/localhost/ < authority.uid.in > authority.uid -Generating a 3072 bit RSA private key... -Generating a 3072 bit RSA private key... -sed s/__HOSTNAME__/localhost/ < client.uid.in > client.uid mkdir -p logs cache outputs make[5]: 'client.uid' is up to date. -/bin/bash ../libtool --tag=CC --mode=link gcc -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now -o pgpcrc pgpcrc.o -lmsv -lgnutls -/bin/bash ../libtool --tag=CC --mode=link gcc -I/usr/include/p11-kit-1 -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -lgnutls -Wl,-z,relro -Wl,-z,now -o gen_ocsp_index gen_ocsp_index-gen_ocsp_index.o gen_ocsp_index-cert_helper.o -lmsv -lgnutls +/bin/sh ../libtool --tag=CC --mode=link gcc -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now -o pgpcrc pgpcrc.o -lmsv -lgnutls +/bin/sh ../libtool --tag=CC --mode=link gcc -I/usr/include/p11-kit-1 -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -lgnutls -Wl,-z,relro -Wl,-z,now -o gen_ocsp_index gen_ocsp_index-gen_ocsp_index.o gen_ocsp_index-cert_helper.o -lmsv -lgnutls libtool: link: gcc -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z -Wl,relro -Wl,-z -Wl,now -o pgpcrc pgpcrc.o -lmsv -lgnutls -libtool: link: gcc -I/usr/include/p11-kit-1 -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z -Wl,relro -Wl,-z -Wl,now -o gen_ocsp_index gen_ocsp_index-gen_ocsp_index.o gen_ocsp_index-cert_helper.o -lmsv -lgnutls -certtool --outfile imposter/cert-request --generate-request --load-privkey imposter/secret.key --template imposter.template -make[5]: 'imposter/secret.key' is up to date. -Generating a PKCS #10 certificate request... -certtool --outfile server/cert-request --generate-request --load-privkey server/secret.key --template server.template -make[5]: 'server/secret.key' is up to date. -echo "objectstore.backend = file" > server/softhsm2.conf -echo "directories.tokendir = server/softhsm2.db" >> server/softhsm2.conf -Generating a PKCS #10 certificate request... certtool --outfile rogueca/x509.pem --generate-self-signed --load-privkey rogueca/secret.key --template ./rogueca.template make[5]: 'rogueca/secret.key' is up to date. Generating a self signed certificate... @@ -1543,37 +1569,37 @@ Version: 3 Serial Number (hex): 01 Validity: - Not Before: Tue Dec 07 13:44:40 UTC 2021 - Not After: Wed Dec 07 13:44:40 UTC 2022 + Not Before: Mon Jan 09 20:09:39 UTC 2023 + Not After: Tue Jan 09 20:09:39 UTC 2024 Subject: CN=Rogue Certificate Authority Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): - 00:c2:96:ba:5f:63:eb:41:3b:18:6b:86:5a:0a:8c:cf - 20:51:42:99:51:94:06:6c:4a:c8:0c:20:e6:16:5b:e3 - 70:23:7f:20:b5:e9:3e:72:8e:c2:cc:bc:b2:23:2c:b1 - ff:95:81:1b:67:fd:03:35:b7:f2:d5:d3:91:fd:b3:14 - c9:04:e0:06:48:7c:3d:30:c8:c3:d3:4c:b9:b5:98:5e - 32:c5:d1:99:f6:e9:dd:95:7e:5c:ef:07:fc:84:35:3b - 8c:a4:56:72:a5:69:29:40:fc:1d:12:ae:5d:6e:9d:c5 - 0d:c0:da:95:bd:c0:9a:3e:21:b4:66:48:df:29:d9:48 - 43:2f:fb:d7:b4:a5:a7:8d:48:54:4d:c0:d8:95:95:4a - a9:a9:17:e1:31:9f:f6:42:39:af:e5:9a:55:6e:d1:2c - e5:a7:94:a1:8f:78:4f:63:ad:a6:46:ef:6a:c1:c0:51 - 82:bf:24:5d:e8:47:53:e7:9f:26:b4:bb:17:4a:22:48 - 3e:2e:98:ad:60:cf:25:27:79:12:90:47:c7:f2:b2:a8 - 66:46:c7:88:4b:76:95:e5:be:bd:f9:5b:15:d2:b8:89 - 91:bc:64:24:59:99:73:96:a6:bf:55:e2:31:52:77:ae - 06:b3:e9:4c:34:24:54:3d:72:70:58:c9:9b:e3:15:fa - b9:13:f7:ed:e1:2e:c1:f2:61:d7:17:0d:ff:2e:f7:81 - 5c:29:61:e3:1a:48:e4:14:10:86:18:5e:67:30:82:6f - 4b:cf:d1:c1:62:06:3c:9c:47:bb:c7:f0:e2:63:e9:21 - 80:31:4b:f9:77:5c:74:ba:dc:4a:e6:72:62:57:f4:a2 - 26:7d:9c:6e:3e:3d:2f:1d:62:23:c6:b4:06:de:c5:3a - 34:b2:af:01:25:a1:1d:2a:1b:69:7c:00:89:9b:5e:7a - 7c:8a:bf:17:c3:d1:75:f1:93:d0:5f:82:ee:ff:6f:9a - 12:59:87:27:2b:c2:88:e0:81:69:82:12:d6:88:ac:54 - 59 + 00:c3:cf:46:a2:dc:6b:e0:44:db:02:7d:bc:9b:c9:4f + 04:09:e9:bc:c3:5c:70:c1:88:53:e1:8c:8c:31:9a:73 + 58:42:79:3f:33:f1:9e:10:b9:cb:3b:de:17:dd:ec:eb + a5:a4:35:e2:ff:9a:fa:8c:cb:e4:d4:94:ee:75:5b:a2 + e7:04:23:e6:dd:83:fb:10:e8:02:cb:4d:fe:2e:da:97 + 6e:cc:71:2e:2e:2b:88:4e:c5:36:b4:96:27:b3:a3:43 + 99:f2:44:e1:dc:93:f6:ea:13:e8:71:84:cb:75:d8:47 + 82:36:33:dc:91:f5:fa:36:1a:a8:f5:f8:52:17:e2:a3 + da:d4:bd:a5:9b:3f:a7:57:4c:da:ba:24:f0:08:69:64 + c1:8c:2b:0f:c4:8e:62:13:6f:da:66:13:c2:80:a5:16 + 77:f4:9f:89:62:f1:3f:d6:e7:f7:27:37:6e:2c:74:60 + 0b:bf:7e:72:c4:8c:be:9b:bf:fb:33:6c:5f:72:43:af + 5b:29:13:bc:ff:57:de:ad:bf:be:21:7a:23:11:47:47 + ba:70:bd:07:60:47:a6:3d:e0:34:ce:06:65:97:17:45 + 82:44:5b:d9:a1:3e:0e:9a:a6:ee:0f:a1:ae:a1:25:d1 + 59:32:43:c2:00:ab:65:a0:d7:50:14:1a:76:42:65:74 + 1c:26:de:1f:4f:38:d4:dc:4f:4a:5b:8b:31:36:84:f9 + 7d:ae:b0:22:7b:cb:2a:b0:ea:59:45:8d:61:5f:95:73 + 99:e2:ce:71:c0:ca:89:2b:67:f0:b3:59:5d:10:78:6b + b2:f4:39:63:96:89:4b:32:e5:4d:af:89:60:4b:63:00 + d1:d9:62:8c:0e:e1:b2:a4:6d:1f:73:7f:14:23:39:21 + c7:72:e4:45:2e:e1:b1:e4:ab:c4:5b:a3:65:f2:13:f5 + 38:72:2a:48:43:21:71:95:3a:96:e0:66:ee:aa:e4:5f + 74:a6:9a:f4:75:3f:9a:a4:5d:f7:19:83:cd:ee:98:28 + 63 Exponent (bits 24): 01:00:01 Extensions: @@ -1583,17 +1609,87 @@ Certificate signing. CRL signing. Subject Key Identifier (not critical): - c086846a7db62f17225362035763576e51cd29bb + 72689e68ad00484d32ec67b4770b02c2217c3f8b +Other Information: + Public Key ID: + sha1:72689e68ad00484d32ec67b4770b02c2217c3f8b + sha256:eb31d13b2db374737f0908be1b2d3063ebb5bab78fcbca91dbb58c273d245ff5 + Public Key PIN: + pin-sha256:6zHROy2zdHN/CQi+Gy0wY+u1urePy8qR27WMJz0kX/U= + + + +Signing certificate... +libtool: link: gcc -I/usr/include/p11-kit-1 -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z -Wl,relro -Wl,-z -Wl,now -o gen_ocsp_index gen_ocsp_index-gen_ocsp_index.o gen_ocsp_index-cert_helper.o -lmsv -lgnutls +certtool --outfile rogueclient/cert-request --generate-request --load-privkey rogueclient/secret.key --template rogueclient.template +make[5]: 'rogueclient/secret.key' is up to date. +Generating a PKCS #10 certificate request... +certtool --outfile rogueclient/x509.pem --generate-certificate --load-ca-certificate rogueca/x509.pem --load-ca-privkey rogueca/secret.key --load-request rogueclient/cert-request --template rogueclient.template +Generating a signed certificate... +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 03 + Validity: + Not Before: Mon Jan 09 20:09:39 UTC 2023 + Not After: Tue Jan 09 20:09:39 UTC 2024 + Subject: CN=Test User + Subject Public Key Algorithm: RSA + Algorithm Security Level: High (3072 bits) + Modulus (bits 3072): + 00:ea:47:df:bc:c6:30:18:99:8f:05:90:c2:9f:22:6e + 28:63:f6:b7:76:e0:76:f1:30:a6:16:16:39:e8:a6:ae + fd:2d:6b:c7:2c:16:d3:9c:3a:35:88:0d:68:af:ef:5d + 17:9e:d0:53:64:fe:15:50:11:8e:f7:ae:36:fa:c4:67 + 09:4a:f1:a4:67:86:0c:55:df:c2:75:a7:86:34:01:24 + fd:de:cb:58:34:42:21:a1:67:87:7f:76:eb:19:cb:43 + 53:54:a0:68:e7:d4:28:ec:b5:e7:be:4d:7d:9a:b2:5c + 09:77:52:d8:60:3d:fc:46:82:c0:83:0b:87:d7:d0:b2 + f8:77:ed:d0:ad:bc:57:12:77:88:79:bd:4f:c4:f4:ea + 05:8b:4a:34:3e:26:c9:6a:26:bc:cd:a0:8a:37:a3:59 + df:5a:9b:aa:93:8d:ce:09:17:15:fe:b0:5f:51:24:5d + 0c:29:55:34:95:58:ee:f9:f9:b9:42:02:5f:7b:8a:db + d5:d6:cb:23:81:14:b1:cf:a9:70:e8:6d:a5:a2:3b:3a + ff:09:91:32:35:c9:b3:13:c6:c6:42:30:f9:b4:a1:3b + 10:10:81:64:af:fd:93:26:56:b8:2d:6d:c2:b5:3a:77 + 43:65:c8:f9:f8:30:25:15:dc:9d:6f:de:a9:1f:d0:c2 + 19:74:46:b5:52:d6:c0:47:07:e0:8f:07:66:2a:7a:b0 + 82:d3:19:d6:62:e2:3d:79:92:e8:52:c2:7a:6e:46:da + d8:76:44:74:13:f8:73:b2:b5:a1:70:5a:e2:c6:ea:b5 + 6e:d0:b5:eb:6b:3d:a4:eb:d2:24:bd:96:6d:72:6c:48 + ae:b6:b5:56:9b:85:31:f4:97:a4:83:15:ca:54:4f:14 + 23:5a:a4:f8:ce:28:69:30:f5:9b:29:c2:45:6e:e0:14 + 8f:c2:d1:6f:06:59:f1:53:f8:c6:22:19:01:ff:9f:8a + f4:11:36:e6:3c:67:a4:6a:74:4d:d5:a6:7d:b5:ed:3f + e7 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Key Purpose (not critical): + TLS WWW Client. + Subject Alternative Name (not critical): + RFC822Name: test0@modgnutls.test + Key Usage (critical): + Digital signature. + Key encipherment. + Subject Key Identifier (not critical): + 250ee6345c068984582f4cf5591865e66d27a768 + Authority Key Identifier (not critical): + 72689e68ad00484d32ec67b4770b02c2217c3f8b Other Information: Public Key ID: - sha1:c086846a7db62f17225362035763576e51cd29bb - sha256:3ae4bdef65b3e6a63d6323020e5336f6a3152a06a3837931b02eeff2d1a6484f + sha1:250ee6345c068984582f4cf5591865e66d27a768 + sha256:9909747a186d3cd7a17cb4fc27045acc2802d0ba53336991d6c2f473f2eb1c33 Public Key PIN: - pin-sha256:OuS972Wz5qY9YyMCDlM29qMVKgajg3kxsC7v8tGmSE8= + pin-sha256:mQl0ehhtPNehfLT8JwRazCgC0LpTM2mR1sL0c/LrHDM= Signing certificate... +certtool --outfile ocsp-responder/cert-request --generate-request --load-privkey ocsp-responder/secret.key --template ocsp-responder.template +make[5]: 'ocsp-responder/secret.key' is up to date. +Generating a PKCS #10 certificate request... certtool --outfile authority/x509.pem --generate-self-signed --load-privkey authority/secret.key --template authority.template make[5]: 'authority/secret.key' is up to date. PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$(cat authority.uid)" < authority/secret.key > authority/secret.pgp.raw @@ -1603,37 +1699,37 @@ Version: 3 Serial Number (hex): 01 Validity: - Not Before: Tue Dec 07 13:44:40 UTC 2021 - Not After: Wed Dec 07 13:44:40 UTC 2022 + Not Before: Mon Jan 09 20:09:39 UTC 2023 + Not After: Tue Jan 09 20:09:39 UTC 2024 Subject: CN=Testing Authority Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): - 00:b7:67:0b:f2:94:8c:b0:b1:4e:e8:aa:dc:e2:ce:15 - 54:b2:dd:75:d4:08:18:57:92:26:96:2f:72:84:73:c4 - 05:b1:72:80:90:f4:b5:43:e2:4d:89:be:8c:18:c9:43 - 6d:07:39:4f:30:c5:5f:d3:b5:03:37:b6:b4:f7:98:fa - 27:03:35:63:0d:86:b8:52:42:89:44:ec:df:44:91:3f - 51:91:06:c4:d1:a6:fd:33:17:fd:be:be:1c:c6:5e:5d - 5a:b8:6c:53:e9:5c:c8:c0:9c:65:b7:02:57:ad:48:a9 - 02:a2:d6:9d:af:2e:6f:37:9c:bd:92:18:80:b7:a7:26 - 77:88:61:7e:de:0c:53:a1:3b:1f:83:e2:2f:06:25:56 - b8:7c:55:2c:50:de:64:69:3d:d8:4f:ff:bc:b9:b2:7f - 91:8a:fc:7e:79:80:65:87:05:df:69:8d:39:8a:b7:e9 - bf:27:45:a6:9a:90:01:05:54:5c:ad:9a:a3:c0:c1:e3 - fb:a7:90:d2:53:a5:b3:43:82:cd:7f:49:9c:37:15:b2 - ec:af:20:cc:e5:b5:c3:8e:c4:af:36:67:4c:05:2c:61 - 9a:31:09:f0:8c:b9:2d:b6:89:59:ce:d3:6a:21:7d:cc - c7:21:c8:c5:50:6e:db:b9:c2:25:f5:7d:1f:11:95:c3 - 85:08:b4:0d:1f:e1:30:ec:a6:2d:d8:a4:ca:42:0e:38 - 8c:6c:1f:94:fc:09:0e:f6:ba:bc:3b:67:ab:55:a5:ba - 5c:bf:e9:69:16:3b:93:dd:c6:d5:36:a3:24:5b:b3:7a - cd:e8:1c:bf:1a:06:5d:3f:5a:90:d4:38:93:76:e9:29 - d7:56:a5:33:44:a3:57:91:53:96:48:f9:e0:96:5c:0a - 47:49:b4:f5:54:98:bf:81:18:e6:9d:c2:c9:ea:96:f1 - 52:e7:dd:07:8e:69:93:8d:2f:3b:1d:76:75:d1:bd:25 - b1:f9:57:65:48:e7:ba:02:71:db:f0:62:9f:c6:55:cb - 15 + 00:db:a4:7a:0f:1a:3d:25:11:6e:d6:38:ce:67:ac:0e + b4:60:00:44:d0:f6:87:fa:3f:8d:d0:0f:01:02:96:30 + e9:e4:83:bb:04:69:96:91:d7:8b:b1:75:64:65:92:24 + 0b:c5:8c:87:61:58:0e:a1:84:a3:6e:8b:26:ca:d1:69 + 1c:9b:bb:ce:38:99:98:e5:62:0d:17:32:87:9e:9a:28 + 1a:da:1d:9b:73:76:1f:33:af:f9:29:28:1d:54:04:b2 + cd:07:eb:d4:e7:01:ad:f0:21:f1:b2:10:3f:95:c1:14 + 6b:a5:c9:5b:d7:a9:df:1f:8f:f2:24:ab:c6:fd:e0:9e + 0a:58:c1:91:de:9e:70:7c:c4:86:fe:9c:04:e5:34:b0 + c7:93:44:39:07:84:4c:76:81:c8:fa:48:76:d9:1c:69 + 7e:63:f8:68:a1:72:2b:06:9e:13:ca:fe:96:d5:62:c9 + 85:57:73:f2:21:95:cb:e1:81:ef:57:77:8a:3b:89:c5 + 9f:86:7e:9c:41:a1:1d:e7:fa:33:8e:7c:9c:b6:74:be + 33:55:82:51:b3:d3:5f:76:06:94:32:91:22:65:b1:52 + dd:d5:1c:a4:16:22:ef:9b:1c:73:0b:57:90:48:5f:cf + 5a:4c:f0:92:0a:35:09:ef:20:92:6a:9a:e4:3c:31:d4 + 1a:6f:51:e5:78:45:8f:b7:be:ab:d9:f3:f1:05:7f:a9 + 9e:9c:48:37:7d:78:e1:43:38:33:b9:8b:39:5a:29:93 + c9:5c:36:38:7a:c3:e9:b1:3b:e5:53:86:89:a8:81:19 + 51:b6:81:a3:bc:74:f2:a1:69:7c:0b:34:26:78:ca:7f + 67:be:83:48:ba:68:e1:b3:9f:98:59:e9:ca:fd:50:aa + e8:71:f8:de:85:77:fe:2a:ce:19:8c:72:d5:22:55:17 + 05:2a:01:aa:e8:4a:f6:44:94:ab:e2:6a:70:ed:ae:d7 + c4:32:12:c8:65:e7:ff:3a:62:26:b5:fe:d1:fe:d1:61 + 41 Exponent (bits 24): 01:00:01 Extensions: @@ -1643,509 +1739,440 @@ Certificate signing. CRL signing. Subject Key Identifier (not critical): - 975858cb45e98c3160b8e8100b93c90dcfd652f6 + bfaf3cc4efc7de6b428e3f4ebc4d468bd4c4c06b Other Information: Public Key ID: - sha1:975858cb45e98c3160b8e8100b93c90dcfd652f6 - sha256:9677a0f9756524e81f535cfbf905dbb15a7efa05e232d9aed3681ed25043081f + sha1:bfaf3cc4efc7de6b428e3f4ebc4d468bd4c4c06b + sha256:b08e8ac5fcae81d77a65608880c1226b8a993cc08e08a7b870bd03a6c3cc96c7 Public Key PIN: - pin-sha256:lneg+XVlJOgfU1z7+QXbsVp++gXiMtmu02ge0lBDCB8= + pin-sha256:sI6Kxfyugdd6ZWCIgMEia4qZPMCOCKe4cL0DpsPMlsc= Signing certificate... -certtool --outfile server/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request server/cert-request --template server.template -certtool --outfile imposter/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request imposter/cert-request --template imposter.template -Generating a signed certificate... +certtool --outfile client/cert-request --generate-request --load-privkey client/secret.key --template client.template +make[5]: 'client/secret.key' is up to date. +PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$(cat client.uid)" < client/secret.key > client/secret.pgp.raw +Generating a PKCS #10 certificate request... +certtool --outfile ocsp-responder/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request ocsp-responder/cert-request --template ocsp-responder.template Generating a signed certificate... X.509 Certificate Information: Version: 3 - Serial Number (hex): 04 + Serial Number (hex): 3ac88be472156c544d381b8ac990ab3dd81956df Validity: - Not Before: Tue Dec 07 13:44:40 UTC 2021 - Not After: Wed Dec 07 13:44:40 UTC 2022 - Subject: CN=imposter.example + Not Before: Mon Jan 09 20:09:39 UTC 2023 + Not After: Tue Jan 09 20:09:39 UTC 2024 + Subject: CN=Testing Authority OCSP Responder Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): - 00:b9:77:6e:6a:a0:06:18:c6:57:b9:88:08:d2:1d:00 - 6f:c4:48:33:bf:da:9f:5e:40:8d:0b:12:a3:e0:65:3c - 57:19:ec:c6:27:67:6b:af:92:96:5f:3c:b6:10:3c:9c - f5:40:00:38:bb:7d:45:50:10:1e:00:d0:46:b7:6e:22 - df:92:97:0f:97:d0:88:2b:58:e1:59:37:13:ce:47:4d - fe:14:42:e3:53:a3:38:ef:36:fb:87:b0:ab:f6:e2:11 - fe:3d:6a:4f:68:54:cc:cb:7c:65:d2:ce:ff:1f:4f:34 - fa:53:f2:01:d4:57:af:a4:ea:5b:6a:d2:e6:ec:17:36 - d2:fb:b3:d0:a6:5a:4b:ee:01:4e:7c:7e:70:d2:54:49 - c8:ae:d9:e5:6d:39:d4:bb:3b:0e:07:32:b0:aa:3d:fd - fe:68:fa:e5:e1:ba:de:67:56:7b:94:54:00:20:ea:71 - dd:f7:77:88:c9:b7:d8:d7:ef:1b:0b:fe:08:df:81:20 - ec:5e:1d:ae:d2:28:48:57:fc:e3:8d:c4:fa:b3:5f:36 - 1f:33:67:28:ab:e4:93:77:b8:a0:19:19:71:80:d2:5a - 6d:70:5d:d7:77:e6:ef:89:a9:6c:07:75:e9:c9:6f:af - 11:6a:e5:54:ee:5b:ed:d9:5d:4e:6f:7e:04:17:4a:0b - fe:63:19:be:1f:a2:a1:13:11:b1:84:37:c2:d1:49:3e - bf:da:c8:21:7f:66:12:15:63:01:20:9d:01:83:69:ba - 6a:66:ff:d1:fd:d8:16:98:fa:80:f1:a7:8e:a1:4f:05 - b3:de:13:8d:88:bd:0e:19:d1:27:a7:ea:34:b1:f0:96 - bf:ac:7c:1e:e4:26:c3:75:96:50:9a:f6:72:6c:2e:18 - 23:7a:55:ed:21:2f:34:f0:d3:de:86:22:f7:6e:b6:a6 - 19:b5:45:37:70:11:12:bb:53:06:f9:5c:3a:c2:10:64 - e6:21:07:16:98:46:92:a5:3c:02:c9:8c:aa:7f:0d:f8 - 47 + 00:d1:9c:9b:3e:b6:5e:59:7e:f9:bb:28:7e:c7:3d:69 + 37:62:05:cc:a3:2c:50:ab:e2:3b:f2:5f:1a:e1:a5:65 + f5:de:d7:35:2d:02:0f:a7:a1:12:a9:fb:3a:d3:4c:8e + d4:f0:6d:f6:f8:f1:23:59:45:f6:2c:91:12:cc:14:3d + 81:11:34:6c:c5:a4:e5:fa:46:c5:4c:5d:b3:0b:a6:01 + 15:fd:55:d3:18:b0:92:16:28:ca:de:84:f6:51:53:6f + fe:0a:4b:cb:19:ed:1e:c0:72:22:0d:54:82:cd:3a:39 + 34:52:a2:ec:a5:19:d3:06:94:65:50:f3:06:41:48:bc + b2:9f:82:c9:fd:cd:0e:f8:c7:81:b2:1a:c4:b8:5b:00 + 03:2c:77:65:49:f8:85:57:21:fe:6c:2b:7c:a6:e2:ed + 45:fe:37:de:e2:64:82:31:79:0e:98:29:50:46:4d:b1 + e1:48:05:b5:3c:cd:a8:1f:1c:a8:f6:be:f4:c2:6a:ce + a8:0c:a5:81:b3:3b:ff:68:db:82:46:96:b2:d8:98:1b + 0c:27:fa:99:90:c8:b0:50:a8:fc:55:66:91:ed:9d:6d + 9e:e2:78:cf:ac:49:6d:5c:4d:05:0a:52:13:de:b4:68 + bd:51:7d:df:6a:3c:ee:fc:2b:ea:ae:31:e9:2a:55:f8 + ca:42:a0:e3:c6:65:c9:99:22:e4:4e:6c:5e:f9:6f:88 + dc:fa:9a:6e:dd:98:24:99:f9:2a:dc:28:b0:ae:20:4f + 40:63:d3:2d:34:d9:da:f0:5e:79:6d:fa:83:31:3a:90 + ea:2c:31:3c:22:62:42:9c:8f:a0:93:b4:df:da:7d:d4 + e4:32:7f:fd:e8:68:54:9b:82:8f:ac:36:7f:03:dd:b5 + 75:39:e1:be:0c:9b:45:a4:2a:d9:aa:04:42:10:79:85 + 16:74:8e:42:cf:42:5c:62:51:36:1d:06:1d:f6:e5:0c + d2:00:27:8c:26:54:cd:b0:8c:54:74:6e:f5:0c:12:60 + af Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE - Subject Alternative Name (not critical): - DNSname: imposter.example Key Purpose (not critical): - TLS WWW Server. + OCSP signing. Key Usage (critical): Digital signature. - Key encipherment. Subject Key Identifier (not critical): - c89c1458e9eae32e143f8cb0a69beff5c3bdbe28 + 99c8f66014188ab78b1c590933ee2afb323102c3 Authority Key Identifier (not critical): - 975858cb45e98c3160b8e8100b93c90dcfd652f6 + bfaf3cc4efc7de6b428e3f4ebc4d468bd4c4c06b Other Information: Public Key ID: - sha1:c89c1458e9eae32e143f8cb0a69beff5c3bdbe28 - sha256:1ce0e1eb3cf8e6eedfd3f95fa8cc498af982c82c9ddced97913dfbce706334e4 + sha1:99c8f66014188ab78b1c590933ee2afb323102c3 + sha256:cb8cf921dbad5f461ba42ff27a4dd659d9b46d1f461290d9a689fe4ef054415e Public Key PIN: - pin-sha256:HODh6zz45u7f0/lfqMxJivmCyCyd3O2XkT37znBjNOQ= + pin-sha256:y4z5IdutX0YbpC/yek3WWdm0bR9GEpDZpon+TvBUQV4= Signing certificate... +certtool --outfile client/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request client/cert-request --template client.template +Generating a signed certificate... X.509 Certificate Information: Version: 3 - Serial Number (hex): 22fff0d9 + Serial Number (hex): 03 Validity: - Not Before: Tue Dec 07 13:44:40 UTC 2021 - Not After: Wed Dec 07 13:44:40 UTC 2022 - Subject: CN=localhost + Not Before: Mon Jan 09 20:09:39 UTC 2023 + Not After: Tue Jan 09 20:09:39 UTC 2024 + Subject: CN=Test User Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): - 00:eb:f0:46:46:2f:5a:d3:4e:cf:e4:f3:f6:bc:d3:3e - 52:03:26:9b:b7:ae:fc:de:98:63:23:2e:0c:45:86:ee - 8e:9d:2f:46:c7:4c:1e:ee:83:9a:31:90:43:80:e7:18 - 5b:af:6d:05:a4:68:32:2a:0f:6a:b4:5d:c2:80:cb:5b - 30:0a:c9:2f:c7:c5:6a:53:aa:e1:34:f3:62:5e:17:eb - 85:b7:40:b7:6f:e1:1c:de:8e:26:ef:de:db:d0:b5:41 - 50:fb:c9:76:a2:1a:a6:75:9f:9c:90:35:77:f4:07:f8 - 42:ac:2d:41:64:10:10:39:51:54:f5:06:4c:c8:20:bd - 88:16:e0:dc:f6:8a:34:09:0b:33:09:a9:37:90:44:18 - 07:7b:86:65:32:00:8e:bc:7c:1a:67:87:27:ff:04:ec - ba:64:fc:88:9e:c7:8d:cc:93:75:bf:c0:06:0e:d3:f6 - 3b:3a:76:a8:5d:a7:64:73:4b:5f:d6:0b:0a:3d:48:18 - 9b:3b:7a:d0:29:f0:b4:4f:e9:99:48:df:4d:e1:6b:d9 - f4:a6:d3:b5:fd:6f:21:b1:38:f0:d1:96:00:3a:80:52 - f1:b6:c9:50:f5:d0:3f:c6:75:13:6e:f0:b1:1d:b3:61 - f4:3c:8d:ac:17:47:5a:6b:15:bb:d5:1d:53:77:bb:c6 - 4e:a2:5d:32:79:65:7c:9f:8c:42:5c:b7:ed:d4:f7:bb - 16:06:6f:25:bc:e0:29:31:9f:1d:60:b1:28:fd:38:60 - c3:06:ce:1a:2e:a2:b1:c5:4a:1b:20:31:37:42:60:e9 - 70:b3:27:c3:c8:78:d8:a4:cf:03:a4:5e:79:49:20:ff - 81:75:5f:81:c3:83:55:8d:fa:98:d3:a5:57:8e:f4:50 - 5d:8a:89:6f:8b:88:8f:c7:0e:8a:c6:36:ef:fd:76:45 - 4f:d3:85:7b:f0:89:77:17:25:31:61:20:0a:ee:e6:6d - 50:fa:8f:62:b7:28:0a:6b:05:38:48:80:67:ec:f9:f6 - 29 + 00:ce:31:57:9e:6a:d4:ae:88:cd:7b:f7:70:99:bb:6e + 45:6f:5e:45:92:00:93:93:86:85:10:90:1f:e3:b3:2e + f0:08:a8:82:d8:9d:d3:46:dd:68:7a:83:70:c4:76:26 + 5b:f4:26:db:58:ea:41:df:a8:85:9e:ab:67:0f:9c:2d + 5f:8f:99:1d:04:7d:1d:ac:99:84:aa:5e:b2:28:48:a6 + d5:44:79:1d:04:3b:21:1c:27:68:4d:5b:12:2d:ac:a9 + 92:83:bc:ab:46:61:ae:7b:9a:10:3c:d2:50:11:1a:c6 + 17:f4:1c:08:cf:22:42:28:de:ee:3f:fb:9b:1c:81:9c + 93:30:67:05:38:71:d6:5c:93:89:57:af:d3:5e:35:28 + 8f:0a:18:24:fb:26:31:63:e7:f7:52:b8:b2:bd:31:0f + 6c:b5:82:c7:88:78:d9:2f:eb:bc:a6:dc:5e:2d:4d:68 + 0a:4c:57:37:18:2a:96:dc:21:c6:68:5c:2a:0b:b9:ad + 6c:7d:ef:81:fc:31:e3:25:20:44:0d:2b:7f:a5:41:70 + 21:d5:55:df:48:32:4b:5d:81:c1:39:05:ab:34:03:26 + 36:de:12:4a:17:60:07:3b:fc:cf:58:27:a5:4b:b4:71 + 09:3f:df:5e:66:9a:cd:82:6f:ad:fd:59:0a:85:42:63 + 34:9c:61:d0:82:8a:bd:88:33:55:6e:48:f1:a5:72:cb + b0:fd:8b:b0:d8:8b:c1:87:47:84:11:b3:cf:bb:00:1c + c8:e9:4b:50:d3:c7:7b:f9:9d:ef:72:54:97:fe:f1:7a + 6a:b9:eb:b6:e2:17:75:e9:5d:8f:bc:53:14:db:e3:5e + 04:99:f1:de:8e:5d:e6:7c:68:df:d7:8f:ee:41:4e:a0 + 0c:17:1e:16:59:fb:0c:5a:c2:30:db:99:af:96:f9:1d + 23:68:8a:06:b8:ba:b4:60:28:2c:ac:a4:90:e1:58:32 + 8f:ae:4d:67:44:ba:d9:d4:4e:ca:d4:81:52:2c:48:b2 + f3 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE - Subject Alternative Name (not critical): - DNSname: localhost - IPAddress: ::1 - IPAddress: 127.0.0.1 Key Purpose (not critical): - TLS WWW Server. - Authority Information Access (not critical): - Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) - Access Location URI: http://localhost:9936/ocsp/ + TLS WWW Client. + Subject Alternative Name (not critical): + RFC822Name: test0@modgnutls.test Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): - 4133e25d60e4c276701ed67d9fc39a38a7481827 + 289cbd274f0c88de869c61283d1b3628ec26c372 Authority Key Identifier (not critical): - 975858cb45e98c3160b8e8100b93c90dcfd652f6 + bfaf3cc4efc7de6b428e3f4ebc4d468bd4c4c06b Other Information: Public Key ID: - sha1:4133e25d60e4c276701ed67d9fc39a38a7481827 - sha256:27ca0e949185c380d1e49eeace937e4e325e760160f9d21495227663df79f753 + sha1:289cbd274f0c88de869c61283d1b3628ec26c372 + sha256:10bc9dcc05b5d5439e55caef0065d6381125a8ddfff891dd328ea59e96bb14f5 Public Key PIN: - pin-sha256:J8oOlJGFw4DR5J7qzpN+TjJedgFg+dIUlSJ2Y99591M= + pin-sha256:ELydzAW11UOeVcrvAGXWOBElqN3/+JHdMo6lnpa7FPU= Signing certificate... -certtool --generate-crl \ - --outfile server/crl.pem \ - --load-ca-privkey authority/secret.key \ - --load-ca-certificate authority/x509.pem \ - --load-certificate server/x509.pem \ - --template "./server-crl.template" -cat server/x509.pem authority/x509.pem > server/x509-chain.pem -rm -rf server/softhsm2.db -mkdir -p server/softhsm2.db -Generating a signed CRL... - -SOFTHSM="/usr/bin/softhsm2-util" \ -SOFTHSM2_CONF="server/softhsm2.conf" \ -./softhsm.bash init server/secret.key server/x509.pem -checking /usr/lib64/pkcs11/libsofthsm2.so ... -checking /usr/lib/softhsm/libsofthsm2.so ... -found! -X.509 Certificate Revocation List Information: - Version: 2 - Issuer: CN=Testing Authority - Update dates: - Issued: Tue Dec 07 13:44:40 UTC 2021 - Next at: Thu Dec 09 13:44:40 UTC 2021 - Extensions: - Authority Key Identifier (not critical): - 975858cb45e98c3160b8e8100b93c90dcfd652f6 - CRL Number (not critical): 01 - Revoked certificates (1): - Serial Number (hex): 22fff0d9 - Revoked at: Tue Dec 07 13:44:40 UTC 2021 - Signature Algorithm: RSA-SHA256 - Signature: - 01:e8:15:53:7c:52:a0:39:a3:e8:cc:22:86:29:4d:c4 - 74:46:7d:a1:22:8d:23:5c:84:c4:b1:54:74:5a:fd:7a - bc:3e:61:48:92:89:e6:0b:4d:86:0e:34:d7:09:fc:be - f8:51:0e:09:1c:74:2b:32:f0:80:ee:52:96:1a:e9:e3 - 37:c0:ce:44:a2:19:de:7c:c1:51:d8:00:0c:93:19:dd - be:4a:8f:17:5e:50:20:4b:87:15:a0:c5:52:cb:84:ca - ae:0d:a1:51:cd:ef:28:2e:d6:b9:9f:d1:64:d7:0c:2c - b7:1f:33:fe:08:21:7a:a6:96:c4:2a:f7:84:b1:61:88 - 89:66:9b:31:d0:21:eb:6b:36:a1:63:50:55:24:a2:b4 - d1:36:4c:32:bb:28:23:e2:ee:aa:bc:2c:15:f3:2b:9d - 90:4c:b6:88:75:1c:2d:84:c6:30:08:b9:3e:e1:ea:ac - d4:52:75:f8:54:d0:70:08:a3:de:e3:11:9a:01:85:10 - 89:ca:0b:48:60:7b:ec:5b:d1:1c:aa:a5:09:45:9c:c6 - 9d:27:57:36:48:b9:50:f7:b4:4c:bb:37:57:31:61:81 - 99:56:10:dd:5c:c1:42:b3:73:71:82:87:52:37:62:91 - ec:a5:fc:d5:5f:2a:c6:31:0b:a2:7c:f1:eb:e5:a4:a7 - ec:c4:05:87:a7:c8:f8:87:48:42:16:95:57:fe:67:74 - 55:1e:f0:a2:b0:37:a8:d5:e8:1a:4d:59:12:4b:07:b5 - 69:c9:3a:0a:b9:43:c9:03:3a:17:6f:76:bc:ba:72:4e - 62:bd:c7:96:72:6f:09:84:50:5f:f0:5d:7a:0c:62:49 - 57:0a:e0:de:62:4a:cc:8b:10:22:78:73:35:09:e4:e7 - d4:c4:74:02:51:ba:00:3b:e1:fc:0f:12:2e:47:b2:65 - cb:d9:ea:44:52:ae:7c:a6:7a:81:4e:6c:fa:88:21:3d - ba:e1:9e:82:1e:bd:56:17:69:8f:29:91:38:f0:3e:3f - -The token has been initialized and is reassigned to slot 735487002 -note: will re-use ID 4133e25d60e4c276701ed67d9fc39a38a7481827 from corresponding private key -(printf -- '-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: test\n\n' && \ -base64 < authority/secret.pgp.raw && \ -printf -- '=' && \ -./pgpcrc < authority/secret.pgp.raw | base64 && \ -printf -- '-----END PGP PRIVATE KEY BLOCK-----\n' ) > authority/secret.pgp -rm -f authority/pubring.gpg authority/secring.gpg authority/trustdb.gpg authority/pubring.kbx authority/private-keys-v1.d/*.key -make[5]: 'authority/secret.pgp' is up to date. -GNUPGHOME=authority/ gpg --import authority/secret.pgp -gpg: keybox '/build/mod-gnutls-0.9.0/test/authority/pubring.kbx' created -gpg: /build/mod-gnutls-0.9.0/test/authority/trustdb.gpg: trustdb created -gpg: key 4DF360FBF91921C5: public key "Testing Authority" imported -gpg: key 4DF360FBF91921C5: secret key imported -gpg: Total number processed: 1 -gpg: imported: 1 -gpg: secret keys read: 1 -gpg: secret keys imported: 1 -printf "%s:6:\n" "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=authority/ gpg --import-ownertrust -gpg: inserting ownertrust of 6 -printf "default-key %s\n" "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > authority/gpg.conf -gpg: checking the trustdb -gpg: marginals needed: 3 completes needed: 1 trust model: pgp -gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u -if test -r authority/minimal.pgp; then rm authority/minimal.pgp; fi -GNUPGHOME=authority/ gpg --output authority/minimal.pgp --armor --export "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" -if test -r authority/cert.pgp; then rm authority/cert.pgp; fi -GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --import authority/minimal.pgp -gpg: key 4DF360FBF91921C5: "Testing Authority" not changed -gpg: Total number processed: 1 -gpg: unchanged: 1 -flock: getting lock took 0.000005 seconds -flock: executing gpg -GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --batch --sign-key --no-tty --yes "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" -gpg: using "D58A8D5C37E43AF42C3EF8494DF360FBF91921C5" as default secret key for signing -flock: getting lock took 0.000005 seconds -flock: executing gpg -GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --output authority/cert.pgp --armor --export "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" -flock: getting lock took 0.000004 seconds -flock: executing gpg -certtool --outfile rogueclient/cert-request --generate-request --load-privkey rogueclient/secret.key --template rogueclient.template -make[5]: 'rogueclient/secret.key' is up to date. +certtool --outfile imposter/cert-request --generate-request --load-privkey imposter/secret.key --template imposter.template +make[5]: 'imposter/secret.key' is up to date. Generating a PKCS #10 certificate request... -certtool --outfile rogueclient/x509.pem --generate-certificate --load-ca-certificate rogueca/x509.pem --load-ca-privkey rogueca/secret.key --load-request rogueclient/cert-request --template rogueclient.template +certtool --outfile imposter/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request imposter/cert-request --template imposter.template Generating a signed certificate... X.509 Certificate Information: Version: 3 - Serial Number (hex): 03 + Serial Number (hex): 04 Validity: - Not Before: Tue Dec 07 13:44:40 UTC 2021 - Not After: Wed Dec 07 13:44:40 UTC 2022 - Subject: CN=Test User + Not Before: Mon Jan 09 20:09:39 UTC 2023 + Not After: Tue Jan 09 20:09:39 UTC 2024 + Subject: CN=imposter.example Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): - 00:ba:ae:70:fe:52:a1:13:c4:11:32:80:6f:aa:12:60 - da:2f:f7:b1:56:f2:81:09:d7:82:1a:97:94:ce:11:8f - 2e:9c:9d:00:ca:e2:2d:e1:d5:0a:97:89:37:7a:61:c0 - b1:7e:fb:70:4e:d4:b6:b3:1c:19:5f:ec:8e:b0:a3:42 - 43:4d:26:22:c7:51:fc:61:00:95:73:20:8f:cc:93:ec - 7f:ba:56:4a:de:9a:96:f9:37:3e:e4:b7:88:dd:17:0f - 5e:c8:89:bf:7e:9b:fd:8f:65:fb:b1:30:95:82:ad:bc - d7:3c:0a:25:20:b7:05:45:5e:60:ca:b1:78:1b:4a:a8 - d3:2c:b2:12:4f:85:87:ab:c2:2c:80:e7:61:4f:57:48 - 8f:74:e3:bc:3a:b4:e6:d4:76:58:b6:aa:9a:c6:f5:53 - 7f:00:32:06:89:d3:35:fb:73:40:de:8f:fd:5b:d5:30 - 06:d0:d9:1b:ea:24:39:6a:61:95:35:10:5d:ab:0c:61 - d5:d4:f2:41:21:c5:43:d1:8e:8a:5b:db:05:67:18:6b - 3a:8b:cf:67:e0:58:36:80:6d:8a:fc:1e:80:bc:cf:02 - ef:8b:55:c9:41:d1:70:90:48:d5:2d:dd:01:c0:dc:63 - 85:4b:00:9c:48:b9:b9:2f:3f:ea:bb:f7:5f:a7:6d:d6 - 65:7e:b3:f1:7f:d9:94:b0:96:ea:d0:4a:81:36:cd:c1 - 2e:e0:17:1a:86:40:56:2a:89:c1:13:24:aa:c1:be:61 - be:69:67:95:00:42:40:f5:af:91:b9:16:3f:3b:6b:4e - 25:c3:fa:36:25:67:93:1f:9b:11:c4:f5:3e:cd:ab:14 - 7a:e7:49:80:51:4c:de:5b:00:df:99:c5:5a:93:b4:06 - 3b:23:d0:95:c3:ec:f5:4b:04:6d:35:cb:39:47:f5:f0 - 10:fb:e3:db:67:30:99:c5:45:21:01:20:04:96:64:2d - a8:7b:32:94:2d:12:61:7d:da:44:ad:f2:c7:4f:db:5d - b7 + 00:cb:79:9c:7a:37:cd:c1:32:3a:3b:81:67:d3:be:c3 + 78:04:e0:79:c2:5d:68:90:88:39:2a:81:ca:de:8d:b7 + 43:62:f4:e3:f3:a5:79:e0:c6:60:94:8a:9c:2d:e7:df + e9:ff:f6:63:4f:87:b8:40:ca:fa:9a:4e:2b:93:07:eb + a3:1a:12:eb:a3:56:a3:89:eb:8c:5a:9f:7c:dc:21:53 + bb:33:84:54:50:3b:91:55:7e:93:70:09:52:71:eb:c7 + 33:90:f6:c8:51:bd:f1:ce:c8:71:a3:7d:3f:31:4f:d6 + 86:bb:24:4e:f3:d0:a2:82:76:17:4e:02:e1:e4:64:45 + 9d:1c:00:da:2c:1d:d7:03:42:38:12:ee:73:3c:14:a4 + 05:de:91:6d:f7:ee:90:43:85:15:e5:06:43:2c:f7:12 + b2:9e:d1:6c:0d:a7:bc:0e:a0:07:e0:43:f5:a8:95:c7 + 7a:ad:27:5d:5d:74:30:57:35:23:a6:ab:3a:48:24:b9 + 82:ed:5e:be:cb:03:b9:1e:19:6f:0d:68:3f:28:ef:98 + 58:3e:21:fa:cd:d2:9a:bc:fc:88:38:47:ac:be:63:bd + c5:d6:1a:9b:92:34:33:6a:a1:e2:30:a8:1a:d4:ee:75 + ca:4a:26:37:10:00:48:33:4b:4e:28:23:e2:a1:34:6e + 89:2c:b5:2e:5c:49:fa:9c:ba:58:b2:fe:63:66:ab:91 + b5:33:7b:30:65:33:d7:07:a4:44:71:26:b4:ab:3e:6c + 70:e9:26:31:07:90:2a:80:c6:67:5d:d5:89:3c:47:ba + 44:8a:ea:7f:43:e5:2e:ba:65:bb:aa:4d:88:d2:de:4f + 14:ad:13:3b:49:b3:c9:91:26:73:60:40:e6:0f:1b:85 + 42:98:36:07:74:e8:17:e3:7c:21:6d:e6:da:5f:79:1b + 32:53:98:78:72:32:50:0c:6f:68:12:9f:7a:6a:53:d4 + 07:3b:6c:a6:be:e4:7a:08:85:ef:98:b0:3f:1a:1e:4c + e5 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE - Key Purpose (not critical): - TLS WWW Client. Subject Alternative Name (not critical): - RFC822Name: test0@modgnutls.test + DNSname: imposter.example + Key Purpose (not critical): + TLS WWW Server. Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): - 7072b10bd8f4366b5f03bd6418552b06ac7525c2 + b092f61134ebf965f14b7b4d73560381988d0674 Authority Key Identifier (not critical): - c086846a7db62f17225362035763576e51cd29bb + bfaf3cc4efc7de6b428e3f4ebc4d468bd4c4c06b Other Information: Public Key ID: - sha1:7072b10bd8f4366b5f03bd6418552b06ac7525c2 - sha256:9020a96e305bcb06214e0945938e3299c457a7a4de9beddae7301fe80fed2bb6 + sha1:b092f61134ebf965f14b7b4d73560381988d0674 + sha256:6f1d9699f77cd66a1f08e882f4facc56131e2b4cdd45a3230b595414401c6ace Public Key PIN: - pin-sha256:kCCpbjBbywYhTglFk44ymcRXp6Tem+3a5zAf6A/tK7Y= + pin-sha256:bx2Wmfd81mofCOiC9PrMVhMeK0zdRaMjC1lUFEAcas4= Signing certificate... -certtool --outfile client/cert-request --generate-request --load-privkey client/secret.key --template client.template -make[5]: 'client/secret.key' is up to date. -PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$(cat client.uid)" < client/secret.key > client/secret.pgp.raw +certtool --outfile server/cert-request --generate-request --load-privkey server/secret.key --template server.template +make[5]: 'server/secret.key' is up to date. +echo "objectstore.backend = file" > server/softhsm2.conf +echo "directories.tokendir = server/softhsm2.db" >> server/softhsm2.conf Generating a PKCS #10 certificate request... -certtool --outfile client/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request client/cert-request --template client.template +(printf -- '-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: test\n\n' && \ +base64 < authority/secret.pgp.raw && \ +printf -- '=' && \ +./pgpcrc < authority/secret.pgp.raw | base64 && \ +printf -- '-----END PGP PRIVATE KEY BLOCK-----\n' ) > authority/secret.pgp +(printf -- '-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: test\n\n' && \ +base64 < client/secret.pgp.raw && \ +printf -- '=' && \ +./pgpcrc < client/secret.pgp.raw | base64 && \ +printf -- '-----END PGP PRIVATE KEY BLOCK-----\n' ) > client/secret.pgp +certtool --outfile server/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request server/cert-request --template server.template +rm -f authority/pubring.gpg authority/secring.gpg authority/trustdb.gpg authority/pubring.kbx authority/private-keys-v1.d/*.key +make[5]: 'authority/secret.pgp' is up to date. Generating a signed certificate... - -Expiration time: Wed Dec 7 01:44:41 2022 -CA expiration time: Wed Dec 7 01:44:40 2022 -Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 - Serial Number (hex): 03 + Serial Number (hex): 22fff0d9 Validity: - Not Before: Tue Dec 07 13:44:41 UTC 2021 - Not After: Wed Dec 07 13:44:41 UTC 2022 - Subject: CN=Test User + Not Before: Mon Jan 09 20:09:39 UTC 2023 + Not After: Tue Jan 09 20:09:39 UTC 2024 + Subject: CN=localhost Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): - 00:c3:a3:a6:15:d2:2e:c7:38:2d:c4:2d:b3:54:ae:1b - 22:9c:74:f5:ea:97:be:10:04:ce:0c:2d:b5:54:c2:11 - b8:e6:dd:4d:8c:e4:17:a4:7a:a6:9f:83:2f:4b:06:5e - d7:6c:13:18:d5:e3:a1:a4:2f:d9:d0:e5:e6:49:e3:63 - fd:79:84:02:af:df:94:8c:8e:04:ca:64:87:a8:c5:0d - 8b:04:6e:cc:6e:bb:88:b5:43:d3:04:f7:36:2d:81:f2 - 80:2e:db:46:fd:ea:d7:9f:59:e0:48:d8:9e:cf:ff:77 - 35:5a:7f:f9:71:3b:09:cc:26:4d:1b:cf:51:b2:e5:59 - b9:7d:d5:8b:3b:c0:52:0d:57:4a:ad:86:fa:dc:05:05 - 2c:ee:eb:8b:66:59:b4:f8:d5:eb:d1:ee:13:6f:7b:1e - a1:98:6e:f5:43:bd:11:27:41:4c:6f:b5:5a:08:e8:32 - ca:d5:78:2c:d4:9f:07:6d:61:9a:96:cf:e7:a2:e7:74 - 27:00:36:dd:c2:79:ea:fd:37:fc:5f:1f:59:58:51:ec - 9c:8a:56:61:9e:fa:cc:2f:d7:d2:c4:7c:32:a0:5b:69 - f0:41:eb:dc:ab:01:1e:55:1a:91:14:3c:44:93:69:98 - c8:5b:e7:7b:6b:0e:3a:12:96:8d:00:00:ec:92:ae:0f - 74:f0:41:91:ed:89:14:ca:64:3e:42:ad:4b:37:f0:a8 - 7b:c3:bc:ce:0b:63:d9:69:be:f2:59:a4:0a:7e:92:bf - 6c:ba:f8:12:9c:cf:6c:31:b7:87:e3:9b:38:e6:74:7e - 63:ec:a3:5e:e1:cf:1d:b7:51:be:15:0a:61:e0:3f:4e - 08:1e:b4:06:69:e1:a6:91:93:4e:7a:8f:0f:ad:70:9d - ba:a6:9f:a8:d4:95:f9:0c:9c:d6:62:70:02:bb:6a:85 - e9:e7:e5:30:2d:af:ab:2c:71:b7:cb:a7:c7:53:2b:95 - 7a:eb:46:00:2d:ed:d7:df:31:80:b1:17:5d:b2:cc:fb - ab + 00:cd:2b:f4:20:0f:cc:30:2b:4a:bc:18:02:d2:af:64 + 2b:d5:a7:be:30:fd:f5:9f:e9:b5:72:47:91:6c:71:f9 + 72:13:8c:f0:a7:28:5d:d5:e8:a3:59:74:46:cf:dd:a8 + d2:c0:5b:32:52:d8:64:0e:24:fe:16:96:6e:ff:bd:65 + c6:0d:10:fc:b3:48:3a:5e:a5:40:d2:33:15:55:8b:d8 + ef:25:29:c2:24:db:9e:61:7e:94:e2:2e:c6:31:a8:f5 + d1:38:4f:ec:2a:f9:e1:6e:79:fe:24:b3:54:4b:69:80 + 40:d2:69:7b:b8:35:49:ba:7f:28:fc:9e:5c:cd:f7:43 + 9c:97:8e:94:f9:ad:df:d7:d6:56:be:b0:35:29:dc:ef + 8d:69:6e:f1:42:1b:43:0b:12:8c:42:76:ac:3a:ac:22 + 47:c7:23:eb:3e:0e:07:5a:d7:95:e3:70:4d:43:a8:9d + 53:22:8a:73:b0:b9:84:12:7a:a7:43:8d:73:62:61:54 + 4d:59:00:ca:33:fd:37:20:fe:af:ab:c0:1a:18:e0:91 + d3:31:c5:45:cb:f5:b6:55:2b:3f:83:8d:eb:7a:c3:97 + 94:55:99:52:ae:14:02:33:7c:8b:73:65:e1:d2:dd:b3 + 15:b8:f5:08:7e:64:67:5c:c2:08:48:9f:b0:c8:da:01 + e1:76:6e:4d:f7:3c:de:1e:15:c5:2a:28:b7:5f:9a:df + a4:9e:ee:63:c9:54:62:d9:18:9f:43:8c:3d:8f:d2:ad + a8:15:03:3b:76:82:6a:3c:f4:9c:54:4b:e8:0f:80:25 + 85:66:91:8b:b3:6a:7c:30:5b:f5:07:33:29:46:94:6a + e1:bb:0e:b4:d6:a6:3b:17:15:15:a4:41:03:87:4d:16 + b3:c9:e9:1b:03:3d:2c:ba:8b:63:c2:c8:f3:73:e4:7e + ce:c8:1b:02:c5:27:6b:92:5b:70:53:60:f6:5e:eb:c4 + 35:82:69:e3:00:39:07:c9:84:6d:f9:f1:48:08:c2:3e + 9f Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE - Key Purpose (not critical): - TLS WWW Client. Subject Alternative Name (not critical): - RFC822Name: test0@modgnutls.test + DNSname: localhost + IPAddress: ::1 + IPAddress: 127.0.0.1 + Key Purpose (not critical): + TLS WWW Server. + Authority Information Access (not critical): + Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) + Access Location URI: http://localhost:9936/ocsp/ Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): - 6da653c3b42e40b8e845de7adf4522fbeb9cfee7 + cbf655e82f583efe8dd49a202a224df042f40add Authority Key Identifier (not critical): - 975858cb45e98c3160b8e8100b93c90dcfd652f6 + bfaf3cc4efc7de6b428e3f4ebc4d468bd4c4c06b Other Information: Public Key ID: - sha1:6da653c3b42e40b8e845de7adf4522fbeb9cfee7 - sha256:5bc46fcdbb654d44285d1dca3bbc2042671c949d22e0220dbfadebaf32d77410 + sha1:cbf655e82f583efe8dd49a202a224df042f40add + sha256:d453b6a6ba24d2944f33e9a0f89bd284f4228da2d8a74674281b5b56207242fb Public Key PIN: - pin-sha256:W8RvzbtlTUQoXR3KO7wgQmcclJ0i4CINv63rrzLXdBA= + pin-sha256:1FO2prok0pRPM+mg+JvShPQijaLYp0Z0KBtbViByQvs= Signing certificate... -(printf -- '-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: test\n\n' && \ -base64 < client/secret.pgp.raw && \ -printf -- '=' && \ -./pgpcrc < client/secret.pgp.raw | base64 && \ -printf -- '-----END PGP PRIVATE KEY BLOCK-----\n' ) > client/secret.pgp +GNUPGHOME=authority/ gpg --import authority/secret.pgp rm -f client/pubring.gpg client/secring.gpg client/trustdb.gpg client/pubring.kbx client/private-keys-v1.d/*.key make[5]: 'client/secret.pgp' is up to date. +gpg: keybox '/build/mod-gnutls-0.9.0/test/authority/pubring.kbx' created GNUPGHOME=client/ gpg --import client/secret.pgp +gpg: /build/mod-gnutls-0.9.0/test/authority/trustdb.gpg: trustdb created +gpg: key 844BDA7974E555CD: public key "Testing Authority" imported gpg: keybox '/build/mod-gnutls-0.9.0/test/client/pubring.kbx' created gpg: /build/mod-gnutls-0.9.0/test/client/trustdb.gpg: trustdb created -gpg: key FA3AA08F33E23F9C: public key "Test User " imported -gpg: key FA3AA08F33E23F9C: secret key imported +gpg: key B049C205A8D70D43: public key "Test User " imported +gpg: key 844BDA7974E555CD: secret key imported +gpg: Total number processed: 1 +gpg: imported: 1 +gpg: secret keys read: 1 +gpg: secret keys imported: 1 +printf "%s:6:\n" "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=authority/ gpg --import-ownertrust +certtool --generate-crl \ + --outfile server/crl.pem \ + --load-ca-privkey authority/secret.key \ + --load-ca-certificate authority/x509.pem \ + --load-certificate server/x509.pem \ + --template "./server-crl.template" +./gen_ocsp_index server/x509.pem client/x509.pem > authority/ocsp_index.txt +cat server/x509.pem authority/x509.pem > server/x509-chain.pem +gpg: key B049C205A8D70D43: secret key imported gpg: Total number processed: 1 gpg: imported: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 +rm -rf server/softhsm2.db printf "%s:6:\n" "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=client/ gpg --import-ownertrust -gpg: inserting ownertrust of 6 +mkdir -p server/softhsm2.db +SOFTHSM="/usr/bin/softhsm2-util" \ +SOFTHSM2_CONF="server/softhsm2.conf" \ +./softhsm.bash init server/secret.key server/x509.pem +Generating a signed CRL... + +checking /usr/lib64/pkcs11/libsofthsm2.so ... +checking /usr/lib/softhsm/libsofthsm2.so ... +found! +gpg: inserting ownertrust of 6gpg: inserting ownertrust of 6 + printf "default-key %s\n" "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > client/gpg.conf +printf "default-key %s\n" "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > authority/gpg.conf gpg: checking the trustdb +X.509 Certificate Revocation List Information: + Version: 2 + Issuer: CN=Testing Authority + Update dates: + Issued: Mon Jan 09 20:09:39 UTC 2023 + Next at: Wed Jan 11 20:09:39 UTC 2023 + Extensions: + Authority Key Identifier (not critical): + bfaf3cc4efc7de6b428e3f4ebc4d468bd4c4c06b + CRL Number (not critical): 01 + Revoked certificates (1): + Serial Number (hex): 22fff0d9 + Revoked at: Mon Jan 09 20:09:39 UTC 2023 + Signature Algorithm: RSA-SHA256 + Signature: + a0:15:b9:ea:36:01:d0:c9:8b:f0:e0:fe:44:28:ff:bf + b5:00:94:d5:d5:35:43:34:7f:7f:51:b7:be:3b:1e:ec + b8:c0:83:64:d4:2e:5e:68:08:7f:a0:44:6f:2f:e3:a2 + ea:29:e4:30:da:92:e0:50:88:be:67:98:8f:67:e2:36 + 07:44:09:c6:91:b9:2c:97:7c:81:ef:4d:7a:97:f2:53 + ad:43:b4:d9:d6:8b:82:15:ac:aa:f1:e7:2f:14:3d:e6 + 49:37:47:57:30:29:06:75:58:84:ae:15:c1:c2:a6:a7 + c2:22:38:6a:c0:50:c0:13:62:b4:3b:81:85:b8:fb:8e + cf:d7:9d:d3:30:37:63:e8:f9:8b:fe:40:79:ad:83:52 + a2:e8:d9:08:d4:31:86:25:40:53:bc:ec:7a:8d:33:ac + 5b:dc:28:0d:59:88:a6:bb:ca:38:ae:68:81:02:11:72 + d0:63:bb:25:6b:95:6d:d0:a8:53:a1:a3:bb:b0:4c:9f + 60:c2:b9:6b:25:95:22:30:c6:45:bf:82:f8:aa:f9:a4 + 51:34:99:0f:b9:8b:c9:72:60:c0:0f:1d:ec:88:6f:1b + c9:6c:3d:30:05:bf:c7:86:93:df:a3:a8:01:25:a1:1f + 99:1d:3b:7e:ef:a6:6f:7d:da:27:d8:37:c9:44:11:a0 + d0:d2:d2:87:1b:75:dc:9d:21:4b:bd:f7:0c:88:d7:f0 + 0c:61:e1:4a:98:54:d2:b5:ef:aa:1a:05:bd:3e:f9:66 + b3:f9:67:14:42:8c:9d:38:f0:64:74:4d:4d:6a:d0:a4 + b9:83:5f:6e:7f:08:7c:06:5d:00:46:38:00:50:45:79 + ea:03:08:05:14:ec:64:94:66:8a:38:47:6c:ea:4a:e4 + 49:4b:c1:27:62:18:05:a3:9d:98:9b:36:86:d8:0a:81 + e5:17:5f:63:61:9e:9a:bf:30:73:a8:e0:36:46:ee:40 + 5a:6d:62:51:0c:e0:9b:66:77:9a:bf:ef:c6:bf:0d:0e + gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u +gpg: checking the trustdb +gpg: marginals needed: 3 completes needed: 1 trust model: pgp +gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u +The token has been initialized and is reassigned to slot 1688023274 if test -r client/minimal.pgp; then rm client/minimal.pgp; fi GNUPGHOME=client/ gpg --output client/minimal.pgp --armor --export "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" +if test -r authority/minimal.pgp; then rm authority/minimal.pgp; fi +GNUPGHOME=authority/ gpg --output authority/minimal.pgp --armor --export "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" +if test -r authority/cert.pgp; then rm authority/cert.pgp; fi if test -r client/cert.pgp; then rm client/cert.pgp; fi +GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --import authority/minimal.pgp GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --import client/minimal.pgp -gpg: key FA3AA08F33E23F9C: public key "Test User " imported +gpg: key B049C205A8D70D43: public key "Test User " imported gpg: Total number processed: 1 gpg: imported: 1 -flock: getting lock took 0.000005 seconds +flock: getting lock took 0.000004 seconds flock: executing gpg GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --batch --sign-key --no-tty --yes "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" -gpg: using "D58A8D5C37E43AF42C3EF8494DF360FBF91921C5" as default secret key for signing +gpg: key 844BDA7974E555CD: "Testing Authority" not changed +gpg: Total number processed: 1 +gpg: unchanged: 1 +flock: getting lock took 0.005800 seconds +flock: executing gpg +GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --batch --sign-key --no-tty --yes "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" +gpg: using "AA9CEA6EB23D50B281A569A6844BDA7974E555CD" as default secret key for signing +note: will re-use ID cbf655e82f583efe8dd49a202a224df042f40add from corresponding private key flock: getting lock took 0.000004 seconds flock: executing gpg GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --output client/cert.pgp --armor --export "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" +gpg: checking the trustdb +gpg: marginals needed: 3 completes needed: 1 trust model: pgp +gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u +gpg: depth: 1 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u +gpg: using "AA9CEA6EB23D50B281A569A6844BDA7974E555CD" as default secret key for signing +flock: getting lock took 0.029313 seconds +flock: executing gpg +GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --output authority/cert.pgp --armor --export "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" flock: getting lock took 0.000004 seconds flock: executing gpg mkdir -p -m 0700 msva.gnupghome/ GNUPGHOME=msva.gnupghome/ gpg --import < authority/minimal.pgp gpg: keybox '/build/mod-gnutls-0.9.0/test/msva.gnupghome/pubring.kbx' created gpg: /build/mod-gnutls-0.9.0/test/msva.gnupghome/trustdb.gpg: trustdb created -gpg: key 4DF360FBF91921C5: public key "Testing Authority" imported +gpg: key 844BDA7974E555CD: public key "Testing Authority" imported gpg: Total number processed: 1 gpg: imported: 1 +flock: getting lock took 0.000004 seconds +flock: executing gpg printf "%s:6:\n" "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=msva.gnupghome/ gpg --import-ownertrust -certtool --outfile ocsp-responder/cert-request --generate-request --load-privkey ocsp-responder/secret.key --template ocsp-responder.template -make[5]: 'ocsp-responder/secret.key' is up to date. -gpg: checking the trustdb -gpg: marginals needed: 3 completes needed: 1 trust model: pgp -gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u -gpg: depth: 1 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u gpg: inserting ownertrust of 6 -Generating a PKCS #10 certificate request... GNUPGHOME=msva.gnupghome/ gpg --import < client/cert.pgp -gpg: key FA3AA08F33E23F9C: public key "Test User " imported +gpg: key B049C205A8D70D43: public key "Test User " imported gpg: Total number processed: 1 gpg: imported: 1 gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u printf "keyserver does-not-exist.example\n" > msva.gnupghome/gpg.conf -certtool --outfile ocsp-responder/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request ocsp-responder/cert-request --template ocsp-responder.template -Generating a signed certificate... - -Expiration time: Wed Dec 7 01:44:41 2022 -CA expiration time: Wed Dec 7 01:44:40 2022 -Warning: The time set exceeds the CA's expiration time -X.509 Certificate Information: - Version: 3 - Serial Number (hex): 129f3ebf75791ecd92bdb643ee76d19964481ff9 - Validity: - Not Before: Tue Dec 07 13:44:41 UTC 2021 - Not After: Wed Dec 07 13:44:41 UTC 2022 - Subject: CN=Testing Authority OCSP Responder - Subject Public Key Algorithm: RSA - Algorithm Security Level: High (3072 bits) - Modulus (bits 3072): - 00:a1:71:5f:fb:27:27:98:03:e2:b4:a3:dd:c8:de:5c - e2:89:11:5a:26:47:b9:3d:93:d8:36:ac:22:5c:3c:61 - b1:b0:aa:de:f4:94:46:e1:f0:22:35:4a:cb:ee:87:b7 - ec:8e:9b:eb:30:0b:3c:23:5f:60:2f:74:ec:61:e2:5b - ef:23:7d:f6:9f:8d:90:a6:85:58:16:f0:0b:af:7c:13 - 30:a7:21:e2:db:cf:02:05:59:af:72:39:28:ac:5a:ce - 41:05:ab:4e:d0:05:f9:60:46:4c:44:a2:a3:cd:7b:47 - 26:44:f7:7e:bd:73:d2:b7:10:ab:65:d0:3f:2e:6e:e2 - 96:72:8c:a9:bb:64:34:f4:9f:46:c7:a4:74:fa:c7:07 - 97:df:72:6b:a2:83:9a:64:22:48:27:61:11:34:4d:7f - d9:4d:a6:df:bb:8b:15:59:86:ab:48:e5:b1:17:93:46 - eb:74:d0:e6:6b:c8:55:2b:47:e4:3d:8c:61:6b:dd:de - d5:9e:7a:84:ea:8e:cb:ad:09:4d:df:c2:96:e2:67:7d - ac:fd:94:9c:fd:54:52:09:a9:46:c0:91:27:ea:d9:0d - 28:e6:9d:06:ba:6c:50:ea:c7:d5:39:c1:1a:df:d1:9f - cb:41:4b:c0:62:c4:d0:92:1b:42:ad:95:90:79:cb:78 - b8:2d:8c:33:a7:ea:dd:4e:7c:b6:6d:25:70:29:c7:29 - 7a:93:b4:54:fc:89:72:99:6e:e1:92:db:a9:fd:9f:c9 - 57:da:2e:e0:25:e8:11:aa:95:f4:b5:d2:48:92:7e:e8 - ab:07:ed:ef:84:04:a6:87:e5:79:59:b7:ab:0b:c6:9f - cb:dd:8a:12:5d:fd:66:4d:2a:4a:a7:30:2d:1a:35:9f - 10:22:b8:83:7b:1d:71:e6:8d:8f:0e:b4:e9:f7:be:2b - ab:3a:b2:00:89:b8:e0:90:03:07:90:3b:eb:64:c1:b7 - 46:e8:7c:0e:df:7a:b4:ae:ae:0c:ad:db:2a:d5:97:11 - 6f - Exponent (bits 24): - 01:00:01 - Extensions: - Basic Constraints (critical): - Certificate Authority (CA): FALSE - Key Purpose (not critical): - OCSP signing. - Key Usage (critical): - Digital signature. - Subject Key Identifier (not critical): - c5400e29b4bec1b367345637b0fad40a052913f2 - Authority Key Identifier (not critical): - 975858cb45e98c3160b8e8100b93c90dcfd652f6 -Other Information: - Public Key ID: - sha1:c5400e29b4bec1b367345637b0fad40a052913f2 - sha256:d0f73bf8160e97905cee43e3b426c806b191348b2ab294b94115b7ae2d147d3f - Public Key PIN: - pin-sha256:0Pc7+BYOl5Bc7kPjtCbIBrGRNIsqspS5QRW3ri0UfT8= - - - -Signing certificate... -./gen_ocsp_index server/x509.pem client/x509.pem > authority/ocsp_index.txt rm authority/secret.pgp.raw client/secret.pgp.raw ocsp-responder/cert-request authority/gpg.conf imposter/cert-request client/gpg.conf client/cert-request authority.uid server/cert-request server/softhsm2.conf client/minimal.pgp rogueclient/cert-request make[5]: Leaving directory '/build/mod-gnutls-0.9.0/test' make check-TESTS check-local @@ -2155,25 +2182,25 @@ GNUPGHOME=$id/ gpgconf --kill gpg-agent || true; \ done make[6]: Entering directory '/build/mod-gnutls-0.9.0/test' -PASS: test-01_serverwide_priorities.bash -PASS: test-04_basic_nosni.bash -PASS: test-00_basic.bash -PASS: test-03_cachetimeout_in_vhost.bash PASS: test-08_verify_no_sni_fallback_to_first_vhost.bash +PASS: test-04_basic_nosni.bash +PASS: test-05_mismatched-priorities.bash PASS: test-09_verify_no_sni_fails_with_wrong_order.bash -PASS: test-02_cache_in_vhost.bash PASS: test-07_verify_sni_b.bash -PASS: test-06_verify_sni_a.bash +PASS: test-00_basic.bash +PASS: test-03_cachetimeout_in_vhost.bash +PASS: test-01_serverwide_priorities.bash PASS: test-10_basic_client_verification.bash +PASS: test-06_verify_sni_a.bash PASS: test-11_basic_client_verification_fail.bash -PASS: test-05_mismatched-priorities.bash +PASS: test-14_resume_session.bash PASS: test-13_cgi_variables_no_client_cert.bash PASS: test-12_cgi_variables.bash -PASS: test-14_resume_session.bash -PASS: test-15_basic_msva.bash +PASS: test-02_cache_in_vhost.bash PASS: test-17_cgi_vars_large_cert.bash PASS: test-18_client_verification_wrong_cert.bash PASS: test-19_TLS_reverse_proxy.bash +PASS: test-15_basic_msva.bash PASS: test-24_pkcs11_cert.bash PASS: test-25_Disable_TLS_1.0.bash PASS: test-26_redirect_HTTP_to_HTTPS.bash @@ -2233,7 +2260,7 @@ dh_strip dh_makeshlibs dh_shlibdeps -dpkg-shlibdeps: warning: debian/libapache2-mod-gnutls/usr/lib/apache2/modules/mod_gnutls.so contains an unresolvable reference to symbol apr_pool_userdata_get: it's probably a plugin +dpkg-shlibdeps: warning: debian/libapache2-mod-gnutls/usr/lib/apache2/modules/mod_gnutls.so contains an unresolvable reference to symbol ap_add_version_component: it's probably a plugin dpkg-shlibdeps: warning: 101 other similar warnings have been skipped (use -v to see them all) dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/libapache2-mod-gnutls/usr/lib/apache2/modules/mod_gnutls.so was not linked against libpthread.so.0 (it uses none of the library's symbols) dh_installdeb @@ -2251,25 +2278,27 @@ dpkg-genchanges: warning: the current version (0.9.0-1.1~deb10u1) is earlier than the previous one (0.9.0-1.1) dpkg-genchanges: info: not including original source code in upload I: copying local configuration +I: user script /srv/workspace/pbuilder/1174565/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/1174565/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem W: Stray processes left from build: -* system-pbuilder-build-mod\x2dgnutls_0.9.0\x2d1.1\x7edeb10u1-846497.slice +* system-pbuilder-build-mod\x2dgnutls_0.9.0\x2d1.1\x7edeb10u1-1174565.slice Loaded: loaded - Active: active since Tue 2021-12-07 01:43:59 -12; 1min 13s ago + Active: active since Tue 2023-01-10 10:08:28 +14; 1min 40s ago Tasks: 2 - Memory: 420.4M - CPU: 1min 8.618s - CGroup: /system.slice/system-pbuilder.slice/system-pbuilder-build.slice/system-pbuilder-build-mod\x2dgnutls_0.9.0\x2d1.1\x7edeb10u1.slice/system-pbuilder-build-mod\x2dgnutls_0.9.0\x2d1.1\x7edeb10u1-846497.slice - `-run-rf8471118b3614f6890c0bf4f4ef278bf.scope - |-852314 gpg-agent --homedir /var/lib/monkeysphere/authentication/core --use-standard-socket --daemon - `-852329 gpg-agent --homedir /var/lib/monkeysphere/authentication/sphere --use-standard-socket --daemon + Memory: 420.5M + CPU: 1min 16.390s + CGroup: /system.slice/system-pbuilder.slice/system-pbuilder-build.slice/system-pbuilder-build-mod\x2dgnutls_0.9.0\x2d1.1\x7edeb10u1.slice/system-pbuilder-build-mod\x2dgnutls_0.9.0\x2d1.1\x7edeb10u1-1174565.slice + `-run-r58c0ffcf44564aa8919263266c64250a.scope + |-1203278 gpg-agent --homedir /var/lib/monkeysphere/authentication/core --use-standard-socket --daemon + `-1203322 gpg-agent --homedir /var/lib/monkeysphere/authentication/sphere --use-standard-socket --daemon -Dec 07 01:43:59 ionos11-amd64 systemd[1]: Created slice system-pbuilder-build-mod\x2dgnutls_0.9.0\x2d1.1\x7edeb10u1-846497.slice. +Jan 10 10:08:28 ionos5-amd64 systemd[1]: Created slice system-pbuilder-build-mod\x2dgnutls_0.9.0\x2d1.1\x7edeb10u1-1174565.slice. I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/846497 and its subdirectories -I: Current time: Tue Dec 7 01:45:14 -12 2021 -I: pbuilder-time-stamp: 1638884714 +I: removing directory /srv/workspace/pbuilder/1174565 and its subdirectories +I: Current time: Tue Jan 10 10:10:14 +14 2023 +I: pbuilder-time-stamp: 1673295014